Content for TS 33.503 Word version: 18.3.0
4 Overview
4.1 General
4.2 Reference points and functional entities
4.2.1 Functional entities
4.2.1.1 General
4.2.1.2 5G ProSe Key Management Function
4.2.1.3 Prose Anchor Function
4.2.2 Reference points
...
...
4 Overview p. 10
4.1 General p. 10
The overall architecture for 5G ProSe is given in TS 23.304. 5G ProSe includes several features that may be deployed independently of each other. For this reason, no overall security architecture is provided and each feature describes its own architecture.
Security for the 5G ProSe common procedures is described in clause 5, while the overall security of the 5G ProSe features is described in clause 6.
4.2 Reference points and functional entities p. 10
4.2.1 Functional entities p. 10
4.2.1.1 General p. 10
Architectural reference model is specified in clause 4.2.1, 4.2.2, 4.2.3, 4.2.7, and 4.2.8 of TS 23.304.
4.2.1.2 5G ProSe Key Management Function p. 10
In addition to the architectural reference model specified in TS 23.304, the architectural reference model shall support the functional entity 5G ProSe Key Management Function (5G PKMF) which is the logical function handling network related actions required for the key management and the security material for discovery of a 5G ProSe UE-to-Network Relay by a 5G ProSe Remote UE, for establishing a secure PC5 communication link between a 5G ProSe Remote UE and 5G ProSe UE-to-Network Relay, for discovery of a 5G ProSe UE-to-UE Relay by a 5G ProSe End UE, and for establishing a secure PC5 communication link between a 5G ProSe End UE and a 5G ProSe UE-to-UE Relay.
For 5G ProSe UE-to-Network Relay discovery and communication, the 5G ProSe Remote UE and the 5G ProSe UE-to-Network Relay know from which 5G ProSe Key Management Function(s) to get the needed discovery security materials for protecting discovery messages and UP-PRUK(s) for establishing a secure PC5 link between the 5G ProSe Remote UE and the 5G ProSe UE-to-Network Relay as the address of the 5G PKMF(s) is either pre-provisioned or provided by the 5G DDNMF (or the PCF) in the HPLMN of the 5G ProSe Remote UE to the 5G ProSe Remote UE, and by the 5G DDNMF (or the PCF) in the HPLMN of the 5G ProSe UE-to-Network Relay to the 5G ProSe UE-to-Network Relay.
The 5G PKMF of the 5G ProSe Remote UE shall request the discovery security materials from the 5G PKMFs of the potential 5G ProSe UE-to-Network Relays from which the 5G ProSe Remote UE gets the relay services.
The 5G PKMF of the 5G ProSe UE-to-Network Relay shall request the security materials (e.g. Knrp and Knrp freshness parameter) from the 5G PKMF of the 5G ProSe Remote UE for PC5 communication.
For 5G ProSe UE-to-UE Relay discovery and communication, the 5G ProSe End UE plays the role of the 5G ProSe Remote UE, and the 5G ProSe UE-to-UE Relay plays the role of the 5G ProSe UE-to-Network Relay.
The 5G PKMF interacts with the 5G ProSe-enabled UE using procedures over PC8 reference point defined in clause 4.2.2. The protection for the key request/response messages are described in clause 5.2.5.
4.2.1.3 Prose Anchor Function p. 11
In addition to the architectural reference model specified in TS 23.304, the architectural reference model shall support the functional entity Prose Anchor Function (PAnF) which is the logical function handling network related actions required for the key management and the security material for establishing a secure PC5 communication link between a 5G ProSe Remote UE and 5G ProSe UE-to-Network Relay over Control Plane, and for establishing a secure PC5 communication link between a 5G ProSe End UE and a 5G ProSe UE-to-UE Relay over Control Plane.
The PAnF shall store the Prose context info (i.e. SUPI, RSC, CP-PRUK, CP-PRUK ID) for a 5G ProSe Remote UE and the Prose context info for a 5G Prose End UE.
The PAnF interacts with AUSF using procedures over Npc11 reference point defined in clause 4.2.2. The PAnF interacts with UDM using procedures over Npc12 reference point defined in clause 4.2.2.
4.2.2 Reference points p. 11
In addition to the reference points are specified in clause 4.2.5 of TS 23.304, the 5G Prose architectural reference model shall support the following reference points:
PC8:
The reference point between the UE and the 5G ProSe Key Management Function (5G PKMF). PC8 relies on 5GC user plane for transport (i.e. an "over IP" reference point). It is used to transport security material to UEs for 5G ProSe UE-to-Network Relay discovery and communication, and to transport security material to UEs for 5G ProSe UE-to-UE Relay discovery and communication.
Npc9:
The reference point between the 5G PKMF of the 5G ProSe Remote UE and the 5G PKMF of the 5G ProSe UE-to-Network Relay, and between the 5G PKMF of the 5G ProSe End UE and the 5G PKMF of the 5G ProSe UE-to-UE Relay. It is used to transport security material between two 5G PKMFs.
Npc10:
The reference point between the UDM and the 5G PKMF. It is used to de-conceal SUCI to gain SUPI, obtain a GBA Authentication Vector (AV) for a UE, or request relay service authorization information from the UDM.
Npc11:
The reference point between the AUSF and Prose Anchor Function (PAnF). It is used to store the Prose context info for a 5G ProSe Remote UE, and to store the Prose context info for a 5G ProSe End UE.
Npc12:
The reference point between the PAnF and UDM. It is used to check with the UDM whether the Remote UE is authorized to use the UE-to-Network Relay service, and to check with the UDM whether the End UE is authorized to use the UE-to-UE Relay service.
Npc13:
The reference point between the SMF and PKMF. It is used to obtain the SUPI of Remote UE from PKMF.
Npc14:
The reference point between the SMF and PAnF. It is used to obtain the SUPI of Remote UE from PAnF.
