mission cri)cal push to talk mcptt technical...
TRANSCRIPT
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
MissionCri)calPushToTalkMCPTT
TechnicalSolu)on
DavidChater-LeaMotorolaSolu3ons
ViceChairman,3GPPSA61
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Agenda
• Overview• Businessrela3onships• PlanesandFunc3onalModel• Iden33es,authen3ca3on&authorisa3on• Services• Security• Release14work
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Businessrela)onships
• MCPTTserviceproviderprovidesoverthetopserviceaboveMobileNetworkOperator• MCPTTserviceproviderwillhaveabusinessrela3onshipwithMNOinordertoprovideservice• MCPTTuserwillneedsubscrip3onwithMNOtoprovideLTEservice,andseparatesubscrip3onwithMCPTT
operatortoprovideMCPTTservice– Bothoperatorscouldbethesamepartyinprac4ceinsomedeployments– MCPTTserviceprovidercouldbeanMVNOonMNO’snetwork,andsocouldownsomeofhisownnetworkcomponents– MCPTTserviceprovidercouldmanagetheMNOnetworksubscrip4ononbehalfoftheuser
MCPTT service provider
Home network operator
Roamed-to network operator
Service arrangement
Roaming agreement
MCPTTuser
Subscription arrangement
Userconfiguration
3GPPTS23.179figure6-1
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
MCPTToverview
• MissionCri3calPushToTalk• DefinedasanApplica3onService
– Runsoverthetopofthe3GPPLTEnetwork– Intendedtoalsorunonotherbearers–fixedIPnetwork,WiFietc,butnot
formallystandardisedinRelease13• AnallIPservice
• Release13Stage3complete– ChangerequestspuPnginfixes,ensuringcompa4bilitybetweendocuments
etc• WorkstartedonRelease14
– EnhancementstoMCPTT– DivisionintoCommonFunc4onalArchitectureandapplica4ons– Addi4onofMCDataandMCVideo
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Planes• Toeaseimplementa3onandaidreuseofstandardprotocols,thesolu3onisspecifiedinplanes:
– Applica4onplane,Signallingplane• SignallingplaneprovidesSIPandHTTPservices
– SessionIni4a4onProtocolandHyperTextTransferProtocol
• Applica3onplanemediaconsistsofspeechandfloorcontrolsignalling• EPS(LTEnetwork)providesIPbearerstotheplanes
– Bearerscanbeunicast(signallingandmedia)andmul4cast(mediaonly)
Applica)onplaneControl Media(speech)
Signallingplane
SIP HTTP
Applica)onplaneControl Media(speech)
Signallingplane
SIP HTTP
EPSUnicastbearers
Unicastbearers
Mul4castbearers
Serverside Clientside
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Func)onalmodel• Func3onalmodeldevolvesthefunc3onsrequiredintofunc3onalen33esandreferencepoints• Theseexistinboththeapplica3onandsignallingplanes• Release13recognisessomeen33eswillbecommontomoreservicesthanMCPTT,anddividesinto
MCPTTandCommonServicesCore(CSC)en33esandreferencepoints
Identitymanagement
client
MCPTT-1
CSC-1
CSC-2
CSC-3
Commonservicescore
Floorcontrolserver
Floorparticipant
MCPTT-4
Groupmanagement
client
Identitymanagement
server
Groupmanagement
server
CSC-4 Configurationmanagement
client
Configurationmanagement
server
Interworkingfunctionto
legacysystem
IWF-1
MCPTT-3OtherMCPTTserver
MCPTTserver
MCPTTclientMCPTT-5
Mediadistributionfunction
MCPTTUE
Mediamixer
MCPTT-7
MCPTT-8
MCPTT-6
EPS
MCPTTuserdatabase
MCPTT-2MB2C
Rx
CSC-5
Othergroupmanagement
serverCSC-7
MCPTT-9
CSC-6
Keymanagement
client
CSC-8Keymanagement
server
CSC-10
CSC-9
CSC-13Common
servicescore
MCPTTserver
MCPTTUE
EPS
SIPdatabase
Rx
SIPcore
AAA-1 SIP-1
SIP-2
Signallinguseragent
HTTP-1
TootherSIPcore
Registrarfinder/I-CSCF
Localproxy/P-CSCF
Registrar-ASselection/S-CSCF
SIPAS
HTTPclient HTTPclient
HTTPserver
SIP-3
HTTP-1
HTTPserver
HTTP-3
SIPAS
HTTPProxy
HTTP-2
HTTP-2
TootherHTTPproxy
3GPPTS23.179figure7.3.1-2
3GPPTS23.179figure7.3.1-1
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
IPMul)mediaSubsystemIMS• 3GPPhadalreadydefinedtheIMSasameansofaddingservicesoverIPbearers• ThemainintendeduseofIMSwasVoLTE(VoiceoverLTE)• IMSallowscontrolofbearers–setup,characteris3cs(priorityetc)byinterpre3ngSDPinSIP
