Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.303  Word version:  18.0.0

Top   Top   Up   Prev   Next
1…   4…   A…
4 Overview of ProSe security4.1 General4.2 Reference points and Functional Entities5 Common security procedures5.1 General5.2 Network domain security5.3 Security of UE to ProSe Function interface5.4 Security of the PC2 reference point6 Security for ProSe features6.1 ProSe direct discovery6.2 Security for One-to-many ProSe direct communication6.3 EPC-level discovery of ProSe-enabled UEs6.4 Security for EPC support WLAN direct discovery and communication6.5 Security for One-to-one ProSe Direct communication6.6 Security for ProSe Public Safety Discovery6.7 Security for ProSe UE-to-network relays

 

4  Overview of ProSe securityp. 12

4.1  Generalp. 12

4.2  Reference points and Functional Entitiesp. 12

5  Common security proceduresp. 12

5.1  Generalp. 12

5.2  Network domain securityp. 12

5.2.1  Generalp. 12

5.2.2  Security requirementsp. 12

5.2.3  Security proceduresp. 12

5.3  Security of UE to ProSe Function interfacep. 13

5.3.1  Generalp. 13

5.3.2  Security requirementsp. 13

5.3.3  Security proceduresp. 13

5.3.3.1  Security procedures for configuration transfer to the UICCp. 13

5.3.3.2  Security procedures for data transfer to the UEp. 13

5.3.3.2.1  TLS 1.2p. 13
5.3.3.2.2  TLS 1.3p. 14

5.4  Security of the PC2 reference pointp. 15

5.4.1  Requirements on PC2 reference pointp. 15

5.4.2  Security procedures for PC2 reference pointp. 15

6  Security for ProSe featuresp. 16

6.1  ProSe direct discoveryp. 16

6.1.1  Overview of ProSe direct discovery in network coveragep. 16

6.1.2  Security requirementsp. 16

6.1.3  Security proceduresp. 17

6.1.3.1  Interface between the UE and ProSe Functionp. 17

6.1.3.2  Interfaces between network elementsp. 17

6.1.3.3  Integrity protection and validation of the transmitted code for open discoveryp. 17

6.1.3.3.1  Open discovery security flowsp. 17

6.1.3.4  Restricted discoveryp. 20

6.1.3.4.1  Generalp. 20
6.1.3.4.2  Security flowsp. 20
6.1.3.4.2.1  Model A security flowsp. 20
6.1.3.4.2.2  Model B security flowsp. 23
6.1.3.4.3  Protection of the discovery messages over the PC5 interfacep. 26
6.1.3.4.3.1  Generalp. 26
6.1.3.4.3.2  Message Processing in the sending UEp. 27
6.1.3.4.3.3  Protected message processing in the receiving UEp. 27
6.1.3.4.3.4  Integrity protection descriptionp. 28
6.1.3.4.3.5  Scrambling descriptionp. 28
6.1.3.4.3.6  Message-specific confidentiality descriptionp. 28

6.2  Security for One-to-many ProSe direct communicationp. 29

6.2.1  Overview of One-to-many ProSe direct communicationp. 29

6.2.2  Security requirementsp. 29

6.2.3  Bearer layer security mechanismp. 30

6.2.3.1  Security keys and their lifetimesp. 30

6.2.3.2  Identitiesp. 30

6.2.3.3  Security flowsp. 32

6.2.3.3.1  Overviewp. 32
6.2.3.3.2  Messages between UE and ProSe Key Management Functionp. 34
6.2.3.3.2.1  Generalp. 34
6.2.3.3.2.2  Key Request and Key Response messagesp. 34
6.2.3.3.2.3  MIKEY messagesp. 36
6.2.3.3.2.3.1  Generalp. 36
6.2.3.3.2.3.2  Creation of the MIKEY key delivery messagep. 36
6.2.3.3.2.3.3  Processing the MIKEY key delivery messagep. 36
6.2.3.3.2.3.4  MIKEY Verification messagep. 37

