Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.888  Word version:  12.1.0

Top   Top   Up   Prev   None
0…   4…
4 Overview of Group Communication Service Enabler (GCSE)5 GCSE security architecture6 Key issues for GCSE security7 Summary of threat and risk analysis8 Potential security requirements for Rel-129 Potential security solutions10 Conclusions$ Change History

 

4  Overview of Group Communication Service Enabler (GCSE)p. 9

4.1  Introductionp. 9

4.2  GCSE architecture: assumptions and baseline principlesp. 10

5  GCSE security architecturep. 11

5.1  Overview of security architecturep. 11

6  Key issues for GCSE securityp. 12

6.1  Key issue: Security in critical communication scenariosp. 12

6.1.1  Issue detailsp. 12

6.1.2  Threatsp. 12

6.1.3  Security requirementsp. 12

6.1.4  Solutionsp. 12

6.1.4.1  Supporting e2e securityp. 12

6.1.5  Evaluationp. 13

6.2  Key issue: Interaction with ProSe securityp. 14

6.2.1  Key issue detailsp. 14

6.2.2  Security threatsp. 14

6.2.3  Security requirementsp. 14

6.2.4  Solutionsp. 15

6.2.4.1  GCSE Security via IDENTITYp. 15

6.2.4.1.1  Introductionp. 15
6.2.4.1.2  IDENTITY Support for Multicast communicationsp. 15
6.2.4.1.2.1  Provisioning and Configurationp. 15
6.2.4.1.2.2  Session Initialization and Key Distributionp. 15
6.2.4.1.3  Use of MBMS securityp. 17
6.2.4.1.4  Comparison with ProSe IDENTITY solutionp. 17

6.2.5  Evaluationp. 17

6.3  Key issue: Security across Unicast and Multicast modesp. 18

6.3.1  Key issue detailsp. 18

6.3.2  Security threatsp. 18

6.3.3  Security requirementsp. 18

6.3.4  Solutionsp. 18

6.3.4.1  Using session layer security external to MBMSp. 18

6.3.4.2  Security options for data protectionp. 18

6.3.4.2.1  UE-to-UE end-to-end securityp. 19
6.3.4.2.2  UE-to-GCS AS end-to-end securityp. 19
6.3.4.2.3  GCS AS downlink security options considering partial re-usage of MBMS securityp. 19

6.3.4.3  Solution: Using MBMS security data protection function for Multicast/Broadcast and EPS security for Unicast in GCS downlink communicationp. 19

6.3.4.3.1  Generalp. 19
6.3.4.3.2  Data Flowp. 20
6.3.4.3.2.1  Assumptionsp. 20
6.3.4.3.2.2  Unicast downlinkp. 20
6.3.4.3.2.3  Multicast/Broadcast downlinkp. 20
6.3.4.3.3  MB2 interface protectionp. 20
6.3.4.3.4  GC1 interface protectionp. 20

6.3.4.4  Solution: Using MBMS security data protection function for Multicast/Broadcast and Unicast in GCS downlink communicationp. 20

6.3.4.4.1  Generalp. 21
6.3.4.4.2  Data Flowp. 21
6.3.4.4.2.1  Assumptionsp. 21
6.3.4.4.2.2  Unicast and Multicast/Broadcast downlinkp. 21
6.3.4.4.3  MB2 interface protectionp. 21
6.3.4.4.4  GC1 interface protectionp. 21

6.3.5  Evaluationp. 21

6.3.5.1  Evaluation of Solution: Using MBMS security data protection function for Multicast/Broadcast and EPS security for Unicast in GCS downlink communicationp. 22

6.3.5.2  Evaluation of Solution: Using MBMS security data protection function for Multicast/Broadcast and Unicast in GCS downlink communicationp. 22

6.4  Key issue: Level of applying security for mitigation of GCSE risks/threatsp. 23

6.4.1  Key issue detailsp. 23

6.4.2  Threatsp. 23

6.4.3  Security requirementsp. 23

6.4.4  Solutionsp. 23

6.4.4.1  Security options for Unicast Delivery mode and MBMS Delivery modep. 23

6.4.4.2  Indication and negotiation of supported MBMS securityp. 24

6.4.5  Evaluationp. 25

6.4.5.1  Evaluation of the options in MBMS Delivery mode (option A-D)p. 25

6.4.5.2  Optionality of MBMS for Group Communicationp. 26

6.5  Key Issue: GCSE security between UE and GCSE ASp. 27

6.5.1  Key issue detailsp. 27

6.5.2  Security threatsp. 27

6.5.3  Security requirementsp. 27

6.5.4  Solutionsp. 28

6.5.5  Evaluationp. 28

6.6  Key issue: Communication between GCSE AS and BM-SC (MB2 interface)p. 29

6.6.1  Key issue detailsp. 29

6.6.2  Threatsp. 29

6.6.3  Security requirementsp. 29

6.6.4  Solutionsp. 30

6.6.5  Evaluationp. 30

6.7  Key issue: Transmitting Group Member identificationp. 31

6.7.1  Key issue detailsp. 31

6.7.2  Security threatsp. 31

6.7.3  Security requirementsp. 31

6.7.4  Solutionsp. 31

6.7.5  Evaluationp. 31

6.8  Key issue: Adding and removing group membersp. 32

6.8.1  Key issue detailsp. 32

6.8.2  Security threatsp. 32

6.8.3  Security requirementsp. 32

6.8.4  Solutionsp. 32

6.8.5  Evaluationp. 32

6.9  Key issue: Illegitimate access to UEp. 34

6.9.1  Key issue detailsp. 34

6.9.2  Threatsp. 34

6.9.3  Security requirementsp. 34

6.9.4  Solutionsp. 34

6.9.5  Evaluationp. 34

6.10  Key Issue: GCSE_LTE interaction with ProSe UE-to-Network Relaysp. 35

6.10.1  Key issue detailsp. 35

6.10.2  Threatsp. 35

6.10.3  Security requirementsp. 35

6.10.4  Solutionsp. 35

6.10.5  Evaluationp. 35

6.11  Key Issue: Group key compromisep. 36

6.11.1  Key issue detailsp. 36

6.11.2  Threatsp. 36

6.11.3  Security requirementsp. 36

6.11.4  Solutionsp. 36

6.11.5  Evaluationp. 36

6.12  Key issue: Securing keys in the UEp. 37

6.12.1  Key issue detailsp. 37

6.12.2  Threatsp. 37

6.12.3  Security requirementsp. 37

6.12.4  Solutionsp. 37

6.12.5  Evaluationp. 37

6.13  Key issue: Decision point for using PtP and/or PtMp. 38

6.13.1  Issue detailsp. 38

6.13.2  Threatsp. 38

6.13.3  Security requirementsp. 38

6.13.4  Solutionsp. 38

6.13.5  Evaluationp. 38

6.14  Key issue: Performance and scalabilityp. 39

6.14.1  Key issue detailsp. 39

6.14.2  Security threatsp. 39

6.14.3  Security requirementsp. 39

6.14.4  Solutionsp. 39

6.14.5  Evaluationp. 39

7  Summary of threat and risk analysisp. 40

8  Potential security requirements for Rel-12p. 40

9  Potential security solutionsp. 41

9.1  Solution based on DIAMETERp. 41

10  Conclusionsp. 42

$  Change Historyp. 44

Up   Top