Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.853  Word version:  17.0.0

Top   Top   Up   Prev   None
0…   5…
5 Key Issues6 Potential Solutions7 Conclusions$ Change history

 

5  Key Issuesp. 12

5.1  Key Issue #1: UP integrity activation in EPSp. 12

5.1.1  Issue descriptionp. 12

5.1.2  Network options affectedp. 12

5.1.3  Threat descriptionp. 12

5.1.4  Potential security requirementsp. 12

5.2  Key Issue #2: Secure negotiation of integrity protection support in EPSp. 12

5.2.1  Issue descriptionp. 12

5.2.2  Network options affectedp. 12

5.2.3  Threat descriptionp. 12

5.2.4  Potential security requirementsp. 13

5.3  Key Issue #3: UE support of UP IP at the full uplink data ratep. 13

5.3.1  Issue descriptionp. 13

5.3.2  Network options affectedp. 13

5.3.3  Threat descriptionp. 13

5.3.4  Potential security requirementsp. 13

5.4  Key Issue #4: Integrity protection capability imbalance in enodeB connected to 5GCp. 13

5.4.1  Issue descriptionp. 13

5.4.2  Network options affectedp. 14

5.4.3  Threat descriptionp. 14

5.4.4  Potential security requirementsp. 14

5.5  Key Issue #5: Optionality of integrity protection in UP DRB with 5GCp. 15

5.5.1  Issue descriptionp. 15

5.5.2  Network options affectedp. 15

5.5.3  Threat descriptionp. 15

5.5.4  Potential security requirementsp. 15

5.6  Key Issue #6: UE connected to 5GC indicating support of UP IP over eUTRAp. 16

5.6.1  Issue descriptionp. 16

5.6.2  Network options affectedp. 16

5.6.3  Threat descriptionp. 16

5.6.4  Potential security requirementsp. 16

5.7  Key Issue #7: Ensuring UP IP is enforced at interworkingp. 16

5.7.1  Issue descriptionp. 16

5.7.2  Network options affectedp. 16

5.7.3  Threat descriptionp. 16

5.7.4  Potential security requirementsp. 17

5.8  Key Issue #8: HPLMN Control of UP IP usage in EPCp. 17

5.8.1  Issue descriptionp. 17

5.8.2  Network options affectedp. 17

5.8.3  Threat descriptionp. 17

5.8.4  Potential security requirementsp. 17

6  Potential Solutionsp. 17

6.1  Solution #1: Dedicated PDU for UP Signalling message IPp. 17

6.1.1  Introductionp. 17

6.1.2  Network options affectedp. 17

6.1.3  Solution descriptionp. 18

6.1.4  Solution evaluationp. 18

6.2  Solution #2: Integrity protection between SgNB and UE in NGEN-DCp. 19

6.2.1  Introductionp. 19

6.2.2  Network options affectedp. 19

6.2.3  Solution descriptionp. 19

6.2.4  Solution evaluationp. 19

6.3  Solution #3: Improved MR-DC bearer handlingp. 19

6.3.1  Introductionp. 19

6.3.2  Network options affectedp. 20

6.3.3  Solution descriptionp. 20

6.3.4  Solution evaluationp. 21

6.4  Solution #4: Zero-overhead user plane integrity protection on the link layerp. 21

6.4.1  Introductionp. 21

6.4.2  Network options affectedp. 23

