Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.819  Word version:  16.1.0

Top   Top   Up   Prev   None
0…   5…
5 Key issues6 Solutions7 ConclusionsA Deployment options for authentication in SNPNs considering different types of NPN credentials$ Change history

 

5  Key issuesp. 10

5.1  Key Issues related to security for SNPNsp. 10

5.1.1  Key Issue #1.1: Completing AKA based authentication and calculating KSEAF for SNPNsp. 10

5.1.1.1  Key issue detailsp. 10

5.1.1.2  Security threatsp. 10

5.1.1.3  Potential security requirementsp. 10

5.1.1.4  Potential architectural requirementsp. 10

5.2  Key Issues related to Security aspects on interworking between NPN and PLMNp. 10

5.2.1  Key Issue #2.1: Authentication and Authorization for Interworking, Roaming between NPN and PLMNp. 10

5.2.1.1  Key issue detailsp. 10

5.2.1.2  Security threatsp. 11

5.2.1.3  Potential security requirementsp. 11

5.2.2  Key Issue #2.2: Security and privacy aspects of service continuity and session continuityp. 11

5.2.2.1  Key issue detailsp. 11

5.2.2.2  Security threatsp. 12

5.2.2.3  Potential security requirementsp. 12

5.2.3  Key Issue #2.3: Independent credentials for authentication and authorization with NPN and PLMNp. 13

5.2.3.1  Key issue detailsp. 13

5.2.3.2  Security threatsp. 13

5.2.3.3  Potential security requirementsp. 13

5.3  Key Issues related to Security for 5G LAN servicesp. 13

5.3.1  Key Issue #3.1: Authentication and Authorization of UE in 5GLAN communicationp. 13

5.3.1.1  Key issue detailsp. 13

5.3.1.2  Security threatsp. 13

5.3.1.3  Potential security requirementsp. 14

5.3.2  Key Issue #3.2: UP security policy for the 5GLAN Groupp. 14

5.3.2.1  Key issue detailsp. 14

5.3.2.2  Security threatsp. 14

5.3.2.3  Potential security requirementsp. 14

5.4  Key Issues related to Security for TSC and 5GS interactionp. 14

5.4.1  Key Issue #4.1: Protection of interfaces that 5GS interacts with a TSN networkp. 14

5.4.1.1  Key issue detailsp. 14

5.4.1.2  Security threatsp. 15

5.4.1.3  Potential security requirementsp. 15

5.4.2  Key Issue #4.2: TSC time synchronisationp. 15

5.4.2.1  Key issue detailsp. 15

5.4.2.2  Security threatsp. 15

5.4.2.3  Potential security requirementsp. 15

5.5  Key Issues related to authentication on NPNsp. 15

5.5.1  Key Issue #5.1: Key hierarchy for NPNsp. 15

5.5.1.1  Key issue detailsp. 15

5.5.1.2  Security threatsp. 16

5.5.1.3  Potential security requirementsp. 16

5.5.2  Key Issue #5.2: Authentication and authorization of NPN subscribers by an AAAp. 16

5.5.2.1  Key issue detailsp. 16

5.5.2.2  Security threatsp. 16

5.5.2.3  Potential security requirementsp. 16

5.6  Key Issues related to security for PNiNPNsp. 17

5.6.1  Key Issue #6.1: (D)DoS attack by large number of registration requests to CAG Cellp. 17

5.6.1.1  Key issue detailsp. 17

5.6.1.2  Security threatsp. 17

5.6.1.3  Potential security requirementsp. 17

5.6.2  Key Issue #6.2: CAG ID Privacyp. 17

5.6.2.1  Key issue detailsp. 17

5.6.2.2  Security threatsp. 18

5.6.2.3  Potential security requirementsp. 18

5.6.3  Key Issue #6.3: DoS attack by unauthorized removal of entries from the UE's Allowed CAG ID listp. 18

5.6.3.1  Key issue detailsp. 18

5.6.3.2  Security threatsp. 18

5.6.3.3  Potential security requirementsp. 19

6  Solutionsp. 19

6.1  Solution #1: Solution for NPN network access via PLMNp. 19

6.1.1  Introductionp. 19

6.1.2  Solution detailsp. 20

