Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.713
Study on security aspects of Ambient Internet of Things (AIoT) Services in 5G

3GPP‑Page   fToC   Partial Content
V19.0.0 (Wzip)  2025/09  134 p.
Rapporteur:
Mr. Wong, Marcus
OPPO

full Table of Contents for  TR 33.713  Word version:  19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 10
2References  p. 10
3Definitions of terms, symbols and abbreviations  p. 11
3.1Terms  p. 11
3.2Symbols  p. 11
3.3Abbreviations  p. 11
4Architecture and Security Assumptions  p. 11
5Key issues  p. 12
5.1Key Issue #1: Protection for disabling device operation  p. 12
5.1.1Key issue details  p. 12
5.1.2Threats  p. 12
5.1.3Potential security requirements  p. 12
5.2Key Issue #2: Authorization of intermediate UE for 5G Ambient IoT services  p. 12
5.2.1Key issue details  p. 12
5.2.2Security threats  p. 12
5.2.3Potential security requirements  p. 13
5.3Key issue #3: Privacy by protecting AIoT device identifiers  p. 13
5.3.1Key issue details  p. 13
5.3.2Security Threats  p. 13
5.3.3Potential security requirements  p. 13
5.4Key issue #4: Protection of information during AIoT service communication  p. 13
5.4.1Key issue details  p. 13
5.4.2Security threats  p. 13
5.4.3Potential security requirements  p. 14
5.5Key Issue #5: Authentication in Ambient IoT service  p. 14
5.5.1Key issue details  p. 14
5.5.2Threats  p. 14
5.5.3Potential security requirements  p. 14
5.6Key issue #6: Exposure of Inventory Device Quantity  p. 14
5.6.1Key issue details  p. 14
5.6.2Security threats  p. 15
5.6.3Potential security requirements  p. 15
5.7Key Issue #7: Authorization of inventory requests for 5G Ambient IoT services  p. 15
5.7.1Key issue details  p. 15
5.7.2Security threats  p. 15
5.7.3Potential security requirements  p. 16
5.8Key issue #8: Amplification of resource exhaustion by exploiting AIoT paging messages  p. 16
5.8.1Key issue details  p. 16
5.8.2Security threats  p. 16
5.8.3Potential security requirements  p. 16
5.9Key Issue #9: Attacks on carrier waves  p. 17
5.9.1Key issue details  p. 17
5.9.2Security threats  p. 17
5.9.3Potential security requirements  p. 17
6Solutions  p. 18
6.0Mapping of solutions to key issues  p. 18
6.1Solution #1: Ambient IoT device disabling mechanism  p. 19
6.1.1Introduction  p. 19
6.1.2Solution details  p. 19
6.1.3Evaluation  p. 20
6.2Solution #2:PCF based Service Authorization and Provisioning to UE  p. 20
6.2.1Introduction  p. 20
6.2.2Solution details  p. 21
6.2.3Evaluation  p. 21
6.3Solution #3: Authorization of Intermediate UE for AIoT services  p. 21
6.3.1Introduction  p. 21
6.3.2Solution details  p. 21
6.3.3Evaluation  p. 23
6.4Solution #4: Protection for inventory and command procedure  p. 23
6.4.1Introduction  p. 23
6.4.2Solution details  p. 23
6.4.2.1Protection for inventory-only procedure  p. 23
6.4.2.2Protection for inventory and command procedure  p. 24
6.4.2.3Auth_token and XAuth_token derivation function  p. 25
6.4.3Evaluation  p. 25
6.5Solution #5: Disabling and Enabling AIoT Device  p. 25
6.5.1Introduction  p. 25
6.5.2Solution details  p. 26
6.5.3Evaluation  p. 27
6.6Solution #6: AIoT device authentication  p. 27
6.6.1Introduction  p. 27
6.6.2Solution details  p. 27
6.6.3Evaluation  p. 29
6.7Solution #7: Lightweight AIoT Authentication solution  p. 29
6.7.1Introduction  p. 29
6.7.2Details  p. 30
6.7.3Evaluation  p. 32
6.8Solution #8: Mutual authentication for AIoT system  p. 32
6.8.1Introduction  p. 32
6.8.2Details  p. 32
6.8.3Evaluation  p. 34
6.9Solution #9: Device authentication and data communication security  p. 34
6.9.1Introduction  p. 34
6.9.2Solution details  p. 34
6.9.3Evaluation  p. 36
6.10.1Introduction  p. 37
