Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.740
Study on Security aspects of
Proximity Based Services (ProSe) in 5GS
Phase 2

3GPP‑Page  
V18.1.0 (Wzip)  2023/09  117 p.
Rapporteur:
Mr. Zhou, Wei
CATT

full Table of Contents for  TR 33.740  Word version:  18.1.0

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 Security Aspects of 5G ProSe5 Key issues6 Solutions7 Conclusions$ Change history

 

1  Scopep. 10

The present document studies the security and privacy aspects of proximity based services in 5G system phase 2. It ensures that the security solutions are aligned with the work in SA2 (i.e. TR 23.700-33), RANs, SA1 (i.e. TS 22.278, TS 22.261, and TS 22.115) and SA3 (i.e. TS 33.503 and TR 33.870 [7]). The present document covers the following issues:
  • Security and privacy key issues, threats and potential requirements of proximity based services in 5G system phase 2.
  • Potential security solutions to cover these potential requirements.
Both roaming and non-roaming scenarios are considered.
Up

2  Referencesp. 10

3  Definitions of terms, symbols and abbreviationsp. 11

3.1  Termsp. 11

3.2  Abbreviationsp. 11

4  Security Aspects of 5G ProSep. 11

4.1  Generalp. 11

4.2  Architecture assumptionp. 12

5  Key issuesp. 12

5.1  Key Issue #1: Security for UE-to-UE Relay discoveryp. 12

5.1.1  Key issue detailsp. 12

5.1.2  Security threatsp. 12

5.1.3  Potential security requirementsp. 12

5.2  Key Issue #2: Security of UE-to-UE Relayp. 12

5.2.1  Key issue detailsp. 12

5.2.2  Security threatsp. 13

5.2.3  Potential security requirementsp. 13

5.3  Key issue #3: Authorization in the UE-to-UE Relay Scenariop. 13

5.3.1  Key issue detailsp. 13

5.3.2  Security threatsp. 13

5.3.3  Potential security requirementsp. 13

5.4  Key Issue #4: Privacy of information over the UE-to-UE Relayp. 14

5.4.1  Key issue detailsp. 14

5.4.2  Security threatsp. 14

5.4.3  Potential security requirementsp. 14

5.5  Key Issue #5: Security of source and target UE communication via U2U relayp. 14

5.5.1  Key issue detailsp. 14

5.5.2  Security threatsp. 15

5.5.3  Potential security requirementsp. 15

5.6  Key Issue #6: Support for Emergency service over UE-to-Network Relayingp. 15

5.6.1  Key issue detailsp. 15

5.6.2  Security threatsp. 15

5.6.3  Potential security requirementsp. 15

6  Solutionsp. 16

6.0  Mapping of Solutions to Key Issuesp. 16

6.1  Solution #1: Restricted Peer UE IP Discovery with Layer-3 UE-to-UE Relayp. 17

6.1.1  Introductionp. 17

6.1.2  Solution detailsp. 17

6.1.3  Evaluationp. 18

6.2  Solution #2: Privacy handling for Layer-3 UE-to-UE Relay based on IP routingp. 18

6.2.1  Introductionp. 18

6.2.2  Solution detailsp. 19

6.2.3  Evaluationp. 20

6.3  Solution #3: PC5 security establishment when L3 UE-to-UE relay is in coveragep. 20

6.3.1  Introductionp. 20

6.3.2  Solution detailsp. 21

6.3.2.1  Procedure for PC5 security establishment between the 5G ProSe Source UE and 5G ProSe UE-to-UE Relayp. 21

