Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.859  Word version:  11.1.0

Top   Top   Up   Prev   None
0…   4…
4 General5 Analysis and design6 Comparison of proposed Solutions7 Complexity versus benefit analysis8 Conclusions$ Change history

 

4  Generalp. 11

4.1  System overviewp. 11

4.1.1  Architecturep. 11

4.1.2  Node and terminal typesp. 11

4.1.2.1  Types of MEsp. 11

4.1.2.2  Types of Core Network Nodes (CNN)p. 12

4.2  Assumptions and requirementsp. 12

4.3  Desired security propertiesp. 12

4.4  The UTRAN Key Hierarchyp. 13

4.4.1  Proposed solution 1p. 13

4.4.2  Proposed solution 2p. 15

4.4.3  Proposed solution 3p. 16

4.4.4  Freshness options for vertical key derivationsp. 17

4.4.4.1  Timestampp. 17

4.4.4.2  Countersp. 17

4.4.4.3  NONCEp. 18

4.4.4.3.1  One sided NONCEp. 18
4.4.4.3.2  NONCE values allocated in both ME_U+ and SGSN+p. 19

4.4.5  Handling of START/COUNT-C/COUNT-Ip. 19

5  Analysis and designp. 19

5.1  Proposed solution 1p. 20

5.1.1  Generalp. 20

5.1.2  Key handling capability negotiationp. 20

5.1.2.1  Generalp. 20

5.1.2.2  UTRAN KH negotiation in the attach procedurep. 20

5.1.2.3  Capability indication at intra-UTRAN mobilityp. 20

5.1.2.4  Capability indication at IRAT mobilityp. 21

5.1.3  Signalling proceduresp. 21

5.1.3.1  Attachp. 21

5.1.3.2  Context transfersp. 23

5.1.3.2.1  Generalp. 23
5.1.3.2.2  Inter CNN+ context transferp. 23
5.1.3.2.3  CNN+ to CNN context transferp. 23
5.1.3.2.4  CNN to CNN+ context transferp. 23
5.1.3.2.5  Inter CNN context transferp. 24

5.1.3.3  SRNS relocationp. 24

5.1.3.3.1  Generalp. 24
5.1.3.3.2  SRNS relocation with UE involvementp. 24
5.1.3.3.2.1  SRNC relocation key chainingp. 24
5.1.3.3.2.2  Network handlingp. 25
5.1.3.3.2.2.1  Enhanced SRNS relocation procedurep. 25
5.1.3.3.2.2.2  SRNS relocation procedurep. 25
5.1.3.3.2.3  Intra-SRNS relocationp. 26
5.1.3.3.3  ME handlingp. 26
5.1.3.3.4  SRNS relocation without UE involvementp. 26
5.1.3.3.5  Using Enhanced SRNS Relocationp. 26

5.1.3.4  Idle mode mobilityp. 28

5.1.3.5  Inter SGSN(*)/MME AV transfersp. 28

5.1.4  Inter-working with GERAN proceduresp. 28

5.1.4.1  Generalp. 28

5.1.4.2  Attach, RAU and Service Requestsp. 28

5.1.4.3  Handoversp. 29

5.1.4.3.1  Handover from GERAN to enhanced UTRANp. 29
5.1.4.3.2  Handover from enhanced UTRAN to GERANp. 29

5.1.5  Inter-working with E-UTRANp. 29

5.1.5.1  RAU and TAU Procedurep. 29

5.1.5.1.1  RAU procedures in UTRANp. 29
5.1.5.1.2  TAU procedures in E-UTRANp. 29

5.1.5.2  Handover procedurep. 29

5.1.5.2.1  Handovers from E-UTRAN to UTRANp. 29
5.1.5.2.2  Handovers from UTRAN to E-UTRANp. 29

5.1.6  Summary of changes to messagesp. 29

5.1.6.1  Generalp. 29

5.1.6.2  Changes to TS 24.008p. 29

5.1.6.3  Changes to TS 24.301p. 30

5.1.6.4  Changes to TS 29.060p. 30

5.1.6.5  Changes to TS 29.274p. 30

5.1.6.6  Changes to TS 25.413p. 31

5.1.6.7  Changes to TS 25.423p. 31

5.1.6.8  Changes to TS 25.331p. 31

5.1.6.9  Changes to TS 36.413p. 32

5.1.6.10  Changes to TS 36.331p. 32

5.2  Proposed solution 2p. 32

5.2.1  Generalp. 32

5.2.2  Overview of the solutionp. 33

5.2.3  Proposed PS solutionp. 33

5.2.3.1  Intra-UTRAN proceduresp. 33

5.2.3.1.1  Generalp. 33
5.2.3.1.2  AKAp. 33
5.2.3.1.3  Attach, RAU and Service Requestsp. 34
5.2.3.1.3.1  Initial messagep. 34
5.2.3.1.3.2  Transfer of security context between SGSNp. 34
5.2.3.1.3.3  Security mode command procedurep. 34
5.2.3.1.4  Intra-UTRAN handoversp. 35

5.2.3.2  Inter-working with GERAN proceduresp. 35

5.2.3.2.1  Generalp. 35
5.2.3.2.2  AKAp. 35
5.2.3.2.3  Attach, RAU and Service Requestsp. 35
5.2.3.2.4  Handoversp. 36
5.2.3.2.4.1  Handover from GERAN to UTRANp. 36
5.2.3.2.4.2  Handover from UTRAN to GERANp. 36

