Content for TS 31.102 Word version: 18.3.0
0…
3…
4…
4.2.9…
4.2.17…
4.2.26…
4.2.34…
4.2.44…
4.2.52…
4.2.60…
4.2.68…
4.2.76…
4.2.85…
4.2.93…
4.2.101…
4.2.107…
4.3…
4.4.2…
4.4.2.4…
4.4.3…
4.4.4…
4.4.5…
4.4.6…
4.4.8…
4.4.8.7…
4.4.9…
4.4.11…
4.4.11.7…
4.4.11.17…
4.4.12…
4.5…
4.6…
4.7
5…
5.2…
5.3…
5.4…
5.9…
6…
7…
7.1.2…
7.3…
A
B…
D
E…
G
H…
I…
L…
M…
M USIM application dedicated for IOPS
N USIM supporting non-IMSI SUPI Type
O Examples of NAS security contexts management in multiple registrations
$ Change history
M (Normative) USIM application dedicated for IOPS |R13| p. 375
M.1 Introduction p. 375
IOPS allows to provide network service to Public Safety users even in the case the network has no or only limited backhaul connectivity. One of the main issues in such cases is the missing backhaul to perform authentication. A solution has been defined by using local HSSs which take over the responsibility for authentication in IOPS mode.
A problem identified for IOPS security when making use of local HSS is the higher probability of a compromise of a local HSS. Therefore the security solution described in TS 33.401 uses a local HSS with different authentication credentials than the standard HSS in normal operation. Additionally there might be several local HSSs and to further reduce the impact of possible compromised local HSSs, each local HSS should use different authentication credentials.
The security solution described in TS 33.401 is based on a USIM application dedicated for IOPS and using derived individual keys per local HSS.
3GPP TS 23.401 Annex K specifies a PLMN identity dedicated for IOPS mode of operation. Additionally a USIM dedicated for IOPS uses an Access Control Class of '11' or '15'.
M.2 Features of the USIM dedicated for IOPS p. 375
The USIM dedicated for IOPS may be implemented as a single USIM on a UICC or as a secondary USIM application together with a normal USIM on one UICC. The USIM for IOPS is a regular USIM application and contains all mandatory EFs for a USIM and may also include any of the optional EFs defined for a USIM.
The USIM dedicated for IOPS nevertheless has some specifics:
- As specified in TS 23.401 Annex K, the Access Control Class in EFACC is set to either '11' or '15'. The specific values for the Access Control Class prevent UEs with different Access Control Classes from trying to attach to the IOPS network.
- The entry for the USIM dedicated for IOPS in EFDIR has a label starting with 'USIM-IOPS'.
- The AMF (Authentication Management Field) mechanism as described in TS 33.401 Annex F.4.1 is supported.
- An Operator specific mechanism to derive local HSS individual keys is supported (see TS 33.401 Annex F.4).
M.3 Selection mechanisms p. 375
The method for selecting a USIM dedicated for IOPS is left to ME implementation.
N (Normative) USIM supporting non-IMSI SUPI Type |R16| p. 376
N.1 Introduction p. 376
IMSI based USIM is a USIM Application which is configured with a SUPI of type IMSI (i.e Service No. 130 in the USIM Service Table shall not be "available").
Non-IMSI based USIM is a USIM Application which is configured with a SUPI of type non-IMSI (i.e Service No. 130 in the USIM Service Table shall be "available"). Examples of non-IMSI type are: NSI, GCI and GLI.
Both USIM application types shall use different AID ranges as defined in Annex O of TS 31.101.
N.2 Features of USIM supporting non-IMSI SUPI type p. 376
The non-IMSI based USIM may be implemented as a single USIM application on a UICC or as a secondary USIM application together with an IMSI based USIM on one UICC.
The non-IMSI based USIM is a regular USIM application and shall contain all mandatory EFs defined for a USIM application in the present document and may also include any of the optional EFs defined for a USIM application except EFIMSI.
No additional features are supported by Non-IMSI based USIM.
N.3 Application selection procedure p. 376
Application selection is performed according to the procedures defined in clause 5.1.1.1. The following provisions apply:
The method for selecting a non-IMSI based USIM is based on the presence of the corresponding application with the associated AID in EFDIR, as defined in the Annex O of TS 31.101.