6.3.2.2  Procedure for PC5 security establishment between the 5G ProSe Target UE and 5G ProSe UE-to-UE Relayp. 23

6.3.3  Evaluationp. 23

6.4  Solution #4: PC5 security establishment when L3 UE-to-UE relay is out of coveragep. 24

6.4.1  Introductionp. 24

6.4.2  Solution detailsp. 24

6.4.3  Evaluationp. 26

6.5  Solution #5: PC5 link security establishment for Layer-3 U2U Relayp. 26

6.5.1  Introductionp. 26

6.5.2  Solution detailsp. 26

6.5.2.0  Generalp. 26

6.5.2.1  PC5 link security establishment procedure over User Planep. 26

6.5.2.2  PC5 link security establishment procedure over Control Planep. 29

6.5.3  Evaluationp. 31

6.6  Solution #6: End-to-end security establishment for Layer-2 UE-to-UE relayp. 31

6.6.1  Introductionp. 31

6.6.2  Solution detailsp. 32

6.6.2.1  End-to-end security establishment for Layer-2 UE-to-UE relayp. 32

6.6.2.2  Key Hierarchy for UE-to-UE relayp. 34

6.6.2.3  Key derivation functionsp. 35

6.6.2.3.1  KD-sess derivation functionp. 35
6.6.2.3.2  Integrity and encryption keys derivation functionp. 35

6.6.3  Evaluationp. 35

6.7  Solution #7: Non-network-assisted Security Establishment Procedure for 5G ProSe Layer-3 UE-to-UE Relayp. 35

6.7.1  Introductionp. 35

6.7.2  Solution detailsp. 36

6.7.3  Evaluationp. 37

6.8  Solution #8: Restricted 5G ProSe UE-to-UE Relay Discovery Model Ap. 37

6.8.1  Introductionp. 37

6.8.2  Solution detailsp. 38

6.8.3  Evaluationp. 40

6.9  Solution #9: Restricted 5G ProSe UE-to-UE Relay Discovery Model Bp. 40

6.9.1  Introductionp. 40

6.9.2  Solution detailsp. 41

6.9.3  Evaluationp. 43

6.10  Solution #10: PAKE-based security for UE-to-UE relayp. 43

6.10.1  Introductionp. 43

6.10.2  Solution detailsp. 44

6.10.2.0  Generalp. 44

6.10.2.1  Parameter provisioning in-coverage and out-of coveragep. 45

6.10.2.2  PAKE protocolsp. 45

6.10.2.3  Parameters exchanged prior to the PAKE executionp. 46

6.10.2.4  PAKE executionp. 46

6.10.2.5  Secure exchange of datap. 46

6.10.2.6  PAKE-based authorizationp. 46

6.10.3  Evaluationp. 47

6.11  Solution #11: Security for UE-to-UE Relay (Model A) discoveryp. 47

6.11.1  Introductionp. 47

6.11.2  Solution detailsp. 48

6.11.2.1  Restricted 5G ProSe UE-to-UE Relay discovery Model Ap. 48

6.11.3  Evaluationp. 50

6.12  Solution #12: Security of Layer-2 UE-to-UE Relay and Adaptation Layerp. 50

6.12.1  Introductionp. 50

6.12.2  Solution detailsp. 51

6.12.2.1  End-to-End PC5 unicast link establishment and data forwardingp. 51

6.12.2.2  Privacy of identifiers for End-to-End PC5 unicast linkp. 52

6.12.3  Evaluationp. 53

6.13  Solution #13: E2E authentication with Layer-3 UE-to-UE Relayp. 54

6.13.1  Introductionp. 54

6.13.2  Solution detailsp. 54

6.13.3  Evaluationp. 56

6.14  Solution #14: path switching with Layer-2 UE-to-UE Relayp. 56

6.14.1  Introductionp. 56

6.14.2  Solution detailsp. 56

6.14.3  Evaluationp. 58

6.15  Solution #15: Selection and authorization of in-coverage and out-of-coverage authentication and key establishmentp. 58

