Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.256  Word version:  18.2.0

Top   Top   Up   Prev   None
1…   5…   5.2.2…   5.3…   5.6…

 

5.6  A2X Direct Communication |R18|p. 24

5.6.1  Generalp. 24

This clause describes the security support of an Aircraft-to-everything (A2X) mechanism based on PC5 reference point. A2X services such as C2 Communication, BRID and DAA are detailed in TS 23.256.
A2X service authorization and provisioning to UE may be initiated by the PCF, by the UE, or by the AF.
A2X Direct Communication supports both unicast and broadcast modes.

5.6.2  Unicast mode A2X Direct Communicationp. 24

5.6.2.1  Generalp. 24

The unicast mode A2X Direct Communication procedures are described in TS 23.256. Unicast mode A2X Direct Communication is used by two UEs that directly exchange traffic for the A2X applications running between the peer UEs.

5.6.2.2  Security requirementsp. 24

The initiating UE shall establish a different security context for each peer UE during the PC5 unicast establishment if the security is activated. It shall be possible to establish security context also when either one or both the A2X-enabled UEs are out of coverage.
The mutual authentication between two A2X-enabled UEs during PC5 unicast shall be supported.
The PC5 unicast signalling shall support confidentiality protection, integrity protection and anti-replay protection.
The PC5 unicast user plane shall support confidentiality protection, integrity protection and anti-replay protection.
The PCF shall be able to provision the A2X security policies to the UE per A2X application during service authorization and information provisioning procedure as defined in TS 23.256.
The 5G system shall support means for a secure refresh of the UE security context.
The 5G System should provide means for mitigating trackability attacks on a UE during PC5 unicast communications.
The 5G System should provide means for mitigating link ability attacks on a UE during PC5 unicast communications.
Up

5.6.2.3  Security proceduresp. 25

The unicast mode security mechanism defined in clause 5.3 of TS 33.536 is reused in A2X to provide unicast mode A2X Direct Communication security (i.e., the signalling and user plane confidentiality and integrity protection) based on the A2X security policies.

5.6.2.4  Identity privacy for the PC5 unicast linkp. 25

The privacy protection procedures defined in clause 5.3.3.2 of TS 33.536 are reused in A2X to provide unicast mode A2X Direct Communication security.
Up

5.6.3  Broadcast mode A2X Direct Communicationp. 25

5.6.3.1  Generalp. 25

This clause specifies the security requirements and the procedures of the broadcast mode A2X Direct Communication (see TS 23.256).

5.6.3.2  Security requirementsp. 25

There are no requirements for securing the broadcast mode A2X Direct Communication.
The 5G System should protect against linkability and trackability attacks on Layer-2 ID and IP address for broadcast mode.

5.6.3.3  Security proceduresp. 25

There are no particular procedures defined for securing the broadcast mode A2X Direct Communication.
The broadcast mode security mechanism to randomise the UE's source Layer-2 ID and source IP address including IP prefix (if used), as defined in clause 5.5 of TS 33.536, is reused in A2X to provide broadcast mode a A2X Direct Communication security.

5.7  A2X Direct C2 Communication |R18|p. 26

5.7.1  Generalp. 26

The unicast mode Direct C2 Communication procedures are described in TS 23.256. Unicast mode Direct C2 Communication is used by two UEs that directly exchange traffic for the A2X applications running between the peer UEs.
Before taking part in Direct C2 Communication, the UAV needs to be authorised as described in TS 23.256 (see also the present document for more details of C2 authorisation over the network). If the UE is authorised over the 3GPP network, the USS may send a C2 session security information as part of the C2 authorization payload as described in clause 5.4. The content of C2 session security information (e.g., key material to help establish security between the UAV and UAV-C) is not in 3GPP scope.
Up

5.7.2  Unicast mode Direct C2 Communicationp. 26

Unicast mode Direct C2 Communication has the same requirements and procedures as unicast mode A2X Direct Communication (see clause 5.6.2 of the present specification) with the following exception:
  • The A2X Policy Provisioning is done based on clause 6.2.1 of TS 23.256 and the A2X Policy includes A2X security policy for each A2X services (e.g., C2 and DAA). The C2 service specific security policy available as part of A2X security policy is used for the security establishment (i.e. included in the direct communication request and is further replayed in the Direct security mode command to provide protection against bidding down attacks as described in TS 33.536), where the signalling and user plane confidentiality and integrity are set as required based on local policy.
Up

5.8  Broadcast Remote ID |R18|p. 26

5.8.1  Generalp. 26

This clause specifies the security requirements and the procedures of the Remote ID broadcast communication. Broadcast Remote ID traffic is sent using A2X broadcast mode (see TS 23.256).

5.8.2  Broadcast modep. 26

The requirement and security procedures Remote ID broadcast mode follow the general A2X requirements and security procedure as given in clauses 5.6.3 of the present document.

5.9  Direct Detect and Avoid |R18|p. 26

5.9.1  Generalp. 26

Direct Detect and Avoid traffic is sent using either A2X unicast mode or A2X broadcast mode (see TS 23.256).

5.9.2  Unicast modep. 26

The requirements, security procedure and privacy procedures for DAA unicast mode follow the general A2X requirements, security procedures and privacy procedures as given in clause 5.6.2 of the present document with the following exception:
  • The A2X Policy Provisioning is done based on clause 6.2.1 of TS 23.256 and the A2X Policy includes A2X security policy for each A2X services (e.g., C2 and DAA services). The DAA service specific security policy available as part of A2X security policy is used for the security establishment (i.e., included in direct communication request and further replayed in the Direct security mode command to provide protection against bidding down attacks as described in TS 33.536).
Up

5.9.3  Broadcast modep. 27

The requirement and security procedures for DAA broadcast mode follow the general A2X requirements and security procedure as given in clause 5.6.3 of the present document.

$  Change historyp. 28


Up   Top