6.10.2Solution details  p. 37
6.10.2.1UE reader case  p. 37
6.10.2.1.1Alternative 1 - UE reader granularity  p. 37
6.10.2.1.2Alternative 2 - AIoT device granularity  p. 39
6.10.2.2RAN reader case  p. 40
6.10.2.3Example of usage of authentication method and protocol  p. 42
6.10.3Evaluation  p. 42
6.11Solution #11: Authentication and ID Privacy of AIoT devices with USIM on AIoT AS Layer  p. 43
6.11.1Introduction  p. 43
6.11.2Solution details  p. 43
6.11.3Evaluation  p. 45
6.12Solution #12: Authentication and ID Privacy of AIoT devices with USIM on AIoT Layer  p. 45
6.12.1Introduction  p. 45
6.12.2Solution details  p. 46
6.12.3Evaluation  p. 48
6.13Solution #13: Authentication and ID privacy of AIoT devices without USIM  p. 48
6.13.1Introduction  p. 48
6.13.2.1Solution details  p. 49
6.13.2.2Handling of Temporary ID mismatch  p. 53
6.13.2.3Handling of group of devices  p. 56
6.13.2.4Handling of encryption key mismatch  p. 57
6.13.3Evaluation  p. 60
6.14Solution #14: Information protection during AIoT service communication  p. 60
6.14.1Introduction  p. 60
6.14.2Solution details  p. 61
6.14.2.1Inventory Service information protection  p. 61
6.14.2.2Command Service information protection  p. 61
6.14.3Evaluation  p. 62
6.15Solution #15: End-to-end security protection of command procedure  p. 63
6.15.1Introduction  p. 63
6.15.2Solution details  p. 63
6.15.3Evaluation  p. 64
6.16Solution #16: Disabling operation procedure for Ambient IoT services  p. 65
6.16.1Introduction  p. 65
6.16.2Solution details  p. 65
6.16.3Evaluation  p. 66
6.17Solution #17: Disabling operation procedure for AIoT services  p. 66
6.17.1Introduction  p. 66
6.17.2Solution details  p. 66
6.17.2.1Disable an AIoT device temporarily or permanently  p. 66
6.17.2.2Enable a temporarily disabled AIoT device  p. 68
6.17.3Evaluation  p. 69
6.18Solution #18: Authorization procedure for AF-based intermediate node selection  p. 69
6.18.1Introduction  p. 69
6.18.2Solution details  p. 69
6.18.3Evaluation  p. 70
6.19Solution #19: Authorization of AIoT capable UE in topology 2  p. 70
6.19.1Introduction  p. 70
6.19.2Solution details  p. 71
6.19.3Evaluation  p. 73
6.20Solution #20: Lightweight AIOT ID privacy based on hashes  p. 73
6.20.1Introduction  p. 73
6.20.2Details  p. 74
6.20.3Evaluation  p. 76
6.21Solution #21: Ephemeral AIOT ID security context based on puzzles for privacy  p. 76
6.21.1Introduction  p. 76
6.21.2Details  p. 77
6.21.3Evaluation  p. 79
6.22Solution #22: Solution for protecting AIoT ID by using temporary ID  p. 79
6.22.1Introduction  p. 79
6.22.2Solution details  p. 80
6.22.3Evaluation  p. 81
6.23Solution #23: AIoT device ID privacy protection using anonymity key  p. 81
6.23.1Introduction  p. 81
6.23.2Solution details  p. 81
6.23.3Evaluation  p. 83
6.24Solution #24: temporary ID based AIoT device privacy protection  p. 83
6.24.1Introduction  p. 83
6.24.2Solution details  p. 83
6.24.3Evaluation  p. 84
6.25Solution #25: Use temporary identifier to protect the privacy of AIoT device identifiers.  p. 84
6.25.1Introduction  p. 84
6.25.2Solution details  p. 84
6.25.3Evaluation  p. 86
6.26Solution #26: Local generated Temporary ID to provide device privacy  p. 86
6.26.1Introduction  p. 86
6.26.2Solution details  p. 87
6.26.2.1Temporary ID generation.  p. 87
6.26.3Evaluation  p. 88
6.27Solution #27: Privacy protection of AIoT device identifier based on a temporary identifier  p. 89
6.27.1Introduction  p. 89
6.27.2Solution details  p. 90
6.27.2.1Procedures  p. 90
6.27.2.2Generation of a temporary identifier  p. 91
6.27.3Evaluation  p. 91
6.28Solution #28: Privacy protection on AIoT device IDs  p. 91
6.28.1Introduction  p. 91
6.28.2Details  p. 91
6.28.3Evaluation  p. 92
6.29Solution #29: Providing a network-computed AIoT concealed device identifier (AICI) to an AIoT device  p. 93
6.29.1Introduction  p. 93
6.29.2Solution details  p. 93
6.29.3Evaluation  p. 95
6.30Solution #30: Privacy protection for inventory operation  p. 95
6.30.1Introduction  p. 95
6.30.2Solution details  p. 95
6.30.2.1Inventory procedure with unprotected inventory request parameters  p. 95
6.30.2.2Inventory procedure with protected inventory request parameters  p. 96
6.30.3Evaluation  p. 97
6.31Solution #31: Ambient IoT ID privacy  p. 98
6.31.1Introduction  p. 98
6.31.2Solution details  p. 98
6.31.3Evaluation  p. 99
6.32Solution #32: Authentication Using L1 Parameter  p. 99
6.32.1Introduction  p. 99
6.32.2Solution details  p. 99
6.32.3Evaluation  p. 101
6.33Solution #33: L1 Security Key Generation  p. 101
6.33.1Introduction  p. 101
6.33.2Solution details  p. 101
6.34Solution #34: PHY key based protecting AIoT device identifiers  p. 103
6.34.1Introduction  p. 103
6.34.2Solution details  p. 104
6.34.3Evaluation  p. 105
6.35Solution #35: Configurable device/network authentication, data confidentiality, integrity and id privacy protection  p. 105
6.35.1Introduction  p. 105
6.35.2Solution details  p. 105
6.36Voidp. …
6.37Solution #37: Mutual Authentication Using AEAD for Inventory and Command case  p. 107
6.37.1Introduction  p. 107
6.37.2Solution details  p. 107
6.37.3Evaluation  p. 109
6.38Solution #38: Authentication and privacy of AIoT device  p. 109
6.38.1Introduction  p. 109
6.38.2Solution details  p. 110
6.38.3Evaluation  p. 111
6.39Solution #39: reuse of existing authentication frameworks  p. 111
6.39.1Introduction  p. 111
6.39.2Solution details  p. 111
6.39.3Evaluation  p. 111
6.40Solution #40: Communication security for reading all information from AIoT device  p. 112
6.40.1Introduction  p. 112
6.40.2Solution details  p. 112
6.41Solution #41: Disabling protection for AIoT device  p. 113
6.41.1Introduction  p. 113
6.41.2Solution details  p. 113
6.41.2.1Disable an AIoT device permanently or temporarily  p. 113
6.41.2.2Enable a temporarily disabled AIoT device  p. 115
6.42Solution #42: Combined authentication and data protection for Ambient IoT services  p. 116
6.42.1Introduction  p. 116
6.42.2Solution details  p. 116
6.42.3Evaluation  p. 118
6.43Solution #43: Authentication between AIoT Device and 5GC  p. 119
6.43.1Introduction  p. 119
6.43.2Solution details  p. 119
6.43.3Evaluation  p. 122
6.45Solution #45: Temp ID based privacy protection for Ambient IoT device identifier  p. 124
6.45.1Introduction  p. 124
6.45.2Solution details  p. 124
6.45.3Evaluation  p. 126
6.46Solution #46: AIoT command message security protection procedure  p. 127
6.46.1Introduction  p. 127
6.46.2Solution details  p. 127
6.46.3Evaluation  p. 129
6.47Solution #47: A key provisioning for network layer security  p. 129
6.47.1Introduction  p. 129
6.47.2Solution details  p. 130
6.47.3Evaluation  p. 131
6.48Solution #48: temporary ID based AIoT device privacy protection  p. 131
6.48.1Introduction  p. 131
6.48.2Solution details  p. 131
6.48.3Evaluation  p. 132
7Conclusions  p. 133
7.0General conclusion  p. 133
7.1Conclusion on KI #1: Protection for disabling device operation  p. 133
7.2Conclusion for KI #2: Authorization for 5G Ambient IoT services  p. 133
7.3Conclusion on KI #3: Privacy by protecting AIoT device identifiers  p. 133
7.4Conclusion on KI #4: Protection of information during AIoT service communication  p. 134
7.5Conclusion on KI #5: Authentication in Ambient IoT service  p. 134
7.6Conclusion on KI #6: Exposure of Inventory Device Quantity  p. 134
$Change history  p. 135

Up   Top