行业研究公司研究宏观策略财报招股书会议纪要 seedance2.0 低空经济 DeepSeek AIGC 大模型

IR.77操作员间IP骨干网安全要求。适用于服务和运营商间IP骨干提供商v5.1

信息技术 2025-06-04 GSMA 话唠

1Introduction

1.1Overview：本文档旨在定义 IPX 网络的适当安全级别，并与 PRD IR.34 共同描述一套实现 IPX 网络安全性的通用指南。
1.2Scope：本文档定义了服务提供商和 IPX 提供商的安全要求，重点关注：
- IPX 网络的内部安全
- 不同 IPX 提供商网络之间的安全
- 与 IPX 相关的服务提供商网络安全
- 服务提供商与 IPX 之间的安全
- 数据安全（机密性、真实性、完整性）
- 必要时的隧道技术
1.3Motivation：随着 All-IP 网络的普及，IPX 网络的安全性成为移动行业的主要目标。本文档强调了所有参与者共同维护 IPX 安全的重要性，以防范欺诈和滥用行为。
1.4Definitions：定义了 IPX 提供商网络、服务提供商网络和内部网络的概念，并通过图表展示了网络之间的逻辑分离。
1.5Abbreviations：列出了文档中使用的缩写词。
1.6References：列出了文档中引用的其他文档。
1.7Conventions：解释了文档中使用的术语和符号。

2Security Basics and Principles

2.1Introduction：由于互联和漫游，服务提供商网络的内部安全面临挑战，需要采取措施在受控的方式下允许合作伙伴互联。
2.2High Level Security Objectives：IPX 网络及其安全功能应实现以下高级安全目标：
- 确保传输的数据不被未授权方篡改或修改
- 保护信息免受未授权的拦截和披露
- 验证数据通信中所有参与方的身份

3Binding Security Requirements

3.1Packet Filters：IPX 提供商和服务提供商必须在其网络上应用各种过滤规则，仅传输来自真实 IP 地址的流量，并实施反数据包欺骗措施。
3.2Isolation of the IPX Network：IPX 网络应与所有不属于 IPX 网络的其他网络（包括互联网、管理网络、IPX 提供商内部办公网络和其他 IP 网络）进行物理或逻辑隔离。
3.3Routing：必须在 IPX 中实施反路由欺骗措施，IPX 提供商负责检查其客户是否仅广告属于他们的有效 IP 网络。
3.4Assignment of IP Addresses：服务提供商 IP 骨干网络中的所有网络元素应使用公共地址，并且不应配置或广告任何路由信息以到达分配给 IPX 网络的 IP 地址范围。
3.5IPX Tunnelling Through Public Networks：当 IPX 网络内部数据流量通过公共网络传输时，需要安全的通信信道。
3.6User Equipment Traffic Tunnelling Through the IPX Network：IPX 网络对最终用户是透明的，最终用户不能寻址 IPX 网络上的任何网络元素。
3.7Secure Configuration of Network Elements, Network Services and IPX Services：网络元素和网络服务应安全配置，默认配置通常不安全。
3.8IPX Provider Peering：规定了 IPX 提供商之间互联的安全要求。
3.9Incident Response：事件响应有助于在识别出导致安全漏洞的攻击或配置错误后，快速使网络恢复正常运行。
3.10Security Documentation：安全文档描述了所有安全措施和流程。
3.11Signalling Security：涵盖了与 Diameter 协议相关的安全要求，以减少攻击面。

4Non-binding Security Requirements

4.1Secure Configuration of Network Elements：除了 BSR17，还应应用以下安全要求。
4.2Continuous Availability and Robustness：IPX 提供商应设计和实施其骨干网络，以防止流量峰值、IP 数据包的意外内容、IP 数据包洪流和其他可能造成干扰的事件导致可用性中断。
4.3IPX Provider Peering：IPX 提供商应遵守额外的安全要求。
4.4Routing：规定了路由相关的非绑定安全要求。

AnnexASecurity Code of Conduct

A.1General Security Requirements：规定了参与方通过 IPX 互联点互连时必须满足的一般安全要求。
A.2Security Requirements：
- A.2.1IPX Security Measures：规定了每个 IPX 提供商网络内部必须实施的安全措施，包括满足 GSMA PRD IR.77 的所有绑定要求，并建议满足非绑定要求。
- A.2.2Connectivity Configuration Requirements：规定了连接到互联点的安全要求，包括使用专用线路连接、物理连接权限、基础设施要求、连接权限和监控要求。
- A.2.3Network Configuration：规定了协议、默认路由、路由和路由广告的安全要求。
- A.2.4Transit Traffic：转接流量是双边协议事项，不在此文档中规定。
A.3Voluntary Bilateral Agreements：规定了参与方之间可以达成的自愿双边协议，包括身份验证和加密、非绑定安全要求履行的例外情况以及其他双方同意的要求。
A.4Signatures：列出了所有参与方的姓名、地址和签名。

