Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.847  Word version:  17.1.0

Top   Top   Up   Prev   None
1…   4…   6…
6 Solutions7 Conclusions$ Change history

 

6  Solutionsp. 29

6.0  Mapping of Solutions to Key Issuesp. 29

6.1  Solution #1: Solution for key management in 5G Proximity Services relay communicationp. 30

6.1.1  Introductionp. 30

6.1.2  Solution detailsp. 30

6.1.3  Evaluationp. 33

6.2  Solution #2: Secure data transfer between UE and 5GDDNMFp. 33

6.2.1  Introductionp. 33

6.2.2  Solution detailsp. 33

6.2.3  Evaluationp. 34

6.3  Solution #3: Reuse LTE security mechanism for 5G ProSe open discoveryp. 34

6.3.1  Introductionp. 34

6.3.2  Solution detailsp. 35

6.3.3  Evaluationp. 37

6.4  Solution #4: Reuse LTE security mechanism for 5G ProSe restricted discoveryp. 37

6.4.1  Introductionp. 37

6.4.2  Solution detailsp. 38

6.4.2.1  Model A restricted discoveryp. 38

6.4.2.2  Model B restricted discoveryp. 40

6.4.3  Evaluationp. 43

6.5  Solution #5: Protection of the PC3 interface using AKMA and TLSp. 44

6.5.1  Introductionp. 44

6.5.2  Solution detailsp. 44

6.5.3  Evaluationp. 45

6.6  Solution #6: Key management for UE-to-Network Relays and Remote UE'sp. 46

6.6.1  Introductionp. 46

6.6.2  Solution detailsp. 46

6.6.3  Evaluationp. 49

6.7  Solution #7: Security establishment of one-to-one PC5 communicationp. 50

6.7.1  Solution overviewp. 50

6.7.2  Solution detailsp. 51

6.7.3  Evaluationp. 51

6.8  Solution #8: Confidential protection against UE-to-UE relay using asymmetric cryptographyp. 52

6.8.1  Introductionp. 52

6.8.2  Solution detailsp. 52

6.8.2.1  Procedurep. 52

6.8.3  Evaluationp. 53

6.9  Solution #9: Key management in discovery procedurep. 53

6.9.1  Introductionp. 53

6.9.2  Solution detailsp. 53

6.9.3  Evaluationp. 54

6.10  Solution #10: Authorization and security with UE-to-Network relay using Remote UE network primary authenticationp. 54

6.10.1  Introductionp. 54

6.10.2  Solution detailsp. 54

6.10.2.1  Connection with UE-to-Network relay using Remote UE network primary authentication via the UE-to-Network relayp. 54

