Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.861  Word version:  16.1.0

Top   Top   None   None   Next
0…   5…
0 Introduction1 Scope2 References3 Definitions of terms, symbols and abbreviations3.1 Terms3.2 Symbols3.3 Abbreviations4 Security aspects of the CIoT features in the 5G System
...

 

0  Introductionp. 9

The architectural study captured in TR 23.724 considers alternatives for supporting WB-EUTRA (eMTC) and/or NB-IoT in 5GS. The main assumption of the architectural study is that no new RAT for 5G massive MTC would be introduced but rather that the existing E-UTRAN radio technologies would be also used with 5GS. The 5GS already supports certain features that are useful for IoT, e.g. the UE can register to the system without necessarily establishing a PDU session and can use non-IP-type PDU sessions for data delivery. However, EPS provides also other features that are useful for IoT/MTC., e.g. power saving functions, overload control, high latency communication, monitoring, service capability exposure, etc. The extension of these EPS features to 5GS system is the main goal of the architectural study. Several of these features have security aspects.
Up

1  Scopep. 10

The present document studies the following:
  • Capture massive MTC related 5G requirements in other 3GPP documents and further analyse them from security point of view.
  • Study security for supporting EPS CIoT/MTC functionalities in 5GS, e.g.:
    • security for infrequent and frequent small data transmission
    • security for inter-RAT mobility to/from NB-IoT or modifications in the EPC-5GC interworking security specific to CIoT.
  • Study security enhancements based on the architectural study in TR 23.724, e.g.:
    • security for transport of user plane over 5G NAS; or
    • termination of user plane security in 5GC.
  • Study the security aspects of the architectural enhancements addressing the 5G service requirements in TS 22.261 and TR 38.913.
  • Study the need for additional mechanisms to improve protection of the network from maliciously behaving IoT devices
Up

2  Referencesp. 10

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TR 23.724: "Study on Cellular IoT support and evolution for the 5G System".
[3]
TS 22.261: "Service requirements for next generation new services and markets".
[4]
TR 38.913: "Study on scenarios and requirements for next generation access technologies".
[5]
TS 23.401: "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access ".
[6]
TS 23.682: "Architecture enhancements to facilitate communications with packet data networks and applications ".
[7]
TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture".
[8]
TS 33.501: "Security architecture and procedures for 5G system ".
[9]  Void
[10]
TS 23.501: "System Architecture for the 5G System".
[11]
TR 23.791: "Study of Enablers for Network Automation for 5G".
[12]
TS 23.288: "Architecture enhancements for 5G System (5GS) to support network data analytics services. ".
[13]
TS 38.331: : "NR; Radio Resource Control (RRC) protocol specification".
[14]
TS 38.300: "NR and NG-RAN Overall Description".
[15]
TS 23.502: "Procedures for the 5G System ".
[16]
TS 23.002: "Network architecture ".
[17]  Void
[18]
New vulnerabilities in 4G and 5G cellular access network protocols: exposing device capabilities. https://doi.org/10.1145/3317549.3319728.
[19]
TS 36.300: "Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access Network (E-UTRAN); Overall description; Stage 2".
[20]
RFC 8520  "Manufacturer Usage Description Specification".
[21]
TS 24.501: "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3".
Up

3  Definitions of terms, symbols and abbreviationsp. 11

3.1  Termsp. 11

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Misbehaving UE:
A UE that is controlled by an attacker with malicious application running.
Narrowband-IoT (NB-IoT):
see definition in TS 23.401
ng-eNB:
See definition in TS 38.300.

3.2  Symbolsp. 11

Void.

3.3  Abbreviationsp. 11

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
5G-AN
5G Access Network
5G-RAN
5G Radio Access Network
AMF
Access and Mobility Management Function
CIoT
Cellular Internet of Things
CP
Control Plane
DoS
Denial of Service
DDoS
Distributed Denial of Service
gNB
NR Node B
IoT
Internet of Things
MTC
Machine Type of Communications
NB-IoT
Narrow Band Internet of Things
NG
Next Generation
ng-eNB
Next Generation Evolved Node-B
NR
New Radio
UPF
User Plane Function
Up

4  Security aspects of the CIoT features in the 5G Systemp. 12

4.1  Backgroundp. 12

The architectural study in TR 23.724 addresses two new 5G features related to service delivery for CIoT capable UEs. The first feature is for the infrequent transmission of small data. It is targeted at constrained, low power and low rate UEs. The solution for this feature makes use of the NAS signalling to transport the data similarly to the Data over NAS (DoNAS) feature in EPS. The second feature is for the frequent transmission of small data and is targeted at more active UEs. It is expected that the final solution for this feature will be based on a mixture of an enhanced version of RRC inactive with early data and the EPS resume suspend feature for Narrow Band IoT (NB-IoT). Since both features are based on the EPS ones, it is natural to expect similar security impact on the 5GS to support them.
Up

4.2  High level potential security requirementsp. 12

The security aspects shall be based on the CIoT architecture referring to TR 23.724 where E-UTRAN (i.e. both WB-E-UTRA and NB-IoT) is connected to 5GC via N2/N3.
UEs used for CIoT in 5GS shall comply with the security features and security requirements in TS 33.501.

Up   Top   ToC