Content for TR 33.897 Word version: 13.1.0

3.1 Definitions 3.2 Abbreviations 4.1 Introduction 4.2 Architecture
...

1 Scope p. 6

The present document contains the results of a Stage 2 study and evaluation of possible 3GPP security solutions in support of Isolated E-UTRAN Operation for Public Safety (IOPS). The solutions are based on the Stage 1 requirements in TS 22.346, the architectural enhancements to support IOPS presented in the Stage 2 study report TR 23.797 and resulting informative Annex K in TS 23.401. For the current release of specification the solution in TS 23.401 is based on a Local EPC with no backhaul.

The present document identifies key issues, security threats, deduces security requirements and presents proposed security solutions for IOPS.

Throughout this Technical Report the terms 'IOPS network' and 'Isolated E-UTRAN' are used synonymously.

2 References p. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]

TR 21.905: "Vocabulary for 3GPP Specifications".

[2]

TS 22.346: "Isolated Evolved Universal Terrestrial Radio Access Network (E-UTRAN) operation for public safety; Stage 1".

[3]

TR 23.797: "Study on architecture enhancements to support Isolated E UTRAN Operation for Public Safety".

[4]

TR 22.234: "Service requirements for the Evolved Packet System (EPS)".

[5]

TR 31.102: "Characteristics of the Universal Subscriber Identity Module (USIM) application".

[6]

TR 33.401: "3GPP System Architecture Evolution (SAE); Security architecture".

[7]

TS 33.102: "3G Security; Security architecture".

[8]

TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".

[9]

TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security".

[10]

TR 23.401: "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access".

[11]

TS 23.003: "Numbering, addressing and identification".

3 Definitions and abbreviations p. 7

3.1 Definitions p. 7

For the purposes of the present document, the terms and definitions given in TR 21.905, TS 22.346, TS 23.401 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

Macro EPC:

The EPC which serves an eNB in a 'normal' mode of operation [10].

IOPS-capable eNB:

An eNB that has the capability of IOPS mode operation, which provides local IP connectivity and public safety services to IOPS-enabled UEs via a Local EPC when the eNB has lost backhaul to the Macro EPC or it has no backhaul to the Macro EPC.

IOPS network:

An IOPS network consists of one or more eNBs operating in IOPS mode and connected to a Local EPC.

Local EPC:

A Local EPC is an entity which provides functionality that eNBs in IOPS mode of operation use, instead of the Macro EPC, in order to support public safety services.

Nomadic EPS:

A deployable system which has the capability to provide radio access (via deployable IOPS-capable eNB(s)), local IP connectivity and public safety services to IOPS-enabled UEs in the absence of normal EPS.

IOPS-enabled UE:

An UE that is configured to use networks operating in IOPS mode.

3.2 Abbreviations p. 7

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply.

An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.

AMF

Authentication Management Field as defined in [7]

IOPS

Isolated E-UTRAN Operation for Public Safety

TAI

Tracking Area Identifier as defined in [11]

4 Overview of IOPS p. 7

4.1 Introduction p. 7

Many national and international Public Safety organizations have endorsed or are considering LTE as the next generation technology either to augment their existing systems, or to provide a future migration path. Ensuring the continued ability of Public Safety users to communicate within mission critical situations is of the utmost importance even when the fixed infrastructure is compromised.

The IOPS feature as specified in the Stage 1 normative requirements [2] provides the ability to:

Maintain a level of communications for Public Safety users, via a fixed infrastructure eNB (or set of connected eNBs), following the total loss of backhaul communications.
Create a serving radio access network without backhaul communications from a deployment of one or more standalone deployable IOPS-capable eNBs forming a Nomadic EPS. A Nomadic EPS is intended for Public Safety use providing coverage or additional capacity where: 1) coverage was never present (e.g. forest fire or underground rescue) or 2) where, for example, due to natural disaster coverage is no longer present.
Create a serving radio access network, with and without backhaul communications, from a deployment comprising a combination of eNBs and deployable IOPS-capable eNBs.
Maintain or create a level of communications for Public Safety users in the scenario where set of eNBs or deployable IOPS-capable eNBs is without normal backhaul communications but has been provided with an alternative (non-ideal) limited bandwidth backhaul.

The Isolated E-UTRAN may comprise a single or multiple eNBs. An Isolated E-UTRAN comprising multiple eNBs, with connections between the eNBs, can provide communication between UEs across a wider area of coverage than can be provided by a single isolated eNB. The UEs in the coverage of the Isolated E-UTRAN are able to continue communicating and provide a restricted set of services supporting voice, data and group communications, to their Public Safety users.

An Isolated E-UTRAN may comprise a deployment of one or more deployable IOPS-capable eNBs. An Isolated E-UTRAN derived from deployable IOPS-capable eNBs exhibits similar behaviour to an Isolated E-UTRAN derived from eNBs including: support for Public Safety UEs in the coverage area, communication between deployable IOPS-capable eNBs and support for limited backhaul connectivity.

Furthermore an Isolated E-UTRAN may also comprise a combination of eNBs and deployable IOPS-capable eNBs where additional capacity or coverage is provided by deployable IOPS-capable eNBs in an Isolated eNB infrastructure network.

Realization of the IOPS feature must be able to manage the potentially dynamic nature of an Isolated E-UTRAN where:

Deployable IOPS-capable eNBs or eNBs form, join and leave the Isolated E-UTRAN in a secure manner;
UEs join and leave the Isolated E-UTRAN.

An Isolated E-UTRAN is characterized by having no, or a limited, backhaul connection. In particular, the IOPS feature enables services to be provided to Public Safety UEs in the following backhaul scenarios:

No backhaul;
Limited bandwidth signalling only backhaul;
Limited bandwidth signalling and user data backhaul.

4.2 Architecture p. 8

The architecture of a network for isolated operation of E-UTRAN in Public Safety is described in TR 23.797 and TS 23.401, Annex K.

From a security point of view, it has been decided to have a USIM application dedicated exclusively for IOPS mode.

LTE security procedures are followed for IOPS networks as described in TS 33.401.

5 List of assets p. 8

This clause lists assets within an Isolated E-UTRAN. Identification of these assets helps to define the extent of the Isolated E-UTRAN study in this and future releases.

The following are assets within an Isolated E-UTRAN:

User and any Isolated E-UTRAN Key material. This includes all possible key material used for authentication, encryption and integrity protection of communications within an Isolated E-UTRAN.
User identity. Used to identify the user in the Isolated E-UTRAN. This may be a permanent or a temporary identity.
Network identity (for example MME identity). Used to identify the Isolated E-UTRAN. This may be a permanent or a temporary identity.
Services supported within the IOPS network. Applications that support local services within the Isolated E-UTRAN.
Bearer-level traffic. User to network traffic within the Isolated E-UTRAN. In particular, any traffic that is carried by the PDCP layer.
Radio Parameters. These parameters are FFS.
Backhaul links and eNBs and existing network elements.
Security infrastructure (for example HSS and AuC).
Network access.
The quality of service parameters for current users at the point of initiating Isolated E-UTRAN operation.