Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.885  Word version:  14.1.0

Top   Top   Up   Prev   None
1…   4…
4 Overview of V2X Services5 Security Analysis of V2X6 Proposed Solutions7 ConclusionA Overview of IEEE 1609.2 Security Standards for WAVB Network options for PC3 securityC Overview of existing privacy solution for V2XD Privacy by regulation$ Change history

 

4  Overview of V2X Servicesp. 11

4.1  Introductionp. 11

4.2  Architecturep. 11

4.2.1  Architectural Assumptionsp. 11

4.2.2  PC5 and LTE-Uu based V2X architecture reference modelp. 12

4.2.3  eMBMS and LTE-Uu based V2X architecture reference modelp. 14

4.2.4  Security impactp. 14

5  Security Analysis of V2Xp. 15

5.1  Key Issue #1: V2X Communication Securityp. 15

5.1.1  Key issue detailsp. 15

5.1.2  Security threatsp. 15

5.1.3  Potential Security requirementsp. 15

5.2  Key Issue #2: Authorization for LTE-V2X Radio Resourcesp. 15

5.2.1  Key issue detailsp. 15

5.2.2  Security threatsp. 16

5.2.3  Potential Security requirementsp. 16

5.3  Key Issue #3: V2X Entities Secure Environmentp. 16

5.3.1  Key issue detailsp. 16

5.3.2  Security threatsp. 16

5.3.3  Potential Security requirementsp. 16

5.4  Key Issue #4: Local MBMS Entity (LME) - security of Mv interfacep. 17

5.4.1  Key issue detailsp. 17

5.4.2  Security threatsp. 17

5.4.3  Potential Security requirementsp. 17

5.5  Key Issue #5: V2V/P authority broadcast communication security by UE for public information announcement over PC5 Interfacep. 18

