tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

Top        in Index        Prev        Next

draft-TR 33.899 (SA3)
Study on the security aspects of the next generation system

|   ToC   |   3GPP‑Page   |   Help   |

(W-zip) V1.3.0    2017/08    605 p.


Rapporteur:  Mr. Torvinen, Vesa
See also:  5G-related TS/TR    


This TR is a collection of proposed security requirements, and solutions that were collected during the study of the next generation architecture. The study item was stopped in August 2017. The content of this TR reflects the state of the work when the study item was stopped. Proposed requirements and solutions are not fully evaluated.

In the scope of this TR are the threats, potential requirements and solutions for the security of next generation mobile networks. The work will include:
  • Collection, analysis and further investigation of potential security threats and requirements for the next generation systems, based on the service, architectural and radio related requirements for the next generation mobile networks.
  • Investigation of the security architecture and access security.
The complete or partial conclusions of this study will form the basis for the normative work and/or for any further study.

The security threats and requirements, and the security architecture may additionally include standalone security topics. These topics may not be covered by the security work described above but they shall not be in conflict with service, architectural or radio related requirements for next generation mobile networks. It is part of the study to determine whether such topics need to be dealt with, and, if so, what they are.


 

Here        Top        None        None        Next
part:    1     2     3     4     5     6

 

 

