Content for TS 33.501 Word version: 19.0.0

1… 4… 5… 5.3… 5.9… 5.10… 6… 6.1.3… 6.1.4… 6.2… 6.2.2… 6.3… 6.4… 6.5… 6.6… 6.7… 6.8… 6.9… 6.10… 6.11 6.12… 6.13 6.14… 6.15… 6.16… 7… 7A… 7A.2.3… 7B… 8… 9… 10… 11… 12… 13… 13.2.2… 13.2.4… 13.3… 13.4… 14… 15… 16… A… B… C… D… E… F… G… I… I.9… J… K… M… N… O… P… R S… T… U… V… W… X… Y… Z…

3.1 Definitions 3.2 Abbreviations
...

1 Scope p. 19

The present document specifies the security architecture, i.e., the security features and the security mechanisms for the 5G System and the 5G Core, and the security procedures performed within the 5G System including the 5G Core and the 5G New Radio.

2 References p. 19

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]

TR 21.905: "Vocabulary for 3GPP Specifications".

[2]

TS 23.501: "System Architecture for the 5G System".

[3]

TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security".

[4]

RFC 4303: "IP Encapsulating Security Payload (ESP)".

[5]

TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".

[6]

RFC 4301: "Security Architecture for the Internet Protocol".

[7]

TS 22.261: "Service requirements for next generation new services and markets".

[8]

TS 23.502: "Procedures for the 5G System".

[9]

TS 33.102: "3G security; Security architecture".

[10]

TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture".

[11]

TS 33.402: "3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses".

[12]

RFC 5448: "Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')".

[13]

TS 24.301: "Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3".

[14]

TS 35.215: "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 1: UEA2 and UIA2 specifications".

[15]

NIST: "Advanced Encryption Standard (AES) (FIPS PUB 197)".

[16]

NIST Special Publication 800-38A (2001): "Recommendation for Block Cipher Modes of Operation".

[17]

NIST Special Publication 800-38B (2001): "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication".

[18]

TS 35.221: "Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 1: EEA3 and EIA3 specifications".

[19]

TS 23.003: "Numbering, addressing and identification".

[20]

TS 22.101: "Service aspects; Service principles".

[21]

RFC 4187: "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)".

[22]

TS 38.331: "NR; Radio Resource Control (RRC); Protocol specification".

[23]

TS 38.323: "NR; Packet Data Convergence Protocol (PDCP) specification".

[24]

TS 33.117: "Catalogue of general security assurance requirements".

[25]

RFC 7296: "Internet Key Exchange Protocol Version 2 (IKEv2)"

[26] Void

[27]

RFC 3748: "Extensible Authentication Protocol (EAP)".

[28]

TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".

[29]

SECG SEC 1: Recommended Elliptic Curve Cryptography, Version 2.0, 2009. Available http://www.secg.org/sec1-v2.pdf

[30]

SECG SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0, 2010. Available at http://www.secg.org/sec2-v2.pdf

[31]

TS 38.470: "NG-RAN; F1 General aspects and principles".

[32]

TS 38.472: "NG-RAN; F1 signalling transport".

[33]

TS 38.474: "NG-RAN; F1 data transport".

[34]

TS 38.413: "NG-RAN; NG Application Protocol (NGAP)"

[35]

TS 24.501: "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3".

[36]

TS 35.217: "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 3: Implementors' test data".

[37]

TS 35.223: "Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 3: Implementors' test data".

[38]

RFC 5216: "The EAP-TLS Authentication Protocol".

[39] Void

[40]

RFC 5246: "The Transport Layer Security (TLS) Protocol Version 1.2".

[41]

TS 38.460: "NG-RAN; E1 general aspects and principles".

[42] Void.

[43]

RFC 6749: "OAuth2.0 Authorization Framework".

[44]

RFC 7519: "JSON Web Token (JWT)".

[45]

RFC 7515: "JSON Web Signature (JWS)".

[46]

RFC 7748: "Elliptic Curves for Security".

[47]

RFC 9113: "HTTP/2".

[48]

RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile".

[49]

RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP".

[50]

RFC 6066: "Transport Layer Security (TLS) Extensions: Extension Definitions".

[51]

TS 37.340: "Evolved Universal Terrestrial Radio Access (E-UTRA) and NR; Multi-connectivity; Stage 2".

[52]

TS 38.300: "NR; NR and NG-RAN Overall Description; Stage 2".