5.5.1  Key issue detailsp. 18

5.5.2  Security threatsp. 18

5.5.3  Potential Security requirementsp. 19

5.6  Key Issue #6: Identity/Credentials Security for V2V/P Servicesp. 20

5.6.1  Key issue detailsp. 20

5.6.2  Security Threatsp. 20

5.6.3  Potential Security requirementsp. 20

5.7  Key Issue #7: Vehicle UE privacyp. 21

5.7.1  Key issue detailsp. 21

5.7.2  Security threatsp. 21

5.7.3  Security requirementsp. 22

5.8  Key Issue #8: V2X data source accountabilityp. 23

5.8.1  Key issue detailsp. 23

5.8.2  Security threatsp. 23

5.8.3  Potential Security requirementsp. 23

5.9  Key Issue #9: authentication and authorizationp. 23

5.9.1  Key issue detailsp. 23

5.9.2  Security threatsp. 24

5.9.3  Potential Security requirementsp. 24

5.10  Key Issue #10: Local V2X application serverp. 24

5.10.1  Key issue detailsp. 24

5.10.2  Security threatsp. 24

5.10.3  Potential Security requirementsp. 24

5.11  Key Issue #11: Choice of cryptoalgorithmp. 25

5.11.1  Key issue detailsp. 25

5.11.2  Security threatsp. 25

5.11.3  Potential Security requirementsp. 25

5.12  Key Issue #12: Credential provisioning for V2X servicesp. 25

5.12.1  Key issue detailsp. 25

5.12.2  Security threatsp. 26

5.12.3  Potential Security requirementsp. 26

5.13  Key Issue#13: Data communication security between network entitiesp. 26

5.13.1  Issue detailsp. 26

5.13.2  Security threatsp. 26

5.13.3  Security Requirementsp. 26

5.14  Key Issue#14: V2I broadcast communication security over PC5 interfacep. 27

5.14.1  Issue detailsp. 27

5.14.2  Security threatsp. 27

5.14.3  Security Requirementsp. 27

5.15  Key Issue#15: Security of UE to V2X Control Function interfacep. 28

5.15.1  Issue detailsp. 28

5.15.3  Security Requirementsp. 28

5.16  Key Issue #16: Detectability of Malicious LTE-V2X UE Behavior- achieving trust and confidence in messagesp. 29

5.16.1  Key issue detailsp. 29

5.16.2  Security threatsp. 29

5.16.3  Security requirementsp. 29

5.17  Key Issue #17: Securing the communication between V2X AS and LTE networkp. 29

5.17.1  Key issue detailsp. 29

5.17.2  Security threatsp. 30

5.17.3  Potential Security requirementsp. 30

6  Proposed Solutionsp. 30

6.1  Security for one to many V2X Direct Communicationp. 30

6.1.1  Overview of one to many V2X Direct Communicationp. 30

6.1.1.1  Security flowsp. 30

6.1.1.1.1  Overviewp. 30
6.1.1.1.1.1  UE Security Credential Provisioning with Identity based Cryptographyp. 33
6.1.1.1.1.1.1  V2X Data Source Accountability based on Identity based Cryptographyp. 36
6.1.1.1.1.2  UE Security Credential Provisioning with Certificatep. 36
6.1.1.1.1.2.1  V2X Data Source Accountability based on Certificatep. 38
6.1.1.1.1.3  UE Security Credential Provisioning and Tracing with Identity based Cryptographyp. 38
6.1.1.1.1.3.1  Introductionp. 38
6.1.1.1.1.3.2  solution detailsp. 38
6.1.1.1.1.3.2.1  Credential Provisioningp. 38
6.1.1.1.1.3.2.2  Identity Tracingp. 40
6.1.1.1.2  Secure One to Many V2x Communicationp. 41
6.1.1.1.2.1  Broadcast Messages Protected by Identity based Authenticationp. 41
6.1.1.1.2.2  Broadcast Messages Protected by Certificate based authenticationp. 42
6.1.1.1.2.2.1  Certificate Formatp. 43
6.1.1.1.2.2.2  Certificate Refreshmentp. 43
6.1.1.1.3  Security Architecture for V2X (PC5 and LTE-UU based)p. 44
6.1.1.1.4  The Format of PDCP Layer for Protection the Broadcast Messagesp. 45
6.1.1.1.4.1  PDCP Format for Broadcast Messages Protected by Identity based Authenticationp. 45
6.1.1.1.4.2  PDCP Format for Broadcast Messages Protected by Certificate based Authenticationp. 46

6.2  Solution #2: V2X Communication Securityp. 46

6.2.1  Security requirements addressedp. 46

6.2.2  Solution detailsp. 46

6.2.3  Justification for the solutionp. 46

6.3  Solution for attach identifier obfuscation for vehicle UE privacyp. 47

6.3.1  Security requirements addressedp. 47

6.3.2  Solution detailsp. 48

6.3.3  LI supportp. 49

6.4  Data communication security between network entitiesp. 50

6.4.1  Security requirements addressedp. 50

6.4.2  Solution detailsp. 50

6.5  Solution for Vehicle UE privacy from the MNO based on attach datap. 51

6.5.1  Security requirements addressedp. 51

6.5.2  Solution detailsp. 51

6.5.2.1  Simultaneous re-attach with new identitiesp. 51

6.5.2.2  MME Load spreadingp. 51

6.5.2.3  Re-attach boundary time determinationp. 51

6.5.2.4  Detach and Re-attach triggersp. 53

6.6  Solution for Vehicle UE privacy based on data traversing the networkp. 53

6.6.1  Security requirements addressedp. 53

6.6.2  Solution detailsp. 53

6.7  Solution for authorization and accountabilityp. 54

6.7.1  Addressed key issuesp. 54

6.7.2  Justification of the solutionp. 54

6.7.3  Description of the solutionp. 55

6.8  Security of UE to V2X Control Function interfacep. 56

6.8.1  Security requirements addressedp. 56

6.8.2  Solution detailsp. 56

6.8.2.1  Security procedures for configuration transfer to the UICCp. 56

6.8.2.2  Security procedures for data transfer to the UEp. 57

6.8.2.3  Alternative security procedure for data transfer between UE and V2X Control Functionp. 58

6.9  Solution using encrypted IMSI to proven MNO identifying the UEp. 60

6.9.1  Security requirements addressedp. 60

6.9.2  Solution detailsp. 60

6.9.2.1  Overviewp. 60

6.9.2.2  HPLMN issuing the V2X subscriptionp. 61

6.9.2.2.1  Details of use casep. 61
6.9.2.2.2  Attachment flowsp. 61
6.9.2.2.3  Encrypting IMSI and AVsp. 63
6.9.2.2.3.1  Generalp. 63