1   Scope   Word-p. 37
2   References
3   Definitions, symbols and abbreviations   Word-p. 42
4   Security areas and high level security requirements   Word-p. 45
5   Key issues and solutions   Word-p. 47
5.1   Security area #1: Architectural aspects of Next Generation security      Up
5.1.1   Introduction
5.1.2   Security assumptions
5.1.3   Key issues
5.1.3.1   Key issue #1.1: Overview of NextGen security architecture
5.1.3.2   Key issue #1.2: Need for security anchor in NextGen network
5.1.3.3   Key Issue #1.3: User plane integrity between UE and network
5.1.3.4   Key Issue #1.4: User plane confidentiality between UE and network
5.1.3.5   Key Issue #1.5 Integrity protection for the control plane between UE and network      Up
5.1.3.6   Key Issue #1.6 Confidentiality for the control plane between UE and network
5.1.3.7   Key issue #1.7: Key hierarchy
5.1.3.8   Key Issue #1.8: UEs with Asymmetric Keys
5.1.3.9   Key issue #1.9: Security features for AN-CN Control Plane
5.1.3.10   Key issue #1.10: Security features for AN-CN User Plane      Up
5.1.3.11   Key issue #1.11: Security features for CN-CN Control Plane
5.1.3.12   Key issue #1.12: Security features for CN-CN User Plane
5.1.3.13   Key Issue #1.13: Security Implications to Achieve Low Latency   Word-p. 57
5.1.3.14   Key issue #1.14: Security for serving functions in a less secure location   Word-p. 59
5.1.3.15   Key issue #1.15: Termination point of UP security      Up
5.1.3.16   Key issue #1.16: User plane protection granularity   Word-p. 62
5.1.3.17   Key issue #1.17: On-demand security policy   Word-p. 63
5.1.3.18   Key issue #1.18: Flexible security policies negotiation in control plane
5.1.3.19   Key issue #1.19: Untrusted non-3GPP access
5.1.3.20   Key issue #1.20: Trusted non-3GPP access   Word-p. 65      Up
5.1.3.21   Key issue #1.21: Dealing with signalling attacks
5.1.3.y   Key issue #1.y: <key issue name>
5.1.4   Solutions
5.1.4.1   Solution #1.1: Radio interface user plane integrity protection
5.1.4.2   Solution #1.2: Periodic local authentication and packet count check
5.1.4.3   Solution #1.3: Radio interface user plane encryption
5.1.4.4   Solution #1.4: Key hierarchy
5.1.4.5   Solution #1.5: User plane security policy and key derivation
5.1.4.6   Solution #1.6: Architecture for NextGen that include a security anchor
5.1.4.7   Solution #1.7: Serving functions all deployed in secure location      Up
5.1.4.8   Solution #1.8: Key hierarchy for NextGen
5.1.4.9   Solution #1.9: Key hierarchy and the related procedure   Word-p. 86
5.1.4.10   Solution #1.10: UP protection for PDU session (re)establishment triggered by handover
5.1.4.11   Solution #1.11 High level of Security Architecture   Word-p. 95
5.1.4.12   Solution #1.12: Low latency security technique to protect user plane
5.1.4.13   Solution #1.13: Security of NAS signallings before security activation
5.1.4.14   Solution #1.14: Single termination point for NAS security
5.1.4.15   Solution #1.15: AES as a fast stream cipher   Word-p. 100
5.1.4.16   Solution #1.16: Re-use of "Data efficient re-keying"
5.1.4.17   Solution #1.17: Delegated Subscriber Server   Word-p. 101
5.1.4.18   Solution #1.18: Combining Low Latency on User Plane with High Latency on Control Plane.
5.1.4.19   Solution #1.19: Next Generation USIM
5.1.4.20   Solution 1.20: Flexible UP security termination point
5.1.4.21   Solution 1.21: Flexible UP security termination point
5.1.4.22   Solution #1.22: Terminating user plane security in the AN
5.1.4.23   Solution #1.23: Security for the AN-CN User Plane   Word-p. 107
5.1.4.24   Solution #1.24: Security for the AN-CN Control Plane
5.1.4.25   Solution #1.25: Protocol stack options for the user-plane security terminating at the UPF
5.1.4.26   Solution #1.26: Untrusted non-3GPP access
5.1.4.27   Solution #1.27: Authentication and Key Agreement procedure for untrusted non-3GPP Access
5.1.4.28   Solution #1.28: Authentication and Key agreement procedure for NextGen architecture with stand-alone non-3GPP access      Up
5.1.4.29   Solution #1.29: A solution for KDF negotiation
5.1.4.30   Solution #1.30 Registration Procedure for NextGen network   Word-p. 125
5.1.4.31   Solution #1.31 Security mode command procedure for NextGen network
5.1.4.32   Solution #1.32 Security mode command procedure for NextGen network with NAS-SM   Word-p. 129
5.1.4.33   Solution #1.33: Consolidated Key hierarchy for NextGen
5.1.4.34   Solution #1.34: NextGen USIM      Up
5.1.4.35   Solution #1.35: Key management during AMF change
5.1.4.36   Solution #1.36: Security anchor function realization via AMFs
5.1.4.38   Solution #1.38: Detection and response function for signalling attacks   Word-p. 143
5.1.4.39   Solution #1.39: Flexible UP Termination Point with LTE compatibility   Word-p. 145
5.1.4.40   Solution #1.40: A solution of key isolation in inter-AMF mobility
5.1.4.41   Solution #1.41: UP security Determination   Word-p. 147
5.1.4.42   Solution #1.42: User plane integrity protection on a per DRB basis
5.1.4.43   Solution #1.43: Key hierarchy for next generation systems      Up
5.1.4.44   Solution #1.44: Securing multiple NAS connections
5.1.4.45   Solution #1.45: Key hierarchy for 5G
5.1.4.46   Solution #1.46: PDU session-specific security negotiation
5.1.4.47   Solution #1.47: Secure interface between 3GPP network and external DN for secondary authentication by an external DN-AAA server   Word-p. 162      Up
5.1.4.49   Solution #1.49: UE Registration and Authentication Procedure via Untrusted non-3GPP Access network
5.1.4.50   Solution #1.50: Security procedure for UP protection policy determination
5.1.4.51   Solution #1.51: Security of NAS signallings before security activation
5.1.4.z   Solution #1.z: <solution name>
5.1.5   Conclusions

Up        Top        ToC