Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.896
Study of Security aspects on User Consent for 3GPP Services
Phase 2

3GPP‑Page  
V18.0.1 (Wzip)  2023/06  18 p.
Rapporteur:
Mrs. Rong, Wu
HUAWEI TECHNOLOGIES Co. Ltd.

full Table of Contents for  TR 33.896  Word version:  18.0.1

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 Overview5 Key issues6 Solutions7 Conclusions$ Change history

 

1  Scopep. 6

The present document is to investigate potential enhancements of 5GS that would enable broader use cases in relation with user consent.
The following aspects are in the scope of the study:
  1. Investigating the potential issues and solutions with user consent for:
    • eNA in case of roaming.
    • MEC in case of roaming.
    • NTN.
    • AI/ML for NG-RAN.
  2. Investigating the potential generic security requirements, services and guidance for user consent derived from objective 1.
Even where solutions exist to obtain user consent, collection and exposure of user sensitive data should be minimized and identification of the users should only be allowed where critical to the operation of the related feature.
Up

2  Referencesp. 6

3  Definitions of terms, symbols and abbreviationsp. 6

3.1  Termsp. 6

3.2  Symbolsp. 6

3.3  Abbreviationsp. 7

4  Overviewp. 7

5  Key issuesp. 7

5.1  Key Issue #1: User consent for roaming case in eNAp. 7

5.1.1  Key issue detailsp. 7

5.1.2  Security threatsp. 7

5.1.3  Potential security requirementsp. 7

5.2  Key Issue #2: User consent for NTNp. 7

5.2.1  Key issue detailsp. 7

5.2.2  Security threatsp. 8

5.2.3  Potential security requirementsp. 8

5.3  Key Issue #3: Unified framework for user consent related data retrieval, notification, and revocationp. 8

5.3.1  Key issue detailsp. 8

5.3.2  Security threatsp. 8

5.3.3  Potential security requirementsp. 8

5.4  Key Issue #4: Guidance for Enforcing User Consentp. 8

5.4.1  Key issue detailsp. 8

5.4.2  Security threatsp. 9

5.4.3  Potential security requirementsp. 9

6  Solutionsp. 9

6.0  Mapping of solutions to key issuesp. 9

6.1  Solution #1: User consent obtained by the NTN-RAN in non-mobility use casep. 9

6.1.1  Introductionp. 9

6.1.2  Solution detailsp. 9

6.2  Solution #2: User consent revocation obtained by the NTN-RANp. 11

6.2.1  Introductionp. 11

6.2.2  Solution detailsp. 11

6.3  Solution #3: User Consent for UE Data Exposure to HPLMN in the Roaming casep. 13

6.3.1  Introductionp. 13

6.3.2  Solution detailsp. 13

6.3.3  Evaluationp. 14

6.4  Solution #4: User Consent for UE Data Exposure to VPLMN in the Roaming casep. 15

6.4.1  Introductionp. 15

6.4.2  Solution detailsp. 15

6.4.3  Evaluationp. 16

6.5  Solution #5: Central authorization for user consent handlingp. 16

6.5.1  Introductionp. 16

6.5.2  Solution detailsp. 16

6.5.3  Evaluationp. 16

7  Conclusionsp. 16

7.1  Conclusion for Key Issue #1p. 16

7.2  Conclusion for Key Issue #2p. 17

7.3  Conclusion for Key Issue #3p. 17

$  Change historyp. 18

Up   Top