| 6.0 | Mapping of Solutions to Key Issues p. 13
| 6.1.1 | Introduction p. 13
|
| 6.1.2 | Solution details p. 13
| 6.1.2.1 | General p. 13
|
| 6.1.2.2 | Solution details for S&F in EPS p. 14
|
| 6.1.2.3 | Solution details for S&F in 5G p. 15
|
|
| 6.1.3 | Evaluation p. 17
|
|
| 6.2 | Solution #2: IOPS security concept for S&F p. 18
| 6.2.1 | Introduction p. 18
|
| 6.2.2 | Solution details p. 18
| 6.2.2.1 | General p. 18
|
| 6.2.2.2 | Solution details for S&F in EPS p. 18
|
| 6.2.2.3 | Solution details for S&F in 5G p. 20
|
|
| 6.2.3 | Evaluation p. 21
|
|
| 6.3 | Solution #3: IOPS based solution for UE to satellite security p. 22
| 6.3.2 | Solution details p. 22
| 6.3.2.1 | IOPS based solution p. 22
|
| 6.3.2.2 | Enhancement to IOPS solution p. 22
| 6.3.2.2.1 | Enhancement description p. 22
|
| 6.3.2.2.2 | Example sequence number management profile p. 23
|
|
|
|
| 6.4 | Solution #4: Store and forward satellite operation p. 24
|
| 6.5 | Solution #5: Onboard UDM p. 27
|
| 6.6 | Solution #6: Primary authentication and NAS security context establishment during store-and-forward operations p. 29
|
| 6.7 | Solution #7: Optimization of subsequent authentication procedure in S&F operation p. 31
| 6.7.1 | Introduction p. 31
|
| 6.7.2 | Solution details p. 31
| 6.7.2.1 | Provisioning of authentication vectors p. 31
|
| 6.7.2.2 | Optimized subsequent authentication procedure p. 32
|
|
| 6.7.3 | Evaluation p. 33
|
|
| 6.8 | Solution #8: Solution on preventing DoS attacks in S&F operation p. 34
|
| 6.9 | Solution #9: Secure Initial Registration for S&F satellite operation p. 37
|
| 6.10 | Solution #10: UE Attach/Registration method for S&F operation p. 39
|
| 6.11 | Solution #11: UE context management for S&F operation p. 40
|
| 6.12 | Solution #12: Authentication for store and forward satellite operation p. 42
|
| 6.13 | Solution #13: Security protection based on onboard HSS p. 45
|
| 6.14 | Solution #14: Authorization mechanism for uplink NAS message in S&F satellite operation p. 46
|
| 6.15 | Solution #15: Attach procedure for split MME architecture p. 47
|
| 6.16 | Solution #16: Authorization during S&F MO transmission p. 49
|
| 6.17 | Solution #17: Attach procedure with MME on board the satellite p. 51
|
| 6.18 | Solution #18: Security protection for store and forward satellite operation p. 52
|
| 6.19 | Solution #19: Mitigating UE privacy risks using temporary UE ID p. 53
|
| 6.20 | Solution #20: Mitigation of privacy issues of interim GUTI p. 55
| 6.20.1 | Introduction p. 55
|
| 6.20.2 | Solution details p. 56
| 6.20.2.1 | General p. 56
|
| 6.20.2.2 | Alternative 1: restrict the use of interim GUTI p. 57
|
| 6.20.2.3 | Alternative 2: No use of interim GUTI p. 57
|
|
| 6.20.3 | Evaluation p. 58
|
|
| 6.21 | Solution #21: Remediation of unauthenticated (D)DOS in S&F p. 58
|
| 6.22 | Solution #22: AS security context establishment with store-and-forward operations p. 64
|
| 6.23 | Solution #23: Security protection in S&F satellite operation with RAN on board p. 67
|
| 6.24 | Solution #24: Expedited Authentication in 5GS in S&F Mode p. 69
|
| 6.25 | Solution #25: Solution on preventing DoS attacks before security context is established p. 72
|
| 6.26 | Solution #26: Protection of partial registration or attach accept message in S&F operation p. 75
|
| 6.27 | Solution #27: Anti DoS attacks and privacy protection in S&F operations p. 77
|
| 6.28 | Solution #28: Security protection based on AKA procedure in S&F operation with a full CN onboard the satellite p. 79
|
| 6.29 | Solution #29: Authentication and authorization in S&F based on onboard EPC p. 80
|
| 6.30 | Solution #30: Interim GUTI privacy protection based on pseudonym UE IDs p. 81
|
| 6.31 | Solution #31: Mitigation of Security Issues of Unprotected NAS Reject p. 84
|
| 6.32 | Solution #32: Remediation of unauthenticated (D)DOS in S&F (Alternatives to Solution #21) p. 86
|
| 6.33 | Solution #33: Integration of Solutions #8 and #21 to provide D(DOS) protection from both, pre-provisioned UEs and unauthenticated UEs p. 91
|
| 6.34 | Solution #34: Integration of Solutions #9 and #21 to provide D(DOS) protection from both, pre-provisioned UEs and unauthenticated UEs p. 94
|
| 6.35 | Solution #35: Integration of Solutions #9 and #21 to provide D(DOS) protection from both, pre-provisioned UEs and unauthenticated UEs p. 97
|
| 6.36 | Solution #36: Extended Authentication on split MME architecture in S&F mode p. 101
|
| 6.37 | Solution #37: NAS key distribution in split MME architecture p. 103
|
| 6.38 | Solution #38: Store and forward (s&f) satellite operation using GUTI or 5G-GUTI p. 104
|
