transmission security overview(sran10.1_01)
TRANSCRIPT
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
1/21
SingleRAN
Transmission Security Overview
Feature Parameter Description
Issue 01
Date 2015-03-23
HUAWEI TECHNOLOGIES CO., LTD.
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
2/21
Copyright Huawei Technologies Co., Ltd. 2015. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: [email protected]
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
i
http://www.huawei.com/ -
7/25/2019 Transmission Security Overview(SRAN10.1_01)
3/21
Contents
1 About This Document.................................................................................................................. 1
1.1 Scope.............................................................................................................................................................................. 1
1.2 Intended Audience..........................................................................................................................................................2
1.3 Change History...............................................................................................................................................................2
1.4 Differences Between Base Station Types.......................................................................................................................3
2 Transport Network Overview.....................................................................................................5
2.1 IP Backhaul Network......................................................................................................................................................5
2.2 Evolution........................................................................................................................................................................ 5
2.3 Security Requirements....................................................................................................................................................6
2.3.1 NDS Dimensions Defined by 3GPP............................................................................................................................6
2.3.2 NDS Mechanism Defined by 3GPP............................................................................................................................ 6
3 Transmission Security Solutions................................................................................................7
3.1 On a Trusted Network.....................................................................................................................................................83.2 On an Untrusted Network...............................................................................................................................................9
3.3 Application Restrictions............................................................................................................................................... 11
3.3.1 Scenario1: RAN Sharing Applied.............................................................................................................................11
3.3.2 Scenario 2: Transmission on Public Networks..........................................................................................................11
3.3.3 Scenario3: Base Stations Cascaded.......................................................................................................................... 11
4 Transmission Security Features................................................................................................12
4.1 Introduction.................................................................................................................................................................. 12
4.2 IPsec..............................................................................................................................................................................12
4.3 Access Control Based on 802.1x..................................................................................................................................12
4.4 SSL............................................................................................................................................................................... 13
4.5 PKI................................................................................................................................................................................13
5 Parameters.....................................................................................................................................15
6 Counters........................................................................................................................................ 16
7 Glossary.........................................................................................................................................17
8 Reference Documents.................................................................................................................18
SingleRAN
Transmission Security Overview Feature Parameter
Description Contents
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
ii
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
4/21
1About This Document
1.1 Scope
This document describes transmission security, including transport network overview and
transmission security solutions and features.
This document involves the following elements:
l Base stations, including 3900 series base stations
l Base station controllers, including the GBSC, RNC, and MBSC
l U2000
Table 1-1defines all types of base stations.
Table 1-1Base station definition
Base Station Name Definition
GBTS GBTS refers to a base station deployed with GTMU and
maintained through a base station controller.
eGBTS eGBTS refers to a base station deployed with GTMUb,
UMPT_G, or UMDU_G and directly maintained by the element
management system (EMS).
NodeB NodeB refers to a base station deployed with WMPT, UMPT_Uor UMDU_U.
eNodeB eNodeB refers to a base station deployed with LMPT, UMPT_L,
UMPT_T, UMDU_L, or UMDU_T.
SingleRAN
Transmission Security Overview Feature Parameter
Description 1 About This Document
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
1
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
5/21
Base Station Name Definition
Co-MPT multimode
base station
Co-MPT multimode base station refers to a base station
deployed with UMPT_GU, UMDU_GU, UMPT_GL,
UMDU_GL, UMPT_GT, UMDU_GT, UMPT_UL, UMDU_UL,
UMPT_UT, UMDU_UT, UMPT_LT, UMDU_LT, UMPT_GUL,
UMDU_GUL, UMPT_GUT, UMDU_GUT, UMPT_ULT,
UMDU_ULT, UMPT_GLT, UMDU_GLT, UMPT_GULT, or
UMDU_GULT, and it functionally corresponds to any
combination of eGBTS, NodeB, and eNodeB. For example, Co-
MPT multimode base station deployed with UMPT_GU
functionally corresponds to the combination of eGBTS and
NodeB.
Separate-MPT
multimode base station
Separate-MPT multimode base station refers to a base station on
which different modes use different main control boards. For
example, base stations deployed with GTMU and WMPT are
called separate-MPT GSM/UMTS dual-mode base station.
