Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 33.303
Proximity-based Services (ProSe) –
Security aspects

3GPP‑Page   ETSI‑search   fToC   Partial Content
V19.0.0 (PDF)  2025/09  94 p.
V18.0.0  2024/03  94 p.
V17.2.0  2023/06  94 p.
V16.0.0  2020/06  92 p.
V15.0.0  2018/06  90 p.
V14.1.0  2017/06  93 p.
V13.5.0  2017/06  93 p.
V12.7.0  2016/06  69 p.
Rapporteur:
Dr. Escott, Adrian
Qualcomm CDMA Technologies

full Table of Contents for  TS 33.303  Word version:  19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 8
2References  p. 8
3Definitions and abbreviations  p. 10
3.1Definitions  p. 10
3.2Abbreviations  p. 10
4Overview of ProSe security  p. 12
4.1General  p. 12
4.2Reference points and Functional Entities  p. 12
5Common security procedures  p. 12
5.1General  p. 12
5.2Network domain security  p. 12
5.2.1General  p. 12
5.2.2Security requirements  p. 12
5.2.3Security procedures  p. 12
5.3Security of UE to ProSe Function interface  p. 13
5.3.1General  p. 13
5.3.2Security requirements  p. 13
5.3.3Security procedures  p. 13
5.3.3.1Security procedures for configuration transfer to the UICC  p. 13
5.3.3.2Security procedures for data transfer to the UE  p. 13
5.3.3.2.1TLS 1.2  p. 13
5.3.3.2.2TLS 1.3  p. 14
5.4Security of the PC2 reference point  p. 15
5.4.1Requirements on PC2 reference point  p. 15
5.4.2Security procedures for PC2 reference point  p. 15
6Security for ProSe features  p. 16
6.1ProSe direct discovery  p. 16
6.1.1Overview of ProSe direct discovery in network coverage  p. 16
6.1.2Security requirements  p. 16
6.1.3Security procedures  p. 17
6.1.3.1Interface between the UE and ProSe Function  p. 17
6.1.3.2Interfaces between network elements  p. 17
6.1.3.3Integrity protection and validation of the transmitted code for open discovery  p. 17
6.1.3.3.1Open discovery security flows  p. 17
6.1.3.4Restricted discovery  p. 20
6.1.3.4.1General  p. 20
6.1.3.4.2Security flows  p. 20
6.1.3.4.2.1Model A security flows  p. 20
6.1.3.4.2.2Model B security flows  p. 23
6.1.3.4.3Protection of the discovery messages over the PC5 interface  p. 26
6.1.3.4.3.1General  p. 26
6.1.3.4.3.2Message Processing in the sending UE  p. 27
6.1.3.4.3.3Protected message processing in the receiving UE  p. 27
6.1.3.4.3.4Integrity protection description  p. 28
6.1.3.4.3.5Scrambling description  p. 28
6.1.3.4.3.6Message-specific confidentiality description  p. 28
6.2Security for One-to-many ProSe direct communication  p. 29
6.2.1Overview of One-to-many ProSe direct communication  p. 29
6.2.2Security requirements  p. 29
6.2.3Bearer layer security mechanism  p. 30
6.2.3.1Security keys and their lifetimes  p. 30
6.2.3.2Identities  p. 30
6.2.3.3Security flows  p. 32
6.2.3.3.1Overview  p. 32
6.2.3.3.2Messages between UE and ProSe Key Management Function  p. 34
6.2.3.3.2.1General  p. 34
6.2.3.3.2.2Key Request and Key Response messages  p. 34
6.2.3.3.2.3MIKEY messages  p. 36
6.2.3.3.2.3.1General  p. 36
6.2.3.3.2.3.2Creation of the MIKEY key delivery message  p. 36
6.2.3.3.2.3.3Processing the MIKEY key delivery message  p. 36
6.2.3.3.2.3.4MIKEY Verification message  p. 37
6.2.3.4Protection of traffic between UE and ProSe Function  p. 37
6.2.3.5Protection of traffic between UE and ProSe Key Management Function  p. 37
6.2.3.6Protection of traffic between UEs  p. 37
6.2.3.6.1Protection of data  p. 37
6.2.3.6.2Key derivation data in PDCP header  p. 38
6.2.4Solution description for media security of one-to-many communications  p. 39
6.3EPC-level discovery of ProSe-enabled UEs  p. 40
6.3.1Security for proximity request authentication and authorization  p. 40
6.3.1.1General  p. 40
6.3.1.2Application Server-signed proximity request  p. 40
6.3.1.3Proximity request digital signature algorithms and key strength  p. 41
6.3.1.4Proximity request hash input format  p. 43
6.3.1.5Verification key format  p. 43
6.3.1.6Profile for Application Server certificate  p. 43
6.3.2Protection of traffic between UE and ProSe Function  p. 43
6.4Security for EPC support WLAN direct discovery and communication  p. 44
6.5Security for One-to-one ProSe Direct communication  p. 44
6.5.1General  p. 44
6.5.2Security Requirements  p. 44
6.5.3Overview of One-to-one ProSe Direct communication  p. 44
6.5.3.1Description of differet layers of keys and their identities  p. 44
6.5.3.2Security states  p. 45
6.5.3.3High level overview of security establishment  p. 45
6.5.4Direct Authentication and Key Establishment  p. 46
6.5.4.1General  p. 46
6.5.5Security Establishment procedures  p. 46
