Mission Cri)cal Push To Talk MCPTT Technical...

Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on

MissionCri)calPushToTalkMCPTT

TechnicalSolu)on

DavidChater-LeaMotorolaSolu3ons

ViceChairman,3GPPSA61


Agenda

•  Overview•  Businessrela3onships•  PlanesandFunc3onalModel•  Iden33es,authen3ca3on&authorisa3on•  Services•  Security•  Release14work


Businessrela)onships

•  MCPTTserviceproviderprovidesoverthetopserviceaboveMobileNetworkOperator•  MCPTTserviceproviderwillhaveabusinessrela3onshipwithMNOinordertoprovideservice•  MCPTTuserwillneedsubscrip3onwithMNOtoprovideLTEservice,andseparatesubscrip3onwithMCPTT

operatortoprovideMCPTTservice–  Bothoperatorscouldbethesamepartyinprac4ceinsomedeployments–  MCPTTserviceprovidercouldbeanMVNOonMNO’snetwork,andsocouldownsomeofhisownnetworkcomponents–  MCPTTserviceprovidercouldmanagetheMNOnetworksubscrip4ononbehalfoftheuser

MCPTT service provider

Home network operator

Roamed-to network operator

Service arrangement

Roaming agreement

MCPTTuser

Subscription arrangement

Userconfiguration

3GPPTS23.179figure6-1


MCPTToverview

•  MissionCri3calPushToTalk•  DefinedasanApplica3onService

–  Runsoverthetopofthe3GPPLTEnetwork–  Intendedtoalsorunonotherbearers–fixedIPnetwork,WiFietc,butnot

formallystandardisedinRelease13•  AnallIPservice

•  Release13Stage3complete–  ChangerequestspuPnginfixes,ensuringcompa4bilitybetweendocuments

etc•  WorkstartedonRelease14

–  EnhancementstoMCPTT–  DivisionintoCommonFunc4onalArchitectureandapplica4ons–  Addi4onofMCDataandMCVideo


Planes•  Toeaseimplementa3onandaidreuseofstandardprotocols,thesolu3onisspecifiedinplanes:

–  Applica4onplane,Signallingplane•  SignallingplaneprovidesSIPandHTTPservices

–  SessionIni4a4onProtocolandHyperTextTransferProtocol

•  Applica3onplanemediaconsistsofspeechandfloorcontrolsignalling•  EPS(LTEnetwork)providesIPbearerstotheplanes

–  Bearerscanbeunicast(signallingandmedia)andmul4cast(mediaonly)

Applica)onplaneControl Media(speech)

Signallingplane

SIP HTTP

Applica)onplaneControl Media(speech)

Signallingplane

SIP HTTP

EPSUnicastbearers

Unicastbearers

Mul4castbearers

Serverside Clientside


Func)onalmodel•  Func3onalmodeldevolvesthefunc3onsrequiredintofunc3onalen33esandreferencepoints•  Theseexistinboththeapplica3onandsignallingplanes•  Release13recognisessomeen33eswillbecommontomoreservicesthanMCPTT,anddividesinto

MCPTTandCommonServicesCore(CSC)en33esandreferencepoints

Identitymanagement

client

MCPTT-1

CSC-1

CSC-2

CSC-3

Commonservicescore

Floorcontrolserver

Floorparticipant

MCPTT-4

Groupmanagement

client

Identitymanagement

server

Groupmanagement

server

CSC-4 Configurationmanagement

client

Configurationmanagement

server

Interworkingfunctionto

legacysystem

IWF-1

MCPTT-3OtherMCPTTserver

MCPTTserver

MCPTTclientMCPTT-5

Mediadistributionfunction

MCPTTUE

Mediamixer

MCPTT-7

MCPTT-8

MCPTT-6

EPS

MCPTTuserdatabase

MCPTT-2MB2C

Rx

CSC-5

Othergroupmanagement

serverCSC-7

MCPTT-9

CSC-6

Keymanagement

client

CSC-8Keymanagement

server

CSC-10

CSC-9

CSC-13Common

servicescore

MCPTTserver

MCPTTUE

EPS

SIPdatabase

Rx

SIPcore

AAA-1 SIP-1

SIP-2

Signallinguseragent

HTTP-1

TootherSIPcore

Registrarfinder/I-CSCF

Localproxy/P-CSCF

Registrar-ASselection/S-CSCF

SIPAS

HTTPclient HTTPclient

HTTPserver

SIP-3

HTTP-1

HTTPserver

HTTP-3

SIPAS

HTTPProxy

HTTP-2

HTTP-2

TootherHTTPproxy

3GPPTS23.179figure7.3.1-2

3GPPTS23.179figure7.3.1-1


IPMul)mediaSubsystemIMS•  3GPPhadalreadydefinedtheIMSasameansofaddingservicesoverIPbearers•  ThemainintendeduseofIMSwasVoLTE(VoiceoverLTE)•  IMSallowscontrolofbearers–setup,characteris3cs(priorityetc)byinterpre3ngSDPinSIP

headers•  MCPTTinRelease13designedtobeabletoreuseIMS

–  ThereforeallSIPsignallinghastocontaininforma4onwhichcouldenableanIMStosetupbearers

