Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.839  Word version:  17.1.0

Top   Top   Up   Prev   None
1…   4…   6…
6 Proposed solutions7 Conclusions$ Change history

 

6  Proposed solutionsp. 20

6.0  Mapping of Solutions to Key Issuesp. 20

6.1  Solution #1: DNS request protectionp. 21

6.1.1  Introductionp. 21

6.1.2  Solution detailsp. 21

6.1.3  Solution Evaluationp. 21

6.2  Solution #2: Authentication between EEC and ECS based on primary authenticationp. 22

6.2.1  Introductionp. 22

6.2.2  Solution detailsp. 22

6.2.2.1  Procedurep. 22

6.2.2.2  Derivation of Kedge and Kedge IDp. 23

6.2.2.3  Generation of MACEECp. 23

6.2.3  Solution Evaluationp. 23

6.3  Solution #3: Authentication/Authorization framework for Edge Enabler Client and Serversp. 24

6.3.1  Introductionp. 24

6.3.2  Solution detailsp. 24

6.3.3  Solution evaluationp. 26

6.4  Solution #4: Authentication/Authorization framework for Edge Enabler Client and Serversp. 26

6.4.1  Introductionp. 26

6.4.2  Solution detailsp. 27

6.4.3  Solution evaluationp. 28

6.5  Solution #5: Authentication and Authorization between the Edge Enabler Client and the Edge Enabler Serverp. 29

6.5.1  Introductionp. 29

6.5.2  Solution detailsp. 29

6.5.3  Solution evaluationp. 30

6.6  Solution #6: Authentication and Authorization between the Edge Enabler Client and the Edge Enabler Serverp. 30

6.6.1  Introductionp. 30

6.6.2  Solution detailsp. 31

6.6.3  Solution evaluationp. 32

6.7  Solution #7: Authentication and Authorization with the Edge Data Networkp. 32

6.7.1  Solution overviewp. 32

6.7.3  Solution evaluationp. 35

6.8  Solution #8: Authentication between EEC and EESp. 36

6.8.1  Solution overviewp. 36

6.8.2  Solution detailsp. 36

6.8.3  Solution evaluationp. 37

6.9  Solution #9: Authentication and authorization between EEC and ECS based on AKMAp. 37

6.9.1  Introductionp. 37

6.9.2  Solution detailsp. 38

6.9.3  Solution Evaluationp. 39

6.10  Solution #10: Authentication and Authorization between the Edge Enabler Client and the Edge Configuration Serverp. 39

6.10.1  Introductionp. 39

6.10.2  Solution detailsp. 40

6.10.3  Solution Evaluationp. 40

6.11  Solution #11: Authentication between EEC and ECSp. 40

6.11.1  Solution overviewp. 40

6.11.2  Solution detailsp. 41

6.11.3  Solution evaluationp. 42

6.12  Solution #12: Onboarding and authentication/authorization framework for Edge Enabler Server and Edge Configuration Serverp. 42

6.12.1  Introductionp. 42

6.12.2  Solution detailsp. 43

6.12.3  Solution evaluationp. 44

6.13  Solution #13: Transport security for EDGE-1-9 interfacesp. 44

6.13.1  Introductionp. 44

6.13.2  Solution detailsp. 44

13.2.0  Generalp. 44

6.13.2.1  Type Ap. 44

6.13.2.2  Type Bp. 44

6.13.2.3  Type Cp. 45

6.13.3  Solution Evaluationp. 45

6.14  Solution #14: Protection of Network Information Provisioning to Local AF directlyp. 45

6.14.1  Solution overviewp. 45

6.14.2  Solution detailsp. 46

6.14.3  Solution evaluationp. 46

6.15  Solution #15: Network capability re-exposure via Edge Enabler Serverp. 47

6.15.1  Introductionp. 47

6.15.2  Solution detailsp. 47

6.15.3  Solution Evaluationp. 47

6.16  Solution #16: EEC authentication and authorization framework with ECS and EESp. 48

6.16.1  Introductionp. 48

6.16.2  Solution detailsp. 48

6.16.3  Solution Evaluationp. 49

6.17  Solution #17: EEC/EES/ECS authentication and transport protection with TLSp. 50

6.17.1  Solution overviewp. 50

6.17.2  Solution detailsp. 50

6.17.2.1  Authentication and transport protection for the EDGE-1, EDGE-3, EDGE-4, EDGE-6 and EDGE-9 interfacesp. 50

6.17.2.2  Authentication of the GPSI in EEC-EES/ECS communicationp. 51

6.17.3  Solution evaluationp. 52

6.18  Solution #18: Authentication and Authorization Framework for EDGE-4 interfaces using Primary authentication and proxy interfacep. 53

