1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Security requirements for mobility in NGN
5.1 Security threats
5.2 Security requirements
6 Security capabilities supported by relevant function entities
6.1 Transport user profile functional entity (TUP-FE)
6.2 Transport authentication and authorization functional entity
(TAA-FE)
6.3 Mobile location management functional entity (MLM-FE)
6.4 Handover decision control functional entity (HDC-FE)
6.5 Network information distribution functional entity (NID-FE)
6.6 Access management functional entity (AM-FE)
6.7 Layer3 handover execute function (L3HEF)
6.8 Access node functional entity (AN-FE)
7 Key management and authentication
7.1 Key management framework
7.2 Authentication
8 Establishment of security context
8.1 Security context transfer between serving AM-FE and target
AM-FE
8.2 Security context transfer between serving AR-FE and target
AR-FE
8.3 Security context transfer between UE and HDC-FE
9 IP mobility security
9.1 Host-based mobility security
9.2 Network-based mobility security
10 Security between UE and HDC-FE
10.1 Host-initiated security association establishment between UE
and HDC-FE
10.2 Network-initiated security association establishment between UE
and HDC-FE
10.3 Security association pre-establishment between UE and HDC-FE
based on PKI
11 Security between UE and NID-FE
11.1 Host-initiated security association establishment between UE
and NID-FE
11.2 Network-initiated security association establishment between UE
and NID-FE
11.3 Security association establishment between UE and NID-FE based
on PKI
12 Security for transport functions
12.1 Security between UE and access node function entity
12.2 Security between UE and L3HEF (Layer3 Handover Execute
Function)
Appendix I
I.1 Example of full authentication procedure
I.2 Example of fast re-authentication procedure
I.3 Example of host-based mobility
Bibliography