•  However,deploymentmodelsallowthebearercontroltothePCRFtobeoperatedbyanIMS,orbytheMCPTTserver

–  Buttheprotocolisthesame,whetherIMSiscontrollingbearersornot•  SIPcorecouldbeadministered/ownedbytheMNOortheMCPTTserviceprovider

–  IfSIPcoreisanIMSadministeredbyanoperator,thesubscrip4oncouldbecontainedontheISIM,anapplica4onontheoperatorprovidedSIMcard

SIPcore

MCPTTserver

EPS

Rx

MCPTTUE

SIPsignalling SIPcore

MCPTTserver

EPS

Rx

MCPTTUE

SIPsignalling

3GPPTS23.179figure9.2.2.3.2-1 3GPPTS23.179figure9.2.2.3.2-2

MCPTTUE

SIPcore

SIPclient

Applicationserviceslayer

EPS

MCPTTclient

MCPTTserviceprovideradministered

PLMNoperatoradministered

MCPTTserviceprovideradministered

MCPTTUE

SIPcore

SIPclient

Applicationserviceslayer

EPS

MCPTTclient

MCPTTserviceprovider

administered

PLMNoperatoradministered

MCPTTserviceprovider

administered

3GPPTS23.179figure9.2.2.1.3-1

3GPPTS23.179figure9.2.2.1.4-1

…andothermorecomplexscenarios


Iden))es

•  Differentiden33esapplyatthedifferentplanes•  EPSiden33es,determinedbyMNOseparatefromapplica3oniden33es•  SIPIden33esforsignallingplaneconsistofaprivateiden3tyIMPIanda

publiciden3tyIMPU•  Applica3onplaneiden33esconsistof:

–  MissionCri4calUserID–theiden4tywithwhichtheuserlogsontotheservice–  MCPTTID–the‘public’iden4tywithintheMCPTTsystem,i.e.theiden4tywith

whichtheuseriscalledorrecognised–  MCPTTGroupID–iden4tyforanMCPTTgroup

•  Whenauser‘logson’andperformsauthen3ca3onandauthorisa3on,hisMCPTTisboundtotheIMPUbytheMCPTTserver–  TheMCPTTIDisnotknowntothesignallingplaneortheEPSandcanbe

hiddenfromthem(encrypted)


Services

•  Authen3ca3onandauthorisa3on•  Affilia3ontogroups•  Groupmanagement,includinggroupregrouping•  Pre-establishedsession•  Groupcall

–  Pre-arrangedandchatmodel–  Broadcastgroupcall–  Emergencygroupcall–  Imminentperilgroupcall–  Emergencyalert

•  Privatecall–  Manualandautoma4ccommencementmodes–  Emergencyprivatecall

•  Groupcallandemergencycallinoff-networkmode•  Floorcontrolwithincalls•  Bearercontrol,anduseofMBMS(Mul3castBroadcastModeService)•  Loca3oninforma3on


Authen)ca)onandauthorisa)on

•  TheUEperformsnormalaeachprocedures,authen3catestothenetwork•  TheSIPclientauthen3catestotheSIPcoreusing3GPPspecifiedAKA(Authen3ca3onandKey

Agreement)securitymechanisms–  A3rdpartySIPregistra4onisforwardedtotheMCPTTservertoini4ateMCPTTaccess

•  TheMCPTTuserperformsauthen3ca3ontotheMCPTTdomain–  UsesOpenIDConnectprotocols–  Userprovidesacreden4altotheIDmanagementserver(username+password,biometricinforma4onetc)–  Iden4tyManagementServerprovidesaccesstokenstotheclient–  Clientpresentstokenstothevariousserversinordertogainsystemservices

•  Presenta3onofthetokensprovidesauthorisa3onoftheclient•  NOTE:authen3ca3onandauthorisa3onbasedontheuser,notthedevice(cfTETRAdevicebased

authen3ca3on) 10

UE SIPCore MCPTTDomain

LTE&EPC IDManagementserver

LTEAttachprocedure

B-1.SIPRegistrationandAuthenticationB-2.ThirdPartyRegistration

C.MCPTTUserServiceAuthorisation

A.MCPTTUserAuthentication


Affilia)onandgroupcallGROUPAFFILIATION•  Affilia3onisnecessarytoobtaingroupservices

–  Informstheserveroftheclient’sdemandtopar4cipateinagroup–  SIPprotocoltransac4on

GROUPCALL•  DerivedfromOMAPCPS•  Pre-arrangedmodel:

–  SIPsignallingusedtostartacall–  Floorcontrolsignallingwithinthecall,usingRTCPsignalling–  SIPsignallingterminatesthecall–  NOTE:SIPisapeertopeerprotocolandcannotworkovermul4cast

•  Chatmodel–  SIPsignallingestablishesasessionataffilia4on4me–  Floorcontrolsignallingonlyusedtostartandstopcallswhileaffiliated–  Intendedtoimprovecallsetup4me–  Allowscallsetupovermul4castbearers

