tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search

Top          in Index          Prev          Next

draft-TR 33.899 (SA3)
Study on the security aspects of the next generation system

|   ToC   |   3GPP‑Page   |   Help   |

(W-zip) V1.2.0    2017/06    586 p.

Rapporteur:  Mr. Torvinen, Vesa
See also:  5G-related TS/TR    

In the scope of this TR are the threats, potential requirements and solutions for the security of next generation mobile networks. The work will include:
  • Collection, analysis and further investigation of potential security threats and requirements for the next generation systems, based on the service, architectural and radio related requirements for the next generation mobile networks.
  • Investigation of the security architecture and access security.
The complete or partial conclusions of this study will form the basis for the normative work and/or for any further study.

The security threats and requirements, and the security architecture may additionally include standalone security topics. These topics may not be covered by the security work described above but they shall not be in conflict with service, architectural or radio related requirements for next generation mobile networks. It is part of the study to determine whether such topics need to be dealt with, and, if so, what they are.


Here          Top          None          None          Next
part:    1     2     3     4     5     6



1   Scope   Word-p. 31
2   References
3   Definitions, symbols and abbreviations   Word-p. 35
4   Security areas and high level security requirements   Word-p. 38
5   Key issues and solutions   Word-p. 40
5.1   Security area #1: Architectural aspects of Next Generation security      Up
5.1.1   Introduction
5.1.2   Security assumptions
5.1.3   Key issues   Key issue #1.1: Overview of NextGen security architecture   Key issue #1.2: Need for security anchor in NextGen network   Key Issue #1.3: User plane integrity between UE and network   Word-p. 43   Key Issue #1.4: User plane confidentiality between UE and network   Word-p. 44   Key Issue #1.5 Integrity protection for the control plane between UE and network      Up   Key Issue #1.6 Confidentiality for the control plane between UE and network   Key issue #1.7: Key hierarchy   Word-p. 46   Key Issue #1.8: UEs with Asymmetric Keys   Key issue #1.9: Security features for AN-CN Control Plane   Word-p. 48   Key issue #1.10: Security features for AN-CN User Plane      Up   Key issue #1.11: Security features for CN-CN Control Plane   Key issue #1.12: Security features for CN-CN User Plane   Word-p. 50   Key Issue #1.13: Security Implications to Achieve Low Latency   Key issue #1.14: Security for serving functions in a less secure location   Key issue #1.15: Termination point of UP security   Word-p. 54      Up   Key issue #1.16: User plane protection granularity   Key issue #1.17: On-demand security policy   Key issue #1.18: Flexible security policies negotiation in control plane   Key issue #1.19: Untrusted non-3GPP access   Key issue #1.20: Trusted non-3GPP access   Word-p. 59      Up   Key issue #1.21: Dealing with signalling attacks
5.1.3.y   Key issue #1.y: <key issue name>
5.1.4   Solutions   Solution #1.1: Radio interface user plane integrity protection   Solution #1.2: Periodic local authentication and packet count check   Solution #1.3: Radio interface user plane encryption   Word-p. 62   Solution #1.4: Key hierarchy   Solution #1.5: User plane security policy and key derivation   Solution #1.6: Architecture for NextGen that include a security anchor   Solution #1.7: Serving functions all deployed in secure location      Up   Solution #1.8: Key hierarchy for NextGen   Solution #1.9: Key hierarchy and the related procedure   Word-p. 80   Solution #1.10: UP protection for PDU session (re)establishment triggered by handover   Solution #1.11 High level of Security Architecture   Solution #1.12: Low latency security technique to protect user plane   Solution #1.13: Security of NAS signallings before security activation   Solution #1.14: Single termination point for NAS security   Solution #1.15: AES as a fast stream cipher   Word-p. 93   Solution #1.16: Re-use of "Data efficient re-keying"   Solution #1.17: Delegated Subscriber Server   Solution #1.18: Combining Low Latency on User Plane with High Latency on Control Plane.   Word-p. 95   Solution #1.19: Next Generation USIM   Solution 1.20: Flexible UP security termination point   Solution 1.21: Flexible UP security termination point   Word-p. 97   Solution #1.22: Terminating user plane security in the AN   Solution #1.23: Security for the AN-CN User Plane   Word-p. 100   Solution #1.24: Security for the AN-CN Control Plane   Solution #1.25: Protocol stack options for the user-plane security terminating at the UPF   Solution #1.26: Untrusted non-3GPP access   Solution #1.27: Authentication and Key Agreement procedure for untrusted non-3GPP Access   Solution #1.28: Authentication and Key agreement procedure for NextGen architecture with stand-alone non-3GPP access      Up   Solution #1.29: A solution for KDF negotiation   Solution #1.30 Registration Procedure for NextGen network   Word-p. 119   Solution #1.31 Security mode command procedure for NextGen network   Solution #1.32 Security mode command procedure for NextGen network with NAS-SM   Word-p. 123   Solution #1.33: Consolidated Key hierarchy for NextGen   Solution #1.34: NextGen USIM   Solution #1.35: Key management during AMF change      Up   Solution #1.36: Security anchor function via primary AMFs   Solution #1.38: Detection and response function for signalling attacks   Word-p. 137   Solution #1.39: Flexible UP Termination Point with LTE compatibility
5.1.4.z   Solution #1.z: <solution name>
5.1.5   Conclusions

Up          Top          ToC