Page 414 - 5G Basics - Core Network Aspects
P. 414

1                                                Core network aspects


            different requirements of various kinds of services. A charging system is recommended to support various
            charging resources, including service types, service launched time, service end time, session duration, calling party
            ID, called party ID, session media type, subscriber type (such as a monthly or pay-as-you-go subscriber), etc.
            The charging mechanisms of eMMTel can be divided into different categories. According to charging modes,
            it includes online charging and offline charging. According to charging policies, it includes flow charging,
            monthly rental charging, using frequency charging, etc. eMMTel is recommended to simultaneously support
            more than one charging mechanism for different services.

            The  eMMTel  service  user  can  be  charged  according  to  the  different  service  combinations  and  their
            characteristics.. IM chat, file transfer and content sharing services can also be charged based on application
            server-generated  charging  data  record  (CDR)  according  to  the  flow  and  usage  frequency.  The  specific
            charging requirements can be defined according to the strategy of the operator.


            11      Security and privacy considerations

            11.1    Access security for the user-to-network interface (UNI)
            Network access authorization and authentication are prerequisites to protect network security. In multi-
            connection, multi-connection network providers are required to restrict access to authorized subscribers,
            and prevent unauthorized access, such as by intruders masquerading as authorized users. It is required to
            support capabilities for authenticating subscribers, equipment, network elements and other providers.

            The access security should provide capabilities to ensure that users are prevented from gaining information
            or resources that they are not authorized to access. The UNI access control provides the means of ensuring
            that users access resources only in an authorized manner. Resources concerned may be the subscribed
            services and network address book provided by eMMTEL.

            11.2    Security for the service
            Service  security  of  eMMTel  includes  all  the  related  problems  in  a  legacy  network.  Authentication,
            authorization and access control are required to be supported. Before a service is provided, both terminal
            device and subscriber should be authenticated in a secure manner. And the subscriber should be authorized
            while  accessing  specific  services  and  contents.  Service  access  control  should  include  encryption  and
            decryption  functions  for  service  signalling  and  content  flow,  which  can  mutually  prevent  unwanted  or
            unauthorized access for service provider and subscriber.
            In order to improve the quality of service and for convenience, the behaviour of all the users should be
            authorized and controlled. Besides keeping service availability to a maximum, the application domain should
            ensure the eMMTel application server is safe, thus avoiding packet attack, intrusion and virus exposure from
            the Internet. The service and user information should be protected from attack stealing, session hijacking
            attack and unconscious leaking.
            Several access security and authentication methods of control signalling should be specified for accessing the
            application domain and eMMTel service. The applicability and choice of method is highly dependent on the
            eMMTel client and access type (e.g., trusted or untrusted) including what is supported or required by the
            network.

            In  the  eMMTel  environment,  eMMTel  devices  can  access  the  network  by  multiple  (both  mobile  and
            broadband/fixed networks) interfaces, so the separated access signalling security method and corresponding
            authentication are required.
            Access media security is very important in the eMMTel environment. Secure RTP (SRTP) may be used to
            provide message authentication, integrity protection and encryption for both RTP and RTCP streams involved
            in  real-time  video  and  voice  sessions.  It  is  recommended  that  communication  confidentiality  over  any
            operational untrusted access network be managed in a secure manner. MSRP is used in the services that
            include the exchange of images, files and instant messages. MSRP is the same as RTP in establishing sessions
            through SDP exchanges in SIP signalling. And it heavily relies on the security provided in signalling. So the
            signalling security protection is also suitable for it.

            404
   409   410   411   412   413   414   415   416   417   418   419