•  Floorcontroluses(S)RTPandmediasentin(S)RTPprotocol•  Pre-arrangedsessionallowsabearertobesetupinadvanceofacallandsharedbetweencalls

EMERGENCYGROUPCALL•  Usesincreasedbearerpriority•  Ini3a3ngclientremainsinemergencystateun3lspecificallycancelled•  Groupremainsinemergencycondi3onun3lspecificallycancelled


Security

•  Becauseofdifferentownershipmodelsanduseofcommercialnetworks,MCPTTapplica3oninforma3onmustbeprotectedfromunderlyingnetwork

•  Applica3oniden33essentinSIPmessagesareencryptedinXMLelementsbyaClientServerKey–  CSKalsousedtoprotectfloorcontrol

•  Applica3onmediaisprotectedbyIden3tyBasedEncryp3on–  MIKEY-SAKKE,IETFRFC6509–  AKeyManagementServerprovideseachclientwithrootkeymaterialthatletstheclientderiveapublickey

foranotheruserbasedonthatuser’siden4ty,andaprivatekeyforitself–  IBEisusedtoprotectsessionkeysusedtoencryptmediainprivatecalls

•  Groupcallsareprotectedwithasharedkey,whichisdistributedusingIBEbytheGroupManagementServer

•  Inoff-networkmode,IBEisusedtoestablishkeysforprivatecalls,andapre-sharedkeyisusedtoprotectgroupcalls

•  ProtocolsSRTCP(floorcontrol)andSRTP(media)

Target Address =

‘user2’ Information

RFC 6509

Public confidentiality key Key encrypt ‘user2’ public key

Session key

Encrypted session key

Information encrypt

‘user2’ address

Encrypted information

Originator Address =

‘user1’

Iden4tyBasedEncryp4on


Release13achievement

•  In15monthsfromthecrea3onof3GPPSA6(January2015)toMarch2016…

•  Stage3completedandapproved–  ThereisnowacompletesuiteofRelease13specifica4ons

forMCPTT

•  840requirementsinStage1–  70%coveredinRelease13–  10%partcoveredinRelease13–  20%notcoveredinRelease13

•  Furtherrequirementswillbesa3sfiedinfollowingreleases:

–  Someaspectsofgroupcallandgroupmanagement–  Callback–  Ambientlistening–  Interworkingbetweensystems–  Interworkingwithnon-MCPTTsystems(PMR/LMR)–  UEtoUErelay–  Enable/disable

Stage1

Stage2

Stage3


Release14–CommonFunc)onalArchitecture

•  InRelease14,MCVideoandMCDataarebeingaddedtoMCPTTenhancements

•  Decisiontosplittheexis3ngMCPTTspecifica3on(3GPPTS23.179)intotwospecifica3ons:–  CommonFunc4onalArchitecture–  MCPTT

•  TwonewTSswillbeaddedforMCVideoandMCData

•  Workinprogresstodividethefunc3onalmodelbetweenthespecifica3ons

Identitymanagement

client

MCPTT-1

CSC-1

CSC-2

CSC-3

Commonservicescore

Floorcontrolserver

Floorparticipant

MCPTT-4

Groupmanagement

client

Identitymanagement

server

Groupmanagement

server

CSC-4 Configurationmanagement

client

Configurationmanagement

server

Interworkingfunctionto

legacysystem

IWF-1

MCPTT-3OtherMCPTTserver

MCPTTserver

MCPTTclientMCPTT-5

Mediadistributionfunction

MCPTTUE

Mediamixer

MCPTT-7

MCPTT-8

MCPTT-6

EPS

MCPTTuserdatabase

MCPTT-2MB2C

Rx

CSC-5

Othergroupmanagement

serverCSC-7

MCPTT-9

CSC-6

Keymanagement

client

CSC-8Keymanagement

server

CSC-10

CSC-9

CSC-13

(Probably)MCPTTen33esandreferencepoints**workinprogress

(Probably)CFAen33esandreferencepoints**workinprogress


Release14work

•  Eachoftheapplica3onserviceswillbuildontheCommonFunc3onalArchitecture

•  CommonServiceCoreitemssuchasiden3tymanagement,keymanagement,configura3onmanagement,groupmanagementetcusedbyallservices

•  Specifiedinfourseparatestandards•  Sevenworkorstudyitemsinprogress

–  CFA,PTT,Video,Data–  StudyintoMBMS–  InterconnectbetweenMCPTTsystems–  InterworkingwithLMR(TETRAetc)

•  Stage3completeJune2017

Iden3tymanagement

Groupmanagement

Keymanagement

Configura3onmanagement

TSCFA

Groupcall

etc

Privatecall

TSPTTVideogroupcall

etc

Videopullservice

TSVideoDatagroupcall

etc

Simpledata(SDS)

TSData

TRMBMS

TRInterconnect&migra3on

TRInterworking

Willleadtonorma3ve(TS)work


Thankyouforlistening,

Mission Cri)cal Push To Talk MCPTT Technical...

Documents

Transcript of Mission Cri)cal Push To Talk MCPTT Technical...