NOTE
A UMDU cannot be used in a separate-MPT base station.
Unless otherwise specified, the descriptions and examples for the UMPT in a co-MPT base
station are applicable to the UMDU in a co-MPT base station.
1.2 Intended Audience
This document is intended for personnel who:
l Need to understand transmission security
l Work with Huawei products
1.3 Change History
This section provides information about the changes in different document versions. There are
two types of changes, which are defined as follows:
l Feature change
Changes in features of a specific product version
l Editorial change
Changes in wording or addition of information that was not described in the earlier
version
SRAN10.1 01 (2015-03-23)
This is the first official release. This issue does not include any changes.
SingleRAN
Transmission Security Overview Feature Parameter
Description 1 About This Document
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
2
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
6/21
SRAN10.1 Draft A (2015-01-15)
Compared with Issue 01 (2014-04-26) of SRAN9.0, Draft A (2015-01-15) of SRAN10.1
includes the following changes.
Change Type Change Description Parameter Change
Feature change Added descriptions about the
different operators can use
differential certificates. For details,
see 3.3.1 Scenario 1: RAN Sharing
Applied.
None
Editorial change None None
1.4 Differences Between Base Station Types
Definition
The macro base stations described in this document refer to 3900 series base stations. These
base stations work in GSM, UMTS, or LTE mode, as listed in the section Scope.
The LampSite base stations described in this document refer to distributed base stations that
provide indoor coverage. These base stations work in UMTS or LTE mode but not in GSM
mode.
The micro base stations described in this document refer to all integrated entities that work in
UMTS or LTE mode but not in GSM mode. Descriptions of boards, cabinets, subracks, slots,
and RRUs do not apply to micro base stations.
The following table defines the types of micro base stations.
Base Station Model RAT
BTS3202E LTE FDD
NOTE
The co-MPT and separate-MPT applications are irrelevant to single-mode micro base stations.
Feature Support by Macro, Micro, and LampSite Base Stations
None
SingleRAN
Transmission Security Overview Feature Parameter
Description 1 About This Document
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
3
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
7/21
Function Implementation in Macro, Micro, and LampSite Base Stations
Function Difference
IPSec NAT traversal IPSec NAT traversal is specific to micro base stations.
An NAT gateway is likely to be deployed when data is
transmitted on the public network. When an NAT gateway is
deployed along the IPSec tunnel, the communicating parties must
both support NAT traversal.
SingleRAN
Transmission Security Overview Feature Parameter
Description 1 About This Document
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
8/21
2Transport Network Overview
2.1 IP Backhaul Network
A mobile backhaul network is an end-to-end transport network that transmits data between a
base station and a base station controller. Figure 2-1shows an IP-based mobile backhaul
network (IP backhaul for short).
This section describes transmission security solutions for the IP backhaul.
Figure 2-1IP backhaul network
2.2 Evolution
In TDM/ATM or IP over E1 mode, a transport network is generally only used to carry radio
services, and transmission links inherently provide their own high security. Therefore, there is
no need to deploy additional security features. However, with the wide development of
mobile broadband (MBB), transport networks have evolved towards all-IP based networks.
This not only means that data migrates to the packet switched (PS) domain, but also that the
transport network becomes completely open and easily accessible. As a result, transport
networks carrying telecommunication services face various security concerns.
NOTE
This document only describes transmission security pertaining to the Ethernet or IP network.
To protect radio equipment from security threats and attacks and to provide securecommunication on transport networks, multi-plane security measures are required.
SingleRAN
Transmission Security Overview Feature Parameter
Description 2 Transport Network Overview
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
5
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
9/21
2.3 Security Requirements
As indicated in 3GPP TS 33.210, Network Domain Security for IP based protocols (NDS/IP)
is recommended for transmission security.
2.3.1 NDS Dimensions Defined by 3GPP
3GPP defines the following NDS dimensions:
l Data integrity
Data integrity ensures the correctness or accuracy of data by preventing data from
unauthorized modification, removal, and creation, and provides proof of such
unauthorized activities. For example, Internet Protocol Security (IPsec) provides
integrity protection for all IP packets.
l Data source authentication
Data source authentication ensures that the source of data received is as claimed.
l Anti-replay protection
Anti-replay protection is a special case of integrity protection. It protects packets from
being intercepted, modified, and then reinserted by a third party.
l (Optional) data confidentiality
Data confidentiality ensures that only authorized entities can access and parse data,
thereby preventing eavesdropping.