6.4.3  Solution descriptionp. 23

6.4.4  Solution evaluationp. 26

6.5  Solution #5: Integrity Protection of packet header in the User Planep. 27

6.5.1  Introductionp. 27

6.5.2  Network options affectedp. 27

6.5.3  Solution descriptionp. 27

6.5.4  Solution evaluationp. 28

6.6  Solution #6: Addition of UP IP for eUTRA with 5GCp. 28

6.6.1  Introductionp. 28

6.6.2  Network options affectedp. 28

6.6.3  Solution descriptionp. 28

6.6.4  Solution evaluationp. 29

6.7  Solution #7: UE connected to 5GC indicating support of UP IP over eUTRAp. 29

6.7.1  Introductionp. 29

6.7.2  Network options affectedp. 29

6.7.3  Solution descriptionp. 29

6.7.3.1  Signalling flowsp. 29

6.7.3.1.1  PDU Session Establishment Request procedure in 5G systemp. 29
6.7.3.1.2  Dual connectivityp. 30

6.7.4  Solution evaluationp. 31

6.8  Solution #8: Using existing 5G UE security capability to signal the UE support of UP IP over eUTRA to 5GCp. 31

6.8.1  Introductionp. 31

6.8.2  Network options affectedp. 32

6.8.3  Solution descriptionp. 32

6.8.4  Solution evaluationp. 32

6.9  Solution #9: Adding padding in the data partp. 32

6.9.1  Introductionp. 32

6.9.2  Network options affectedp. 32

6.9.3  Solution descriptionp. 32

6.9.4  Solution evaluationp. 34

6.10  Solution #10: UE activating UP IP over eUTRA to EPCp. 34

6.10.1  Introductionp. 34

6.10.2  Network options affectedp. 34

6.10.3  Solution descriptionp. 34

6.10.4  Solution evaluationp. 34

6.11  Solution #11: Support of UP IP in EPSp. 34

6.11.1  Introductionp. 34

6.11.2  Network options affectedp. 35

6.11.3  Solution descriptionp. 35

6.11.4  Handling of legacy UE's and legacy network nodes in EPSp. 35

6.11.5  Solution evaluationp. 36

6.12  Solution #12: Using spare bit in existing 5G UE security capability to signal the UE support of UP IP over eUTRA to 5GCp. 36

6.12.1  Introductionp. 36

6.12.2  Network options affectedp. 37

6.12.3  Solution descriptionp. 37

6.12.4  Solution evaluationp. 37

6.13  Solution #13: Using existing IEs to signal the UE support of UP IP over UTRA to EPCp. 38

6.13.1  Introductionp. 38

6.13.2  Network options affectedp. 38

6.13.3  Solution descriptionp. 38

6.13.4  Solution evaluationp. 38

6.14  Solution #14: LTE-EPC UP IP with option 3X/1Xp. 38

6.14.1  Introductionp. 38

6.14.2  Network options affectedp. 39

6.14.3  Solution descriptionp. 39

6.14.4  Solution evaluationp. 40

6.15  Solution #15: APN based control of UPIP usagep. 40

6.15.1  Introductionp. 40

6.15.2  Network options affectedp. 40

6.15.3  Solution descriptionp. 41

6.15.4  Solution evaluationp. 42

6.16  Solution #16: Use existing behaviour to block transfer to EPS of PDN connections that have UPIP set to "Required"p. 42

