Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.535  Word version:  18.4.0

Top   Top   Up   Prev   Next
1…   4…   4.6…   5…   6…   7…   A…   B…   C…   D…

 

B (Normative)  AKMA profiles for Ua* protocols |R17|p. 28

B.1  TLS based protocolsp. 28

B.1.1  Generalp. 28

This annex contains profiles of the share key-based UE authentication with certificate-based AF authentication and the shared key-based mutual authentication between UE and AF that are similar to the ones defined in TS 33.222.

B.1.2  Shared key-based UE authentication with certificate-based AF authenticationp. 28

B.1.2.1  Generalp. 28

The following clause provides the changes needed to adapt the Ua protocol given in clause 5.3 of TS 33.222 to work with a KAF derived using the AKMA procedures.

B.1.2.2  Proceduresp. 28

The procedures follow those given in clause 5.3.0 of TS 33.222 with the AKMA AF taking the role of the NAF from GBA (see TS 33.220), with the following changes.
At step 2, if the clients supports AKMA with this protocol then the client shall add the constant string "3gpp-akma" to the "User-Agent" HTTP header as product tokens as specified in RFC 9110.
At step 3, if the AF selects AKMA for deriving the key, then the AF shall include the "3GPP-bootstrapping-akma" within the WWW-Authenticate header field. If the AF has choice between GBA_Digest (see TS 33.220) and AKMA keying, then the AF shall select AKMA over GBA_Digest (see TS 33.222 for similar consideration between GBA methods).
At step 4, on receiving the response from the AF, the client shall verify that the FQDN in the realm attribute corresponds to the FQDN of the AF it established the TLS connection with. If failure the client shall terminate the TLS connection with the AF.
At step 5 given AKMA has been selected for keying, the client shall send a response with an Authorization header field where Digest is inserted using the A-KID as username. KAF shall be used as password in the Digest calculation.
At step 6 given AKMA has been selected for keying, the AF shall verify the value of the password attribute using KAF retrieved from AAnF using the A-KID received as username attribute in the query. If the AF is not able to obtain the AF-specific key when using AKMA mode, the AF shall respond with an appropriate error message not containing the realm attributes from step 3.
Up

B.1.3  Shared key-based mutual authentication between UE and AFp. 28

B.1.3.1  Generalp. 28

The following clause provides the changes needed to adapt the Ua protocol given in clause 5.4 of TS 33.222 to work with a KAF derived using the AKMA procedures.

B.1.3.2  Proceduresp. 29

B.1.3.2.1  Procedures for TLS 1.2p. 29
The procedures follow those given in clause 5.4.0.1 of TS 33.222 with the AKMA AF taking the role of the NAF from GBA (see TS 33.220), with the following changes.
At step 2, the AF shall include a constant string "3GPP-AKMA" is used as PSK-identity hint to indicate that AKMA based keying is supported.
At step 3, the UE may use an AKMA generated key if support was indicated by the AF (even if GBA-based keys were also indicated as supported by the AF). To use AKMA generated key, the UE shall derive the TLS premaster secret from KAF and shall send a ClientKeyExchange message including a PSK identity consisting of "3GPP-AKMA" and the A-KID. If the UE has choice between GBA_Digest (see TS 33.220) and AKMA keying, then the UE shall select AKMA over GBA_Digest (see TS 33.222 for similar consideration between GBA methods).
At step 4, if the AF receives the "3GPP-AKMA" prefix and the A-KID in the ClientKeyExchange messages it fetches the AF specific shared secret (KAF) from the AAnF using the A-KID. The AF shall derive the TLS premaster secret from the AF specific key (KAF).
Up
B.1.3.2.2  Procedures for TLS 1.3p. 29
The procedures follow those given in clause 5.4.0.2 of TS 33.222 with the AKMA AF taking the role of the NAF from GBA (see TS 33.220), with the following changes.
In step 1, the PSK identities in the ClientHello shall include a prefix indicating the PSK-identity name space (i.e. "3GPP-AKMA") and the A-KID to indicate the UE supports keying with AKMA.
In step 2 if the AF is willing to establish a TLS tunnel using PSK authentication with AKMA keys, then the AF shall indicate the index of the AKMA psk identity in the ServerHello message. If the AF has choice between GBA_Digest (see TS 33.220) and AKMA keying, then the AF shall select AKMA over GBA_Digest (see TS 33.222 for similar consideration between GBA methods).
The UE and NAF shall derive the TLS external PSK from KAF.
Up

Up   Top   ToC