2.3.2 NDS Mechanism Defined by 3GPPNDS/IP in 3GPP networks use the standard security procedure and mechanism defined by
IETF.
This mechanism divides a network into different security domains, which are isolated by
security gateways (SeGWs). The SeGWs perform routing and implement security policies for
traffic between the security domains. This mechanism is described as follows:
l Each security domain has one or more SeGWs in order to balance traffic load or to
prevent a single point of failure.
l Secure communication between NEs is implemented by IPsec, which provides protective
measures such as data source authentication, data integrity check, and dataconfidentiality.
l The base station uses the public key infrastructure (PKI) and the pre-shared key (PSK) to
authenticate the identity of the peer end.
The typical security procedure is as follows:
1. The base station enables an IPsec tunnel.
2. The base station sends IPsec packets to the SeGW through the IPsec tunnel in the IP
backhaul.
3. The SeGW receives and processes the IPsec packets.
SingleRAN
Transmission Security Overview Feature Parameter
Description 2 Transport Network Overview
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
6
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
10/21
3Transmission Security SolutionsThis chapter describes recommended transmission security solutions that meet transmission
security standards and operator requirements.
SingleRAN
Transmission Security Overview Feature Parameter
Description 3 Transmission Security Solutions
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
7
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
11/21
3.1 On a Trusted Network
On a trusted network, sites are physically safe. For example, an operator that owns a site can
strictly control access to the site, and the site or transport network is managed by one
organization.
The security policy for trusted networks, then, is to deploy strong authentication protocols to
restrict network access.
Transmission security solutions for trusted networks are as follows:
l Secure Sockets Layer (SSL)
Operation and maintenance (O&M) data between the base station and the U2000 or
LMT is encrypted by SSL. This improves the transmission security of O&M channels.
l 802.1x
The base station is authenticated based on 802.1x before it accesses the network. This
ensures network security.
Figure 3-1shows the logical networking for transmission security on a trusted network.
Figure 3-1Logical networking for transmission security on a trusted network
Table 3-1describes the network elements (NEs) involved in the transmission security solution
for trusted networks.
Table 3-1NEs involved in the transmission security solution for trusted networks
NE Description
Base station Complies with SSL and 802.1x
U2000 Implements configuration and management of base
stations.
Authentication, Authorization and
Accounting (AAA) server
Uses digital certificates to perform access control
based on 802.1x on base stations.
802.1x authenticator Possibly uses a switch on the transport network that
is enabled with access control based on 802.1x.
SingleRAN
Transmission Security Overview Feature Parameter
Description 3 Transmission Security Solutions
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
8
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
12/21
Table 3-2describes the external interfaces involved in the transmission security solution for
trusted networks.
Table 3-2External interfaces involved in the transmission security solution for trusted
networks
External Interface Description
SSL interface Located between the base station and U2000. Through this
interface, the base station establishes an SSL connection to the
U2000.
802.1x interface Located between the base station and 802.1x authenticator. Through
this interface, the base station initiates access control based on
802.1x.
3.2 On an Untrusted Network
On an untrusted network, sites are physically unsafe. An operator that owns a site cannot
strictly control access, and the site or transport network may be managed by one or multiple
organizations.
The security policy for untrusted networks is to use IPsec and other security features to
protect data on the user, control, and management planes.
Transmission security solutions for untrusted networks are as follows:
l IPsec
The base station supports IPsec. In IPsec networking, an SeGW is deployed to terminate
an IPsec tunnel on the core network (CN) side. In addition to the IPsec tunnel solution,
IPsec also provides the secure base station deployment solution and the IPsec reliability
solution.
NOTE
Clock packets can be carried over the user, control, or management plane. That is, clock packets can be
transmitted using the IP address for any of the base station's user, control, and management planes.
l PKI
The base station complies with Certificate Management Protocol (CMPv2) and can bepreconfigured with a device certificate before delivery. With the cooperation of base
stations, a PKI system issues and manages certificates for authentication during IPsec/
802.1x/SSL implementation.
l SSL
O&M data between the base station and the U2000 or LMT is encrypted by SSL, which
improves transmission security.
l 802.1x
The base station is authenticated based on 802.1x before it accesses the network, which
ensures network security.
