TR 33.740
Study on Security aspects of
Proximity Based Services (ProSe) in 5GS
Phase 2

3GPP‑Page fToC_↓ Partial Content _→

V18.1.0 (Wzip) 2023/09 117 p.

Rapporteur:: Mr. Zhou, Wei
CATT

full Table of Contents for TR 33.740 Word version: 18.1.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Scope p. 10

References p. 10

Definitions of terms, symbols and abbreviations p. 11

3.1	Terms p. 11
3.2	Abbreviations p. 11

Security Aspects of 5G ProSe p. 11

4.1	General p. 11
4.2	Architecture assumption p. 12

Key issues p. 12

5.1

Key Issue #1: Security for UE-to-UE Relay discovery p. 12

5.1.1	Key issue details p. 12
5.1.2	Security threats p. 12
5.1.3	Potential security requirements p. 12

5.2

Key Issue #2: Security of UE-to-UE Relay p. 12

5.2.1	Key issue details p. 12
5.2.2	Security threats p. 13
5.2.3	Potential security requirements p. 13

5.3

Key issue #3: Authorization in the UE-to-UE Relay Scenario p. 13

5.3.1	Key issue details p. 13
5.3.2	Security threats p. 13
5.3.3	Potential security requirements p. 13

5.4

Key Issue #4: Privacy of information over the UE-to-UE Relay p. 14

5.4.1	Key issue details p. 14
5.4.2	Security threats p. 14
5.4.3	Potential security requirements p. 14

5.5

Key Issue #5: Security of source and target UE communication via U2U relay p. 14

5.5.1	Key issue details p. 14
5.5.2	Security threats p. 15
5.5.3	Potential security requirements p. 15

5.6

Key Issue #6: Support for Emergency service over UE-to-Network Relaying p. 15

5.6.1	Key issue details p. 15
5.6.2	Security threats p. 15
5.6.3	Potential security requirements p. 15

Solutions p. 16

6.0

Mapping of Solutions to Key Issues p. 16

6.1

Solution #1: Restricted Peer UE IP Discovery with Layer-3 UE-to-UE Relay p. 17

6.1.1	Introduction p. 17
6.1.2	Solution details p. 17
6.1.3	Evaluation p. 18

6.2

Solution #2: Privacy handling for Layer-3 UE-to-UE Relay based on IP routing p. 18

6.2.1	Introduction p. 18
6.2.2	Solution details p. 19
6.2.3	Evaluation p. 20

6.3

Solution #3: PC5 security establishment when L3 UE-to-UE relay is in coverage p. 20

6.3.1

Introduction p. 20

6.3.2

Solution details p. 21

6.3.2.1	Procedure for PC5 security establishment between the 5G ProSe Source UE and 5G ProSe UE-to-UE Relay p. 21
6.3.2.2	Procedure for PC5 security establishment between the 5G ProSe Target UE and 5G ProSe UE-to-UE Relay p. 23

6.3.3

Evaluation p. 23

6.4

Solution #4: PC5 security establishment when L3 UE-to-UE relay is out of coverage p. 24

6.4.1	Introduction p. 24
6.4.2	Solution details p. 24
6.4.3	Evaluation p. 26

6.5

Solution #5: PC5 link security establishment for Layer-3 U2U Relay p. 26

6.5.1

Introduction p. 26

6.5.2

Solution details p. 26

6.5.2.0	General p. 26
6.5.2.1	PC5 link security establishment procedure over User Plane p. 26
6.5.2.2	PC5 link security establishment procedure over Control Plane p. 29

6.5.3

Evaluation p. 31

6.6

Solution #6: End-to-end security establishment for Layer-2 UE-to-UE relay p. 31

6.6.1

Introduction p. 31

6.6.2

Solution details p. 32

6.6.2.1

End-to-end security establishment for Layer-2 UE-to-UE relay p. 32

6.6.2.2

Key Hierarchy for UE-to-UE relay p. 34

6.6.2.3

Key derivation functions p. 35

6.6.2.3.1	KD-sess derivation function p. 35
6.6.2.3.2	Integrity and encryption keys derivation function p. 35

6.6.3

Evaluation p. 35

6.7

Solution #7: Non-network-assisted Security Establishment Procedure for 5G ProSe Layer-3 UE-to-UE Relay p. 35