[53]

TS 33.122: "Security Aspects of Common API Framework for 3GPP Northbound APIs".

[54]

TS 28.533: "Management and orchestration; Architecture framework".

[55]

TS 28.531: "Management and orchestration of networks and network slicing; Provisioning".

[56] Void

[57]

RFC 7542: "The Network Access Identifier".

[58]

RFC 6083: "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)".

[59]

RFC 7516: "JSON Web Encryption (JWE)".

[60]

RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".

[61]

RFC 5705: "Keying Material Exporters for Transport Layer Security (TLS)".

[62]

RFC 5869: "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)".

[63]

NIST Special Publication 800-38D: "Recommendation for Block Cipher Modes of Operation: Galois Counter Mode (GCM) and GMAC".

[64]

RFC 6902: "JavaScript Object Notation (JSON) Patch".

[65]

TS 31.115: "Secured packet structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications.

[66]

TS 31.111: "Universal Subscriber Identity Module (USIM), Application Toolkit (USAT)".

[67]

RFC 9048: "Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')".

[68]

TS 29.510: "5G System; Network function repository services".

[69]

TS 36.331: "Radio Resource Control (RRC); Protocol specification".

[70]

TS 29.505: "5G System; Usage of the Unified Data Repository services for Subscription Data; Stage 3".

[71]

TS 24.302: "Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access networks; Stage 3".

[72]

TS 23.216: "Single Radio Voice Call Continuity (SRVCC)".

[73]

TS 29.573: "Public Land Mobile Network (PLMN) Interconnection; Stage 3".

[74]

TS 29.500: "5G System; Technical Realization of Service Based Architecture; Stage 3".

[75]

IEEE TSN network aspects: see 3GPP TS 23.501 [2] references [95], [96], [97], [98], [104], and [107].

[76]

RFC 9190: "EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3".

[77]

RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".

[78]

TS 38.401: "NG-RAN; Architecture description".

[79]

TS 23.316: "Wireless and wireline convergence access support for the 5G System (5GS)"

[80]

IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012) - IEEE Standard for Information technology-Telecommunications and information exchange between systems Local and metropolitan area networks-Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.

[81]

RFC 2410: "The NULL Encryption Algorithm and Its Use With IPsec".

[82] Void

[83]

RFC 7858: "Specification for DNS over Transport Layer Security (TLS)".

[84]

RFC 8310: "Usage Profiles for DNS over TLS and DNS over DTLS".

[85]

RFC 4890: "Recommendations for Filtering ICMPv6 Messages in Firewalls".

[86]

TS 23.273: "5G System (5GS) Location Services (LCS); Stage 2".

[87]

TS 38.305: "Stage 2 functional specification of User Equipment (UE) positioning in NG-RAN".

[88]

TS 36.300: "Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access (E-UTRAN); Overall description; Stage 2".

[89]

IANA: "Transport Layer Security (TLS) Parameters".

[90] Void

[91]

TS 33.535: "Authentication and key management for applications based on 3GPP credentials in the 5G System (5GS)".

[92]

TS 29.573: "5G System; Public Land Mobile Network (PLMN) Interconnection".

[93]

TS 29.503: "5G System; Unified Data Management Services".

[94]

TS 29.501: "5G System; Principles and Guidelines for Services Definition".

[95]

TS 29.502: "5G System; Session Management Services".

[96]

TS 29.526: "5G System; Network Slice-Specific Authentication and Authorization (NSSAA) services".

[97]

TS 23.402: "Authentication enhancements for non-3GPP accesses".

[98]

TS 23.548: "5G System Enhancements for Edge Computing; Stage 2".

[99]

RFC 5281: "Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)".

[100]

RFC 6678: "Requirements for a Tunnel-Based Extensible Authentication Protocol (EAP) Method".

[101]

General Data Protection Regulation, https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02016R0679-20160504&from=EN.

[102]

TS 33.246: "Security of Multimedia Broadcast/Multicast Service (MBMS)".

[103]

TS 23.247: "Architectural enhancements for 5G multicast-broadcast services".

[104]

TS 33.535: "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)".

[105]

TS 23.288: "Architecture enhancements for 5G System(5GS) to support network data analytics services".

[106]

TS 23.554: Application architecture for MSGin5G Service; Stage 2.

[107]

TS 22.262: Message service with the 5G System (5GS); Stage 1.