Figure 3-2shows the logical networking for transmission security on an untrusted network.
SingleRAN
Transmission Security Overview Feature Parameter
Description 3 Transmission Security Solutions
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
9
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
13/21
Figure 3-2Logical networking for transmission security on an untrusted network
Table 3-3describes theNEs involved in the transmission security solution for untrusted
networks.
Table 3-3NEs involved in the transmission security solution for untrusted networks
NE Description
Base station l Uses an integrated firewall to protect against attacks.
l Supports the configuration of VLANs to isolate data on the user,
control, and management planes.
U2000 Implements configuration and management of base stations.
AAA server Uses digital certificates to perform access control based on 802.1x
on base stations.
802.1x authenticator Generally uses a switch on the transport network that is enabled
with access control based on 802.1x.
SeGW l Terminates an IPsec tunnel.
l Uses an integrated firewall to protect against attacks to the CN.
PKI l Includes the CA/RA and certificate revocation list (CRL) server.
NOTE
CA stands for certificate authority and RA stands for registration authority.
l Manages digital certificates for NEs such as the base station and
SeGW.
Table 3-4describes theexternal interfaces involved in the transmission security solution for
untrusted networks.
SingleRAN
Transmission Security Overview Feature Parameter
Description 3 Transmission Security Solutions
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
10
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
14/21
Table 3-4External interfaces involved in the transmission security solution for untrusted
networks
External Interface Description
SSL interface Located between the base station and U2000. Through this interface,the base station establishes an SSL connection to the U2000.
802.1x interface Located between the base station and 802.1x authenticator. Through
this interface, the 802.1x authenticator performs access control
based on 802.1x on the base station.
IPsec interface Located between the base station and SeGW. Through this interface,
an IPsec tunnel is established.
PKI interface l CMPv2 interface
Located between the base station and CA or between the base
station and RA. Through this interface, the base station sends a
request to the CA or RA to apply for, revoke, and update adigital certificate.
l LDAP/FTP interface
Located between the base station and CRL server. Through this
interface, the base station downloads CRLs.
3.3 Application Restrictions
3.3.1 Scenario 1: RAN Sharing AppliedWhen RAN Sharing is applied, multiple IPsec tunnels must be established in order to isolate
and protect the data of each operator.
As of SRAN10.1, different operators can use differential certificates.
3.3.2 Scenario 2: Transmission on Public Networks
For transmission on public networks, IPsec tunnels must support Network Address
Translation (NAT). Currently, 3900 series base stations do not support IPsec tunnels enabled
with NAT.
3.3.3 Scenario 3: Base Stations Cascaded
When multiple base stations are cascaded, each base station must be protected by IPsec. It is
recommended that each base station have a separate IPsec tunnel and that the Hub base station
perform forwarding only.
SingleRAN
Transmission Security Overview Feature Parameter
Description 3 Transmission Security Solutions
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
11
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
15/21
4Transmission Security Features
4.1 Introduction
Transmission security features are IPsec, SSL, PKI, and access control based on 802.1x, as
shown in Figure 4-1.
Figure 4-1Transmission security features
4.2 IPsec
IPsec is a security framework defined by the IETF. It can provide end-to-end secure data
transmission on untrusted networks, such as the Internet. On IP networks, IPsec providestransparent, interoperable, and cryptography-based security services to ensure confidentiality,
integrity, and authenticity of data and to provide anti-replay protection.
IPsec operates at the IP layer of the TCP/IP protocol stack and provides transparent security
services for upper-layer applications. (TCP stands for Transmission Control Protocol.)
For details about IPsec, seeIPsec Feature Parameter Descriptionfor SingleRAN.
4.3 Access Control Based on 802.1x
802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard for port-basednetwork access control. Access control based on 802.1x involves the following NEs:
SingleRAN
Transmission Security Overview Feature Parameter
Description 4 Transmission Security Features
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
12
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
16/21
l Client, that is, a base station
l Authentication access equipment, such as a local area network (LAN) switch
l Authentication server, such as an AAA server
l Access control based on 802.1x is implemented as follows:
After a base station initially accesses the network and before it is authenticated,
only 802.1x authentication packets can be transmitted over a port on the
authentication access equipment.