headers• MCPTTinRelease13designedtobeabletoreuseIMS
– ThereforeallSIPsignallinghastocontaininforma4onwhichcouldenableanIMStosetupbearers
• However,deploymentmodelsallowthebearercontroltothePCRFtobeoperatedbyanIMS,orbytheMCPTTserver
– Buttheprotocolisthesame,whetherIMSiscontrollingbearersornot• SIPcorecouldbeadministered/ownedbytheMNOortheMCPTTserviceprovider
– IfSIPcoreisanIMSadministeredbyanoperator,thesubscrip4oncouldbecontainedontheISIM,anapplica4onontheoperatorprovidedSIMcard
SIPcore
MCPTTserver
EPS
Rx
MCPTTUE
SIPsignalling SIPcore
MCPTTserver
EPS
Rx
MCPTTUE
SIPsignalling
3GPPTS23.179figure9.2.2.3.2-1 3GPPTS23.179figure9.2.2.3.2-2
MCPTTUE
SIPcore
SIPclient
Applicationserviceslayer
EPS
MCPTTclient
MCPTTserviceprovideradministered
PLMNoperatoradministered
MCPTTserviceprovideradministered
MCPTTUE
SIPcore
SIPclient
Applicationserviceslayer
EPS
MCPTTclient
MCPTTserviceprovider
administered
PLMNoperatoradministered
MCPTTserviceprovider
administered
3GPPTS23.179figure9.2.2.1.3-1
3GPPTS23.179figure9.2.2.1.4-1
…andothermorecomplexscenarios
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Iden))es
• Differentiden33esapplyatthedifferentplanes• EPSiden33es,determinedbyMNOseparatefromapplica3oniden33es• SIPIden33esforsignallingplaneconsistofaprivateiden3tyIMPIanda
publiciden3tyIMPU• Applica3onplaneiden33esconsistof:
– MissionCri4calUserID–theiden4tywithwhichtheuserlogsontotheservice– MCPTTID–the‘public’iden4tywithintheMCPTTsystem,i.e.theiden4tywith
whichtheuseriscalledorrecognised– MCPTTGroupID–iden4tyforanMCPTTgroup
• Whenauser‘logson’andperformsauthen3ca3onandauthorisa3on,hisMCPTTisboundtotheIMPUbytheMCPTTserver– TheMCPTTIDisnotknowntothesignallingplaneortheEPSandcanbe
hiddenfromthem(encrypted)
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Services
• Authen3ca3onandauthorisa3on• Affilia3ontogroups• Groupmanagement,includinggroupregrouping• Pre-establishedsession• Groupcall
– Pre-arrangedandchatmodel– Broadcastgroupcall– Emergencygroupcall– Imminentperilgroupcall– Emergencyalert
• Privatecall– Manualandautoma4ccommencementmodes– Emergencyprivatecall
• Groupcallandemergencycallinoff-networkmode• Floorcontrolwithincalls• Bearercontrol,anduseofMBMS(Mul3castBroadcastModeService)• Loca3oninforma3on
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Authen)ca)onandauthorisa)on
• TheUEperformsnormalaeachprocedures,authen3catestothenetwork• TheSIPclientauthen3catestotheSIPcoreusing3GPPspecifiedAKA(Authen3ca3onandKey
Agreement)securitymechanisms– A3rdpartySIPregistra4onisforwardedtotheMCPTTservertoini4ateMCPTTaccess
• TheMCPTTuserperformsauthen3ca3ontotheMCPTTdomain– UsesOpenIDConnectprotocols– Userprovidesacreden4altotheIDmanagementserver(username+password,biometricinforma4onetc)– Iden4tyManagementServerprovidesaccesstokenstotheclient– Clientpresentstokenstothevariousserversinordertogainsystemservices
• Presenta3onofthetokensprovidesauthorisa3onoftheclient• NOTE:authen3ca3onandauthorisa3onbasedontheuser,notthedevice(cfTETRAdevicebased
authen3ca3on) 10
UE SIPCore MCPTTDomain
LTE&EPC IDManagementserver
LTEAttachprocedure
B-1.SIPRegistrationandAuthenticationB-2.ThirdPartyRegistration
C.MCPTTUserServiceAuthorisation
A.MCPTTUserAuthentication
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Affilia)onandgroupcallGROUPAFFILIATION• Affilia3onisnecessarytoobtaingroupservices
– Informstheserveroftheclient’sdemandtopar4cipateinagroup– SIPprotocoltransac4on
GROUPCALL• DerivedfromOMAPCPS• Pre-arrangedmodel:
– SIPsignallingusedtostartacall– Floorcontrolsignallingwithinthecall,usingRTCPsignalling– SIPsignallingterminatesthecall– NOTE:SIPisapeertopeerprotocolandcannotworkovermul4cast
• Chatmodel– SIPsignallingestablishesasessionataffilia4on4me– Floorcontrolsignallingonlyusedtostartandstopcallswhileaffiliated– Intendedtoimprovecallsetup4me– Allowscallsetupovermul4castbearers
