Content for TS 33.503 Word version: 18.3.0
6.1.3.3 5G ProSe UE-to-UE Relay Discovery
6.1.3.3.1 General
6.1.3.3.2 Security requirements for 5G ProSe UE-to-UE Relay Discovery
6.1.3.3.3 Security flows
6.1.3.3.3.1 Security procedure for 5G ProSe UE-to-UE Relay Discovery with Model A
6.1.3.3.3.2 Security procedure for 5G ProSe UE-to-UE Relay Discovery with Model B
...
...
6.1.3.3 5G ProSe UE-to-UE Relay Discovery |R18| p. 26
6.1.3.3.1 General p. 26
This clause describes the security requirements and the procedures for 5G ProSe UE-to-UE Relay Discovery defined in TS 23.304.
Two sets of discovery security materials are used for UE-to-UE Relay discovery message protection. Direct Discovery security materials are used by 5G ProSe End UEs to protect a direct discovery set that is an end-to-end data element between 5G ProSe End UEs and is not processed by the 5G ProSe UE-to-UE Relay. UE-to-UE Relay Discovery security materials are used by 5G ProSe UE-to-UE Relay and 5G ProSe End UEs to protect 5G ProSe UE-to-UE Relay Discovery messages. The 5G ProSe UE-to-UE Relay Discovery message includes the protected direct discovery set.
Provisioning of the Direct Discovery security materials reuses the security materials provisioning mechanism for Restricted 5G ProSe Direct Discovery as specified in clause 6.1.3.2.
Provisioning of the UE-to-UE Relay Discovery security materials reuses the security materials provisioning mechanism for 5G ProSe UE-to-Network Relay discovery as specified in clause 6.1.3.2.
The protection of 5G ProSe UE-to-UE Relay Discovery message and direct discovery set is configurable based on the provisioned discovery security materials.
6.1.3.3.2 Security requirements for 5G ProSe UE-to-UE Relay Discovery p. 26
5G ProSe UE-to-UE Relay Discovery addresses the following security requirements:
- The 5G System shall provide a means for confidentiality protection, integrity protection and replay protection of discovery messages for UE-to-UE Relay discovery.
- The 5G System shall provide a means to mitigate trackability and linkability attacks of 5G ProSe End UEs during UE-to-UE Relay discovery procedure.
- The 5G System shall provide a means to securely provision the security materials for UE-to-UE Relay discovery.
6.1.3.3.3 Security flows p. 26
6.1.3.3.3.1 Security procedure for 5G ProSe UE-to-UE Relay Discovery with Model A p. 26
The security procedure for 5G ProSe UE-to-UE Relay Discovery with Model A is described as follows.
Figure 6.1.3.3.3.1-1: Security procedure for 5G ProSe UE-to-UE Relay Discovery with Model A
(⇒ copy of original 3GPP image)
(⇒ copy of original 3GPP image)
Step 1a.
The monitoring 5G ProSe End UE and announcing 5G ProSe End UE are provisioned with the discovery security materials associated with a 5G ProSe Direct Discovery service based on the discovery security materials provisioning procedure for Restricted 5G ProSe Direct Discovery, as specified in clause 6.1.3.2.2.1 of the present document.
Step 1b.
The monitoring 5G ProSe End UE, announcing 5G ProSe End UE, and 5G ProSe UE-to-UE Relay are provisioned with discovery security materials associated with an RSC based on the discovery security materials provisioning procedure for UE-to-Network Relay Discovery, as specified in clause 6.1.3.2.2.1 of the present document.
Step 2.
The announcing 5G ProSe End UE shall protect the direct discovery set using the discovery security materials associated with the 5G ProSe Direct Discovery service as specified in clause 6.1.3.2.3 of the present document. The protected direct discovery set shall include the application layer ID of the announcing 5G ProSe End UE, the UTC-based counter LSB parameter, and a MIC IE. The 5G ProSe UE-to-UE Relay obtains the RSC and protected direct discovery set from the announcing 5G ProSe End UE in proximity (e.g., via a previous 5G ProSe UE-to-UE Relay Discovery procedure as specified in clause 6.3.2.4.2 of TS 23.304 or via secure PC5 unicast link between 5G ProSe UE-to-UE Relay and 5G ProSe End UE). When 5G ProSe UE-to-UE Relay Discovery is used to deliver the direct discovery set, the announcing 5G ProSe End UE shall include the RSC and protected direct discovery set in a discovery message that is protected using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3 of the present document. When 5G ProSe UE-to-UE Relay Communication is used to deliver the direct discovery set, the announcing 5G ProSe End UE shall use the secure PC5 unicast link with the 5G ProSe UE-to-UE Relay to send the RSC and protected direct discovery set. The 5G ProSe UE-to-UE Relay shall store the valid protected direct discovery set along with its validity time. A protected discovery set shall be removed once its validity time has expired. The validity time is determined from the UTC-based counter associated to the received direct discovery set that works as a timestamp.
Step 3.
When broadcasting the Announcement message, the 5G ProSe UE-to-UE Relay shall include the list of valid protected direct discovery sets in the Announcement message and protect the Announcement message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3 of the present document. Then, the 5G ProSe UE-to-UE Relay sends the Announcement message.
Step 4.
On receiving the Announcement message from the 5G ProSe UE-to-UE Relay, the monitoring 5G ProSe End UE shall process the received Announcement message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3 of the present document. If the verification is successful, the monitoring 5G ProSe End UE shall extract the direct discovery set(s) from the Announcement message, and process the direct discovery set(s) using the discovery security materials associated with the 5G ProSe Direct Discovery service as specified in clause 6.1.3.2.3 of the present document.
