Tech-invite 3GPPspace IETFspace

21 22 23 24 25 26 27 28 29 31 32 33 34 35 36 37 38 4‑5x

Content for TR 33.864 Word version: 17.0.0

0… 4…

4 Architecture and security assumptions of AMF re-allocation p. 8

4.1 General p. 8

4.2 Procedure of Registration with AMF re-allocation p. 8

4.3 Architecture and security assumptions p. 10

5 Key issues p. 11

5.1 Key Issue #1: Security of AMF re-allocation procedures p. 11

5.1.1 Key issue details p. 11

5.1.2 Security threats p. 11

5.1.3 Potential security requirements p. 12

6 Solutions p. 12

6.1 Solution #1: AMF re-allocation via RAN using existing security states p. 12

6.1.1 Introduction p. 12

6.1.2 Solution details p. 12

6.1.2.1 Overview p. 12

6.1.2.2 Message flows p. 13

6.1.3 Evaluation p. 14

6.2 Solution #2: Security of AMF re-allocation when 5G NAS security context is rerouted via RAN p. 15

6.2.1 Introduction p. 15

6.2.2 Solution details p. 15

6.2.3 Evaluation p. 18

6.3 Solution #3: Solving registration failure with AMF re-allocation via RAN p. 19

6.3.1 Solution Overview p. 19

6.3.2 Solution Details p. 19

6.3.3 Security Evaluation p. 23

6.4 Solution #4: Solution to enable NAS Security for AMF reallocation and reroute via RAN Scenario p. 23

6.4.1 Introduction p. 23

6.4.2 Solution details p. 23

6.4.3 Evaluation p. 27

6.5 Solution #5: AMF re-allocation by re-directing UE to new AMF p. 28

6.5.1 Solution Overview p. 28

6.5.2 Solution Details p. 29

6.5.2.1 Handling Different cases of communicating AMFs (Figure 4.3-1) p. 30

6.5.3 Evaluation p. 31

6.6 Solution #6: Solution to provide Security context to AMF capable of serving the UE to ensure system availability p. 31

6.6.1 Introduction p. 31

6.6.2 Solution details p. 31

6.6.3 Evaluation p. 36

6.7 Solution #7: Solution to enable Reallocated AMF to serve the UE p. 37

6.7.1 Introduction p. 37

6.7.2 Solution details p. 37

6.7.3 Evaluation p. 41

6.8 Solution #8: Solution to enable UE connection directly to the slice AMF p. 42

6.8.1 Introduction p. 42

6.8.2 Solution details p. 42

6.8.2.1 Solution phase 1 p. 42

6.8.2.2 Solution phase 2 p. 43

6.8.3 Evaluation p. 44

6.9 Solution #9: Security of AMF re-allocation when 5G NAS security context is rerouted via RAN p. 45

6.9.1 Introduction p. 45

6.9.2 Solution details p. 45

6.9.3 Evaluation p. 48

6.10 Solution #10: Solution to reroute 5G NAS security context via RAN p. 49

6.10.1 Introduction p. 49

6.10.2 Solution details p. 49

6.10.3 Evaluation p. 52

6.11 Solution #11: Solution for AMF re-allocation by triggering a new registration procedure p. 53

6.11.1 Introduction p. 53

6.11.2 Solution details p. 53

6.11.3 Evaluation p. 55

6.12 Solution #12: AMF re-allocation and secured reroute via RAN enabled by AUSF p. 56

6.12.1 Introduction p. 56

6.12.2 Solution details p. 56

6.12.3 Evaluation p. 59

7 Conclusions p. 60

7.1 Conclusion for key issue #1 - Security of AMF re-allocation procedures p. 60

A AMF re-allocation p. 61

A.1 Registration failure issue with AMF re-allocation via RAN p. 61

A.1.1 General p. 61

A.1.2 Description of Registration Failure Issue p. 61

$ Change history p. 65