• Floorcontroluses(S)RTPandmediasentin(S)RTPprotocol• Pre-arrangedsessionallowsabearertobesetupinadvanceofacallandsharedbetweencalls
EMERGENCYGROUPCALL• Usesincreasedbearerpriority• Ini3a3ngclientremainsinemergencystateun3lspecificallycancelled• Groupremainsinemergencycondi3onun3lspecificallycancelled
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Security
• Becauseofdifferentownershipmodelsanduseofcommercialnetworks,MCPTTapplica3oninforma3onmustbeprotectedfromunderlyingnetwork
• Applica3oniden33essentinSIPmessagesareencryptedinXMLelementsbyaClientServerKey– CSKalsousedtoprotectfloorcontrol
• Applica3onmediaisprotectedbyIden3tyBasedEncryp3on– MIKEY-SAKKE,IETFRFC6509– AKeyManagementServerprovideseachclientwithrootkeymaterialthatletstheclientderiveapublickey
foranotheruserbasedonthatuser’siden4ty,andaprivatekeyforitself– IBEisusedtoprotectsessionkeysusedtoencryptmediainprivatecalls
• Groupcallsareprotectedwithasharedkey,whichisdistributedusingIBEbytheGroupManagementServer
• Inoff-networkmode,IBEisusedtoestablishkeysforprivatecalls,andapre-sharedkeyisusedtoprotectgroupcalls
• ProtocolsSRTCP(floorcontrol)andSRTP(media)
Target Address =
‘user2’ Information
RFC 6509
Public confidentiality key Key encrypt ‘user2’ public key
Session key
Encrypted session key
Information encrypt
‘user2’ address
Encrypted information
Originator Address =
‘user1’
Iden4tyBasedEncryp4on
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Release13achievement
• In15monthsfromthecrea3onof3GPPSA6(January2015)toMarch2016…
• Stage3completedandapproved– ThereisnowacompletesuiteofRelease13specifica4ons
forMCPTT
• 840requirementsinStage1– 70%coveredinRelease13– 10%partcoveredinRelease13– 20%notcoveredinRelease13
• Furtherrequirementswillbesa3sfiedinfollowingreleases:
– Someaspectsofgroupcallandgroupmanagement– Callback– Ambientlistening– Interworkingbetweensystems– Interworkingwithnon-MCPTTsystems(PMR/LMR)– UEtoUErelay– Enable/disable
Stage1
Stage2
Stage3
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Release14–CommonFunc)onalArchitecture
• InRelease14,MCVideoandMCDataarebeingaddedtoMCPTTenhancements
• Decisiontosplittheexis3ngMCPTTspecifica3on(3GPPTS23.179)intotwospecifica3ons:– CommonFunc4onalArchitecture– MCPTT
• TwonewTSswillbeaddedforMCVideoandMCData
• Workinprogresstodividethefunc3onalmodelbetweenthespecifica3ons
Identitymanagement
client
MCPTT-1
CSC-1
CSC-2
CSC-3
Commonservicescore
Floorcontrolserver
Floorparticipant
MCPTT-4
Groupmanagement
client
Identitymanagement
server
Groupmanagement
server
CSC-4 Configurationmanagement
client
Configurationmanagement
server
Interworkingfunctionto
legacysystem
IWF-1
MCPTT-3OtherMCPTTserver
MCPTTserver
MCPTTclientMCPTT-5
Mediadistributionfunction
MCPTTUE
Mediamixer
MCPTT-7
MCPTT-8
MCPTT-6
EPS
MCPTTuserdatabase
MCPTT-2MB2C
Rx
CSC-5
Othergroupmanagement
serverCSC-7
MCPTT-9
CSC-6
Keymanagement
client
CSC-8Keymanagement
server
CSC-10
CSC-9
CSC-13
(Probably)MCPTTen33esandreferencepoints**workinprogress
(Probably)CFAen33esandreferencepoints**workinprogress
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Release14work
• Eachoftheapplica3onserviceswillbuildontheCommonFunc3onalArchitecture
• CommonServiceCoreitemssuchasiden3tymanagement,keymanagement,configura3onmanagement,groupmanagementetcusedbyallservices
• Specifiedinfourseparatestandards• Sevenworkorstudyitemsinprogress
– CFA,PTT,Video,Data– StudyintoMBMS– InterconnectbetweenMCPTTsystems– InterworkingwithLMR(TETRAetc)
• Stage3completeJune2017
Iden3tymanagement
Groupmanagement
Keymanagement
Configura3onmanagement
TSCFA
Groupcall
etc
Privatecall
TSPTTVideogroupcall
etc
Videopullservice
TSVideoDatagroupcall
etc
Simpledata(SDS)
TSData
TRMBMS
TRInterconnect&migra3on
TRInterworking
Willleadtonorma3ve(TS)work
Presenta(ononbehalfoftheTETRA+Cri(calCommunica(onsAssocia(on
Thankyouforlistening,