6.10.2.2  Connection with UE-to-Network relay using the 5G native security context of the Remote UEp. 56

6.10.2.3  Key hierarchy, key derivation, and distributionp. 59

6.10.2.4  Remote UE authorization revocation/re-authenticationp. 61

6.10.3  Evaluationp. 61

6.11  Solution #11: Protection of the PC3 interface using GBAp. 62

6.11.1  Introductionp. 62

6.11.2  Solution detailsp. 62

6.11.3  Evaluationp. 62

6.12  Solution #12: Privacy handling for Layer-3 UE-to-UE Relay based on IP routingp. 62

6.12.1  Introductionp. 62

6.12.2  Solution detailsp. 63

6.12.3  Evaluationp. 65

6.13  Solution #13: Secondary Authentication for a Layer 3 Remote UEp. 65

6.13.1  Introductionp. 65

6.13.2  Solution detailsp. 66

6.13.2.1  Secondary Authentication after PC5 link setupp. 66

6.13.2.2  Secondary Authentication before PC5 link setupp. 68

6.13.3  Evaluationp. 70

6.14  Solution #14: A security solution for UE-to-Network Relay based on Layer 2 Relayp. 70

6.14.1  Introductionp. 70

6.14.2  Solution detailsp. 71

6.14.3  Evaluationp. 72

6.15  Solution #15: Key management in UE-to-Network Relay based on primary authenticationp. 72

6.15.1  Introductionp. 72

6.15.2  Solution detailsp. 72

6.15.2.1  Procedurep. 72

6.15.2.2  Derivation of P-TIDp. 74

6.15.3  Solution Evaluationp. 75

6.16  Solution #16: Security establishment procedures between two UEs in the UE-to-UE relay scenariop. 75

6.16.1  Introductionp. 75

6.16.2  Solution detailsp. 75

6.16.3  Evaluationp. 76

6.17  Solution #17: Solution on securely creating destination Layer-2 ID in groupcast communicationp. 76

6.17.1  Introductionp. 76

6.17.2  Solution detailsp. 76

6.17.3  Evaluationp. 77

6.18  Solution #18: Authorization and PC5 link setup for UE-to-Network relayp. 77

6.18.1  Introductionp. 77

6.18.2  Solution detailsp. 78

6.18.3  Evaluationp. 80

6.19  Solution #19: End-to-end security for the L3 UE-to-Network relayp. 80

6.19.1  Introductionp. 80

6.19.2  Solution detailsp. 80

6.19.2.1  Procedurep. 80

6.19.2.2  Protocol Stackp. 81

6.19.3  Evaluationp. 82

6.20  Solution #20: PC5 link setup for UE-to-UE relayp. 82

6.20.1  Introductionp. 82

6.20.2  Solution detailsp. 82

6.20.3  Evaluationp. 83

6.21  Solution #21: 5G PKMF for key management in PC5 communicationp. 83

6.21.1  Introductionp. 83

6.21.2  Solution detailsp. 84

6.21.3  Evaluationp. 88

6.22  Solution #22: Representation of identities during broadcastp. 90

6.22.1  Introductionp. 90

6.22.2  Solution detailsp. 90

6.22.2.1  Solution for Model Ap. 90

6.22.2.2  Solution for Model Bp. 91

6.22.3  Evaluationp. 93

6.23  Solution #23: Initial key with validity timep. 94

6.23.1  Introductionp. 94

6.23.2  Solution detailsp. 94

6.23.2.1  Overviewp. 94

6.23.2.2  Proceduresp. 94

6.23.3  Evaluationp. 96

6.24  Solution #24: NSSAA for Remote UE with L3 UE-to-Network relayp. 97

6.24.1  Introductionp. 97

6.24.2  Solution detailsp. 97

6.24.2.1  PC5 link establishment with L3 UE-to-Network relay to use an S-NSSAI subject to NSSAAp. 97

6.24.2.2  NSSAA of Remote UE connecting via L3 UE-to-Network relayp. 100

6.24.2.3  AAA-S triggered Authorization Revocation to use S-NSSAI for Remote UEp. 101

6.24.2.4  AAA-S triggered Authorization Revocation to use S-NSSAI for Relay UEp. 102

6.24.3  Evaluationp. 103

6.25  Solution #25: Secondary authentication of Remote UE with L3 UE-to-Network relayp. 104

6.25.1  Introductionp. 104

6.25.2  Solution detailsp. 104

6.25.2.1  PC5 link establishment with L3 UE-to-Network relay to use a PDU Session subject to secondary A&Ap. 104

6.25.2.2  PDU Session secondary A&A of Remote UE via L3 UE-to-Network relayp. 106

6.25.2.3  DN-AAA triggered PDU Session Authorization Revocation for Remote UEp. 107

6.25.2.4  DN-AAA triggered PDU Session Re-Authentication/Authorization for Remote UEp. 108

6.25.3  Evaluationp. 109

6.26  Solution #26: Protecting PDU session-related parameters for L2 relay with existing mechanismp. 109

6.26.1  Introductionp. 109

6.26.2  Solution detailsp. 109

6.26.3  Evaluationp. 110

6.27  Solution #27: Mitigating the conflict between security policies using match report proceduresp. 110

6.27.1  Introductionp. 110

6.27.2  Solution detailsp. 110

6.27.2.0  Generalp. 110

6.27.2.1  Open discovery scenariop. 110

6.27.2.2  Restricted discovery scenariop. 112

6.27.3  Evaluationp. 113

6.28  Solution #28: Mitigating the conflict between security policies using restricted discovery procedures on network sidep. 113

6.28.1  Introductionp. 113

6.28.2  Solution detailsp. 113

6.28.3  Evaluationp. 115

6.29  Solution #29: Security flow for Layer-3 UE-to-Network Relayp. 115

6.29.1  Introductionp. 115

6.29.2  Solution detailsp. 116

6.29.3  Evaluationp. 117

6.30  Solution #30: UE-to-Network Relay security based on primary authenticationp. 118

6.30.1  Introductionp. 118

6.30.2  Solution detailsp. 118

6.30.3  Evaluationp. 120

6.31  Solution #31: Use of authorization tokens in UE-to-UE relayp. 121

6.31.1  Introductionp. 121

6.31.2  Solution detailsp. 121

6.31.3  Evaluationp. 124

6.32  Solution #32: Mitigating privacy issues of user info IDs, relay service codes and PDU parameters for L3 UE-to-NW relaysp. 124

