Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.700-32  Word version:  19.0.0

Top   Top   Up   Prev   None
1…   5…
5 Key issues6 Solutions7 Conclusions$ Change history

 

5  Key issuesp. 9

5.1  Key Issue #1: Authentication and Authorization of Human User IDp. 9

5.1.1  Key issue detailsp. 9

5.1.2  Security threatsp. 9

5.1.3  Potential security requirementsp. 10

5.2  Key Issue #2: User privacyp. 10

5.2.1  Key issue detailsp. 10

5.2.2  Security threatsp. 10

5.2.3  Potential security requirementsp. 10

5.3  Key issue #3: Authentication and Authorization of one or more non-3GPP devices behind one gateway UE or 5G-RGp. 10

5.3.1  Key issue detailsp. 10

5.3.2  Security Threatsp. 10

5.3.3  Potential security requirementsp. 10

6  Solutionsp. 11

6.0  Mapping of Solutions to Key Issuesp. 11

6.1  Solution #1: User authentication and authorization of human userp. 11

6.1.1  Introductionp. 11

6.1.2  Solution detailsp. 11

6.1.3  Evaluationp. 12

6.2  Solution #2: User Authentication and Authorization via AMFp. 12

6.2.1  Introductionp. 12

6.2.2  Solution detailsp. 13

6.2.3  Evaluationp. 14

6.3  Solution #3: User Authentication and Authorization over NASp. 14

6.3.1  Introductionp. 14

6.3.2  Solution detailsp. 15

6.3.3  Evaluationp. 16

6.4  Solution #4: Security protection of human user privacyp. 16

6.4.1  Introductionp. 16

6.4.2  Solution detailsp. 16

6.4.2.1  KUIA derivingp. 16

6.4.2.2  User_ID activation and privacy protectionp. 17

6.4.2.3  Derivation of User-ID related materialp. 18

6.4.3  Evaluationp. 19

6.5  Solution #5: User authentication and authorizationp. 19

6.5.1  Introductionp. 19

6.5.2  Solution detailsp. 19

6.5.3  Evaluationp. 20

6.6  Solution #6: Human User authentication of through NAS procedurep. 20

6.6.1  Introductionp. 20

6.6.2  Solution Detailsp. 20

6.6.3  Evaluationp. 22

6.7  Solution #7: Authentication and Authorization of Human User IDp. 22

6.7.1  Introductionp. 22

6.7.2  Solution Detailsp. 23

6.7.4  Evaluationp. 24

6.8  Solution #8: User authentication with preconfigured credentialp. 24

6.8.1  Introductionp. 24

6.8.2  Solution detailsp. 24

6.8.2.1  Descriptionp. 24

6.8.2.2  User authentication procedure with the UAAF deployed by operatorp. 25

6.8.2.3  User authentication procedure with the AAA-S deployed by third partyp. 26

6.8.3  Evaluationp. 27

6.10.1  Introductionp. 30

6.10.2  Solution detailsp. 30

6.10.3  Evaluationp. 31

6.11  Solution #11: Re-using existing mechanisms for user privacyp. 31

6.11.1  Introductionp. 31

6.11.2  Solution detailsp. 31

6.11.3  Evaluationp. 31

6.12  Solution #12: authorization of non-3GPP devices behind 5G-RGp. 32

6.12.1  Introductionp. 32

6.12.2  Solution detailsp. 32

6.12.3  Evaluationp. 33

6.13  Solution #13: Authentication and Authorization procedure of N3D behind gateway UE or 5G-RGp. 33

6.13.1  Introductionp. 33

6.13.2  Solution detailsp. 33

6.13.2.1  Authentication Procedurep. 33

6.13.2.2  Re-Authentication procedurep. 36

6.13.2.3  Authentication and Authorization revocationp. 36

6.13.4  Evaluationp. 37

6.14  Solution #14: Authentication and authorization of non-3GPP devicesp. 37

6.14.1  Introductionp. 37

6.14.2  Solution detailsp. 37

6.14.3  Evaluationp. 37

6.15  Solution #15: Authentication of user behind the UEp. 37