6.2.3.4  Protection of traffic between UE and ProSe Functionp. 37

6.2.3.5  Protection of traffic between UE and ProSe Key Management Functionp. 37

6.2.3.6  Protection of traffic between UEsp. 37

6.2.3.6.1  Protection of datap. 37
6.2.3.6.2  Key derivation data in PDCP headerp. 38

6.2.4  Solution description for media security of one-to-many communicationsp. 39

6.3  EPC-level discovery of ProSe-enabled UEsp. 40

6.3.1  Security for proximity request authentication and authorizationp. 40

6.3.1.1  Generalp. 40

6.3.1.2  Application Server-signed proximity requestp. 40

6.3.1.3  Proximity request digital signature algorithms and key strengthp. 41

6.3.1.4  Proximity request hash input formatp. 43

6.3.1.5  Verification key formatp. 43

6.3.1.6  Profile for Application Server certificatep. 43

6.3.2  Protection of traffic between UE and ProSe Functionp. 43

6.4  Security for EPC support WLAN direct discovery and communicationp. 44

6.5  Security for One-to-one ProSe Direct communicationp. 44

6.5.1  Generalp. 44

6.5.2  Security Requirementsp. 44

6.5.3  Overview of One-to-one ProSe Direct communicationp. 44

6.5.3.1  Description of differet layers of keys and their identitiesp. 44

6.5.3.2  Security statesp. 45

6.5.3.3  High level overview of security establishmentp. 45

6.5.4  Direct Authentication and Key Establishmentp. 46

6.5.4.1  Generalp. 46

6.5.5  Security Establishment proceduresp. 46

6.5.5.1  Generalp. 46

6.5.5.2  Security establishment during connection set-upp. 46

6.5.5.3  Rekeying securityp. 47

6.5.6  Protection of the one-to-one trafficp. 48

6.5.6.1  Generalp. 48

6.5.6.2  Integrity protectionp. 49

6.5.6.3  Confidentiality protectionp. 49

6.5.6.4  Security contents in the PCDP headerp. 49

6.5.7  ProSe one-to-one commuication security using ECCSI and SAKKEp. 50

6.5.7.1  Generalp. 50

6.5.7.2  Key and their identitiesp. 50

6.5.7.3  Security flowsp. 50

6.5.7.3.1  Direct Connection Requestp. 50
6.5.7.3.2  Direct Rekeying Requestp. 51

6.6  Security for ProSe Public Safety Discoveryp. 52

6.6.1  Generalp. 52

6.6.2  Security Requirementsp. 52

6.6.3  Overview of ProSe Public Safety Discoveryp. 52

6.6.3.1  Generalp. 52

6.6.3.2  Key and their identitiesp. 53

6.6.4  Security flowsp. 53

6.6.4.1  Overviewp. 53

6.6.4.2  Messages between UE and ProSe Key Management Functionp. 55

6.6.4.2.1  Generalp. 55
6.6.4.2.2  Key Request and Key Response messagesp. 55
6.6.4.2.3  MIKEY messagesp. 56
6.6.4.2.3.1  Generalp. 56

6.6.5  Protection of traffic between UE and ProSe Functionp. 56

6.6.6  Protection of traffic between UE and ProSe Key Management Functionp. 56

6.6.7  Protection of discovery messages between the UEsp. 57

6.7  Security for ProSe UE-to-network relaysp. 57

6.7.1  Generalp. 57

6.7.2  Security Requirementsp. 57

6.7.3  Overview of ProSe UE-to-network relay securityp. 58

6.7.3.1  Generalp. 58

6.7.3.2  Security flowsp. 58

6.7.3.2.1  Overviewp. 58
6.7.3.2.1.1  Remote UE attaching to a ProSe UE-to-network relayp. 58
6.7.3.2.1.2  Re-synchronisation in GBA Push authenticationp. 60
6.7.3.2.1.3  Rekeying proceduresp. 61
6.7.3.2.2  Messages between the Remote UE and ProSe Key Management Functionp. 62
6.7.3.2.2.1  Generalp. 62
6.7.3.2.2.2  Key Request and Key Response messagesp. 62
6.7.3.2.3  Messages between the Relay and ProSe Key Management Functionp. 63
6.7.3.2.3.1  Generalp. 63
6.7.3.2.3.2  Key Request and Key Response messagesp. 63

6.7.3.3  Protection of traffic between Remote UE or Relay and ProSe Functionp. 64

6.7.3.4  Protection of traffic between Remote UE or Relay and ProSe Key Management Functionp. 64

6.7.3.5  Protection of traffic between Remote UE and Relayp. 65

Up   Top   ToC