Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.536  Word version:  17.1.0

Top   Top   Up   Prev   Next
1…   5…   5.3.3.1.4   5.3.3.1.5   5.3.3.2…   5.4…
5.3.3.1.5 Protection of the PC5 unicast link
...

 

5.3.3.1.5  Protection of the PC5 unicast linkp. 17
5.3.3.1.5.1  Generalp. 17
Protection for the signalling and user plane data between the UEs is provided at the PDCP layer. As the security is not preserved through a drop of the connection, all signalling messages that need to be sent before security is established for a connection may be sent with no protection. The PC5-S signalling messages that can be sent and processed unprotected are given in TS 24.587. Once security is established for a connection all signalling messages for that connection are sent integrity protected and confidentiality protected with the chosen algorithms except the Direct Security Mode Command which is sent integrity protected only.
Up
5.3.3.1.5.2  Integrity protectionp. 17
UEs shall implement NIA0, 128-NIA1 and 128-NIA2 and may implement 128-NIA3 for integrity protection of the unicast link. The algorithm identifiers from clause 5.11.1.2 of TS 33.501 are reused for PC5-S, PC5-RRC, and PC5-U.
These integrity algorithms are as specified in TS 33.501 and are reused with the following modifications:
  • The key used is NRPIK;
  • Direction is set to 1 for direct link signalling transmitted by the UE that sent the Direct Security Mode Command for this security context and 0 otherwise;
  • Bearer[0] to Bearer[4] are set to 5 LSB of LCID;
  • COUNT[0] to COUNT[31] are filled with counter value (see clause 6.3.5 of TS 38.323).
The receiving UE ensures that received protected signalling messages and user plane data that is integrity protected are not replayed.
Up
5.3.3.1.5.3  Confidentiality protectionp. 18
UEs shall implement NEA0, 128-NEA1 and 128-NEA2 and may implement 128-NEA3 for ciphering of the unicast link. The algorithm identifiers from clause 5.11.1.1 of TS 33.501 are reused for PC5-S, PC5-RRC, and PC5-U.
These ciphering algorithms are as specified in TS 33.501 and are used with the following modifications:
  • The key used in NRPEK;
  • Direction is set as for integrity protection (see clause 5.3.3.1.5.2);
  • Bearer[0] to Bearer[4] are set to 5 LSB of LCID;
  • COUNT[0] to COUNT[31] are filled with counter value.
Up
5.3.3.1.5.4  Content of the PDCP packetp. 18
The Key ID and least significant bits of the counter are carried in the PDCP header, along with any MAC that is needed for integrity protection if integrity protection is activated. The key ID is used to signal which security context is being used and shall be set to KNRP-sess ID. The payload field and MAC (if required) fields are ciphered if confidentiality protection is activated.
This is illustrated in Figure 5.3.3.1.5.4-1.
Copy of original 3GPP image for 3GPP TS 33.536, Fig. 5.3.3.1.5.4-1: Security parameters in the PDCP header for NR based PC5 unicast mode
Figure 5.3.3.1.5.4-1: Security parameters in the PDCP header for NR based PC5 unicast mode
(⇒ copy of original 3GPP image)
Up

Up   Top   ToC