Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 31.826
Study on new UICC application for NSSA

3GPP‑Page  
V18.0.0 (Wzip)  2023/03  17 p.
Rapporteur:
Mr. COLLET, Hervé
THALES

full Table of Contents for  TR 31.826  Word version:  18.0.0

Here   Top
0 Introduction1 Scope2 References3 Definitions of terms, symbols and abbreviations4 Solutions overview5 Evaluation criteria6 Solutions evaluations7 Conclusion$ Change history

 

0  Introductionp. 6

SA3 has finalized their security requirements on network slice-specific authentication and authorization (NSSAA) in clause 16 of TS 33.501 introduced in Release 16.
Among these requirements, there are few with potential UICC impact and hence need CT6's attention.

1  Scopep. 7

The aim of this Technical Report is to study the aspects for any potential enhancements on the UICC to be developed by CT6 based on the outcome of TS 33.501. This work does not include selecting or standardizing any specific EAP method or associated EAP credential types for NSSAA.
For each of the objectives in the scope of the CT6 study, the UICC aspects that are to be covered in this study are as follows:
  • Enhancements to support network slice-specific authentication and authorization using the UICC.
    • Study potential solutions for slice-specific authentication using new specific UICC application.
    • Study information the UICC application for NSSAA needs to contain.
    • Study information needed by the ME to select the correct UICC application used for NSSAA, in the case where multiple such UICC applications are available on the UICC. This information will not include UICC application selection based on a specific EAP method or type of EAP credentials.
    • Study the interface that the new UICC application should feature in order to support NSSAA.
Up

2  Referencesp. 7

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 24.501: "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3".
[3]
TS 23.502: "Procedures for the 5G System; Stage 2".
[4]
ETSI TS 102 310: "Extensible Authentication Protocol support in the UICC".
[5]
TS 31.101: "UICC-Terminal Interface, Physical and Logical Characteristics".
[6]
ISO/IEC 8825-1 (2008): "Information technology - ASN.1 encoding rules : Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)".
[7]
TS 23.003: "Numbering, Addressing and Identification".
[8]
TS 33.501: "Security Architecture and procedures for 5G system".
[9]
ISO/IEC 7816-4: "Identification cards - Integrated circuit cards,Part 4: Organization, security and commands for interchange".
[10]
RFC 3748:  "Extensible Authentication Protocol (EAP)".
[11]
RFC 2716:  "PPP EAP TLS Authentication Protocol".
[12]
ETSI TS 102 221: "Smart cards; UICC-Terminal interface; Physical and logical characteristics".
Up

3  Definitions of terms, symbols and abbreviationsp. 8

3.1  Termsp. 8

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
authenticator:
end of the EAP link initiating EAP authentication
peer or supplicant:
end of the EAP Link that responds to the authenticator

3.2  Abbreviationsp. 8

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
AAA-S
Authentication, Authorization and Accounting Server
EAP
Extensible Authentication Protocol
NSSAA
Network Slice-Specific Authentication and Authorization
S-NSSAI
Single Network Slice Selection Assistance Information
Up

4  Solutions overviewp. 8

4.1  Introductionp. 8

4.2  Key issuesp. 8

4.2.1  Multiple NSSAA contextsp. 8

4.2.2  Discovery of the supported featuresp. 8

4.2.3  EAP frameworkp. 9

4.3  Solution 1p. 9

4.3.1  Multiple NSSAA contextsp. 9

4.3.2  Discovery of the supported featuresp. 9

4.3.2.1  EAP Identifierp. 10

4.3.2.1.1  EFEAP-ID (EAP Identifier)p. 10

4.3.2.2  S-NSSAI listp. 10

4.3.2.2.1  EFS-NSSAI (S-NSSAI list)p. 10

4.3.2.3  EAP authentication statusp. 11

4.3.2.3.1  EFEAP-STATUS (EAP Authentication STATUS)p. 11

4.3.3  EAP frameworkp. 12

4.3.3.1  NSSAA application management proceduresp. 12

4.3.3.1.1  NSSAA application selectionp. 12
4.3.3.1.2  NSSAA application initialisationp. 12
4.3.3.1.3  NSSAA application terminationp. 12
4.3.3.1.4  NSSAA application closurep. 13

4.3.4  Security featuresp. 13

4.3.4.1  User verification and file access conditionsp. 13

4.3.5  NSSAA application commandsp. 13

4.3.5.1  AUTHENTICATEp. 13

4.3.5.1.1  Command descriptionp. 13
4.3.5.1.1.1  Command parameters and datap. 14
4.3.5.1.1.2  Specific status conditions returnedp. 15
4.3.5.1.1.3  Status wordsp. 15

4.3.6  List of SFI values (annex)p. 15

5  Evaluation criteriap. 15

5.1  Overviewp. 15

5.2  Key issues addressedp. 15

5.3  Impact on USIM and ISIMp. 15

5.4  Impact on UICCp. 15

5.5  Backward compatibilityp. 16

5.6  Impact on core and RAN networksp. 16

6  Solutions evaluationsp. 16

6.1  Solution 1p. 16

6.1.1  Key issuesp. 16

6.1.2  USIM and ISIM types applicablep. 16

6.1.3  Impact on UICCp. 16

6.1.4  Backward compatibilityp. 16

6.1.5  Impact on core and RAN networksp. 16

7  Conclusionp. 16

$  Change historyp. 17

Up   Top