After the authentication server authenticates the base station and authorizes the port,
data can be transmitted over the authorized port. This ensures that only authorized
users can access the network.
For details about access control based on 802.1x, seeAccess Control based on 802.1x Feature
Parameter Descriptionfor SingleRAN.
4.4 SSLSSL is a security protocol developed by Netscape. The latest standard version of SSL is
Transport Layer Security version 1.2 (TLSv1.2), which aims to provide authentication,
confidentiality, and integrity protection for two communication applications.
SSL enables an end-to-end secure connection to be established between two pieces of
equipment. The details are as follows:
l SSL operates between the transport and application layers. It is carried over reliable
transport layer protocols but is independent of application layer protocols.
l Before any communication using application layer protocols, negotiation of the
encryption algorithm and key and authentication have to be completed.l Application layer protocols such as HTTP, FTP, and Telnet can be transparently carried
over SSL. All data transmitted using the application layer protocols is encrypted to
ensure confidentiality.
SSL also protects O&M data transmitted between the base station or base station controller
and the U2000 to provide secure remote maintenance.
For details about SSL, see SSL Feature Parameter Descriptionfor SingleRAN.
4.5 PKI
PKI uses an asymmetric cryptographic algorithm to provide information security. It mainly
manages keys and digital certificates. The functionalities and interfaces related to PKI comply
with X.509 and 3GPP TS 33.310.
A PKI system consists of the following elements: CA, RA (optional), certificate & CRL
database, and end entity.
PKI defines a certificate management system, which uses CMPv2 to exchange management
information between NEs in a PKI system. CMPv2 provides the following functions:
l Certificate registration, application, and revocation
l Key update and recovery
l Cross-certification
SingleRAN
Transmission Security Overview Feature Parameter
Description 4 Transmission Security Features
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
13
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
17/21
l CA key update announcement
l Certificate issuing and revocation announcements
Using CMPv2, the base station and the PKI system exchange information about applying for,
issuing, and updating a certificate to implement certificate management.
For details about PKI, seePKI Feature Parameter Descriptionfor SingleRAN.
SingleRAN
Transmission Security Overview Feature Parameter
Description 4 Transmission Security Features
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
14
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
18/21
5ParametersThere are no specific parameters associated with this feature.
SingleRAN
Transmission Security Overview Feature Parameter
Description 5 Parameters
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
15
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
19/21
6CountersThere are no specific counters associated with this feature.
SingleRAN
Transmission Security Overview Feature Parameter
Description 6 Counters
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
16
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
20/21
7GlossaryFor the acronyms, abbreviations, terms, and definitions, see Glossary.
SingleRAN
Transmission Security Overview Feature Parameter
Description 7 Glossary
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
17
-
7/25/2019 Transmission Security Overview(SRAN10.1_01)
21/21
8Reference Documents1. ITU-T X.800, "Security architecture for Open Systems Interconnection for CCITT
applications," March 1991
2. ITU-T X.805, "Security architecture for systems providing end-to-end communications,"
October 2003
3. NGMN Alliance, "Security in LTE backhauling - A white paper," V1.0, February 2012
4. 3GPP TS 33.102 V11.3.0 (2012-06): "3G security; Security architecture"
5. 3GPP TS 33.210 V11.3.0 (2011-12): "3G security; Network Domain Security (NDS); IP
network layer security"
6. 3GPP TS 33.310 V10.5.0 (2011-12): "Network Domain Security (NDS); Authentication
Framework (AF)"
7. 3GPP TS 33.401 V11.4.0 (2012-06): "3GPP System Architecture Evolution (SAE);
Security architecture"
8. IETF RFC 4303, "IP Encapsulating Security Payload (ESP)," December 2005
9. IETF RFC 4306, "Internet Key Exchange (IKEv2) Protocol
10. IPsec Feature Parameter Description
11. Access Control based on 802.1x Feature Parameter Description
12. SSL Feature Parameter Description
13. PKI Feature Parameter Description
SingleRAN
Transmission Security Overview Feature Parameter
Description 8 Reference Documents
Issue 01 (2015-03-23) Huawei Proprietary and Confidential
C i h H i T h l i C L d
18