Content for  TS 33.503  Word version:  18.3.0

There are three types of security that are used to protect the restricted 5G ProSe Direct Discovery messages over the PC5 interface: integrity protection, scrambling protection, and message-specific confidentiality which are defined in clause 6.1.3.4.3 in TS 33.303. For the discovery messages that do not include HPLMN ID, the protection mechanisms specified in TS 33.303 are reused with the following changes:

• Input parameters to integrity protection algorithm as specified in clause A.6 in the present document.
• Message-specific confidentiality mechanisms as specified in clause A.7 in the present document.
• In clause A.5 of TS 33.303, the time-hash-bitsequence keystream is set to L least significant bits of the output of the KDF, where L is the bit length of the discovery message to be scrambled and set to Min (the length of discovery message - 16, 256).
• Step 3 of clause 6.1.3.4.3.5 of TS 33.303 becomes:
  XOR (0xFFFF || time-hash-bitsequence) with the most significant (L + 16) bits of discovery message.
• Step 2 of clause 6.1.3.4.3.2 of TS 33.303 becomes:
  Calculate MIC if a DUIK was provided, otherwise set MIC to a 32-bit random string. Then, set the MIC IE to the MIC.
• Step 4 of clause 6.1.3.4.3.2 of TS 33.303 is not processed.

The discovery messages that include HPLMN ID are protected using the protection mechanism described above with the following changes:

• Message-specific confidentiality mechanisms as specified in clause A.7 in the present document with the following changes:
• The input parameter LENGTH is set to LEN(discovery message) - (LEN(Message Type) + LEN(UTC-based counter LSB) + LEN(HPLMN ID) + LEN(MIC)), where LEN(x) is the length of x in number of bits.
• In clause A.5 of TS 33.303, the time-hash-bitsequence keystream is set to L least significant bits of the output of the KDF, where L is the bit length of the discovery message to be scrambled and set to Min (the length of discovery message - 16 - the length of HPLMN ID, 256).
• Step 3 of clause 6.1.3.4.3.5 of TS 33.303 becomes:

XOR (0xFF..FF || time-hash-bitsequence) with the most significant (L + 16 + the length of HPLMN ID) bits of discovery message, where 0xFF..FF is (16 + the length of HPLMN ID) bits of length. In 5G ProSe UE-to-UE Relay discovery, the End UE discovery infos to be included in the direct discovery set are protected using the protection mechanism described above with the following changes:

• Message-specific confidentiality mechanisms as specified in clause A.7 in the present document with the following changes:
  • discovery message is replaced by End UE discovery info
  • The length of Message Type is set to zero
• In clause A.5 of TS 33.303, the time-hash-bitsequence keystream is set to L least significant bits of the output of the KDF, where L is the bit length of the End UE discovery info to be scrambled and set to Min (the length of End UE discovery info - 16, 256).
• Step 3 of clause 6.1.3.4.3.5 of TS 33.303 becomes:
  XOR (0xFFFF || time-hash-bitsequence) with the most significant (L + 16) bits of the End UE discovery info.