6.32.1  Introductionp. 124

6.32.2  Solution Detailsp. 125

6.32.3  Evaluationp. 129

6.33  Solution #33: Security establishment of one-to-one PC5 communication rekeyingp. 131

6.33.1  Introductionp. 131

6.33.2  Solution Detailsp. 131

6.33.3  Evaluationp. 132

6.34  Solution #34: Authorization of the remote UE in L3 U2N relayp. 132

6.34.1  Introductionp. 132

6.34.2  Solution detailsp. 132

6.34.3  Evaluationp. 133

6.35  Solution #35: Discovery procedures for UE-to-network relaysp. 133

6.35.1  Introductionp. 133

6.35.2  Solution detailsp. 133

6.35.2.1  Commercial applications are dependent on the VPLMNsp. 133

6.35.2.2  Commercial applications are dependent on the HPLMNs of the relaysp. 135

6.35.3  Evaluationp. 136

6.36  Solution #36: UE-to-Network Relay security based on AKMAp. 136

6.36.1  Introductionp. 136

6.36.2  Solution detailsp. 136

6.36.3  Evaluationp. 138

6.37  Solution #37: Keying procedures for Group Member and Relay discovery: public safety casep. 138

6.37.1  Introductionp. 138

6.37.2  Solution detailsp. 139

6.37.2.1  Group member discovery casep. 139

6.37.2.2  Relay discovery casep. 140

6.38  Solution #38: Mitigating the conflict between security policies using restricted discovery procedures on network sidep. 141

6.38.1  Introductionp. 141

6.38.2  Solution detailsp. 142

6.38.3  Evaluationp. 143

6.39  Solution #39: Key management in UE-to-Network Relay based on shared key generated during primary authenticationp. 143

6.39.1  Introductionp. 143

6.39.2  Solution detailsp. 143

6.39.2.1  Procedurep. 143

6.39.2.2  Derivation of P-TIDp. 145

6.39.2.3  Derivation of P-TID*p. 146

6.39.3  Evaluationp. 146

6.40  Solution #40: Protection with Security Policies for PC5 Direct Communicationp. 146

6.40.1  Introductionp. 146

6.40.2  Solution detailsp. 146

6.40.2.1  Security policy configuration and provisioningp. 146

6.40.2.2  Security policy negotiation and enforcementp. 147

6.40.3  Evaluationp. 147

6.41  Solution #41: Security protection for 5G ProSe indirect network communicationp. 147

6.41.1  Introductionp. 147

6.41.2  Solution detailsp. 148

6.41.2.1  Framework of security protection for 5G ProSe indirect network communicationp. 148

6.41.2.2  Secure provisioning of UP security policies for 5G ProSe indirect network communicationp. 148

6.41.2.3  Enforcement of UP security policies for 5G ProSe indirect network communicationp. 149

6.41.3  Evaluationp. 150

6.42  Solution #42: Privacy enhancements during PC5 link setup for UE-to-Network relayp. 150

6.42.1  Introductionp. 150

6.42.2  Solution detailsp. 151

6.42.2.1  Generalp. 151

6.42.2.2  Protection of PRUK ID and RSC over the PC5 interfacep. 151

6.42.2.3  Calculation of message-specific confidentiality keystreamp. 151

6.42.3  Evaluationp. 152

6.43  Solution #43: Improved LTE security mechanism for 5G ProSe restricted discovery to ensure source authentication in out of coverage use casesp. 152

6.43.1  Introductionp. 152

6.43.2  Solution detailsp. 152

6.43.2.3  Applicability to restricted discovery mode Bp. 155

6.43.2.4  Applicability to relay and group discoveryp. 155

6.43.3  Evaluationp. 155

6.44  Solution #44: PC5 anchor key generation via GBA Pushp. 156

6.44.1  Introductionp. 156

6.44.2  Solution detailsp. 157

6.44.3  Evaluationp. 159

7  Conclusionsp. 159

7.1  Key Issue #1: Discovery message protectionp. 159

7.2  Key Issue #2: Keys in ProSe discovery scenariop. 159

7.3  Key Issue #3: Security of UE-to-Network Relayp. 159

7.4  Key issue #4: Authorization in the UE-to-Network relay scenariop. 161

7.5  Key Issue #5: Privacy protection over the UE-to-Network Relayp. 161

7.6  Key Issue #6: Integrity and confidentiality of information over the UE-to-UE Relayp. 161

7.7  Key issue #7: Authorization in the UE-to-UE relay scenariop. 162

7.8  Key Issue #8: Privacy of information over the UE-to-UE Relayp. 162

7.9  Key Issue #9: Key management in 5G Proximity Services for UE-to-Network relay communicationp. 162

7.10  Key Issue #10: Key issue on secure data transfer between UE and 5GDDNMFp. 162

7.11  Key Issue #11: UE identity protection during ProSe discoveryp. 162

7.12  Key Issue #12: Security of one-to-one communication over PC5p. 163

7.13  Key Issue #13: Security and privacy of groupcast communicationp. 163

7.14  Key Issue #14: security for support of Non-IP trafficp. 163

7.15  Key Issue #15: privacy of ProSe entities while supporting Non-IP trafficp. 163

7.16  Key Issue #16: Privacy protection of PDU session-related parameters for relayingp. 164

7.17  Key Issue #17: Supporting security policy handling for PC5 connection of 5G ProSe servicesp. 164

$  Change historyp. 165

Up   Top