6.15.1  Introductionp. 58

6.15.2  Solution detailsp. 59

6.15.3  Evaluationp. 60

6.16  Solution #16: Centralized discovery key management and U2U relay authorizationp. 60

6.16.1  Introductionp. 60

6.16.2  Solution detailsp. 61

6.16.3  Evaluationp. 61

6.17  Solution #17: U2U relay discovery security material retrieval and authorization across PLMNsp. 62

6.17.1  Introductionp. 62

6.17.2  Solution detailsp. 63

6.17.3  Evaluationp. 64

6.18  Solution #18: UE-to-UE Relay securityp. 64

6.18.1  Introductionp. 64

6.18.2  Solution detailsp. 65

6.18.3  Evaluationp. 65

6.19  Solution #19: End-to-end security establishment over the UE-to-UE Relayp. 66

6.19.1  Introductionp. 66

6.19.2  Solution detailsp. 66

6.19.2.1  End-to-end security establishment procedure over the L3 UE-to-UE Relayp. 66

6.19.2.2  End-to-end security establishment procedure over the L2 UE-to-UE Relayp. 68

6.19.2.3  Authorization and Parameter Provisioning to the UEsp. 68

6.19.3  Evaluationp. 69

6.20  Solution #20: Network-assisted security establishment procedure for 5G ProSe Layer-3 UE-to-UE Relayp. 69

6.20.1  Introductionp. 69

6.20.2  Solution detailsp. 70

6.20.3  Evaluationp. 72

6.21  Solution #21: E2E security establishment procedure for 5G ProSe Layer-3 UE-to-UE Relayp. 72

6.21.1  Introductionp. 72

6.21.2  Solution detailsp. 72

6.21.3  Evaluationp. 73

6.22  Solution #22: Common security protection setup via UE-to-UE Relayp. 73

6.22.1  Introductionp. 73

6.22.2  Solution detailsp. 74

6.22.3  Evaluationp. 75

6.23  Solution #23: Security mechanism for UE-to-UE Relay Model A discoveryp. 75

6.23.1  Introductionp. 75

6.23.2  Solution detailsp. 75

6.23.3  Evaluationp. 76

6.24  Solution #24: Security mechanism for UE-to-UE Relay Model B discoveryp. 76

6.24.1  Introductionp. 76

6.24.2  Solution detailsp. 77

6.24.3  Evaluationp. 78

6.25  Solution #25: PC5 link setup for Layer-3 UE-to-UE Relayp. 78

6.25.1  Introductionp. 78

6.25.2  Solution detailsp. 79

6.25.3  Evaluationp. 79

6.26  Solution #26: UE-to-UE relay PC5 connection security establishmentp. 80

6.26.1  Introductionp. 80

6.26.2  Solution detailsp. 80

6.26.3  Evaluationp. 81

6.27  Solution #27: Support Emergency Service over L3 and L2 UE-to-Network Relayp. 81

6.27.1  Introductionp. 81

6.27.2  Solution detailsp. 81

6.27.3  Evaluationp. 83

6.28  Solution #28: UE-to-UE relay discovery securityp. 84

6.28.1  Introductionp. 84

6.28.2  Solution detailsp. 85

6.28.2.1  UE-to-UE relay discovery security of Model Ap. 85

6.28.2.2  UE-to-UE relay discovery security of Model Bp. 87

6.28.3  Evaluationp. 89

6.29  Solution #29: Hop-by-hop security establishment for the UE-to-UE Relayp. 90

6.29.1  Introductionp. 90

6.29.2  Solution detailsp. 90

6.29.2.1  Hop-by-hop security establishment procedure for the UE-to-UE Relayp. 90

6.29.2.2  Authorization and Parameter Provisioning to the UEsp. 91

6.29.3  Evaluationp. 92

6.30  Solution #30: Security for discovery integrated into PC5 link establishmentp. 93

6.30.1  Introductionp. 93

6.30.2  Solution detailsp. 94

6.30.2.1  Security for discovery integrated into PC5 link establishmentp. 94

6.30.2.2  Privacy protection of User Info ID and RSC in DCRp. 96

6.30.3  Evaluationp. 96

6.31  Solution #31: Security for discovery integrated into PC5 link establishment when L3 UE-to-UE relay is in coveragep. 97

6.31.1  Introductionp. 97

6.31.2  Solution detailsp. 97

6.31.2.1  Procedure for PC5 security establishment between the 5G ProSe Source UE and 5G ProSe UE-to-UE Relay and between the 5G ProSe Target UE and 5G ProSe UE-to-UE Relayp. 97

6.31.3  Evaluationp. 100

6.32  Solution #32: Security for discovery integrated into PC5 link establishment procedurep. 100

6.32.1  Introductionp. 100

6.32.2  Solution detailsp. 101

6.32.3  Evaluationp. 102

6.33  Solution #33: Security policy negotiation for Layer-3 UE-to-UE Relay Communicationp. 102

6.33.1  Introductionp. 102

6.33.2  Solution detailsp. 102

6.33.3  Evaluationp. 104

6.34  Solution #34: L2 U2U Relay reselection using Re-Keyingp. 104

6.34.1  Introductionp. 104

6.34.2  Solution detailsp. 105

6.34.3  Evaluationp. 106

6.35  Solution #35: KNRP ID privacy in L2 U2U Relay reselectionp. 107

6.35.1  Introductionp. 107

6.35.2  Solution detailsp. 107

6.35.2.1  New KNRP ID establishment using LMR/LMAp. 107

6.35.2.2  New KNRP ID establishment using coordinated Link Releasep. 108

6.35.3  Evaluationp. 109

6.36  Solution #36: Model A Relay discovery using multiple key setsp. 109

6.36.1  Introductionp. 109

6.36.2  Solution detailsp. 109

6.36.2.1  UE-to-UE Relay Scheduling of Direct Discovery Set Announcementsp. 109

6.36.2.2  U2U Relay on-demand direct discovery set protectionp. 111

6.36.3  Evaluationp. 112

6.37  Solution #37: PC5 link establishment with secure integrated discoveryp. 112

6.37.1  Introductionp. 112

6.37.2  Solution detailsp. 113

6.37.3  Evaluationp. 114

7  Conclusionsp. 114

7.1  Key Issue #1: Security for UE-to-UE Relay discoveryp. 114

7.2  Key Issue #2: Security of UE-to-UE Relayp. 115

7.3  Key issue #3: Authorization in the UE-to-UE Relay Scenariop. 115

7.4  Key Issue #4: Privacy of information over the UE-to-UE Relayp. 115

7.5  Key Issue #5: Security of source and target UE communication via U2U relayp. 116

7.6  Key Issue #6: Support for Emergency service over UE-to-Network Relayingp. 116

$  Change historyp. 117

Up   Top