Content for TR 33.846 Word version: 17.0.0
6 Solutions p. 14
6.0 Mapping of solutions to key issues p. 14
6.1 Solutions for anchor keys security p. 14
6.1.0 General p. 14
6.2 Solutions for resilience against identifier linkability p. 15
6.2.1 Solution #2.1: Handling of Sync failure and MAC failure by AUTS/random number encryption and failure code p. 15
6.2.1.1 Introduction p. 15
6.2.1.2 Solution details p. 15
6.2.1.3 Evaluation p. 17
6.2.2 Solution #2.2: Encryption of authentication failure message types by UE with new keys derived from K_AUSF p. 17
6.2.3 Solution #2.3: Unified authentication response message by UE p. 19
6.2.4 Solution #2.4: MAC-S based solution p. 21
6.2.5 Solution #2.5: Encryption of authentication failure message with SUCI method p. 24
6.2.6 Solution #2.6: Certificate based encryption of unicast NAS messages p. 26
6.2.6.1 Introduction p. 26
6.2.6.2 Solution details p. 27
6.2.6.2.1 Provisioning and certificate distribution p. 27
6.2.6.2.2 Provisioning Process p. 27
6.2.6.2.3 Call Flows p. 27
6.2.6.3 Evaluation p. 28
6.2.7 Solution #2.7: Mitigation against the SUCI replay attack p. 29
6.2.7.1 Introduction p. 29
6.2.7.2 Solution details p. 29
6.2.7.3 Adaptation of proposal in TS 33.501 p. 29
6.2.7.4 Solution summary p. 32
6.2.7.5 Evaluation p. 32
6.2.8 Solution #2.8: Assuring SUCI generation by Legitimate SUPI owner using KSUCI p. 32
6.2.9 Solution #2.9: MAC, SYNCH failure cause concealment p. 33
6.2.10 Solution to Key Issue #2.2: SUCI replay. p. 35
6.2.11 Solution #2.11: Mitigate the SUCI replay based on UE's public key p. 38
6.2.12 Solution #2.12: Adding randomness on both sides to mitigate all replay-attacks and assuring SUCI generation by legitimate entity using MAC calculation on secret key p. 39
6.3 Solutions for availability aspects of SUCI usage p. 41
6.3.1 Solution #3.1: Mitigation of SUPI guessing and SUCI replay attack using long term key p. 41
6.3.2 Solution #3.2: Adding Check Value behind SUPI to mitigate the SUPI guessing attacks p. 43
6.3.3 Solution #3.3: Mitigation of SUPI guessing attack p. 45
6.4 Solutions on re-synchronisation in AKA p. 46
6.4.1 Solution #4.1: Using MACS as freshness in the calculation of AK p. 46
6.4.2 Solution #4.2: Using symmetric encryption function to protect SQN during a re-synchronisation procedure in AKA p. 47
6.4.3 Solution #4.3: SQN protection by concealment with SUPI in USIM p. 48
6.4.3.1 Introduction p. 48
6.4.3.2 Solution details p. 48
6.4.3.3 Adaptation of authentication procedures p. 50
6.4.3.3.0 General p. 50
6.4.3.3.1 Initiation of authentication and selection of authentication method p. 51
6.4.3.3.2 Successful Authentication case p. 52
6.4.3.3.3 Authentication failure case p. 53
6.4.3.4 Solution summary p. 54
6.4.3.5 Evaluation p. 54
6.4.4 Solution #4.4: SQN protection during re-synchronisation procedure in AKA p. 55
6.4.4.1 Introduction p. 55
6.4.4.2 Solution details p. 55
6.4.4.3 Solution summary p. 56
6.4.4.4 Evaluation p. 56
6.4.5 Solution #4.5: AUTS SQNMS solution for 5GS p. 57
6.4.6 Solution #4.6: Using time-based or partly time-based SQN generation p. 59
6.4.7 Solution #4.7: SQN protection by concealment with SUPI with f5* p. 59
7 Conclusions p. 61
7.0 Overall evaluation aspects p. 61
7.1 Conclusion on key issue #2.1: Linkability by distinguishing MAC failure and synchronization failure p. 62
7.2 Conclusion on key issue #2.2: SUCI based attacks p. 63
7.3 Conclusion on key issue #3.1: Attack due to expired authentication result p. 63
7.4 Conclusion on key issue #3.2: SUPI guessing attacks p. 63
7.5 Conclusion on key issue #4.1: Protection of SQN during AKA re-synchronisations p. 63
$ Change history p. 64