6.18.1  Introductionp. 53

6.18.2  Solution detailsp. 54

6.18.3  Solution Evaluationp. 55

6.19  Solution #19: Authentication/authorization between UE and Edge Data Network based on the secondary authenticationp. 55

6.19.1  Introductionp. 55

6.19.2  Solution detailsp. 55

6.19.3  Solution Evaluationp. 56

6.20  Solution #20: Authentication and authorization in EES capability exposure based on CAPIFp. 56

6.20.1  Introductionp. 56

6.20.2  Solution detailsp. 56

6.20.3  Solution Evaluationp. 57

6.21  Solution #21: security for the interface between the SMF and LDNSRp. 57

6.21.1  Solution overviewp. 57

6.21.2  Solution detailsp. 57

6.21.3  Solution evaluationp. 58

6.22  Solution #22: Authorization during Edge Data Network changep. 58

6.22.1  Introductionp. 58

6.22.2  Solution detailsp. 58

6.22.3  Solution Evaluationp. 60

6.23  Solution #23: Authentication and Authorization between EEC and ECS/EESp. 60

6.23.1  Solution overviewp. 60

6.23.2  Solution detailsp. 60

6.23.3  Solution evaluationp. 60

6.24  Solution #24: Using TLS with AKMA to protect edge interfacesp. 61

6.24.1  Solution overviewp. 61

6.24.2  Solution detailsp. 61

6.24.2.1  Generalp. 61

6.24.2.2  Shared key-based UE authentication with certificate-based AF authenticationp. 61

6.24.2.2.1  Generalp. 61
6.24.1.2.2  Proceduresp. 61

6.24.2.3  Shared key-based mutual authentication between UE and AFp. 62

6.24.2.3.1  Generalp. 62
6.24.2.3.2  Proceduresp. 62

6.24.3  Solution evaluationp. 62

6.25  Solution #25: Practical authorization during Edge Data Network changep. 62

6.25.1  Introductionp. 62

6.25.2  Solution detailsp. 63

6.25.3  Solution Evaluationp. 64

6.26  Solution #26: GBA-based solution for EEC authentication and authorization framework with ECS and EESp. 64

6.26.1  Introductionp. 64

6.26.2  Solution detailsp. 64

6.26.3  Solution Evaluationp. 66

6.27  Solution #27: Using TLS with Edge Security Service to protect edge interfacesp. 67

6.27.1  Solution overviewp. 67

6.27.2  Solution detailsp. 68

6.27.3  Solution evaluationp. 70

6.28  Solution #28: Authentication between EEC and ECS based on AKMAp. 70

6.28.1  Introductionp. 70

6.28.2  Solution detailsp. 70

6.28.2.1  Procedurep. 70

6.28.2.2  Derivation of Kedge and Kedge IDp. 71

6.28.2.3  Generation of MACEECp. 72

6.28.3  Solution Evaluationp. 72

6.29  Solution #29: Using TLS with GBA to protect edge interfacesp. 72

6.29.1  Solution overviewp. 72

6.29.2  Solution detailsp. 72

6.29.2.1  Generalp. 72

6.29.2.2  Shared key-based UE authentication with certificate-based AF authenticationp. 72

6.29.2.2.1  Generalp. 72

6.29.2.3  Shared key-based mutual authentication between UE and AFp. 72

6.29.2.3.1  Generalp. 72

6.29.3  Solution evaluationp. 73

6.30  Solution #30: An AKMA-based solution for authentication and interface protection between EEC and EES/ECSp. 73

6.30.1  Solution overviewp. 73

6.30.2  Solution detailsp. 73

6.30.3  Solution evaluationp. 74

6.31  Solution #31: Enhancing TLS with GBA for usage with Edgep. 75

6.31.1  Solution overviewp. 75

6.31.2  Solution detailsp. 75

6.31.3  Solution evaluationp. 75

7  Conclusionsp. 75

7.1  Conclusions for Key Issue #1p. 75

7.2  Conclusions for Key Issue #2p. 76

7.3  Conclusions for Key Issue #3p. 76

7.4  Conclusions for Key Issue #4p. 76

7.5  Conclusions for Key Issue #5p. 76

7.6  Conclusions for Key Issue #6p. 76

7.7  Conclusions for Key Issue #7p. 77

7.8  Conclusions for Key Issue #8p. 77

7.9  Conclusions for Key Issue #9p. 77

7.10  Conclusions for Key Issue #10p. 77

$  Change historyp. 78

Up   Top