Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.843  Word version:  15.1.0

Top   Top   None   None   Next
1…   5…
1 Scope2 References3 Definitions and abbreviations3.1 Definitions3.2 Abbreviations4 Overview of REAR
...

 

1  Scopep. 7

The present document contains a study of the security aspects of enhancements to ProSe UE-to-Network Relay. Its objective is to identify threats when an Evolved ProSe Remote UE with UICC connects to the network via an Evolved ProSe UE-to-Network Relay. The potential requirements are identified based on threat and the potential solutions are studied. Evaluations of solutions are captured and the conclusion forms the basis for the potential normative work.

2  Referencesp. 7

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.278: "Service requirements for the Evolved Packet System (EPS)".
[3]
TR 23.733: "Study on Architecture Enhancements to ProSe UE-to-Network Relay".
[4]
TR 36.746: " Study on further enhancements to LTE Device to Device (D2D),User Equipment (UE) to network relays for Internet of Things (IoT) and wearables ".
[5]
TS 33.401: "3GPP System Architecture Evolution (SAE)".
[6]
TS 33.303: " Proximity-based Services (ProSe)
[7]
Forsberg D., "LTE Security", Wiley & Sons, 2010, First Edition.
[8]
TS 33.223: "Generic Bootstrapping Architecture (GBA) Push function"
Up

3  Definitions and abbreviationsp. 7

3.1  Definitionsp. 7

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
eRelay-UE:
as defied in TR 23.733
eRemote-UE:
as defied in TR 23.733
Indirect 3GPP Communication:
as defined in TR 23.733

3.2  Abbreviationsp. 7

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
AKA
Authentication and Key Agreement
B-TID
Bootstrapping Transaction Identifier
C-RNTI
Cell Radio Network Temporary Identifier
DUIK
Discovery User Integrity Key
DUCK
Discovery User Confidentility Key
DUSK
Discovery User Scrambling Key
eProSe
enhanced ProSe
GUTI
Globally Unique Temporary UE Identity
GPI
GBA Push Info
IMSI
International Mobile Subscriber Identification Number
Ks(_ext)_NAF
UICC external NAF-key in GBA_U
MIC
Message Integrity Code
MITM
Man-in-the-Middle Attack
MSISDN
Mobile Subscriber International ISDN number
NCC
Next hop Chaining Counter
PDCP
Packet Data Convergence Protocol
PKMF
ProSe Key Management Function
PRUK ID
ProSe Relay User Key Identity
P-TID
Push Temporary Identifier
REAR
Remote UE access via relay UE
Up

4  Overview of REARp. 8

4.1  Introductionp. 8

This document studies key issues, threats and potential requirements for the case when an eRemote-UE with 3GPP subscription discovers an eRelay-UE and connects to a 3GPP network via the eRelay-UE. The document also proposes security solutions to mitigate the security threats identified.
For discovery and indirect 3GPP communication, the document studies the authentication and authorization of the eRemote-UE and the eRelay-UE, privacy of the eRemote-UE, security of discovery and security of CP signalling and UP data between the eRemote-UE and the 3GPP network.
This document also studies guaranteeing service continuity and the security of path switching from direct communication path to indirect communication path, and vice-versa. This includes the security of handover of eRemote-UE between eRelay-UEs and handover of eRelay-UEs.
The key issues with security risks and requirements are analysed in clause 5 of this document, and the corresponding solutions are described in clause 6. The document also gives conclusions for the key issues in clause 7.
Up

4.2  Architecturep. 8

Some architecture assumptions are given in TR 23.733 and TR 36.746.

Up   Top   ToC