6.1.2.1  Registration to NPN via PLMNp. 20

6.1.2.2  Registration to PLMN via NPNp. 21

6.1.3  Evaluationp. 21

6.2  Solution #2: Security solution for handling UP security policy for a 5GLAN Groupp. 21

6.2.1  Introductionp. 21

6.2.2  Potential solution detailsp. 21

6.2.3  Evaluationp. 22

6.3  Solution #3: Security solution for mitigation of (D)DoS attack in PNiNPNsp. 22

6.3.1  Introductionp. 22

6.3.2  Potential solution detailsp. 22

6.3.3  Evaluationp. 24

6.4  Solution #4: Security solution for key derivation in SNPNsp. 24

6.4.1  Introductionp. 24

6.4.2  Solution detailsp. 24

6.4.3  Evaluationp. 24

6.5  Solution #5: Key hierarchy for authentication using non-AKA EAP methods in NPNp. 25

6.5.1  Introductionp. 25

6.5.2  Solution detailsp. 25

6.5.3  Evaluationp. 25

6.6  Solution #6: 5GLAN authenticationp. 25

6.6.1  Introductionp. 25

6.6.2  Solution detailsp. 26

6.6.3  Evaluationp. 26

6.7  Solution #7: SMF handling the UP security policy for a 5GLAN Group based on information from DN AAAp. 26

6.7.1  Introductionp. 26

6.7.2  Potential solution detailsp. 27

6.7.3  Evaluationp. 27

6.8  Solution #8: TSC securityp. 27

6.8.1  Introductionp. 27

6.8.2  Solution detailsp. 27

6.9  Solution #9: (D)DoS attack mitigation in PNiNPNsp. 27

6.9.1  Introductionp. 27

6.9.2  Solution detailsp. 27

6.9.3  Evaluationp. 28

6.10  Solution #10: Using NAS security for messages that modify the CAG listp. 28

6.10.1  Introductionp. 28

6.10.2  Solution detailsp. 28

6.10.3  Evaluationp. 29

6.11  Solution #11: DH based solution for CAG ID privacyp. 29

6.11.1  Introductionp. 29

6.11.2  Solution detailsp. 29

6.11.3  Evaluationp. 31

6.12  Solution #12: Hash based solution for CAG ID privacyp. 31

6.12.1  Introductionp. 31

6.12.2  Solution detailsp. 32

6.12.3  Evaluationp. 34

6.13  Solution #13: CAG ID Privacy in PNiNPNs by embedding CAG ID in the SUCIp. 34

6.13.1  Introductionp. 34

6.13.2  Solution detailsp. 35

6.13.3  Evaluationp. 36

6.14  Solution #14: CAG ID privacy by re-use of SUPI protection mechanismp. 36

6.14.1  Introductionp. 36

6.14.2  Solution detailsp. 36

6.14.3  Evaluationp. 37

6.15  Solution #15: CAG ID privacy by indication in RRC layer and providing CAG ID only after NAS security establishmentp. 38

6.15.1  Introductionp. 38

6.15.2  Solution detailsp. 38

6.15.3  Evaluationp. 39

6.16  Solution #16: CAG ID privacy by sending CAG ID only in protected NAS signallingp. 39

6.16.1  Introductionp. 39

6.16.2  Solution detailsp. 39

6.16.3  Evaluationp. 40

6.17  Solution #17: Protection on TSC time synchronisation within UP security policyp. 40

6.17.1  Introductionp. 40

6.17.2  Solution detailsp. 40

6.17.3  Evaluationp. 40

6.18  Solution #18: CAG ID privacy considering RAN optimizationp. 40

6.18.1  Introductionp. 40

6.18.2  Potential solution detailsp. 40

6.18.3  Evaluationp. 41

6.19  Solution #19: Privacy protected CAG ID Privacy in PNiNPNsp. 41

6.19.1  Introductionp. 41

6.19.2  Solution detailsp. 41

6.19.3  Evaluationp. 42

7  Conclusionsp. 43

7.1  Security for 5G LAN servicesp. 43

7.2  Security for TSCp. 43

7.3  PLMN service access via SNPN and vice versap. 43

7.4  Key hierarchy for NPNsp. 43

7.5  AKA based authentication and calculating KSEAF for SNPNsp. 43

7.6  Modification of CAG ID list in the UEp. 43

7.7  CAG ID Privacyp. 43

A  Deployment options for authentication in SNPNs considering different types of NPN credentialsp. 44

$  Change historyp. 46

Up   Top