O Examples of NAS security contexts management in multiple registrations |R16| p. 376
| Step | Scenario 1 | 5GS3GPPLOCI | 5GS3GPPNSC | 5GSN3GPPLOCI | 5GSN3GPPNSC | ||
|---|---|---|---|---|---|---|---|
| Record 1 | Record 2 | Record 1 | Record 2 | ||||
| 1 | UE is authenticated to PLMN-A with dual connection (3GPP and non-3GPP) <3GPP and n3GPP AMFs are the same and the same TMSI in both access> | GUTI-A1 | 3gppNSC-A1 | - | GUTI-A1 | n3gppNSC-A1 | - |
| 2 | UE switches from PLMN-A to PLMN-B on non-3GPP | Use GUTI-A1 from 5GSN3GPPLOCI and
n3gppNSC-A1 from 5GSN3GPPNSC | |||||
| 3 | UE successful REGISTRATION to PLMN-B on non-3GPP | GUTI-A1 | 3gppNSC-A1 | GUTI-B1 | n3gppNSC-B1 | n3gppNSC-A1 | |
| 4 | UE successful REGISTRATION to PLMN-B over 3GPP <Compared to GUTI-B1 in n3GPP access, GUTI-B2 corresponds to a new AMF for 3GPP and a new TMSI> | GUTI-B2 | 3gppNSC-B1 | - | GUTI-B1 | n3gppNSC-B1 | - |
| 5 | UE switches-off (UE init de-registration) | ||||||
| 6 | UE stores to USIM the valid 3GPP Security Context (PLMN-B) and the valid non-3GPP Security Context (PLMN-B) | GUTI-B2 | 3gppNSC-B1
(Stored in USIM)(1) | - | GUTI-B1 | n3gppNSC-B1
(Stored in USIM)(1) | - |
| 7 | ME clears all Security Contexts | ||||||
| 8 | UE switches-on back | ||||||
| 9 | UE reads from USIM the 3GPP Security Context (PLMN-B) and the non-3GPP Security Context (PLMN-B) | GUTI-B2 | 3gppNSC-B1 | - | GUTI-B1 | n3gppNSC-B1 | - |
| 10 | UE tries to reconnect to PLMN-C on non-3GPP Security Context | Use GUTI-B1 from 5GSN3GPPLOCI and
n3gppNSC-B1 from 5GSN3GPPNSC | |||||
| 11 | UE gets REGISTRATION successful on PLMN-C over non-3GPP | GUTI-B2 | 3gppNSC-B1 | GUTI-C1 | n3gppNSC-C1 | n3gppNSC-B1 | |
| 12 | UE tries to reconnect to PLMN-C on 3GPP | Use e.g. GUTI-B2 from 5GS3GPPLOCI | |||||
| 13 | UE gets REGISTRATION successful on PLMN-C over 3GPP <GUTI-C1 in n3GPP access remains unchanged (different AMF compared to 3GPP access)> | GUTI-C2 | 3gppNSC-C1 | - | GUTI-C1 | n3gppNSC-C1 | - |
| 14 | UE switches-off (UE init de-registration) | ||||||
| 15 | UE stores to USIM the valid 3GPP Security Context (PLMN-C) and the valid non-3GPP Security Context (PLMN-C) | GUTI-C2 | 3gppNSC-C1
(Stored in USIM)(1) | - | GUTI-C1 | n3gppNSC-C1
(Stored in USIM)(1) | - |
| 16 | UE switches ON, reads security contexts from the USIM and registers to PLMN-D over non-3GPP and to PLMN-C over 3GPP | GUTI-C2 | 3gppNSC-C1 | - | GUTI-D1 | n3gppNSC-D1 | n3gppNSC-C1 |
| 17 | UE registers to PLMN-D over 3GPP <GUTI-D1 in n3GPP access remains unchanged (different AMF compared 3GPP access) > | GUTI-D2 | 3gppNSC-D1 | - | GUTI-D1 | n3gppNSC-D1 | - |
| 18 | UE registers to PLMN-C over non-3GPP, remaining registered in PLMN-D over 3GPP access | GUTI-D2 | 3gppNSC-D1 | GUTI-C3 | n3gppNSC-C2 | n3gppNSC-D1 | |
| 19 | UE de-registers from PLMN-C over non-3GPP and remains registered in PLMN-D over 3GPP access | GUTI-D2 | 3gppNSC-D1 | GUTI-C3 | n3gppNSC-C2
(Stored in USIM)(1) | n3gppNSC-D1 | |
| 20 | UE de-registers from PLMN-D over 3GPP access | GUTI-D2 | 3gppNSC-D1
(Stored in USIM)(1) | GUTI-C3 | n3gppNSC-C2 | n3gppNSC-D1
(Stored in USIM)(1) | |
| 21 | UE registers to PLMN-C over non-3GPP access | GUTI-D2 | 3gppNSC-D1 | GUTI-C4 | n3gppNSC-C3 | n3gppNSC-D1 | |
| 22 | UE registers to PLMN-C also over 3GPP access <Compared to GUTI-C4 in n3GPP access, GUTI-C5 corresponds to a new AMF for 3GPP and a new TMSI> | GUTI-C5 | 3gppNSC-C3 | GUTI-C4 | n3gppNSC-C3 | ||
|
General note:
Unless specified as 'Stored in USIM' all the data mentioned under 5GS3GPPNSC or 5GSN3GPPNSC represent data saved in the ME memory that is written to the USIM if the device is switched-off or de-registered from the network at the given step.
NOTE 1:
5G NAS Security Context and associated NAS DL/UL COUNTs (> 0) are written to the USIM as per clauses 4.4.2.1 (NSC), 4.4.3.1 (NAS COUNTS), and Annex C of 3GPP 24.501 [104].
|
|||||||
$ Change history p. 379