5.2.3.3  Inter-working with E-UTRAN proceduresp. 36

5.2.3.3.1  Generalp. 36
5.2.3.3.2  EPS AKAp. 36
5.2.3.3.3  Idle mobilityp. 36
5.2.3.3.3.1  Attach and TAU procedures in EPSp. 36
5.2.3.3.3.2  Attach and RAU procedures in UTRAN/GERAN when TIN = 'GUTI'p. 37
5.2.3.3.4  Handoversp. 37
5.2.3.3.4.1  Intra-E-UTRAN S1 handoversp. 37
5.2.3.3.4.2  Handovers from E-UTRAN to UTRAN/GERANp. 37
5.2.3.3.4.3  Handover from GERAN/UTRAN to E-UTRANp. 37
5.2.3.3.5  Analysis of the benefits of inter-working with E-UTRANp. 37

5.2.3.4  Summary of changes to messages for PSp. 38

5.2.3.4.1  Generalp. 38
5.2.3.4.2  Changes to TS 24.008p. 38
5.2.3.4.3  Changes to TS 24.301p. 39
5.2.3.4.4  Changes to TS 29.060p. 39
5.2.3.4.5  Changes to TS 29.274p. 39
5.2.3.4.6  Changes to TS 25.413p. 40
5.2.3.4.7  Changes to TS 25.331p. 40

5.2.4  CS related proceduresp. 40

5.2.4.1  Intra-UTRAN proceduresp. 40

5.2.4.1.1  Generalp. 40
5.2.4.1.2  AKAp. 40
5.2.4.1.3  Initial message and subsequent proceduresp. 40
5.2.4.1.3.1  Initial messagep. 40
5.2.4.1.3.2  Transfer of security context between MSCsp. 40
5.2.4.1.3.3  Security mode command procedurep. 41
5.2.4.1.4  Intra-UTRAN handoversp. 41

5.2.4.2  GERAN interworking proceduresp. 41

5.2.4.2.1  Generalp. 41
5.2.4.2.2  Initial message and subsequent proceduresp. 41
5.2.4.2.2.1  Initial message with possible MSC changep. 41
5.2.4.2.2.2  Initial message without possible MSC changep. 41

5.2.4.3  Summary of changes to messages for CS domainp. 41

5.2.4.3.1  Generalp. 41
5.2.4.3.2  Changes to TS 24.008p. 41
5.2.4.3.3  Changes to TS 44.018p. 42
5.2.4.3.4  Changes to TS 29.002p. 42

5.3  Proposed solution 3p. 42

5.3.1  Generalp. 42

5.3.2  Key handling and capability negotiationp. 42

5.3.2.1  Generalp. 42

5.3.2.2  Initial NAS proceduresp. 43

5.3.2.3  Key derivations and capability indication at intra-UTRAN mobility with SRNS relocationp. 43

5.3.2.4  Capability indication at IRAT mobilityp. 47

5.3.3  Summary of changes to messagesp. 47

5.3.3.1  Generalp. 47

5.3.3.2  Changes to TS 25.331 RRCp. 47

5.3.3.3  Changes to TS 25.413 RANAPp. 48

5.4  Proposed solution 4p. 48

5.4.1  Generalp. 48

5.4.2  Forward security based SRNS relocation with UE involvementp. 49

5.4.2.1  Key chainingp. 49

5.4.2.2  Network handlingp. 49

5.4.2.2.1  Enhanced SRNS relocation procedurep. 49
5.4.2.2.2  SRNS relocation procedurep. 50

5.4.2.3  ME handlingp. 50

5.4.2.4  Intra-SRNS relocationp. 51

5.4.3  SRNS relocation without UE involvementp. 51

5.4.4  Interworking with GERANp. 51

5.4.4a  Interworking with E-UTRANp. 51

5.4.5  Summary of changes to messagesp. 51

5.4.5.1  Generalp. 51

5.4.5.2  Changes to TS 24.008p. 51

5.4.5.3  Changes to TS 29.060p. 52

5.4.5.4  Changes to TS 25.413p. 52

5.4.5.5  Changes to TS 25.331p. 53

6  Comparison of proposed Solutionsp. 53

6.1  Signalling aspectsp. 53

6.1.1  Initial authentication / AV fetchp. 53

6.1.2  Idle to Active transitionp. 53

6.1.3  SRNS relocation and intra-UTRAN key-refreshp. 53

6.2  Compatibility aspectsp. 54

6.3  Securityp. 55

6.3.1  Threatsp. 55

6.3.1.1  Handover from a collapsed RNC and NodeBp. 55

6.3.1.2  Handover from a separated RNC and NodeBp. 55

6.3.2  Forward security analysisp. 56

6.3.2.1  Desired security propertiesp. 56

6.3.2.2  Analysisp. 56

6.3.2.2.1  Algorithm ID bindingp. 57
6.3.2.2.2  Key update and forward securityp. 57

6.4  Messages comparisonsp. 57

7  Complexity versus benefit analysisp. 61

7.1  Threats, use cases and protection levelp. 61

7.1.1  Use case: temporarily stationary userp. 61

7.1.2  Use case: mobile usersp. 62

7.1.2.1  Descriptionp. 62

7.1.2.2  Attacker behaviourp. 62

7.1.2.3  Countermeasuresp. 62

7.1.2.4  Conclusionp. 62

7.1.3  Theft of servicep. 63

7.1.3.1  Threatp. 63

7.1.3.2  Analysisp. 63

7.1.4  CN and RAN level key separationp. 63

7.2  Cost and complexity analysisp. 64

7.2.1  Target orientationp. 64

7.2.2  Cost of countermeasuresp. 64

8  Conclusionsp. 64

8.1  Generalp. 64

8.2  Threatsp. 64

8.2.1  Generalp. 64

8.2.2  Privacyp. 65

8.2.3  Fraudp. 65

8.3  Differences between solutionsp. 65

$  Change historyp. 67

Up   Top