Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.845
Study on storage and transport of 5G Core (5GC) security parameters
for Authentication Credential Repository Processing Function (ARPF) authentication

3GPP‑Page   fToC   Partial Content
V17.0.0 (Wzip)  2021/06  33 p.
Rapporteur:
Mr. Evans, Tim P.
VODAFONE Group Plc

full Table of Contents for  TR 33.845  Word version:  17.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
0Introduction  p. 7
1Scope  p. 8
2References  p. 8
3Definitions of terms, symbols and abbreviations  p. 9
3.1Terms  p. 9
3.2Symbols  p. 9
3.3Abbreviations  p. 9
4Security assumptions relating to communication security in 5G  p. 9
4.1Overview  p. 9
4.2Models for ARPF and UDR setup  p. 10
4.2.1Model #A: Security parameters stored only in the ARPF  p. 10
4.2.2Model #B: Security parameters stored only in the UDR  p. 10
4.2.3Model #C: Security parameters stored both in the ARPF and the UDR  p. 10
4.3Primary Authentication  p. 10
4.4Secondary Authentication  p. 10
4.5Privacy  p. 11
5Parameters relevant to securing 5G communication  p. 11
5.1Overview  p. 11
5.2Milenage AKA authentication  p. 12
5.3TUAK AKA authentication  p. 13
5.4EAP methods for authentication  p. 13
5.5Proprietary authentication algorithms  p. 13
5.6AMF related parameters  p. 13
5.7Counter related parameters  p. 13
6Key Issues  p. 14
6.1Key Issue #1: Separation of authentication subscription data from subscription data  p. 14
6.1.1Key issue details  p. 14
6.1.2Security threats  p. 14
6.1.3Potential security requirements  p. 14
6.2Key Issue #2: protection of long-term key during storage in UDR  p. 14
6.2.1Key issue details  p. 14
6.2.2Security threats  p. 14
6.2.3Potential security requirements  p. 15
6.3Key Issue #3: protection of long-term key during transfer out of UDR  p. 15
6.3.1Key issue details  p. 15
6.3.2Security threats  p. 15
6.3.3Potential security requirements  p. 15
6.4Key Issue #4: protection of Milenage OPc value during storage in UDR  p. 15
6.4.1Key issue details  p. 15
6.4.2Security threats  p. 15
6.4.3Potential security requirements  p. 15
6.5Key Issue #5: protection of Milenage OPc value during transfer out of UDR  p. 16
6.5.1Key issue details  p. 16
6.5.2Security threats  p. 16
6.5.3Potential security requirements  p. 16
6.6Key Issue #6: protection of Milenage OP value during storage in UDR  p. 16
6.6.1Key issue details  p. 16
6.6.2Security threats  p. 16
6.6.3Potential security requirements  p. 16
6.7Key Issue #7: protection of Milenage OP value during transfer out of UDR  p. 17
6.7.1Key issue details  p. 17
6.7.2Security threats  p. 17
6.7.3Potential security requirements  p. 17
6.8Key Issue #8: protection of sequence number SQNHE during storage in UDR  p. 17
6.8.1Key issue details  p. 17
6.8.2Security threats  p. 17
6.8.3Potential security requirements  p. 17
6.9Key Issue #9: protection of sequence number SQNHE during transfer out of UDR  p. 17
6.9.1Key issue details  p. 17
6.9.2Security threats  p. 18
6.9.3Potential security requirements  p. 18
6.10Key Issue #10: protection of TUAK TOPc value during storage in UDR  p. 18
6.10.1Key issue details  p. 18
6.10.2Security threats  p. 18
6.10.3Potential security requirements  p. 18
6.11Key Issue #11: protection of TUAK TOPc value during transfer out of UDR  p. 18
6.11.1Key issue details  p. 18
6.11.2Security threats  p. 18
6.11.3Potential security requirements  p. 19
7Solutions  p. 19
7.1Solution #1: Authorization and Isolation of Authentication Data using existing techniques.  p. 19
7.1.1Introduction  p. 19
7.1.2Solution details  p. 19
7.1.3Evaluation  p. 19
7.2Solution #2: Protection of LTK during storage in UDR.  p. 20
7.2.1Introduction  p. 20
7.2.2Solution details  p. 20
7.2.3Evaluation  p. 20
7.3Solution #3: Protection of LTK over Nudr  p. 21
7.3.1Introduction  p. 21
7.3.2Solution details  p. 21
7.3.3Evaluation  p. 21
7.4Solution #4: Encrypted storage of the long-term key in the UDR  p. 21
7.4.1Introduction  p. 21
7.4.2Solution details  p. 22
7.4.3Evaluation  p. 22
7.5Solution #5: Encrypted transfer of the long-term key between UDR and UDM/ARPF  p. 22
7.5.1Introduction  p. 22
7.5.2Solution details  p. 22
7.5.3Evaluation  p. 22
7.6Solution #6: Storage of the LTK in the UDR  p. 23
7.6.1Introduction  p. 23
7.6.2Solution details  p. 23
7.6.3Evaluation  p. 23
7.7Solution #7: Transfer of the LTK out of the UDR  p. 23
7.7.1Introduction  p. 23
7.7.2Solution details  p. 24
7.7.3Evaluation  p. 24
7.8Solution #8: Encrypted transfer of Milenage OPc value between UDR and UDM/ARPF  p. 24
7.8.1Introduction  p. 24
7.8.2Solution details  p. 24
7.8.3Evaluation  p. 24
7.9Solution #9: Encrypted transfer of Milenage OP value between UDR and UDM/ARPF  p. 25
7.9.1Introduction  p. 25
7.9.2Solution details  p. 25
7.9.3Evaluation  p. 25
7.10Solution #10: Encrypted storage of Milenage OPc value in the UDR  p. 25
7.10.1Introduction  p. 25
7.10.2Solution details  p. 26
7.10.3Evaluation  p. 26
7.11Solution #11: Encrypted storage of Milenage OP value in the UDR  p. 26
7.11.1Introduction  p. 26
7.11.2Solution details  p. 26
7.11.3Evaluation  p. 26
7.12Solution #12: Access control for protection of SQNHE during storage in UDR  p. 27
7.12.1Introduction  p. 27
7.12.2Solution details  p. 27
7.12.3Evaluation  p. 27
7.13Solution #13: Encrypted storage of TUAK TOPc value in the UDR  p. 27
7.13.1Introduction  p. 27
7.13.2Solution details  p. 27
7.13.3Evaluation  p. 28
7.14Solution #14: OAuth 2.0 secured transfer of SQNHE out of UDR  p. 28
7.14.1Introduction  p. 28
7.14.2Solution details  p. 28
7.14.3Evaluation  p. 28
7.15Solution #15: Encrypted transfer of TUAK TOPc value between UDR and UDM/ARPF  p. 28
7.15.1Introduction  p. 28
7.15.2Solution details  p. 29
7.15.3Evaluation  p. 29
8Conclusions  p. 29
AModels for ARPF deployment  p. 30
A.1General  p. 30
A.2ARPF deployment options in 3GPP TS 33.501 [2] and TS 23.501 [10]  p. 30
A.3ARPF deployment options in UDICOM  p. 31
$Change history  p. 34

Up   Top