Content for TR 33.833 Word version: 13.0.0
4 Proximity Services (ProSe) p. 17
5 Key Issues for Rel-12 p. 23
5.1 Key Issues on Configuration p. 23
5.2 Key Issues on Discovery p. 25
5.2.1 Key Issue #2.1: Direct Request and Response Discovery p. 25
5.2.1.1 Key issue details p. 25
5.2.1.2 Security threats p. 25
5.2.1.3 Potential security requirements p. 25
5.2.2 Key Issue #2.2: Security analysis for Open Direct Discovery p. 26
5.2.2.1 Key Issue Details p. 26
5.2.2.2 Security Threats p. 26
5.2.2.3 Potential security requirements p. 26
5.2.3 Key Issue #2.3: Security analysis for registration in Network based ProSe Discovery p. 26
5.2.3.1 Key issue details p. 26
5.2.3.2 Security threats p. 26
5.2.3.3 Potential security requirements p. 27
5.2.4 Key Issue #2.4: Application Registration for ProSe p. 27
5.3 Key Issues on One-to-many communications p. 29
5.3.1 Key Issue #3.1: One-to-many communications between Public Safety UEs p. 29
5.3.1.1 Key issue details p. 29
5.3.1.2 Security threats p. 29
5.3.1.3 Potential security requirements p. 29
5.3.2 Key Issue #3.2: key distribution for group communications p. 30
5.3.2.1 Key issue details p. 30
5.3.2.2 Security threats p. 30
5.3.2.3 Potential security requirements p. 30
5.3.3 Key issue #3.3: ProSe one-to-many communication in decentralized mode p. 31
5.4 Key Issues on other areas p. 32
5.4.1 Key Issue #4.1: ProSe enabled UE security aspects p. 32
5.5.1.1 Key issue details p. 32
5.4.1.2 Security threats p. 32
5.4.1.3 Potential security requirements p. 32
5.4.2 Key Issue #4.2: Ensuring a trusted and reliable accounting p. 33
5.4.2.1 Key issue details p. 33
5.4.2.2 Security threats p. 33
5.4.2.3 Potential security requirements p. 33
5.4.3 Key Issue #4.3: Data communication security between ProSe network entities p. 34
5.4.3.1 Key issue details p. 34
5.4.3.2 Security threats p. 34
5.4.3.3 Potential security requirements p. 34
5.4.4 Key Issue #4.4: Protection of UE identity for ProSe direct discovery p. 34
5.4.4.1 Key issue details p. 34
5.4.4.2 Security threats p. 34
5.4.4.3 Potential security requirements p. 34
5.4.5 Key Issue #4.5: Security for EPC support WLAN direct discovery and communication p. 35
6 Solutions for Rel-12 p. 36
6.1 Solutions for configuration data transfer p. 36
6.1.1 Solution #6.1: Security for configuration data transfer p. 36
6.1.1.1 General p. 36
6.1.1.2 Overview of solution p. 36
6.1.2 Solution #6.2: Security for configuration data transfer p. 36
6.1.2.1 General p. 36
6.1.2.2 Overview of solution p. 36
6.1.2.3 Solution description: keys establishment procedure for PC3 p. 37
6.1.2.4 Solution evaluation p. 37
6.1.2.5 Solution Analysis p. 38
6.1.3 Solution #6.3: Security for configuration data transfer p. 39
6.1.3.1 General p. 39
6.1.3.2 Overview of solution p. 39
6.2 Solutions for Discovery p. 40
6.2.1 Solution #2.1: Security for ProSe discovery p. 40
6.2.1.1 General p. 40
6.2.1.2 Solution description p. 40
6.2.2 Solution #2.2:Security for Direct Discovery p. 42
6.2.3 Solution #2.3: Solution against DOS attack in registration procedure p. 43
6.2.4 Solution #2.4: Security for discovery with network checking p. 45
6.2.5 Solution #2.5: Security for discovery response p. 49
6.2.5.1 General p. 49
6.2.5.2 Overview of solution p. 49
6.2.5.3 Signalling flows p. 50
6.2.5.4 Token p. 51
6.2.6 Solution #2.6: Security for proximity request authentication and authorization p. 52
6.2.6.1 General p. 52
6.2.6.2 UE-signed proximity request p. 52
6.2.6.3 Application Server-signed proximity request p. 53
6.2.6.4 Proximity request digital signature algorithms and key strength p. 55
6.2.6.5 Proximity request hash input format p. 55
6.2.6.5a Verification key format p. 55
6.2.6.6 Profile for Application Server and Application UE certificate p. 55
6.3 Solutions for One-to-many Communications p. 56
6.3.1 Solution #3.1: Security for ProSe Group Communications p. 56
6.3.1.1 General p. 56
6.3.1.2 IDENTITY Security Solution p. 56
6.3.1.2.1 General p. 56
6.3.1.2.2 IDENTITY KMS p. 56
6.3.1.2.3 Use of User IDs within IDENTITY p. 57
6.3.1.3 IDENTITY Group Communications p. 62
6.3.1.3.1 General p. 62
6.3.1.3.2 Pre-configured Group Security Configuration p. 64
6.3.1.3.2.1 General p. 64
6.3.1.3.2.2 Security Procedures for Pre-configured Group Security Configuration p. 64
6.3.1.3.3 Session Key Distribution for Pre-Configured Groups p. 66
6.3.1.3.3.1 General p. 66
6.3.1.3.3.2 Session key distribution for pre-configured groups (network connected) p. 66
6.3.1.3.3.3 Session key distribution for pre-configured groups (network independent) p. 68
6.3.1.3.4 Session Key Distribution for Ad-Hoc Groups p. 69
6.3.1.3.4.1 General p. 69
6.3.1.3.4.2 Session key distribution security procedures for ad-hoc groups (network connected) p. 69
6.3.1.3.4.3 Session key distribution security procedures (network independent) p. 71
6.3.1.3.4.4 Using ad-hoc groups to meet the 'Out-of-the-box' requirement p. 72
6.3.1.3.5 Media Stream Protection p. 72
6.3.2 Solution #3.2: Network-supported key distribution for group communications p. 73
6.3.3 Solution #3.3: security for D2D communications based on overlay p. 76
6.3.3.1 Introduction p. 76
6.3.3.2 Use cases analysis p. 77
6.3.3.2.1 NSPS users p. 77
6.3.3.2.2 Conclusions p. 78
6.3.3.3 Structure of the PC5 reference point p. 78
6.3.4 Solution #3.4: Security for one-to-many communication p. 79
6.3.4.1 General p. 79
6.3.4.2 Solution for configuration p. 79
6.3.4.3 Solution for ProSe UE direct communication p. 79
6.3.4.4 Key management p. 80
6.3.5 Solution #3.5: Security for one-to-many security p. 81
6.3.5.1 General p. 81
6.3.5.2 Solution description p. 81
6.3.6 Solution #3.6: Public safety security layered over network security p. 86
6.3.7 Solution #3.7: Security for One-to-many ProSe Direct Communication p. 87
6.3.7.1 General p. 87
6.3.7.2 Authentication for One-to-many ProSe Direct Communication p. 88
6.3.7.3 Key generation for One-to-many ProSe Direct Communication p. 88
6.3.8 Conclusion on one-to-many security p. 89
6.4 Solutions for other areas p. 93