6.16.1  Introductionp. 42

6.16.2  Network options affectedp. 42

6.16.3  Solution descriptionp. 42

6.16.4  Solution evaluationp. 42

6.17  Solution #17: Support of UP IP in LTE eNB connected to EPSp. 43

6.17.1  Introductionp. 43

6.17.2  Network options affectedp. 43

6.17.3  Solution descriptionp. 43

6.17.4  Solution evaluationp. 43

6.18  Solution #18: Restricting handovers to RAN nodes that don't support UP IPp. 43

6.18.1  Introductionp. 43

6.18.2  Network options affectedp. 43

6.18.3  Solution descriptionp. 43

6.18.4  Solution evaluationp. 45

6.19  Solution #19: UP IP for EPC connected RAN options at NR or E-UTRA PDCP layerp. 45

6.19.1  Introductionp. 45

6.19.2  Network options affectedp. 45

6.19.3  Solution descriptionp. 45

6.19.4  Solution evaluationp. 46

6.20  Solution #20: 'Best effort' UP IP for EPSp. 46

6.20.1  Introductionp. 46

6.20.2  Network options affectedp. 46

6.20.3  Solution descriptionp. 46

6.20.4  Solution evaluationp. 47

6.21  Solution #21: Interworking handover from EPS to 5GSp. 47

6.21.1  Introductionp. 47

6.21.2  Network options affectedp. 47

6.21.3  Solution descriptionp. 47

6.21.3.1  Upgraded RAN nodes and core network nodes to support UP IPp. 48

6.21.3.1.0  Overviewp. 48
6.21.3.1.1  Interworking handover from EPS to 5GSp. 48

6.21.3.2  Handling of legacy eNB and legacy ng-eNBp. 50

6.21.3.2.1  Handling of legacy source eNBp. 50
6.21.3.2.2  Handling of legacy target ng-eNBp. 50

6.21.4  Solution evaluationp. 51

6.22  Solution #22: S1 handoverp. 51

6.22.1  Introductionp. 51

6.22.2  Network options affectedp. 51

6.22.3  Solution descriptionp. 51

6.22.3.1  Upgraded eNB's and MME's to support UP IPp. 51

6.22.3.1.1  S1 handoverp. 51

6.22.3.2  Handling of legacy eNBp. 53

6.22.3.2.1  Handling of legacy source eNBp. 53
6.22.3.2.2  Handling of legacy target eNBp. 53

6.22.4  Solution evaluationp. 53

6.23  Solution #23: X2 handoverp. 54

6.23.1  Introductionp. 54

6.23.2  Network options affectedp. 54

6.23.3  Solution descriptionp. 54

6.23.3.1  Upgraded eNB's to support UP IPp. 54

6.23.3.1.1  X2 handoverp. 54

6.23.3.2  Handling of legacy eNB'sp. 55

6.23.3.2.1  Handling of legacy source eNBp. 55
6.23.3.2.2  Handling of legacy target eNBp. 56

6.23.4  Solution evaluationp. 56

6.24  Solution #24: Interworking handover from 5GS to EPSp. 56

6.24.1  Introductionp. 56

6.24.2  Network options affectedp. 56

6.24.3  Solution descriptionp. 56

6.24.3.1  Upgraded RAN nodes and core network nodes to support UP IPp. 57

6.24.3.1.0  Overviewp. 57
6.24.3.1.1  Interworking handover from 5GS to EPSp. 57

6.24.3.2  Handling of legacy eNB and legacy ng-eNBp. 59

6.24.3.2.1  Handling of legacy source ng-eNBp. 59
6.24.3.2.2  Handling of legacy target eNBp. 59

6.24.4  Solution evaluationp. 60

6.25  Solution #25: 'Best effort' with extensibility for HPLMN Control for UP IP for EPSp. 60

6.25.1  Introductionp. 60

6.25.2  Network options affectedp. 60

6.25.3  Solution descriptionp. 60

6.25.3.1  Indication for UP Security Support.p. 60

6.25.3.2  UP Security Policy Maintenancep. 60

6.25.3.3  UP Security Activationp. 61

6.25.4  Solution evaluationp. 61

6.26  Solution #26: 'Best effort' UP IP for EPS using UE Radio Access capabilitiesp. 61

6.26.1  Introductionp. 61

6.26.2  Network options affectedp. 61

6.26.3  Solution descriptionp. 61

6.27  Solution #27: Interworking handover from EPS to 5GS using R15 signalling and proceduresp. 62

6.27.1  Introductionp. 62

6.27.2  Network options affectedp. 62

6.27.3  Solution descriptionp. 62

6.27.4  Solution evaluationp. 62

6.28  Solution #28: Interworking from 5GS to EPSp. 63

6.28.1  Introductionp. 63

6.28.2  Network options affectedp. 63

6.28.3  Solution descriptionp. 63

6.28.3.0  Solution Detailsp. 63

6.28.3.1  Impacts to 5GC proceduresp. 64

6.28.3.2  5GS to EPS Idle Mode Mobilityp. 64

6.28.3.3  5GS to EPS Handoverp. 64

6.28.4  Solution evaluationp. 64

6.29  Solution #29: Source eNB pre-configured with neighbour target eNB's support of UP IPp. 65

6.29.1  Introductionp. 65

6.29.2  Network options affectedp. 65

6.29.3  Solution descriptionp. 65

6.29.4  Solution evaluationp. 65

6.30  Solution #30: Use of criticality information when UP IP policy is set to "Required"p. 65

6.30.1  Introductionp. 65

6.30.2  Network options affectedp. 66

6.30.3  Solution descriptionp. 66

6.30.4  Solution evaluationp. 66

7  Conclusionsp. 66

7.1  Conclusions on UE connects to 5GC via eUTRAp. 66

7.2  Conclusions on UE connects to EPC via eUTRAp. 66

$  Change historyp. 67

Up   Top