tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

Top          in Index          Prev          Next

draft-TR 33.899 (SA3)
Study on the security aspects of the next generation system

|   ToC   |   3GPP‑Page   |   Help   |

(W-zip) V1.2.0    2017/06    586 p.


Rapporteur:  Mr. Torvinen, Vesa
See also:  5G-related TS/TR    


In the scope of this TR are the threats, potential requirements and solutions for the security of next generation mobile networks. The work will include:
  • Collection, analysis and further investigation of potential security threats and requirements for the next generation systems, based on the service, architectural and radio related requirements for the next generation mobile networks.
  • Investigation of the security architecture and access security.
The complete or partial conclusions of this study will form the basis for the normative work and/or for any further study.

The security threats and requirements, and the security architecture may additionally include standalone security topics. These topics may not be covered by the security work described above but they shall not be in conflict with service, architectural or radio related requirements for next generation mobile networks. It is part of the study to determine whether such topics need to be dealt with, and, if so, what they are.


 

Here          Top          None          None          Next
part:    1     2     3     4     5     6

 

 

1   Scope   Word-p. 31
2   References
3   Definitions, symbols and abbreviations   Word-p. 35
4   Security areas and high level security requirements   Word-p. 38
5   Key issues and solutions   Word-p. 40
5.1   Security area #1: Architectural aspects of Next Generation security      Up
5.1.1   Introduction
5.1.2   Security assumptions
5.1.3   Key issues
5.1.3.1   Key issue #1.1: Overview of NextGen security architecture
5.1.3.2   Key issue #1.2: Need for security anchor in NextGen network
5.1.3.3   Key Issue #1.3: User plane integrity between UE and network   Word-p. 43
5.1.3.4   Key Issue #1.4: User plane confidentiality between UE and network   Word-p. 44
5.1.3.5   Key Issue #1.5 Integrity protection for the control plane between UE and network      Up
5.1.3.6   Key Issue #1.6 Confidentiality for the control plane between UE and network
5.1.3.7   Key issue #1.7: Key hierarchy   Word-p. 46
5.1.3.8   Key Issue #1.8: UEs with Asymmetric Keys
5.1.3.9   Key issue #1.9: Security features for AN-CN Control Plane   Word-p. 48
5.1.3.10   Key issue #1.10: Security features for AN-CN User Plane      Up
5.1.3.11   Key issue #1.11: Security features for CN-CN Control Plane
5.1.3.12   Key issue #1.12: Security features for CN-CN User Plane   Word-p. 50
5.1.3.13   Key Issue #1.13: Security Implications to Achieve Low Latency
5.1.3.14   Key issue #1.14: Security for serving functions in a less secure location
5.1.3.15   Key issue #1.15: Termination point of UP security   Word-p. 54      Up
5.1.3.16   Key issue #1.16: User plane protection granularity
5.1.3.17   Key issue #1.17: On-demand security policy
5.1.3.18   Key issue #1.18: Flexible security policies negotiation in control plane
5.1.3.19   Key issue #1.19: Untrusted non-3GPP access
5.1.3.20   Key issue #1.20: Trusted non-3GPP access   Word-p. 59      Up
5.1.3.21   Key issue #1.21: Dealing with signalling attacks
5.1.3.y   Key issue #1.y: <key issue name>
5.1.4   Solutions
5.1.4.1   Solution #1.1: Radio interface user plane integrity protection
5.1.4.2   Solution #1.2: Periodic local authentication and packet count check
5.1.4.3   Solution #1.3: Radio interface user plane encryption   Word-p. 62
5.1.4.4   Solution #1.4: Key hierarchy
5.1.4.5   Solution #1.5: User plane security policy and key derivation
5.1.4.6   Solution #1.6: Architecture for NextGen that include a security anchor
5.1.4.7   Solution #1.7: Serving functions all deployed in secure location      Up
5.1.4.8   Solution #1.8: Key hierarchy for NextGen
5.1.4.9   Solution #1.9: Key hierarchy and the related procedure   Word-p. 80
5.1.4.10   Solution #1.10: UP protection for PDU session (re)establishment triggered by handover
5.1.4.11   Solution #1.11 High level of Security Architecture
5.1.4.12   Solution #1.12: Low latency security technique to protect user plane
5.1.4.13   Solution #1.13: Security of NAS signallings before security activation
5.1.4.14   Solution #1.14: Single termination point for NAS security
5.1.4.15   Solution #1.15: AES as a fast stream cipher   Word-p. 93
5.1.4.16   Solution #1.16: Re-use of "Data efficient re-keying"
5.1.4.17   Solution #1.17: Delegated Subscriber Server
5.1.4.18   Solution #1.18: Combining Low Latency on User Plane with High Latency on Control Plane.   Word-p. 95
5.1.4.19   Solution #1.19: Next Generation USIM
5.1.4.20   Solution 1.20: Flexible UP security termination point
5.1.4.21   Solution 1.21: Flexible UP security termination point   Word-p. 97
5.1.4.22   Solution #1.22: Terminating user plane security in the AN
5.1.4.23   Solution #1.23: Security for the AN-CN User Plane   Word-p. 100
5.1.4.24   Solution #1.24: Security for the AN-CN Control Plane
5.1.4.25   Solution #1.25: Protocol stack options for the user-plane security terminating at the UPF
5.1.4.26   Solution #1.26: Untrusted non-3GPP access
5.1.4.27   Solution #1.27: Authentication and Key Agreement procedure for untrusted non-3GPP Access
5.1.4.28   Solution #1.28: Authentication and Key agreement procedure for NextGen architecture with stand-alone non-3GPP access      Up
5.1.4.29   Solution #1.29: A solution for KDF negotiation
5.1.4.30   Solution #1.30 Registration Procedure for NextGen network   Word-p. 119
5.1.4.31   Solution #1.31 Security mode command procedure for NextGen network
5.1.4.32   Solution #1.32 Security mode command procedure for NextGen network with NAS-SM   Word-p. 123
5.1.4.33   Solution #1.33: Consolidated Key hierarchy for NextGen
5.1.4.34   Solution #1.34: NextGen USIM
5.1.4.35   Solution #1.35: Key management during AMF change      Up
5.1.4.36   Solution #1.36: Security anchor function via primary AMFs
5.1.4.38   Solution #1.38: Detection and response function for signalling attacks   Word-p. 137
5.1.4.39   Solution #1.39: Flexible UP Termination Point with LTE compatibility
5.1.4.z   Solution #1.z: <solution name>
5.1.5   Conclusions

Up          Top          ToC