Content for TR 33.846 Word version: 17.0.0
1 Scope
2 References
3 Definitions of terms, symbols and abbreviations
4 Current status of the primary authentication procedure in the 5G System
4.1 General
...
...
1 Scope p. 8
The scope of the present document is the following:
- key issues, potential security requirements and solutions of how to enhance the authentication process to ensure the security of session anchor keys in case the long-term key is leaked.
- key issues, potential security requirements and solutions of how to mitigate the linkability attacks.
- key issues, potential security requirements and solutions of how to mitigate the impacts of potential DDoS threats due to concealing the SUPI.
- key issues, potential security requirements and solution of how to mitigate the leaking of SQN values during AKA re-synchronisation.
2 References p. 8
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 33.501: "Security architecture and procedures for 5G system".
[3]
TS 33.102: "Security architecture".
[4]
Ravishankar Borgaonkar (published online: July 2019), "New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols", https://eprint.iacr.org/2018/1175.pdf .
[5]
TS 29.503: "5G System; Unified Data Management Services".
[6]
TS 24.501: "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3".
[7]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".
[8]
TS 23.003: "Numbering, addressing and identification".
[9]
Krawczyk, Hugo. "SIGMA: The 'SIGn-and-MAc'approach to authenticated Diffie-Hellman and its use in the IKE protocols." Annual International Cryptology Conference. Springer, Berlin.
3 Definitions of terms, symbols and abbreviations p. 8
3.1 Terms p. 8
For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
3.2 Symbols p. 9
Void
3.3 Abbreviations p. 9
4 Current status of the primary authentication procedure in the 5G System p. 9
4.1 General p. 9
Primary authentication in 5GS is specified in clause 6.1 of TS 33.501. The purpose of the primary authentication and key agreement procedures is to enable mutual authentication between the UE and the network and provide keying material that can be used between the UE and the serving network in subsequent security procedures.
Primary authentication is initiated by the serving network as a response to a UE action such as a Registration Request. The serving network contacts the home network in order to retrieve authentication vectors as well as the authentication method. Currently two authentication methods are supported in 5GS: 5G AKA specified in clause 6.1.3.2 of TS 33.501, and EAP-AKA' specified in clause 6.1.3.1 of TS 33.501.
Primary authentication in 5G also includes increased home control specified in clause 6.1.4 of TS 33.501. As part of the home control, the serving network notifies the home network about the success of the primary authentication on the serving network and the home network also verifies the success of the procedure from a home point of view. The serving network is notified with the home network authentication decision. As part of the increased home control the home network maintains of the authentication status on a UE and authorizes subsequent procedures.
