Content for  TS 33.503  Word version:  18.3.0

This clause describes the security requirements and the procedures that are specifically applied to 5G ProSe UE-to-Network Relay communication defined in TS 23.304. The security requirements for 5G ProSe Layer-3 UE-to-Network Relay and 5G ProSe Layer-2 UE-to-Network Relay are different and are defined in clause 6.3.3 and clause 6.3.4 respectively. There are two security mechanism options for 5G ProSe UE-to-Network Relay: security procedure over User Plane as defined in clause 6.3.3.2 and security procedure over Control Plane as defined in clause 6.3.3.3. The 5G ProSe remote UE and 5G ProSe UE-to-Network Relay determine the security mechanism based on the Control Plane Security Indicator associated with the RSC, the Control Plane Security Indicator and the associated RSC are specified in clause 5.1.4.3.2 of TS 23.304. The functionality in this clause is supported by both 5G ProSe-enabled UEs for commercial services and public safety.

The following security requirements apply to both 5G ProSe Layer-3 UE-to-Network Relay and 5G ProSe Layer-2 UE-to-Network Relay:

• The 5G System shall support the authorization of the UE as a 5G ProSe UE-to-Network Relay in the 5G ProSe UE-to-Network Relay scenario.
• The 5G System shall support the authorization of the UE as a 5G ProSe Remote UE in the 5G ProSe UE-to-Network Relay scenario.
• For UE-to-Network Relay discovery, the security requirements in clause 6.1.2 apply.
• The 5G System shall support a secure means to establish a PC5 link between the 5G ProSe Remote UE and the 5G ProSe UE-to-Network Relay.
• The 5G System shall support confidentiality protection, integrity protection and replay protection for secure communication between the 5G ProSe Remote UE and the network via 5G ProSe UE-to-Network Relays.
• PC5 signalling integrity security policy is set to "REQUIRED" for the 5G ProSe Remote UE and the 5G ProSe UE-to-Network Relay.
• The 5G ProSe Remote UE shall establish a different PC5 security context with each different 5G ProSe UE-to-Network Relay and for each different Relay Service Code. It shall also be possible to establish a PC5 security context when the 5G ProSe Remote UE is out of coverage.