Tech-invite  3GPPspecsRELsGlossariesSIP

Top   in Index   Prev   Next

TR 33.819SA3
Study on Security enhancements of 5GS
for Vertical and Local Area Network (LAN) Services

use "3GPP‑Page" to get the Word version
for a better overview, the Table of Contents (ToC) is reproduced
V16.0.0 (Wzip)  2019/12  46 p.

WI Acronym:  FS_Vertical_LAN_SEC
Rapporteur:  Miss Jerichow, Anja

The present document studies security enhancements to 5GS that are required to fulfil Stage-1 service requirements in vertical domains defined in TS 22.261 and TS 22.104 and addresses the solutions described by TR 23.734 and TR 23.725 studies.
Potential security requirements are provided and possible security architecture enhancements to 5GS in vertical domains are proposed that support these security requirements.

full Table of Contents for  TR 33.819  Word version:   16.0.0

Here   Top
1  ScopeWord-p. 8
2  References
3  Definitions of terms, symbols and abbreviations
4  Security aspects in the 5G System to enable enhanced support of Vertical and LAN Services
A Non-Public Network (NPN) is a 5GS deployed for non-public use, see TS 22.261. An NPN may be deployed as described in TS 23.501 in more detail:
  • a Stand-alone Non-Public Network (SNPN), i.e. operated by an NPN operator and not relying on network functions provided by a PLMN, or
  • a Public Network integrated NPN (PNiNPN), i.e. a NPN deployed with the support of a PLMN.
SNPN 5GS deployments are based on the architecture depicted in TS 23.501, clause 4.2.3, and the additional functionality covered in TS 23.501, clause 5.30.2.
PNiNPN can be enabled using network slicing (see Annex D of TS 23.501). To prevent unauthorized UEs from trying to access a PNiNPN, the Closed Access Group (CAG) functionality described in clause 5.30.3 of TS 23.501 can be used in addition.
Vertical and LAN Services features include:
In the following clauses, key issues and potential solutions of security aspects of SNPN and PiNPN as well as the Vertical and LAN Services features are addressed.
Many aspects of TS 33.501 also apply to NPNs and it was decided to not copy those into the present document, but directly provide the specification text for the related NPN clauses as will be mentioned in the conclusion section.
5  Key issuesWord-p. 10
5.1  Key Issues related to security for SNPNs
5.2  Key Issues related to Security aspects on interworking between NPN and PLMN
5.3  Key Issues related to Security for 5G LAN services
5.4  Key Issues related to Security for TSC and 5GS interaction
5.5  Key Issues related to authentication on NPNs
5.6  Key Issues related to security for PNiNPNsWord-p. 17
6  Solutions
6.1  Solution #1: Solution for NPN network access via PLMN
6.2  Solution #2: Security solution for handling UP security policy for a 5GLAN Group
6.3  Solution #3: Security solution for mitigation of (D)DoS attack in PNiNPNs
6.4  Solution #4: Security solution for key derivation in SNPNs
6.5  Solution #5: Key hierarchy for authentication using non-AKA EAP methods in NPNWord-p. 25
6.6  Solution #6: 5GLAN authenticationUp
6.7  Solution #7: SMF handling the UP security policy for a 5GLAN Group based on information from DN AAA
6.8  Solution #8: TSC security
6.9  Solution #9: (D)DoS attack mitigation in PNiNPNs
6.10  Solution #10: Using NAS security for messages that modify the CAG list
6.11  Solution #11: DH based solution for CAG ID privacy
6.12  Solution #12: Hash based solution for CAG ID privacy
6.13  Solution #13: CAG ID Privacy in PNiNPNs by embedding CAG ID in the SUCI
6.14  Solution #14: CAG ID privacy by re-use of SUPI protection mechanism
6.15  Solution #15: CAG ID privacy by indication in RRC layer and providing CAG ID only after NAS security establishmentWord-p. 38
6.16  Solution #16: CAG ID privacy by sending CAG ID only in protected NAS signalling
6.17  Solution #17: Protection on TSC time synchronisation within UP security policy
6.18  Solution #18: CAG ID privacy considering RAN optimization
6.19  Solution #19: Privacy protected CAG ID Privacy in PNiNPNs
7  ConclusionsWord-p. 43
A  Deployment options for authentication in SNPNs considering different types of NPN credentialsWord-p. 44
B  Change historyWord-p. 46

Up   Top