Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.841  Word version:  16.1.0

Top   Top   Up   Prev   None
0…   5…
5 Assessment of quantum computing impact timelines6 Impacted NextGen areas7 Study of full entropy 256-bit keys in the 5G key hierarchy8 Assessment of the requirement for and impact of a longer MAC9 Study of coexistence of different size keys and key size negotiation.10 Study of desired number of 256-bit algorithms11 Study the desired performance aspects for the new 256-bit algorithms12 Study of key management13 Study of individual algorithm details14 Potential requirements15 Conclusions$ Change History

 

5  Assessment of quantum computing impact timelinesp. 11

5.1  Predicted timescales and resources for quantum computingp. 11

5.2  Timelines for transitioning asymmetric algorithmsp. 12

5.3  Timelines for transitioning symmetric algorithmsp. 12

5.4  Considerations for assessing timelinesp. 12

6  Impacted NextGen areasp. 12

6.1  Impacted use of asymmetric cryptographyp. 12

6.1.1  Introductionp. 12

6.1.2  TLS for service based interfacesp. 12

6.1.3  NDS/IP for non-service based interfacesp. 13

6.1.4  SUPI protectionp. 13

6.1.5  OAuth in SBAp. 13

6.1.6  N32 Application Layer Securityp. 13

6.1.7  Network product software package integrityp. 13

6.1.8  EAP TLSp. 13

6.1.9  Ephemeral key agreement in primary authenticationp. 13

6.2  Impacted use of symmetric cryptographyp. 14

6.2.1  Introductionp. 14

6.2.2  Ciphering algorithmsp. 14

6.2.3  Integrity algorithmsp. 14

6.2.4  OTA mechanismp. 14

6.3  Impacted use of hash functionsp. 15

6.3.1  Introductionp. 15

6.3.2  Key derivation functionp. 15

6.3.3  Authentication and key agreementp. 15

7  Study of full entropy 256-bit keys in the 5G key hierarchyp. 15

7.1  Risks and mitigations for quasi-random IVs in counter modep. 15

7.1.1  The attacks and their costp. 15

7.1.2  Applicability to 3GPP use of counter modep. 16

7.1.3  Mitigationsp. 16

8  Assessment of the requirement for and impact of a longer MACp. 17

8.1  Introductionp. 17

8.2  Integrity protection for control and user planesp. 17

8.3  MAC tag length impact on securityp. 18

8.4  Impact of a longer MAC tag on networkp. 18

8.5  Minimal level of integrity protectionp. 18

9  Study of coexistence of different size keys and key size negotiation.p. 18

9.1  Ensuring system parameters support variable length keysp. 19

9.2  Ensuring system parameters support variable length MACs, AKA messages etc.p. 19

9.3  Ensuring key derivation functions support variable length keysp. 19

9.4  Using 256-bit keys in New RAN with legacy corep. 19

9.5  Co-existence between 128-bit and 256-bit key lengthsp. 20

9.6  Co-existence between multiple or variable lengths MAC tagsp. 20

9.7  Reduced complexity of key derivation function negotiationp. 20

10  Study of desired number of 256-bit algorithmsp. 20

10.1  Overview of existing GSMA/3GPP symmetric algorithmsp. 20

10.1.1  Algorithms for authentication and AKA key generationp. 20

10.1.2  Algorithms for encryption and integrityp. 21

11  Study the desired performance aspects for the new 256-bit algorithmsp. 21

11.1  Peak data ratesp. 21

11.2  Latencyp. 21

12  Study of key managementp. 22

13  Study of individual algorithm detailsp. 22

13.1  Radio interface encryption and integrity algorithmsp. 22

13.1.1  AESp. 22

13.1.2  SNOW 3Gp. 22

13.1.3  ZUCp. 22

13.2  AKA algorithmsp. 22

13.2.1  MILENAGEp. 22

13.2.2  TUAKp. 22

13.3  Key derivation algorithmsp. 23

13.3.1  HMAC-SHA-256p. 23

14  Potential requirementsp. 23

14.1  Potential requirements for adoption of post-quantum algorithmsp. 23

14.2  Potential requirements for longer MACp. 23

15  Conclusionsp. 23

$  Change Historyp. 25

Up   Top