[FS_Avatar_Ph2_MED] Considerations on security aspects
This contribution from Nokia addresses security-related gaps in the Rel-20 study item FS_Avatar_Ph2_MED, specifically focusing on security mechanisms for Avatar communications in 3GPP systems.
The Rel-20 SID FS_Avatar_Ph2_MED (approved at SA#110, December 2025) aims to address gaps from previous work and resolve open points identified in TS 26.264 Rel-19. Objective 6 specifically mandates collaboration with SA3 to study security implications including:
- Identification and authentication (including schemes for Avatar-related APIs)
- Privacy preservation
- Content protection (e.g., watermarking and DRM)
- Secure distribution mechanisms for Avatar data
TS 26.264 Gaps:
- No dedicated security clause exists
- Clause 5.6.2.2 NOTE 2 identifies content protection aspects as FFS
TR 26.813 Coverage:
- Clause 8 describes Access Protection mechanisms for BAR API
- Clause 9 addresses security and privacy aspects
- However, no exploration of how these methods apply to Avatar calls in 3GPP systems
- Conclusion acknowledges need for robust authentication, encryption, and DRM mechanisms with further SA3 collaboration
TS 33.328 Limitations:
- New Annex R (Rel-19) specifies security for IMS avatar communication
- Covers procedures to prevent UE from providing unauthorized Avatar IDs
- Covers authorization for avatar downloads from BAR
- Does not cover security controls to prevent sending UE from using fake avatar representations not belonging to the user
The contribution proposes adding a new sub-clause (suggested as 8.3.4) to the base CR for TR 26.813, specifically under Clause 8 (Avatar integration into 3GPP services and enablers). This new sub-clause should: