Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.700-32
Study on Security aspects of User Identities and Authentication

3GPP‑Page   fToC   Partial Content
V19.1.0 (Wzip)  2025/03  69 p.
Rapporteur:
Mr. Ferdi, Samir
InterDigital, Inc.

full Table of Contents for  TR 33.700-32  Word version:  19.1.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 8
2References  p. 8
3Definitions of terms and abbreviations  p. 8
3.1Terms  p. 8
3.2Symbols  p. 8
3.3Abbreviations  p. 9
4Architecture and security assumptions  p. 9
5Key issues  p. 9
5.1Key Issue #1: Authentication and Authorization of Human User ID  p. 9
5.1.1Key issue details  p. 9
5.1.2Security threats  p. 9
5.1.3Potential security requirements  p. 10
5.2Key Issue #2: User privacy  p. 10
5.2.1Key issue details  p. 10
5.2.2Security threats  p. 10
5.2.3Potential security requirements  p. 10
5.3Key issue #3: Authentication and Authorization of one or more non-3GPP devices behind one gateway UE or 5G-RG  p. 10
5.3.1Key issue details  p. 10
5.3.2Security Threats  p. 10
5.3.3Potential security requirements  p. 10
6Solutions  p. 11
6.0Mapping of Solutions to Key Issues  p. 11
6.1Solution #1: User authentication and authorization of human user  p. 11
6.1.1Introduction  p. 11
6.1.2Solution details  p. 11
6.1.3Evaluation  p. 12
6.2Solution #2: User Authentication and Authorization via AMF  p. 12
6.2.1Introduction  p. 12
6.2.2Solution details  p. 13
6.2.3Evaluation  p. 14
6.3Solution #3: User Authentication and Authorization over NAS  p. 14
6.3.1Introduction  p. 14
6.3.2Solution details  p. 15
6.3.3Evaluation  p. 16
6.4Solution #4: Security protection of human user privacy  p. 16
6.4.1Introduction  p. 16
6.4.2Solution details  p. 16
6.4.2.1KUIA deriving  p. 16
6.4.2.2User_ID activation and privacy protection  p. 17
6.4.2.3Derivation of User-ID related material  p. 18
6.4.3Evaluation  p. 19
6.5Solution #5: User authentication and authorization  p. 19
6.5.1Introduction  p. 19
6.5.2Solution details  p. 19
6.5.3Evaluation  p. 20
6.6Solution #6: Human User authentication of through NAS procedure  p. 20
6.6.1Introduction  p. 20
6.6.2Solution Details  p. 20
6.6.3Evaluation  p. 22
6.7Solution #7: Authentication and Authorization of Human User ID  p. 22
6.7.1Introduction  p. 22
6.7.2Solution Details  p. 23
6.7.4Evaluation  p. 24
6.8Solution #8: User authentication with preconfigured credential  p. 24
6.8.1Introduction  p. 24
6.8.2Solution details  p. 24
6.8.2.1Description  p. 24
6.8.2.2User authentication procedure with the UAAF deployed by operator  p. 25
6.8.2.3User authentication procedure with the AAA-S deployed by third party  p. 26
6.8.3Evaluation  p. 27
6.10.1Introduction  p. 30
6.10.2Solution details  p. 30
6.10.3Evaluation  p. 31
6.11Solution #11: Re-using existing mechanisms for user privacy  p. 31
6.11.1Introduction  p. 31
6.11.2Solution details  p. 31
6.11.3Evaluation  p. 31
6.12Solution #12: authorization of non-3GPP devices behind 5G-RG  p. 32
6.12.1Introduction  p. 32
6.12.2Solution details  p. 32
6.12.3Evaluation  p. 33
6.13Solution #13: Authentication and Authorization procedure of N3D behind gateway UE or 5G-RG  p. 33
6.13.1Introduction  p. 33
6.13.2Solution details  p. 33
6.13.2.1Authentication Procedure  p. 33
6.13.2.2Re-Authentication procedure  p. 36
6.13.2.3Authentication and Authorization revocation  p. 36
6.13.4Evaluation  p. 37
6.14Solution #14: Authentication and authorization of non-3GPP devices  p. 37
6.14.1Introduction  p. 37
6.14.2Solution details  p. 37
6.14.3Evaluation  p. 37
6.15Solution #15: Authentication of user behind the UE  p. 37
6.15.1Introduction  p. 37
6.15.2Solution details  p. 38
6.15.2.1Concept  p. 38
6.15.2.2Solution flow  p. 38
6.15.3Evaluation  p. 40
6.16Solution #16: User Authentication and Authorization  p. 40
6.16.1Introduction  p. 40
6.16.2Solution details  p. 41
6.16.2.1User Initiated procedure  p. 41
6.16.2.2Network Initiated procedure  p. 42
6.16.3Evaluation  p. 43
6.17Solution #17: Solution for exposure privacy issue  p. 44
6.17.1Introduction  p. 44
6.17.2Solution details  p. 44
6.17.2.1Exposure of user profile information  p. 44
6.17.2.2aExposure of linked UE subscription information associated with User Identifier  p. 44
6.17.2.2bExposure of linked UE subscription information associated with User Identifier to AMF/SMF (internal NFs)  p. 45
6.17.3Evaluation  p. 46
6.18Solution #18: User privacy during the connection with 5GC  p. 47
6.18.1Introduction  p. 47
6.18.2Solution details  p. 47
6.18.2.1Mobility or attaching to other access scenarios:  p. 48
6.18.3Evaluation  p. 48
6.19Solution #19: User privacy protection  p. 48
6.19.1Introduction  p. 48
6.19.2Solution details  p. 49
6.19.3Evaluation  p. 49
6.20Solution #20: privacy protection for user ID over the air  p. 50
6.20.1Introduction  p. 50
6.20.2Details  p. 50
6.20.3Evaluation  p. 50
6.21Solution #21: A&A of non-3GPP devices behind UE or 5G-RG based on secondary authentication  p. 50
6.21.1Introduction  p. 50
6.21.2Solution details  p. 50
6.21.3Evaluation  p. 51
6.22Solution #22: User authentication with credentials derived by AUSF  p. 51
6.22.1Introduction  p. 51
6.22.2Solution details  p. 51
6.22.2.1Description  p. 51
6.22.2.2User activation procedure with the AUSF and UIMF  p. 52
6.22.2.3Key hierarchy for user authentication with derived credential  p. 54
6.22.2.4User authentication procedure with the UAAF  p. 54
6.22.2.5Derivation of KUIA and KUSER  p. 55
6.22.3Evaluation  p. 56
6.23Solution #23: User Authentication with EAP-PSK  p. 56
6.23.1Introduction  p. 56
6.23.2Solution details  p. 57
6.23.3Evaluation  p. 58
6.24Solution #24: User ID privacy protection based on EAP-TLS protocol using pseudonym mechanism  p. 58
6.24.1Introduction  p. 58
6.24.2Solution details  p. 58
6.24.3Evaluation  p. 59
6.25Solution #25: User Authentication with Certificate Generated by an authorized UE  p. 60
6.25.1Solution Introduction  p. 60
6.25.2Solution Details  p. 60
6.25.3Evaluation  p. 61
6.26Solution #26: User authentication with credentials derived by UIMF  p. 61
6.26.1Introduction  p. 61
6.26.2Solution details  p. 61
6.26.2.1Description  p. 61
6.26.2.2KUIA generation by AUSF and UE during Registration procedure  p. 62
6.26.2.3KUSER generation by UIMF and UE during User Authentication procedure  p. 64
6.26.2.4User authentication between UE and UAAF  p. 65
6.26.2.5Key hierarchy and derivation  p. 66
6.26.3Evaluation  p. 66
6.27Solution #27: User privacy protection for UIP exposure based on RNAA  p. 67
6.27.1Introduction  p. 67
6.27.2Solution details  p. 67
6.27.3Evaluation  p. 67
7Conclusions  p. 67
7.1Key issue #1: Authentication and Authorization of Human User ID  p. 67
7.2Key issue #2: User privacy  p. 67
7.3Key issue #3: Authentication and Authorization of one or more non-3GPP devices behind one gateway UE or 5G-RG  p. 68
$Change history  p. 69

Up   Top