AnnexBDocument Management

B.1Document History：记录了文档的历史版本信息。
B.2Other Information：提供了联系信息，以便用户报告错误或提出建议。

IR.77InterOperator IP Backbone Security Req. For Serviceand Inter-operator IP backbone Providers Version5.115 April 2025 Security Classification:Non-Confidential Access to and distribution of this document is restricted to the personspermitted by the securityclassification. This document is subject tocopyright protection. This document is to be used only for the purposes for which it has been supplied and information contained in it must not bedisclosed or in any other way made available, in whole or in part,to persons other than thosepermitted under the securityclassification withoutthe prior written approval of the Association. Copyright Notice Copyright ©2025GSM Association Disclaimer The GSMA makes no representation, warranty or undertaking (express or implied) with respect to and does not accept any responsibility for, andhereby disclaims liability for the accuracy or completeness or timeliness of the information contained in this document. The information containedin this document may be subject to change without prior notice. Compliance Notice The information contain herein is in full compliance with the GSMAAntitrustCompliancePolicy. This Permanent Reference Document is classified by GSMA as an Industry Specification, as such it has been developed and is maintained byGSMA inaccordance with the provisions set out GSMA AA.35-Procedures for Industry Specifications. GSMAOfficial DocumentIR.77 InterOperator IP Backbone Security Req. For Service and Inter-operator IPbackbone Providers Table of Contents 1Introduction41.1Overview41.2Scope41.3Motivation51.4Definitions51.5Abbreviations81.6References91.7Conventions92Security Basics and Principles102.1Introduction102.2High Level Security Objectives113Binding Security Requirements113.1Packet Filters113.2Isolation of the IPX Network133.3Routing173.4Assignment of IP Addresses183.5IPX Tunnelling Through Public Networks193.6User Equipment Traffic Tunnelling Through the IPX Network203.7Secure Configuration of Network Elements, Network Services and IPXServices213.8IPX Provider Peering223.9Incident Response233.10Security Documentation233.11Signalling Security244Non-binding Security Requirements264.1Secure Configuration of Network Elements264.2Continuous Availability and Robustness264.3IPX Provider Peering274.4Routing28AnnexASecurity Code of Conduct30A.1General Security Requirements30A.2Security Requirements30A.2.1IPX Security Measures30A.2.2Connectivity Configuration Requirements31A.2.3Network Configuration:31A.2.4Transit Traffic32A.3Voluntary Bilateral Agreements32A.3.1Authentication and Encryption:32A.3.2Exceptions to Fulfilment of Non-Binding Security Requirements32A.3.3OtherRequirementsAgreed between the Parties32A.3.4Other Agreements32A.4Signatures32 GSMAOfficial DocumentIR.77 InterOperator IP Backbone Security Req. For Service and Inter-operator IPbackbone Providers AnnexBDocument Management33B.1Document History33B.2Other Information33 GSMAOfficial DocumentIR.77 InterOperator IP Backbone Security Req. For Service and Inter-operator IPbackbone Providers 1Introduction 1.1Overview The need to define an adequate level of security is critical and this document sets out howthis can be achieved. This document, together with the Permanent Reference Document(PRD) IR.34Error! Reference source not found., describes a set of common guidelines toachieve an adequate security level on the IPX Network. This PRD contains a set of binding and non-binding security requirements. All therequirements which are classified as binding are mandatory for all current and future IPXservices and all participants on the IPX, unless stated otherwise. Participants on the IPX areany entities which send/receive IP packets on the IPX, such as IPX Providers and PLMNOperators, Fixed Network Operators and any other Service Providers. All participants on the IPX are required to contribute to overall IPX security. Only if all theparticipants deploy and maintain their part of the security measures, can it be ensured thatthe IPX is a secure and reliable network for inter-Service Providerdata exchange. Having asecure and reliable IPX Network is a prerequisite for mobile roaming and interconnect. The Inter-Service Provider IP Backbone is called IPX in this document and is defined inGSMA PRD IR.34Error! Reference source not found.. Additional information is defined inGSMA PRD IR.400and GSMA PRD IR.670. Services which are defined on top of the IPX–the so-called IPX Services–are defined in GSMA PRD IR.34Error! Reference source notfound., GSMA PRD IR.880and GSMA PRD IR.900. More IPX Services may be defined inthe future, which may lead to the creation and publication of additional GSMA PRDs. In addition to collaboratively contributing to IPX security, each participant needs to protecttheir own internal network by themselves. 1.2Scope The document defines security requirements for Service Providers and IPX Providers toenhance their network security. In particular, this document focuses o

点击免费查看完整报告