6.5.5.1General  p. 46
6.5.5.2Security establishment during connection set-up  p. 46
6.5.5.3Rekeying security  p. 47
6.5.6Protection of the one-to-one traffic  p. 48
6.5.6.1General  p. 48
6.5.6.2Integrity protection  p. 49
6.5.6.3Confidentiality protection  p. 49
6.5.6.4Security contents in the PCDP header  p. 49
6.5.7 ProSe one-to-one commuication security using ECCSI and SAKKE  p. 50
6.5.7.1General  p. 50
6.5.7.2Key and their identities  p. 50
6.5.7.3Security flows  p. 50
6.5.7.3.1Direct Connection Request  p. 50
6.5.7.3.2Direct Rekeying Request  p. 51
6.6Security for ProSe Public Safety Discovery  p. 52
6.6.1General  p. 52
6.6.2Security Requirements  p. 52
6.6.3Overview of ProSe Public Safety Discovery  p. 52
6.6.3.1General  p. 52
6.6.3.2Key and their identities  p. 53
6.6.4Security flows  p. 53
6.6.4.1Overview  p. 53
6.6.4.2Messages between UE and ProSe Key Management Function  p. 55
6.6.4.2.1General  p. 55
6.6.4.2.2Key Request and Key Response messages  p. 55
6.6.4.2.3MIKEY messages  p. 56
6.6.4.2.3.1General  p. 56
6.6.5Protection of traffic between UE and ProSe Function  p. 56
6.6.6 Protection of traffic between UE and ProSe Key Management Function  p. 56
6.6.7Protection of discovery messages between the UEs  p. 57
6.7Security for ProSe UE-to-network relays  p. 57
6.7.1General  p. 57
6.7.2Security Requirements  p. 57
6.7.3Overview of ProSe UE-to-network relay security  p. 58
6.7.3.1General  p. 58
6.7.3.2Security flows  p. 58
6.7.3.2.1Overview  p. 58
6.7.3.2.1.1Remote UE attaching to a ProSe UE-to-network relay  p. 58
6.7.3.2.1.2Re-synchronisation in GBA Push authentication  p. 60
6.7.3.2.1.3Rekeying procedures  p. 61
6.7.3.2.2Messages between the Remote UE and ProSe Key Management Function  p. 62
6.7.3.2.2.1General  p. 62
6.7.3.2.2.2Key Request and Key Response messages  p. 62
6.7.3.2.3Messages between the Relay and ProSe Key Management Function  p. 63
6.7.3.2.3.1General  p. 63
6.7.3.2.3.2Key Request and Key Response messages  p. 63
6.7.3.3Protection of traffic between Remote UE or Relay and ProSe Function  p. 64
6.7.3.4Protection of traffic between Remote UE or Relay and ProSe Key Management Function  p. 64
6.7.3.5Protection of traffic between Remote UE and Relay  p. 65
A(Normative)  Key derivation functions  p. 66
A.1KDF interface and input parameter construction  p. 66
A.1.1General  p. 66
A.1.2FC value allocations  p. 66
A.2Calculation of the MIC value  p. 66
A.3Calculation of PTK  p. 66
A.4Calculation of keys from PTK and KD-sess  p. 67
A.5Calculation of scrambling bits for discovery  p. 67
A.6Calculation of message-specific confidentiality keystream for discovery  p. 67
A.7Calculation of KD for UE-to-network relays  p. 68
A.8Calculation of discovery keys from PSDK  p. 68
BVoidp. …
CVoidp. …
DVoidp. …
E(Normative)  Key Request and Response messages  p. 73
E.1Introduction  p. 73
E.2Transport protocol for messages between UE and ProSe Key Management Function  p. 73
E.3XML Schema  p. 73
E.4Semantics  p. 77
E.4.1General  p. 77
E.4.2Semantics of <KEY_REQUEST>  p. 77
E.4.3Semantics of <KEY_RESPONSE>  p. 78
E.5General message format and information elements coding  p. 80
E.5.2-  p. 80
E.5.2.2Parameters in ProSe key management messages  p. 80
E.5.2.2.1Transaction ID  p. 80
E.5.2.2.2Supported Algorithm  p. 81
E.5.2.2.3Group ID  p. 81
E.5.2.2.4PGK ID  p. 81
E.5.2.2.5Error Code  p. 81
E.5.2.2.6Group Member ID  p. 82
E.5.2.2.7Algorithm Info  p. 82
E.5.2.2.8PMK ID  p. 82
E.5.2.2.9PMK  p. 82
E.5.2.2.10PRUK ID  p. 82
E.5.2.2.11PRUK  p. 82
E.5.2.2.12IMSI  p. 82
E.5.2.2.13Relay Service Code  p. 83
E.5.2.2.14MSISDN  p. 83
E.5.2.2.15Nonce 1  p. 83
E.5.2.2.16RAND  p. 83
E.5.2.2.17AUTS  p. 83
E.5.2.2.18Key KD  p. 83
E.5.2.2.19KD Freshness parameter  p. 83
E.5.2.2.20GPI  p. 83
E.5.2.2.21Remote UE other identity  p. 83
E.5.2.2.22Public Safety Discovery Security Capabilities  p. 83
E.5.2.2.23Relay Service Code  p. 84
E.5.2.2.24PSDK ID  p. 84
E.5.2.2.25Discovery Group ID  p. 84
E.5.2.2.26Protection Profile  p. 84
E.5.2.2.27Encrypted bit mask  p. 84
E.5.2.2.28Key Type ID  p. 84
E.5.2.2.29Current time  p. 85
E.5.2.2.30Max Offset  p. 85
FNetwork options for PC3 security  p. 85
F.1General  p. 85
F.2Prose Function using standalone BSF  p. 85
F.3BSF - Prose Function/NAF colocation  p. 86
F.4Prose Function with bootstrapping entity  p. 87
GProtection of Restricted Discovery and Public Safety Discovery messages  p. 88
G.1General  p. 88
G.2Different combinations of security mechanisms  p. 89
$Change history  p. 90

Up   Top