[108]

TS 26.502: "5G multicast-broadcast services; User Service architecture".

[109]

TS 33.503: "Security Aspects of Proximity based Services (ProSe) in the 5G System (5GS)".

[110]

NIST Special Publication 800-90A (2015): "Recommendation for Random Number Generation Using Deterministic Random Bit Generators".

[111]

RFC 4555 (2006-06): "RFC IKEv2 Mobility and Multihoming Protocol (MOBIKE)".

[112]

TS 24.008: "Mobile radio interface Layer 3 specification; Core network protocols; Stage 3".

[113]

RFC 9110: "HTTP Semantics".

[114]

TS 23.401: "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access".

[115]

RFC 9000: "QUIC: A UDP-Based Multiplexed and Secure Transport".

[116]

RFC 9001: "Using TLS to Secure QUIC".

[117]

draft-ietf-quic-multipath-00: "Multipath Extension for QUIC".

3 Definitions and abbreviations p. 23

3.1 Definitions p. 23

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

5G security context:

The state that is established locally at the UE and a serving network domain and represented by the "5G security context data" stored at the UE and a serving network.

5G AS security context for 3GPP access:

The cryptographic keys at AS level with their identifiers, the Next Hop parameter (NH), the Next Hop Chaining Counter parameter (NCC) used for next hop access key derivation, the identifiers of the selected AS level cryptographic algorithms, the UE security capabilities, and the UP Security Policy at the network side, UP security activation status and the counters used for replay protection.

5G AS security context for non-3GPP access:

The key KN3IWF, the cryptographic keys, cryptographic algorithms and tunnel security association parameters used at IPsec layer for the protection of IPsec SA.

5G AS Secondary Cell security context:

The cryptographic keys at AS level for secondary cell with their identifiers, the identifier of the selected AS level cryptographic algorithms for secondary cell, the UP Security Policy at the network side, and counters used for replay protection.

5G Home Environment Authentication Vector:

authentication data consisting of RAND, AUTN, XRES*, and KAUSF for the purpose of authenticating the UE using 5G AKA.

5G Authentication Vector:

authentication data consisting of RAND, AUTN, HXRES*, and KSEAF.

5G NAS security context:

The key KAMF with the associated key set identifier, the UE security capabilities, the uplink and downlink NAS COUNT values.

5G Serving Environment Authentication Vector:

a vector consisting of RAND, AUTN and HXRES*.

ABBA parameter:

Parameter that provides antibidding down protection of security features against security features introduced in higher release to a lower release and indicates the security features that are enabled in the current network.

activation of security context:

The process of taking a security context into use.

anchor key:

The security key KSEAF provided during authentication and used for derivation of subsequent security keys.

application Layer Security:

mechanism by which HTTP messages, exchanged between a Network Function in one PLMN and a Network Function in another PLMN, are protected on the N32-f interface between the two SEPPs in the two PLMNs.

authentication data:

An authentication vector or transformed authentication vector.

authentication vector:

A vector consisting of CK, IK, RAND, AUTN, and XRES.

backward security:

The property that for an entity with knowledge of Kn, it is computationally infeasible to compute any previous Kn-m (m>0) from which Kn is derived.

CM-CONNECTED state:

This is as defined in TS 23.501.

CM-IDLE state:

As defined in TS 23.501.

consumer's RI (cRI):

RI with a business relationship with the cSEPP operator.

consumer's NRF (cNRF):

The NRF that authenticates the service consumer NF and resides in the PLMN where the service consumer NF is located.

consumer's PLMN (cPLMN):

The PLMN where the service consumer NF is located.

consumer's SEPP (cSEPP):

The SEPP residing in the PLMN where the service consumer NF is located.

Credentials Holder:

As defined in TS 23.501.

current 5G security context:

The security context which has been activated most recently.

Default Credentials Server:

As defined in TS 23.501.

Default UE credentials:

As defined in TS 23.501.

forward security:

The fulfilment of the property that for an entity with knowledge of Km that is used between that entity and a second entity, it is computationally infeasible to predict any future Km+n (n>0) used between a third entity and the second entity.

full native 5G security context:

A native 5G security context for which the 5G NAS security context is full according to the above definition.

Home Network Identifier:

An identifier identifying the home network of the subscriber.

Home Network Public Key Identifier:

An identifier used to indicate which public/private key pair is used for SUPI protection and de-concealment of the SUCI.

