::: TTA표준화 위원회 :::

홈 > 자료마당 > 자료검색 > 표준

자료 검색결과

표준종류

정보통신단체표준(TTAS)

표준번호

TTAT.3G-33.310(R7-7.1.0)

구 표준번호

제개정일

2008-04-09

총 페이지

한글 표준명

IMT-2000 3GPP - 망 도메인 보안; 인증 프레임워크(R7)

영문 표준명

IMT-2000 3GPP-Network domain security; Authentication framework (NDS/AF)(R7)

한글 내용요약

영문 내용요약

The scope of this Technical Specification is limited to authentication of network elements, which are using NDS/IP or TLS, and located in the inter-operator domain.
In the case of NDS/IP this Specification concentrates on authentication of Security Gateways (SEG), and the corresponding Za-interfaces. Authentication of elements in the intra-operator domain is considered an internal issue for operators. This is quite much in line with [1] which states that only Za is mandatory, and that the security domain operator can decide if the Zb-interface is deployed or not, as the Zb-interface is optional for implementation. However, NDS/AF can easily be adapted to intra-operator use since it is just a simplification of the inter-operator case when all NDS/IP NEs and the PKI infrastructure belong to the same operator. Validity of certificates may be restricted to the operator's domain.
NOTE: In case two SEGs interconnect separate network regions under a single administrative authority (e.g. owned by the same mobile operator) then the Za-interface is not subject to interconnect agreements, but the decision on applying Za-interface is left to operators.
The NDS architecture for IP-based protocols is illustrated in figure 1.

Figure 1: NDS architecture for IP-based protocols [1]
In the case of TLS this Specification concentrates on authentication of TLS entities across inter-operator links. For example, TLS is specified for inter-operator communications between IMS and non-IMS networks [9] and on the Zn' interface in GBA [10]. Authentication of TLS entities across intra-operator links is considered an internal issue for operators. However, NDS/AF can easily be adapted to the intra-operator use case since it is just a simplification of the inter-operator case when all TLS NEs and the PKI infrastructure belong to the same operator. Validity of certificates may be restricted to the operator's domain.