Content for TS 33.501 Word version: 18.5.0

1… 4… 5… 5.3… 5.9… 5.10… 6… 6.1.3… 6.1.4… 6.2… 6.2.2… 6.3… 6.4… 6.5… 6.6… 6.7… 6.8… 6.9… 6.10… 6.11 6.12… 6.13 6.14… 6.15… 6.16… 7… 7A… 7A.2.3… 7B… 8… 9… 10… 11… 12… 13… 13.2.2… 13.2.4… 13.3… 13.4… 14… 15… 16… A… B… C… D… E… F… G… I… I.9… J… K… M… N… O… P… R S… T… U… V… W… X… Y… Z…

T.1 General T.2 Security of network exposure to edge application server T.3 Security of EAS discovery procedure via EASDF in non-roaming Scenario T.4 Security of EAS discovery procedure via V-EASDF in roaming Scenario
...

T (Normative) Security for edge computing |R17| p. 289

T.1 General p. 289

The 5G Edge computing service is described in TS 23.548. It defines the enhancements of 5G System to support Edge Computing.

T.2 Security of network exposure to edge application server p. 289

It is defined in clause 6.4 of TS 23.548 that the network could expose network information to the local AF with two scenarios, i.e.

Case 1: L-PSA UPF may expose the network information to local AF via Local NEF, or
Case 2: L-PSA UPF may expose the network information to local AF directly. However, How to deliver the information on N6 is out of scope.

For the Case 1, the Security aspects of Network Exposure Function specified in clause 12 shall be used for the network information exposure.

T.3 Security of EAS discovery procedure via EASDF in non-roaming Scenario p. 289

DNS over TLS as specified in RFC 7858 and RFC 8310 shall be supported by the UE and the EASDF. The DNS connection shall be authenticated and encrypted.

The security information of the EASDF can be preconfigured in the UE by using out of band mechanisms or if the core network is used to configure the security information, the SMF is preconfigured with the EASDF security information (authenticat ion information, supported security mechanisms, port number, etc.) and provides the security information to the UE as follows:

The SMF provides the EASDF security information to the UE via PCO.

According to the clause 6.4.1.3 of TS 24.501, upon receiving the DNS server security information, the UE passes it to the upper layer. The UE uses this information to send the DNS over TLS. Additionally, the clause 10.5.6.3 of TS 24.008 provides the configuration of the different options of DNS over TLS specified in the RFC 7858.

T.4 Security of EAS discovery procedure via V-EASDF in roaming Scenario |R18| p. 289

DNS over TLS as specified in RFC 7858 and RFC 8310 shall be supported by the UE and the V-EASDF. The DNS connection shall be authenticated and encrypted.

The security information of the V-EASDF can be preconfigured in the UE by using out of band mechanisms or if the core network is used to configure the security information, the V-SMF is preconfigured with the V-EASDF security information (authentication information, supported security mechanisms, port number, etc.) and provides the security information to the UE as follows:

In the case of LBO roaming, the V-SMF provides the V-EASDF security information to the UE via PCO.
In the case of HR with Session Breakout (HR-SBO) roaming scenarios, during the PDU session establishment or modification procedure, the V-SMF provides the V-EASDF security information via Nsmf_PDUSession_Create/ Nsmf_PDUSession_Update to H-SMF when the V-SMF determines to use a V-EASDF for EAS discovery, and the H-SMF provides the V-EASDF security information to UE via PCO if HR SBO is authorized.