IAB-donor-CU:

As defined in TS 38.401 .

IAB-donor-DU:

As defined in TS 38.401.

IAB-node:

As defined in TS 38.300.

IAB-donor gNB:

As defined in TS 38.300.

IAB-UE:

The function within an IAB node, which behaves as a UE.

IPX provider:

Roaming Intermediary.

mapped 5G security context:

An 5G security context, whose KAMF was derived from EPS keys during interworking and which is identified by mapped ngKSI.

Master node:

As defined in TS 37.340.

N32-c connection:

A TLS based connection between a SEPP in one PLMN and a SEPP in another PLMN.

N32-f connection:

Logical connection that exists between a SEPP in one PLMN and a SEPP in another PLMN for exchange of protected HTTP messages.

native 5G security context:

An 5G security context, whose KAMF was created by a run of primary authentication and which is identified by native ngKSI.

ng-eNB:

As defined in TS 38.300.

NG-RAN node:

gNB or ng-eNB (as defined in TS 38.300).

non-current 5G security context:

A native 5G security context that is not the current one.

Operator Group Roaming Hub:

Roaming hub used by a group of network operators that reside in the same security domain to consolidate and secure operator group roaming.

partial native 5G security context:

A partial native 5G security context consists of KAMF with the associated key set identifier, the UE security capabilities, and the uplink and downlink NAS COUNT values, which are initially set to zero before the first NAS SMC procedure for this security context.

producer's RI (pRI):

RI with a business relationship with the pSEPP operator.

producer's NRF (pNRF):

The NRF where the service producer NF is registered in the PLMN where the service producer NF is located.

producer's PLMN (pPLMN):

The PLMN where the service producer NF is located.

producer's SEPP (pSEPP):

The SEPP residing in the PLMN where the service producer NF is located.

Protection Scheme Identifier:

An identifier identifying a protection scheme that is used for concealing the SUPI.

RM-DEREGISTERED state:

This is as defined in TS 23.501.

RM-REGISTERED state:

As defined in TS 23.501.

Roaming Hub:

A type of Roaming Intermediary that provides a set of services to client PLMNs to facilitate the deployment and the operation of roaming and interworking services; as defined by GSMA.

Roaming Intermediary:

an entity that provides roaming related services.

Routing Indicator:

An indicator defined in TS 23.003 that can be used for AUSF or UDM selection.

Scheme Output:

the output of a public key protection scheme used for SUPI protection.

security anchor function:

The function SEAF that serves in the serving network as the anchor for security in 5G.

Secondary node:

As defined in TS 37.340.

subscription credential(s):

The set of values in the USIM and in the home operator's network, consisting of at least the long-term key(s) and the subscription identifier SUPI, used to uniquely identify a subscription and to mutually authenticate the UE and 5G core network.

subscription identifier:

The SUbscription Permanent Identifier (SUPI).

subscription concealed identifier:

A one-time use subscription identifier, called the SUbscription Concealed Identifier (SUCI), which contains the Scheme-Output, and additional non-concealed information needed for home network routing and protection scheme usage.

subscription identifier de-concealing function:

The Subscription Identifier De-concealing Function (SIDF) service offered by the network function UDM in the home network of the subscriber responsible for de-concealing the SUPI from the SUCI.

transformed authentication vector:

an authentication vector where CK and IK have been replaced with CK' and IK'.

UE 5G security capability:

The UE security capabilities for 5G AS and 5G NAS.

UE security capabilities:

The set of identifiers corresponding to the ciphering and integrity algorithms implemented in the UE.

3.2 Abbreviations p. 27

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.

5GC

5G Core Network

5G-AN

5G Access Network

5G-RG

5G Residential Gateway

NG-RAN

5G Radio Access Network

5G AV

5G Authentication Vector

5G HE AV

5G Home Environment Authentication Vector

5G NSWO

5G Non-Seamless WLAN Offload

5G SE AV

5G Serving Environment Authentication Vector

ABBA

Anti-Bidding down Between Architectures

AEAD

Authenticated Encryption with Associated Data

AES

Advanced Encryption Standard

AKA

Authentication and Key Agreement

AMF

Access and Mobility Management Function

AMF

Authentication Management Field

ARPF

Authentication credential Repository and Processing Function

AUN3

Authenticable Non-3GPP devices

AUSF

Authentication Server Function

AUTN

AUthentication TokeN

Authentication Vector

AV'

