Content for TS 33.501 Word version: 18.4.0

1… 4… 5… 5.3… 5.9… 5.10… 6… 6.1.3… 6.1.4… 6.2… 6.2.2… 6.3… 6.4… 6.5… 6.6… 6.7… 6.8… 6.9… 6.10… 6.11 6.12… 6.13 6.14… 6.15… 6.16… 7… 7A… 7A.2.3… 7B… 8… 9… 10… 11… 12… 13… 13.2.2… 13.2.4… 13.3… 13.4… 14… 15… 16… A… B… C… D… E… F… G… I… I.9… J… K… M… N… O… P… R S… T… U… V… W… X… Y… Z…

T.1 General T.2 Security of network exposure to edge application server T.3 Security of EAS discovery procedure via EASDF in non-roaming Scenario T.4 Security of EAS discovery procedure via V-EASDF in roaming Scenario
...

T (Normative) Security for edge computing |R17| p. 285

T.1 General p. 285

The 5G Edge computing service is described in TS 23.548. It defines the enhancements of 5G System to support Edge Computing.

T.2 Security of network exposure to edge application server p. 285

It is defined in clause 6.4 of TS 23.548 that the network could expose network information to the local AF with two scenarios, i.e.

Case 1: L-PSA UPF may expose the network information to local AF via Local NEF, or
Case 2: L-PSA UPF may expose the network information to local AF directly. However, How to deliver the information on N6 is out of scope.

For the Case 1, the Security aspects of Network Exposure Function specified in clause 12 shall be used for the network information exposure.

T.3 Security of EAS discovery procedure via EASDF in non-roaming Scenario p. 285

Annex P of the present document should be followed, with the following additions, to protect the discovery messages between the UE and the EASDF which is used as the DNS server for EAS discovery in the non-roaming case. If the core network is used to configure the security information, the SMF is preconfigured with the EASDF security information (credentials to authenticate the EASDF, supported security mechanisms, port number, etc.) and provides the security information to the UE as follows:

The SMF provides the EASDF security information to the UE via PCO.

T.4 Security of EAS discovery procedure via V-EASDF in roaming Scenario |R18| p. 285

Annex P of the present document should be followed, with the following additions, to protect the discovery messages between the UE and the V-EASDF which is used as the DNS server for EAS discovery in the roaming case. If the core network is used to configure the security information, the V-SMF is preconfigured with the V-EASDF security information (credentials to authenticate the V-EASDF, supported security mechanisms, port number, etc.) and provides the security information to the UE as follows:

In the case of LBO roaming, the V-SMF provides the V-EASDF security information to the UE via PCO.
In the case of HR with Session Breakout (HR-SBO) roaming scenarios, during the PDU session establishment or modification procedure, the V-SMF provides the V-EASDF security information via Nsmf_PDUSession_Create/ Nsmf_PDUSession_Update to H-SMF when the V-SMF determines to use a V-EASDF for EAS discovery, and the H-SMF provides the V-EASDF security information to UE via PCO if HR SBO is authorized.