6.1.3.3.3.2 Security procedure for 5G ProSe UE-to-UE Relay Discovery with Model B p. 28
The security procedure for 5G ProSe UE-to-UE Discovery with Model B is shown in Figure 6.1.3.3.3.2-1.
Figure 6.1.3.3.3.2-1: Security procedure for 5G ProSe UE-to-UE Relay Discovery with Model B
(⇒ copy of original 3GPP image)
(⇒ copy of original 3GPP image)
Step 0.
If the verification is successful, the discoverer 5G ProSe End UE shall extract the protected direct discovery set from the UE-to-UE Relay Discovery Response message and process the protected End UE discovery infos using the discovery security materials associated with the 5G ProSe Direct Discovery service as specified in clause 6.1.3.2.3. If the verification of the second End UE discovery info is successful and the application layer ID of the discoverer matches, the discoverer 5G ProSe End UE processes the first End UE discovery info.
The discoverer 5G ProSe End UE and discoveree 5G ProSe End UE are provisioned with the discovery security materials associated with a 5G ProSe Direct Discovery service based on the discovery security materials provisioning procedure for Restricted 5G ProSe Direct Discovery, as specified defined in clause 6.1.3.2.2.2.
Step 1.
The discoverer 5G ProSe End UE, discoveree 5G ProSe End UE and 5G ProSe UE-to-UE Relay are provisioned with the discovery security materials associated with an RSC based on the discovery security materials provisioning procedure for UE-to-Network Relay Discovery, as specified in clause 6.1.3.2.2.2. For the discovery security materials provisioning procedure for thebetween discoverer 5G ProSe End UE and 5G ProSe UE-to-UE Relay, discoverer 5G ProSe End UE plays the role of 5G ProSe Remote UE , and the 5G ProSe UE-to-UE Relay plays the role of a 5G ProSe UE-to-Network Relay.The discoverer 5G ProSe End UE shall construct a direct discovery set that contains two End UE discovery infos.Each End UE discovery info is protected using the discovery security materials associated with the 5G ProSe Direct Discovery service as specified in clause 6.1.3.2.3. The first protected End UE discovery info shall include the application layer ID of the discoveree 5G ProSe End UE, the UTC-based counter LSB parameter, and a MIC IE. The second protected End UE discovery info shall include the application layer ID of the discoverer 5G ProSe End UE, the UTC-based counter LSB parameter, and a MIC IE. Then, the discoverer 5G ProSe End UE shall include the direct discovery set in the Solicitation message and protect the Solicitation message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3. The solicitation message is sent to the 5G ProSe UE-to-UE Relay.
Step 2.
On receiving the 5G ProSe UE-to-UE Relay Discovery Solicitation message from the discoverer 5G ProSe End UE, the 5G ProSe UE-to-UE Relay shall process the received UE-to-UE Relay Discovery Solicitation message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3.
If the verification is successful, the 5G ProSe UE-to-UE Relay shall modify the UE-to-UE Relay Discovery Solicitation message to include User Info ID of the 5G ProSe UE-to-UE Relay.
The 5G ProSe UE-to-UE Relay Discovery Solicitation message is protected using the security materials associated with the RSC as specified in clause 6.1.3.2.3.
Then, 5G ProSe UE-to-UE Relay sends the message to the discoveree 5G ProSe End UE.
Step 3.
The discoveree 5G ProSe End UE shall process the received UE-to-UE Relay Discovery Solicitation message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3.
If the verification is successful, the discoveree 5G ProSe End UE shall extract the protected direct discovery set from the message and process the protected End UE discovery infos using the discovery security materials associated with the 5G ProSe Direct Discovery service as specified in clause 6.1.3.2.3. If the verification of the second End UE discovery info is successful and the application layer ID of the discoveree matches, the discoveree 5G ProSe End UE processes the first End UE discovery info.
The discoveree 5G ProSe End UE shall construct a direct discovery set that contains two End UE discovery infos. Each End UE discovery info is protected using the discovery security materials associated with the 5G ProSe Direct Discovery service as specified in clause 6.1.3.2.3. The first protected End UE discovery info shall include the application layer ID of the discoveree 5G ProSe End UE, the UTC-based counter LSB parameter, and a MIC IE. The second protected End UE discovery info shall include the application layer ID of the discoverer 5G ProSe End UE, the UTC-based counter LSB parameter, and a MIC IE. Then, the discoveree 5G ProSe End UE shall include the direct discovery set in the UE-to-UE Relay Discovery Response message and protect the UE-to-UE Relay Discovery Response message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3. The discoveree 5G ProSe End UE replies to the 5G ProSe UE-to-UE Relay with the UE-to-UE Relay Discovery Response message.
Step 4.
On receiving the UE-to-UE Relay Discovery Response message from the discoveree 5G ProSe End UE, the 5G ProSe UE-to-UE Relay shall process the received UE-to-UE Relay Discovery Response message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3.
If the verification is successful, the 5G ProSe UE-to-UE Relay shall modify the UE-to-UE Relay Discovery Response message to include User Info ID of 5G ProSe UE-to-UE Relay.
The UE-to-UE Relay Discovery Response message is protected using the security materials associated with the RSC as specified in clause 6.1.3.2.3. Then, 5G ProSe UE-to-UE Relay sends the UE-to-UE Relay Discovery Response message to the discoverer 5G ProSe End UE.
On receiving the UE-to-UE Relay Discovery Response message, the discoverer 5G ProSe End UE shall process the UE-to-UE Relay Discovery Response message using the discovery security materials associated with the RSC as specified in clause 6.1.3.2.3.