transformed Authentication Vector

BAP

Backhaul Adaptation Protocol

Backhaul

CCA

Client Credentials Assertion

Cell-ID

Cell Identity as used in TS 38.331

Credentials Holder

CHO

Conditional Handover

CIoT

Cellular Internet of Things

cIPX

consumer's IPX

CK_SRVCC

Cipher Key for Single Radio Voice Continuity

cNRF

consumer's NRF

Control Plane

CPAC

Conditional PSCell Addition or Change

CPA

Conditional PSCell Addition

CPC

Conditional PSCell Change

cRI

consumer's RI

cPLMN

consumer's PLMN

cSEPP

consumer's SEPP

CTR

Counter (mode)

Central Unit

DCS

Default Credentials Server

Data Network

DNN

Data Network Name

Distributed Unit

EAP

Extensible Authentication Protocol

EDT

Early Data Transmission

EMSK

Extended Master Session Key

EN-DC

E-UTRA-NR Dual Connectivity

ENSI

External Network Slice Information

EPS

Evolved Packet System

FN-RG

Fixed Network RG

gNB

NR Node B

GUTI

Globally Unique Temporary UE Identity

HRES

Hash RESponse

HXRES

Hash eXpected RESponse

IAB

Integrated Access and Backhaul

IKE

Internet Key Exchange

IK_SRVCC

Integrity Key for Single Radio Voice Continuity

IPUPS

Inter-PLMN UP Security

IPX

IP exchange service

KSI

Key Set Identifier

KSI_SRVCC

Key Set Identifier for Single Radio Voice Continuity

Lawful Intercept

MBSF

Multicast/Broadcast Service Function

MBSSF

Multicast/Broadcast Service Security Function

MBSTF

Multicast/Broadcast Service Transport Function

MeNB

Master eNB

Master Node

MO-EDT

Mobile Originated Early Data Transmission

MT-EDT

Mobile Terminated Early Data Transmission

MR-DC

Multi-Radio Dual Connectivity

MSK

Master Session Key

N3IWF

Non-3GPP access InterWorking Function

NAI

Network Access Identifier

NAS

Non Access Stratum

NDS

Network Domain Security

NEA

Encryption Algorithm for 5G

Network Function

Next Generation

ng-eNB

Next Generation Evolved Node-B

ngKSI

Key Set Identifier in 5G

N5CW

Non-5G-Capable over WLAN

N5GC

Non-5G-Capable

NIA

Integrity Algorithm for 5G

New Radio

NR-DC

NR-NR Dual Connectivity

NSSAI

Network Slice Selection Assistance Information

NSSAA

Network Slice Specific Authentication and Authorization

NSWO

Non-Seamless WLAN Offload

NSWOF

Non-Seamless WLAN Offload Function

PDN

Packet Data Network

PEI

Permanent Equipment Identifier

pIPX

producer's IPX

pNRF

producer's NRF

pPLMN

producer's PLMN

pRI

producer's RI

PRINS

PRotocol for N32 INterconnect Security

pSEPP

producer's SEPP

PUR

Preconfigured Uplink Resource

QoS

Quality of Service

RES

RESponse

Roaming Intermediary

Roaming Hub

SCG

Secondary Cell Group

SEAF

SEcurity Anchor Function

SCP

Service Communication Proxy

SEPP

Security Edge Protection Proxy

SCPAC

Subsequent Conditional PSCell Addition or Change

SgNB

Secondary gNB

SIDF

Subscription Identifier De-concealing Function

SMC

Security Mode Command

SMF

Session Management Function

Secondary Node

SN Id

Serving Network Identifier

SUCI

Subscription Concealed Identifier

SUPI

Subscription Permanent Identifier

TLS

Transport Layer Security

TNAN

Trusted Non-3GPP Access Network

TNAP

Trusted Non-3GPP Access Point

TNGF

Trusted Non-3GPP Gateway Function

TWAP

Trusted WLAN Access Point

TWIF

Trusted WLAN Interworking Function

TSC

Time Sensitive Communication

User Equipment

UEA

UMTS Encryption Algorithm

UDM

Unified Data Management

UDR

Unified Data Repository

UIA

UMTS Integrity Algorithm

ULR

Update Location Request

User Plane

UPF

User Plane Function

URLLC

Ultra Reliable Low Latency Communication

USIM

Universal Subscriber Identity Module

XRES

eXpected RESponse