Content for TR 33.739 Word version: 18.1.0
1 Scope
2 References
3 Definitions of terms, symbols and abbreviations
4 Overview of Edge Computing - Phase 2
...
...
1 Scope p. 9
The present document studies the security aspects related to the new features and procedures resulting from the continuation of the work on Edge Computing support in 5G Systems, i.e. 5G System Enhancements for Edge Computing in TR 23.700-48, and enhanced architecture for enabling Edge Applications in TR 23.700-98. The study bases on the work done in the TS 33.558 and TR 33.839.
2 References p. 9
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TR 23.700-48: "5G System Enhancements for Edge Computing; Phase 2".
[3]
TR 23.700-98: "Study on Enhanced architecture for enabling Edge Applications ".
[4]
TS 33.558: "Security aspects of enhancement of support for enabling edge applications".
[5]
TR 33.839: "Study on security aspects of enhancement of support for edge computing in the 5G Core (5GC)".
[6]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".
[7]
TS 33.501: "Security architecture and procedures for 5G System".
[8]
TS 33.535: "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)".
[9]
TS 23.502: "Procedures for the 5G System (5GS)".
[10]
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
[11]
TS 23.558: "Architecture for enabling Edge Applications".
[12]
RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".
[13]
TS 33.210: "Network Domain Security (NDS); IP network layer security".
[14]
GSMA TS.43: "Service Entitlement Configuration".
[15]
TS 23.548: "5G System Enhancements for Edge Computing; Stage 2".
[16]
TS 23.503: "Policy and charging control framework for the 5G System (5GS); Stage 2".
[17]
RFC 7858: "Specification for DNS over Transport Layer Security (TLS)".
[18]
RFC 8310: "Usage Profiles for DNS over TLS and DNS over DTLS".
3 Definitions of terms, symbols and abbreviations p. 10
3.1 Terms p. 10
For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Application Client:
Application software resident in the UE performing the client function.
Application Context:
A set of data about the Application Client that resides in the Edge Application Server.
Application Context Relocation:
End-to-end service continuity procedure described in clause 8.8.
Application Context Transfer:
Refers to the transfer of the Application Context between the source Edge Application Server and the target Edge Application Server, which is a part of the service continuity procedure described in clause 8.8.
Application Server:
Application software resident in the cloud performing the server function.
Edge Application Server:
An Application Server resident in the Edge Hosting Environment.
Edge Computing:
A concept, as described in TS 23.501, that enables operator and 3rd party services to be hosted close to the UE's access point of attachment, to achieve an efficient service delivery through the reduced end-to-end latency and load on the transport network.
Edge Computing Service Provider:
A mobile network operator or a 3rd party service provider offering Edge Computing service.
EEC Context:
A set of data about the Edge Enabler Client that resides in the Edge Enabler Server.
Edge Data Network:
A local Data Network that supports the architecture for enabling edge applications.
Edge Enabler Client:
A functional entity resident in the UE providing services for the Application Clients.
Edge Enabler Layer:
The overall functionality provided by the entities such as Edge Enabler Client, Edge Enabler Server and Edge Configuration Server, in support of applications as per the architecture defined in clause 6.
Edge Enabler Server:
A functional entity resident in the Edge Hosting Environment providing services for the Edge Application Servers and Edge Enabler Clients
Edge Hosting Environment:
An environment providing support required for Edge Application Server's execution.
3.2 Symbols p. 10
Void.
3.3 Abbreviations p. 10
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
AAnF
AKMA Anchor Function
AC
Application Client
ACID
Application Client Identification
ACR
Application Context Relocation
ACT
Application Context Transfer
AF
Application Function
AKMA
Authentication and Key Management for Applications
AMF
Access and Mobility Management Function
API
Application Programming Interface
AUSF
Authentication Server Function
BSF
Binding Support Function
DNAI
Data Network Access Identifier
DNN
Data Network Name
DNS
Domain Name System
EAS
Edge Application Server
EASDF
Edge Application Server Discovery Function
EASID
Edge Application Server Identification
ECS
Edge Configuration Server
ECSP
Edge Computing Service Provider
EDN
Edge Data Network
EEC
Edge Enabler Client
EEL
Edge Enabler layer
EES
Edge Enabler Server
EESID
Edge Enabler Server Identification
EHE
Edge Hosting Environment
FQDN
Fully Qualified Domain Name
GBA
Generic Bootstrapping Architecture
GPSI
Generic Public Subscription Identifier
GSM
Global System for Mobile Communications
GSMA
GSM Association
H-ECS
Home Edge Configuration Server
HSS
home subscriber server
IP
Internet Protocol
KDF
Key Derivation Function
MNO
Mobile Network Operator
NAT
Network Address Translation
NEF
Network Exposure Function
NRF
Network Repository Function
OPG
Operator Platform Group
PCF
Policy Control Function
PCO
Protocol Configuration Option
PSA
PDU Session Anchor
PDU
Protocol Data Unit
RAT
Radio Access Technology
S-EAS
Source Edge Application Server
S-EES
Source Edge Enabler Server
SMF
Session Management Function
S-NSSAI
Single Network Slice Selection Assistance Information
T-EAS
Target Edge Application Server
T-EES
Target Edge Enabler Server
TLS
Transport Layer Security
UDM
Unified Data Management
UE
User Equipment
UPF
User Plane Function
URI
Uniform Resource Identifier
V-ECS
Visited Edge Configuration Server
V-EES
Visited Edge Enabler Server
4 Overview of Edge Computing - Phase 2 p. 11
The present document studies the security enhancements on the support for Edge Computing of phase 2 in the 5G Core network defined in TS 23.548, and application architecture for enabling Edge Applications of phase 2 defined in TS 23.558.
For the EC supported in 5GC, refer to TS 23.548.
For more details on enabling Edge Applications, it is proposed to refer to TS 23.558.
