Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.834  Word version:  16.1.0

Top   Top   Up   Prev   None
1…   4…
4 Background5 Identification of long term keys6 USIM related key stores and key transport processes7 Key issues8 Evaluation Criteria9 Solutions10 Conclusions$ Change History

 

4  Backgroundp. 9

5  Identification of long term keysp. 10

5.1  Introductionp. 10

5.2  K / Kip. 10

5.3  OP / Opc / TOP / TOPcp. 11

5.4  OTA Keysp. 11

6  USIM related key stores and key transport processesp. 12

6.1  Introductionp. 12

6.2  Potential Key Storesp. 12

6.2.1  Personalisation centrep. 12

6.2.2  eSIM provisioning elementsp. 12

6.2.3  Network operator provisioning systemp. 12

6.2.4  HSS / AuCp. 13

6.2.5  USIM / SIMp. 13

6.3  Example key transport interfacesp. 13

7  Key issuesp. 13

7.1  Key Issue 1: individual subscription - K exposedp. 13

7.1.1  Issue descriptionp. 13

7.1.2  Threat Descriptionp. 13

7.1.3  Potential Security requirementsp. 14

7.2  Key Issue 2: batch of subscriptions - K exposedp. 14

7.2.1  Issue descriptionp. 14

7.2.2  Threat Descriptionp. 14

7.2.3  Security requirementsp. 15

7.3  Key Issue 3: LTK Derivation vs. LTK Transportp. 15

7.3.1  Issue descriptionp. 15

7.3.2  Threat Descriptionp. 15

7.3.3  Security requirementsp. 15

8  Evaluation Criteriap. 17

8.1  Overviewp. 17

8.2  Key Issues Addressedp. 17

8.3  Impact on USIM and ISIM, types and releasesp. 17

8.4  Impact on USIM hardware and softwarep. 17

8.5  Key exchange protocols and their transportationp. 18

8.6  3GPP technologies supportedp. 18

8.7  Assessment of additional risksp. 18

8.8  Lawful Interception impactsp. 18

8.9  Impact on core and RAN networksp. 18

8.10  Ease of implementationp. 18

9  Solutionsp. 18

9.1  Solution #1: 'Replace the affected Profile on eUICC'p. 18

9.1.1  Introductionp. 18

9.1.2  Solution Descriptionp. 18

9.1.3  Solution Evaluationp. 19

9.1.3.1  General evaluationp. 19

9.1.3.2  Key Issuesp. 19

9.1.3.3  USIM and ISIM types applicablep. 19

9.1.3.4  Potential hardware and software impactsp. 19

9.1.3.5  Key exchange protocols and transportationp. 19

9.1.3.6  3GPP technologies supportedp. 19

9.1.3.7  Assessment of additional risksp. 19

9.1.3.8  Conclusionp. 19

9.2  Solution #2: Pre-installed multiple key pairsp. 20

9.2.1  Introductionp. 20

9.2.2  Solution Descriptionp. 20

9.2.3  Solution Evaluationp. 20

9.2.3.1  Key Issuesp. 20

9.2.3.2  USIM and ISIM types applicablep. 21

9.2.3.3  Potential hardware and software impactsp. 21

9.2.3.4  Key exchange protocols and transportationp. 21

9.2.3.5  3GPP technologies supportedp. 21

9.2.3.6  Assessment of additional risksp. 21

9.2.3.7  Conclusionp. 21

9.3  Solution #3: Certificate based negotiationp. 22

9.3.1  Introductionp. 22

9.3.2  Solution Descriptionp. 22

9.3.3  Solution Evaluationp. 23

9.3.3.1  Key Issuesp. 23

9.3.3.2  USIM and ISIM types applicablep. 23

9.3.3.3  Potential hardware and software impactsp. 23

9.3.3.4  Key exchange protocols and transportationp. 23

9.3.3.5  3GPP technologies supportedp. 23

9.3.3.6  Assessment of additional risksp. 23

9.3.3.7  Conclusionp. 23

9.4  Solution #4: Diffe-Hellman based Key agreementp. 23

9.4.1  Introductionp. 23

9.4.2  Solution Descriptionp. 24

9.4.2.1  Solution overviewp. 24

9.4.2.2  Notes on statefulness at the HSSp. 25

9.4.2.3  Proposed message flowp. 26

9.4.2.4  Transport over new Signalling protocol (Solution 4a)p. 26

9.4.2.5  Transport over USIM OTA protocol (Solution 4b)p. 26

9.4.2.6  Transport over USSD protocol (Solution 4c)p. 27

9.4.2.7  Transport over BEST protocol (Solution 4d)p. 27

9.4.2.8  Transport over AUTHENTICATION protocol (Solution 4e)p. 27

9.4.3  Solution Evaluationp. 28

9.4.3.1  Key Issuesp. 28

9.4.3.2  USIM and ISIM types applicablep. 28

9.4.3.3  Potential hardware and software impactsp. 28

9.4.3.4  Key exchange protocols and transportationp. 28

9.4.3.5  3GPP technologies supportedp. 29

9.4.3.6  Assessment of additional risksp. 29

9.4.3.7  Conclusionp. 29

9.5  Solution #5: Multiple sets of parametersp. 29

9.5.1  Introductionp. 29

9.5.2  Solution Descriptionp. 29

9.5.3  Solution Evaluationp. 31

9.5.3.1  Key Issuesp. 31

9.5.3.2  UICC applications types applicablep. 31

9.5.3.3  Potential hardware and software impactsp. 31

9.5.3.4  Key exchange protocols and transportationp. 31

9.5.3.5  3GPP technologies supportedp. 31

9.5.3.6  Assessment of additional risksp. 31

9.5.3.7  Lawful interception impactsp. 31

9.5.3.8  Core and RAN networks impactsp. 31

9.5.3.9  Ease of implementationp. 32

9.6  Solution #6: LTK generationp. 32

9.6.1  Introductionp. 32

9.6.2  Solution Descriptionp. 32

9.6.3  Solution Evaluationp. 33

9.6.3.1  Key Issuesp. 33

9.6.3.2  USIM and ISIM types applicablep. 33

9.6.3.3  Potential hardware and software impactsp. 33

9.6.3.4  Key exchange protocols and transportationp. 33

9.6.3.5  3GPP technologies supportedp. 33

9.6.3.6  Assessment of additional risksp. 33

9.6.3.7  Conclusionp. 33

10  Conclusionsp. 34

$  Change Historyp. 35

Up   Top