The link identifier update procedure given in TS 23.287 is used to provide privacy for the identities in the unicast link. This procedure only provides privacy if a non-NULL confidentiality algorithm is selected. This means the messages in this procedure are sent confidentiality protected (i.e. using a non-NULL confidentiality algorithm) and hence the new identities agreed by the UEs are only known to the involved UEs. A three-way message exchange procedure is required with this procedure since both UEs need to change their identifiers during the same procedure and to allow these new values to be acknowledged before them being used. This procedure is used to preserve the privacy for the identities that are seen in the clear for an ongoing unicast connection.
A separate privacy threat that allows to link two subsequent connections is caused by either the same KNRP ID or same partial KNRP ID value being sent in the Direct Communication Request message for subsequent connections. The Layer-2 link release procedure given in TS 23.287 is used to provide privacy for the KNRP ID. The messages in the Layer-2 link release procedure are always sent protected and hence the new KNRP ID agreed by the UEs is only known to the involved UEs.
Figure 5.3.3.2.2.1-1 shows the flows for changing the identities of the UEs involved in PC5 unicast link. The figure only displays the security parameters (KNRP-sess ID)that are changed and the Layer-2 IDs but not the other parameters described in TS 23.287.
UE_1 decides to change its identifiers and sends a Link Identifier Update Request message to UE_2 (see TS 23.287). In addition to the changed identifiers, UE_1 shall include the new MSB of KNRP-sess ID in the Link Identifier Update Request message. These bits shall be chosen so that they uniquely identify KNRP-sess at UE_1. The new MSB of KNRP-sess ID shall be selected randomly.
UE_2 shall choose the new LSB of KNRP-sess ID so that they uniquely identify KNRP-sess at UE_2. The new LSB of KNRP-sess ID shall be selected randomly. UE_2 shall form the new KNRP-sess ID from the MSB received from UE_1 and the LSB that UE_2 chose. UE_2 shall associate the new KNRP-sess ID with the updated Layer-2 IDs (see TS 23.287) and shall use this new KNRP-sess ID when it uses the updated Layer-2 IDs. In addition to its updated identifiers, UE_2 shall send the LSB of KNRP-sess ID to UE_1 along with the received MSB of KNRP-sess ID and other identifiers received from UE_1 in the Link Identifier Update Response message. UE_1 shall check that the returned MSB of KNRP-sess ID is identical to the one sent in step 1.
UE_1 shall form the new KNRP-sess ID from the LSB received from UE_2 and the MSB chosen by UE_1 (in step 1). UE_1 shall associate the new KNRP-sess ID with the updated Layer-2 IDs (see TS 23.287) and shall use this new KNRP-sess ID when it uses the updated Layer-2 IDs. UE_1 shall send the Link Identifier Update Ack message to UE_2 including the LSB of KNRP-sess ID and other identifiers received from UE_2. UE_2 shall check that the returned LSB of KNRP-sess ID are identical to the one sent in step 2.
Figure 5.3.3.2.2.2-2 shows the message flows for changing the KNRP ID of the UEs involved in PC5 unicast link to remediate the privacy threat for the KNRP ID. This message flow is based on the Layer-2 link release procedure provided in clause 6.3.3.3 of TS 23.287. The messages in the Layer-2 link release procedure are always sent protected and hence the new KNRP ID agreed by the UEs is only known to the involved UEs. The new KNRP ID is used on a subsequent unicast link establishment procedure (see clause 5.3.3.1.4.3).
UE_1 sends a Disconnect Request message to UE_2 in order to release the layer-2 link (see TS 23.287). UE_1 shall include the new MSB of KNRP ID in the Disconnect Request message. These bits shall be chosen so that they uniquely identify KNRP at UE_1. The new MSB of KNRP ID shall be selected randomly.
UE_2 shall choose the new LSB of KNRP ID so that they uniquely identify KNRP at UE_2. The new LSB of KNRP ID shall be selected randomly. UE_2 shall form the new KNRP ID from the MSB received from UE_1 and the LSB that UE_2 chose. UE_2 may use this new KNRP ID when it reconnects with UE_1. UE_2 shall send the LSB of KNRP ID to UE_1 in the Disconnect Response message. Upon reception of the Disconnect Response message, UE_1 shall form the new KNRP ID from the LSB received from UE_2 and the MSB that was chosen by UE_1 (in step 1). UE_1 may use this new KNRP ID when it reconnects with UE_2.