TR 33.887
Study on Security aspects for support for
5G Wireless and Wireline Convergence (5WWC)
Phase 2
V18.0.1 (Wzip)
2023/06 40 p.
- Rapporteur:
- Mr. Khare, Saurabh
Nokia Germany
full Table of Contents for TR 33.887 Word version: 18.0.1
1 Scope
2 References
3 Definitions of terms, symbols and abbreviations
4 Assumptions
5 Key issues
6 Proposed solutions
7 Conclusions
$ Change history
1 Scope p. 7
The objectives of the present document are to identify key issues, potential security and privacy requirements and solutions with respect to:
- Whether and how to identify, authenticate and authorize the Authenticable Non-3GPP devices behind the Residential Gateway (RG) connecting to the network.
- Whether and how to identify, authenticate and authorize the 3GPP devices (UE or N5CW devices) behind the Residential Gateway (RG) connecting to the network.
- Security aspects of supporting slice in 5WWC.
- Whether and how the security aspects for UE TNAP mobility can be supported in the 5GS without performing the full authentication.
2 References p. 7
3 Definitions of terms, symbols and abbreviations p. 7
4 Assumptions p. 8
5 Key issues p. 8
5.1 Key issue #1: Authentication of AUN3 device behind RG and supporting EAP p. 8
5.2 Key issue #2: Security aspect of slice information exposure of N3IWF/TNGF to UE p. 9
5.3 Key issue #3: Security aspect of slice information exposure of N3IWF/TNGF p. 9
5.4 Key issue #4: Security aspect of TNAP mobility without full authentication p. 10
5.5 KI #5: Authentication of UE connecting to RG using NSWO procedure p. 10
6 Proposed solutions p. 11
6.0 Mapping of solutions to key issues p. 11
6.1 Solution #1: EAP_AKA prime based authentication for AUN3 devices p. 11
6.1.1 Introduction p. 11
6.1.2 Solution details p. 12
6.1.2.1 Procedure p. 12
6.1.2.2 Key derivation p. 13
6.1.3 Evaluation p. 13
6.2 Solution #2: EAP base authentication for AUN3 devices behind RG in PLMN p. 14
6.3 Solution #3: EAP base authentication for AUN3 devices behind RG in SNPN p. 15
6.4 Solution #4: EAP base authentication for AUN3 devices behind RG in SNPN by AAA server p. 17
6.5 Solution #5: TNAP mobility solution with rand p. 19
6.5.1 Introduction p. 19
6.5.2 Solution details p. 19
6.5.2.1 Procedure p. 19
6.5.2.2 Key derivation p. 20
6.5.3 Evaluation p. 20
6.6 Solution #6: TNAP mobility solution with count p. 21
6.6.1 Introduction p. 21
6.6.2 Solution details p. 22
6.6.2.1 Procedure p. 22
6.6.2.2 Key derivation p. 23
6.6.3 Evaluation p. 23
6.7 Solution #7: Using Fast BSS Transition for TNAP mobility p. 24
6.7.1 Introduction p. 24
6.7.2 Solution details p. 24
6.7.2.1 Solution overview p. 24
6.7.2.2 Details of FT p. 25
6.7.3 Evaluation p. 26
6.8 Solution #8: Security Establishment for TNAP Mobility p. 27
6.9 Solution #9: AUN3 device supporting 5G Key hierarchy (i.e. N5CW) p. 29
6.9.1 Introduction p. 29
6.9.2 Solution details p. 30
6.9.2.1 Procedure p. 30
6.9.2.2 Key derivation p. 31
6.9.3 Evaluation p. 31
6.10 Solution #10: TNAP mobility solution without full authentication p. 31
6.11 Solution #11: Security of N3IWF/TNGF reallocation p. 33
6.12 Solution #12: Authentication of UE connecting to RG by NSWO p. 35
6.13 Solution #13: TNAP mobility using modified ERP p. 35
7 Conclusions p. 39
7.1 Key issue #1: Authentication of AUN3 device behind RG and supporting EAP p. 39
7.2 Key issue #2: Security aspect of slice information exposure of N3IWF/TNGF to UE p. 39
7.3 Key issue #3: Security aspect of slice information exposure of N3IWF/TNGF p. 39
7.4 Key issue #4: Security aspect of TNAP mobility without full authentication p. 39
7.5 Key issue #5: Authentication of UE connecting to RG using NSWO p. 39
$ Change history p. 40
