HTTPS

Hyper Text Transfer Protocol Secure

Protocol
Introduced in Rel-7
HTTPS is HTTP/1.1 secured with SSL/TLS, operating on port 443. It provides encrypted and authenticated communication for web-based services in 3GPP networks, protecting user data and signaling integrity between network functions and user equipment.

Description

Hyper Text Transfer Protocol Secure (HTTPS) is a fundamental application-layer protocol within 3GPP architectures, specifically defined as HTTP/1.1 operating over a Secure Sockets Layer (SSL) or its successor, Transport Layer Security (TLS). In the 3GPP context, HTTPS is not merely a web protocol but a critical secure transport mechanism for numerous network-based services and Application Programming Interfaces (APIs), particularly those exposed by Network Exposure Functions (NEFs) and Service Capability Exposure Functions (SCEFs). It establishes a secure channel between a client, such as a User Equipment (UE) or an external application server, and a network server, ensuring that all data exchanged is encrypted and authenticated.

The protocol operates on a well-defined port, typically 443. The security is provided by the underlying SSL/TLS layer, which handles the cryptographic handshake, symmetric key establishment, and ongoing encryption of the HTTP payload. This handshake involves server authentication (and optionally client authentication) using X.509 digital certificates, negotiation of the cryptographic suite (cipher suite), and the generation of session keys. Once the TLS tunnel is established, standard HTTP methods (GET, POST, PUT, DELETE) are used within this encrypted channel to transfer data, execute procedures, or retrieve information from network functions.

Architecturally, HTTPS is integral to the Service-Based Architecture (SBA) of the 5G Core (5GC), where network functions communicate via HTTP/2 with JSON or Protobuf payloads, all secured by TLS—a direct evolution of the HTTPS principles. For external exposure, 3GPP specifies HTTPS as a primary method for secure third-party access to network capabilities. Key components in this ecosystem include the TLS stack implementing protocols like TLS 1.2 or 1.3, the HTTP client and server software, and the Public Key Infrastructure (PKI) managing the required digital certificates. Its role is to guarantee confidentiality, integrity, and authentication for web service transactions, which is paramount for subscriber privacy, secure provisioning, lawful interception interfaces, and the integrity of network signaling towards applications.

Purpose & Motivation

HTTPS was introduced into 3GPP standards to address the critical need for securing web-based interfaces that were becoming prevalent for service delivery and network management. Prior to its formal adoption, proprietary or less secure methods might have been used for data exchange, exposing vulnerabilities to eavesdropping, tampering, and impersonation attacks. The motivation was to leverage a widely adopted, robust, and standardized internet security protocol to protect sensitive subscriber data, network configuration commands, and service delivery transactions.

The creation of HTTPS support in 3GPP was driven by the evolution towards IP-based services and open APIs. As networks moved away from closed, circuit-switched paradigms to all-IP architectures, the need for a universal, application-layer security mechanism became apparent. HTTPS solves the problem of transmitting credentials, personal data, and critical network instructions over potentially untrusted IP networks. It provides a well-understood security model that integrates seamlessly with the World Wide Web ecosystem, enabling secure interactions for services like device management, multimedia messaging, and location-based services. Its adoption standardizes security practices across different vendors and service providers, ensuring interoperability and a consistent security baseline.

Key Features

  • Provides end-to-end encryption for HTTP payloads using SSL/TLS
  • Operates on the standard IANA-assigned port 443
  • Supports server authentication via X.509 certificates
  • Enables optional client certificate authentication for mutual TLS
  • Ensures data integrity and protects against man-in-the-middle attacks
  • Foundation for secure RESTful APIs in Service-Based Architectures

Evolution Across Releases

Rel-7 Initial

Initially introduced HTTPS as a defined secure transport protocol within 3GPP specifications. It established the baseline definition as HTTP/1.1 over SSL (the predecessor to TLS), primarily for securing web-based service interfaces and management protocols. This provided a standardized method for encrypted communication for services like Device Management.

TS 21.905TS 23.057TS 23.722TS 24.109TS 24.484TS 26.234TS 26.247TS 26.501TS 26.517TS 26.804TS 26.938TS 29.201TS 29.817TS 32.583TS 32.593TS 33.141TS 33.222TS 33.823

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 23.057 3GPP TS 23.057
TS 23.722 3GPP TS 23.722
TS 24.109 3GPP TS 24.109
TS 24.484 3GPP TS 24.484
TS 26.234 3GPP TS 26.234
TS 26.247 3GPP TS 26.247
TS 26.501 3GPP TS 26.501
TS 26.517 3GPP TS 26.517
TS 26.804 3GPP TS 26.804
TS 26.938 3GPP TS 26.938
TS 29.201 3GPP TS 29.201
TS 29.817 3GPP TS 29.817
TS 32.583 3GPP TR 32.583
TS 32.593 3GPP TR 32.593
TS 33.141 3GPP TR 33.141
TS 33.222 3GPP TR 33.222
TS 33.823 3GPP TR 33.823