6.7.1	Introduction p. 35
6.7.2	Solution details p. 36
6.7.3	Evaluation p. 37

6.8

Solution #8: Restricted 5G ProSe UE-to-UE Relay Discovery Model A p. 37

6.8.1	Introduction p. 37
6.8.2	Solution details p. 38
6.8.3	Evaluation p. 40

6.9

Solution #9: Restricted 5G ProSe UE-to-UE Relay Discovery Model B p. 40

6.9.1	Introduction p. 40
6.9.2	Solution details p. 41
6.9.3	Evaluation p. 43

6.10

Solution #10: PAKE-based security for UE-to-UE relay p. 43

6.10.1

Introduction p. 43

6.10.2

Solution details p. 44

6.10.2.0	General p. 44
6.10.2.1	Parameter provisioning in-coverage and out-of coverage p. 45
6.10.2.2	PAKE protocols p. 45
6.10.2.3	Parameters exchanged prior to the PAKE execution p. 46
6.10.2.4	PAKE execution p. 46
6.10.2.5	Secure exchange of data p. 46
6.10.2.6	PAKE-based authorization p. 46

6.10.3

Evaluation p. 47

6.11

Solution #11: Security for UE-to-UE Relay (Model A) discovery p. 47

6.11.1

Introduction p. 47

6.11.2

Solution details p. 48

6.11.2.1

Restricted 5G ProSe UE-to-UE Relay discovery Model A p. 48

6.11.3

Evaluation p. 50

6.12

Solution #12: Security of Layer-2 UE-to-UE Relay and Adaptation Layer p. 50

6.12.1

Introduction p. 50

6.12.2

Solution details p. 51

6.12.2.1	End-to-End PC5 unicast link establishment and data forwarding p. 51
6.12.2.2	Privacy of identifiers for End-to-End PC5 unicast link p. 52

6.12.3

Evaluation p. 53

6.13

Solution #13: E2E authentication with Layer-3 UE-to-UE Relay p. 54

6.13.1	Introduction p. 54
6.13.2	Solution details p. 54
6.13.3	Evaluation p. 56

6.14

Solution #14: path switching with Layer-2 UE-to-UE Relay p. 56

6.14.1	Introduction p. 56
6.14.2	Solution details p. 56
6.14.3	Evaluation p. 58

6.15

Solution #15: Selection and authorization of in-coverage and out-of-coverage authentication and key establishment p. 58

6.15.1	Introduction p. 58
6.15.2	Solution details p. 59
6.15.3	Evaluation p. 60

6.16

Solution #16: Centralized discovery key management and U2U relay authorization p. 60

6.16.1	Introduction p. 60
6.16.2	Solution details p. 61
6.16.3	Evaluation p. 61

6.17

Solution #17: U2U relay discovery security material retrieval and authorization across PLMNs p. 62

6.17.1	Introduction p. 62
6.17.2	Solution details p. 63
6.17.3	Evaluation p. 64

6.18

Solution #18: UE-to-UE Relay security p. 64

6.18.1	Introduction p. 64
6.18.2	Solution details p. 65
6.18.3	Evaluation p. 65

6.19

Solution #19: End-to-end security establishment over the UE-to-UE Relay p. 66

6.19.1

Introduction p. 66

6.19.2

Solution details p. 66

6.19.2.1	End-to-end security establishment procedure over the L3 UE-to-UE Relay p. 66
6.19.2.2	End-to-end security establishment procedure over the L2 UE-to-UE Relay p. 68
6.19.2.3	Authorization and Parameter Provisioning to the UEs p. 68

6.19.3

Evaluation p. 69

6.20

Solution #20: Network-assisted security establishment procedure for 5G ProSe Layer-3 UE-to-UE Relay p. 69

6.20.1	Introduction p. 69
6.20.2	Solution details p. 70
6.20.3	Evaluation p. 72

6.21

Solution #21: E2E security establishment procedure for 5G ProSe Layer-3 UE-to-UE Relay p. 72