6.15.1  Introductionp. 37

6.15.2  Solution detailsp. 38

6.15.2.1  Conceptp. 38

6.15.2.2  Solution flowp. 38

6.15.3  Evaluationp. 40

6.16  Solution #16: User Authentication and Authorizationp. 40

6.16.1  Introductionp. 40

6.16.2  Solution detailsp. 41

6.16.2.1  User Initiated procedurep. 41

6.16.2.2  Network Initiated procedurep. 42

6.16.3  Evaluationp. 43

6.17  Solution #17: Solution for exposure privacy issuep. 44

6.17.1  Introductionp. 44

6.17.2  Solution detailsp. 44

6.17.2.1  Exposure of user profile informationp. 44

6.17.2.2a  Exposure of linked UE subscription information associated with User Identifierp. 44

6.17.2.2b  Exposure of linked UE subscription information associated with User Identifier to AMF/SMF (internal NFs)p. 45

6.17.3  Evaluationp. 46

6.18  Solution #18: User privacy during the connection with 5GCp. 47

6.18.1  Introductionp. 47

6.18.2  Solution detailsp. 47

6.18.2.1  Mobility or attaching to other access scenarios:p. 48

6.18.3  Evaluationp. 48

6.19  Solution #19: User privacy protectionp. 48

6.19.1  Introductionp. 48

6.19.2  Solution detailsp. 49

6.19.3  Evaluationp. 49

6.20  Solution #20: privacy protection for user ID over the airp. 50

6.20.1  Introductionp. 50

6.20.2  Detailsp. 50

6.20.3  Evaluationp. 50

6.21  Solution #21: A&A of non-3GPP devices behind UE or 5G-RG based on secondary authenticationp. 50

6.21.1  Introductionp. 50

6.21.2  Solution detailsp. 50

6.21.3  Evaluationp. 51

6.22  Solution #22: User authentication with credentials derived by AUSFp. 51

6.22.1  Introductionp. 51

6.22.2  Solution detailsp. 51

6.22.2.1  Descriptionp. 51

6.22.2.2  User activation procedure with the AUSF and UIMFp. 52

6.22.2.3  Key hierarchy for user authentication with derived credentialp. 54

6.22.2.4  User authentication procedure with the UAAFp. 54

6.22.2.5  Derivation of KUIA and KUSERp. 55

6.22.3  Evaluationp. 56

6.23  Solution #23: User Authentication with EAP-PSKp. 56

6.23.1  Introductionp. 56

6.23.2  Solution detailsp. 57

6.23.3  Evaluationp. 58

6.24  Solution #24: User ID privacy protection based on EAP-TLS protocol using pseudonym mechanismp. 58

6.24.1  Introductionp. 58

6.24.2  Solution detailsp. 58

6.24.3  Evaluationp. 59

6.25  Solution #25: User Authentication with Certificate Generated by an authorized UEp. 60

6.25.1  Solution Introductionp. 60

6.25.2  Solution Detailsp. 60

6.25.3  Evaluationp. 61

6.26  Solution #26: User authentication with credentials derived by UIMFp. 61

6.26.1  Introductionp. 61

6.26.2  Solution detailsp. 61

6.26.2.1  Descriptionp. 61

6.26.2.2  KUIA generation by AUSF and UE during Registration procedurep. 62

6.26.2.3  KUSER generation by UIMF and UE during User Authentication procedurep. 64

6.26.2.4  User authentication between UE and UAAFp. 65

6.26.2.5  Key hierarchy and derivationp. 66

6.26.3  Evaluationp. 66

6.27  Solution #27: User privacy protection for UIP exposure based on RNAAp. 67

6.27.1  Introductionp. 67

6.27.2  Solution detailsp. 67

6.27.3  Evaluationp. 67

7  Conclusionsp. 67

7.1  Key issue #1: Authentication and Authorization of Human User IDp. 67

7.2  Key issue #2: User privacyp. 67

7.3  Key issue #3: Authentication and Authorization of one or more non-3GPP devices behind one gateway UE or 5G-RGp. 68

$  Change historyp. 69

Up   Top