6.9.2.3  Regular subscriptionp. 63

6.9.2.3.1  Details of use casep. 63
6.9.2.3.2  Attachment flowsp. 63

6.9.2.4  Changes from legacy LTEp. 65

6.9.2.4.1  Changes for V2X MNO subscriptionp. 65
6.9.2.4.2  Changes for regular subscriptionp. 65

6.9.3  Evaluationp. 66

6.10  Solution for communication security with the V2X network entitiesp. 66

6.10.1  Addressed key issuesp. 66

6.10.2  Justification of the solutionp. 66

6.10.3  Description of the solutionp. 66

6.10.3.1  Security of the reference point V3 between the V-UE and the V2X Control Functionp. 66

6.10.3.2  Security of the reference point V2p. 66

6.10.3.3  Network domain securityp. 66

6.11  Solution #11: V2X Communication Securityp. 66

6.11.1  Security requirements addressedp. 66

6.11.2  Solution detailsp. 66

6.12  Hiding UE identity from other V2X UEs and the serving networkp. 67

6.12.1  Requirements addressedp. 67

6.12.2  Solution detailsp. 67

6.12.2.1  Overviewp. 67

6.12.2.2  Pseudonym generation, provisioning and usagep. 67

6.12.2.3  Impact to legacy LTEp. 69

6.12.2.4  Evaluationp. 69

6.13  Solution against V2X UE tracking based on PC5 autonomous modep. 70

6.13.1  Addressed key issuesp. 70

6.13.2  Justification of the solutionp. 70

6.13.3  Description of the solutionp. 70

6.13.4  Evaluationp. 70

6.14  Providing privacy from serving network by using a dedicated V2X MVNOp. 70

6.14.1  Addressed key issuesp. 70

6.14.2  Description of the solutionp. 71

6.14.2.1  Deployment modelp. 71

6.14.2.2  Concealment of the IMSIp. 71

6.14.3  Evaluationp. 71

6.15  A Vehicle UE Privacy Protection Framework with Homomorphic Encryptionp. 72

6.15.1  Introductionp. 72

6.15.2  Example of Homomorphic Encryptionp. 72

6.15.3  Proposed Frameworkp. 72

7  Conclusionp. 73

7.1  Conclusion on V2X communication securityp. 73

7.2  Conclusion on V3 interface securityp. 74

7.3  Conclusion on the security between network entitiesp. 74

7.4  Interim agreement on PC5 securityp. 74

7.6  Agreement on V2X UE authorization securityp. 74

A  Overview of IEEE 1609.2 Security Standards for WAVp. 75

A.1  DSRC/WAVEp. 75

A.2  WAVE standardsp. 75

A.3  WAVE securityp. 75

B  Network options for PC3 securityp. 77

B.1  Generalp. 77

B.2  ProSe Function using standalone BSFp. 77

B.3  BSF - ProSe Function/NAF colocationp. 77

B.4  ProSe Function with bootstrapping entityp. 78

C  Overview of existing privacy solution for V2Xp. 79

D  Privacy by regulationp. 80

D.1  Introductionp. 80

D.2  Regulatory situation in EUp. 81

D.2.1  GDPR and ePDp. 81

D.2.2  Relevant paragraphs from General Data Protection Regulation (GDPR)p. 81

D.2.3  Relevant paragraphs from e-Privacy Directive (ePD)p. 82

D.3  Regulatory situation in USp. 84

D.3.1  National Highway Traffic Safety Administration (NHTSA)p. 84

D.3.2  Relevant citations from DOT HS 812 014p. 84

$  Change historyp. 85

Up   Top