6.21.1	Introduction p. 72
6.21.2	Solution details p. 72
6.21.3	Evaluation p. 73

6.22

Solution #22: Common security protection setup via UE-to-UE Relay p. 73

6.22.1	Introduction p. 73
6.22.2	Solution details p. 74
6.22.3	Evaluation p. 75

6.23

Solution #23: Security mechanism for UE-to-UE Relay Model A discovery p. 75

6.23.1	Introduction p. 75
6.23.2	Solution details p. 75
6.23.3	Evaluation p. 76

6.24

Solution #24: Security mechanism for UE-to-UE Relay Model B discovery p. 76

6.24.1	Introduction p. 76
6.24.2	Solution details p. 77
6.24.3	Evaluation p. 78

6.25

Solution #25: PC5 link setup for Layer-3 UE-to-UE Relay p. 78

6.25.1	Introduction p. 78
6.25.2	Solution details p. 79
6.25.3	Evaluation p. 79

6.26

Solution #26: UE-to-UE relay PC5 connection security establishment p. 80

6.26.1	Introduction p. 80
6.26.2	Solution details p. 80
6.26.3	Evaluation p. 81

6.27

Solution #27: Support Emergency Service over L3 and L2 UE-to-Network Relay p. 81

6.27.1	Introduction p. 81
6.27.2	Solution details p. 81
6.27.3	Evaluation p. 83

6.28

Solution #28: UE-to-UE relay discovery security p. 84

6.28.1

Introduction p. 84

6.28.2

Solution details p. 85

6.28.2.1	UE-to-UE relay discovery security of Model A p. 85
6.28.2.2	UE-to-UE relay discovery security of Model B p. 87

6.28.3

Evaluation p. 89

6.29

Solution #29: Hop-by-hop security establishment for the UE-to-UE Relay p. 90

6.29.1

Introduction p. 90

6.29.2

Solution details p. 90

6.29.2.1	Hop-by-hop security establishment procedure for the UE-to-UE Relay p. 90
6.29.2.2	Authorization and Parameter Provisioning to the UEs p. 91

6.29.3

Evaluation p. 92

6.30

Solution #30: Security for discovery integrated into PC5 link establishment p. 93

6.30.1

Introduction p. 93

6.30.2

Solution details p. 94

6.30.2.1	Security for discovery integrated into PC5 link establishment p. 94
6.30.2.2	Privacy protection of User Info ID and RSC in DCR p. 96

6.30.3

Evaluation p. 96

6.31

Solution #31: Security for discovery integrated into PC5 link establishment when L3 UE-to-UE relay is in coverage p. 97

6.31.1

Introduction p. 97

6.31.2

Solution details p. 97

6.31.2.1

Procedure for PC5 security establishment between the 5G ProSe Source UE and 5G ProSe UE-to-UE Relay and between the 5G ProSe Target UE and 5G ProSe UE-to-UE Relay p. 97

6.31.3

Evaluation p. 100

6.32

Solution #32: Security for discovery integrated into PC5 link establishment procedure p. 100

6.32.1	Introduction p. 100
6.32.2	Solution details p. 101
6.32.3	Evaluation p. 102

6.33

Solution #33: Security policy negotiation for Layer-3 UE-to-UE Relay Communication p. 102

6.33.1	Introduction p. 102
6.33.2	Solution details p. 102
6.33.3	Evaluation p. 104

6.34

Solution #34: L2 U2U Relay reselection using Re-Keying p. 104

6.34.1	Introduction p. 104
6.34.2	Solution details p. 105
6.34.3	Evaluation p. 106

6.35

Solution #35: KNRP ID privacy in L2 U2U Relay reselection p. 107

6.35.1

Introduction p. 107

6.35.2

Solution details p. 107

6.35.2.1	New KNRP ID establishment using LMR/LMA p. 107
6.35.2.2	New KNRP ID establishment using coordinated Link Release p. 108

6.35.3

Evaluation p. 109

6.36

Solution #36: Model A Relay discovery using multiple key sets p. 109

6.36.1

Introduction p. 109

6.36.2

Solution details p. 109

6.36.2.1	UE-to-UE Relay Scheduling of Direct Discovery Set Announcements p. 109
6.36.2.2	U2U Relay on-demand direct discovery set protection p. 111

6.36.3

Evaluation p. 112

6.37

Solution #37: PC5 link establishment with secure integrated discovery p. 112

6.37.1	Introduction p. 112
6.37.2	Solution details p. 113
6.37.3	Evaluation p. 114

Conclusions p. 114

7.1	Key Issue #1: Security for UE-to-UE Relay discovery p. 114
7.2	Key Issue #2: Security of UE-to-UE Relay p. 115
7.3	Key issue #3: Authorization in the UE-to-UE Relay Scenario p. 115
7.4	Key Issue #4: Privacy of information over the UE-to-UE Relay p. 115
7.5	Key Issue #5: Security of source and target UE communication via U2U relay p. 116
7.6	Key Issue #6: Support for Emergency service over UE-to-Network Relaying p. 116

Change history p. 117

TR 33.740 Study on Security aspects of Proximity Based Services (ProSe) in 5GS Phase 2

full Table of Contents for TR 33.740 Word version: 18.1.0

TR 33.740
Study on Security aspects of
Proximity Based Services (ProSe) in 5GS
Phase 2