Top   in Index   Prev   Next

TR 33.858
Study on Security aspects of enhanced support of Non-Public Networks (NPN)
Phase 2

V18.1.0 (Wzip)  2023/09  35 p.
Dr. Jost, Christine
Ericsson LM

full Table of Contents for  TR 33.858  Word version:  18.1.0

Here   Top


1  Scopep. 8

The aim of the present document is to study the security aspects for any potential enhancements to be developed based on the outcome of the study in TR 23.700-08. For each of the objectives in the scope of the study in TR 23.700-08, potential security aspects that are to be covered in this study are as follows:
  • Support for enhanced mobility by enabling support for idle and connected mode mobility between SNPNs without new network selection.
    • Study if existing security mechanisms for mobility between PLMNs can be reused for SNPNs or if new security mechanisms are needed.
  • Support for non-3GPP access for SNPN
    • Study if existing security mechanisms for enabling non-3GPP access in a PLMN can be reused for enabling non-3GPP access in an SNPN or if new security mechanisms are needed.
  • Address new requirements (e.g., TS 22.261 requirements for Providing Access to Local Services) related to NPN
    • Study the trust model for the resulting architecture for enabling Localized Services via a local hosting NPN.
    • Study if existing mechanisms for a UE to access an NPN can be reused for enabling a UE to authenticate with and access the local hosting NPN and the localized services via the hosting NPN with proper authorization, or if new security mechanisms are needed.

2  Referencesp. 8

3  Definitions of terms, symbols and abbreviationsp. 9

3.1  Termsp. 9

3.2  Symbolsp. 9

3.3  Abbreviationsp. 9

4  Assumptionsp. 9

5  Key issuesp. 9

6  Proposed solutionsp. 11

6.0  Mapping of solutions to key issuesp. 11

6.1  Solution #1: Authentication mechanism for untrusted non-3GPP Access in SNPN scenariosp. 11

6.2  Solution #2: Authentication mechanism for trusted non-3GPP Access in SNPN scenariosp. 12

6.3  Solution #3: Use of anonymous SUCI in trusted non-3GPP access for SNPNp. 13

6.4  Solution #4: Authentication for devices that do not support 5GC NAS over WLAN access in SNPN scenariosp. 14

6.5  Solution #5: Anonymous authentication during connection establishment in trusted non-3GPP network access.p. 15

6.6  Solution #6: Trusted non-3GPP Access for SNPNp. 16

6.7  Solution #7: Untrusted non-3GPP Access for SNPNp. 16

6.8  Solution #8: Reusing Existing N3GPP Security for SNPNp. 17

6.9  Solution #9: NSWO support in SNPN using any key-generating EAP-methodp. 18

6.10  Solution #10: Access to localized services using existing mechanismsp. 19

6.11  Solution #11: High-level solution on authentication for UE access to hosting networkp. 22

6.12  Solution #12: Localised service authentication through onboarding procedure and registration afterwards.p. 23

6.13  Solution #13: Home network primary authentication - secondary authentication towards localised servicep. 25

6.14  Solution #14: NSWO support in SNPN using any key-generating EAP-method for SNPN using CH AUSF/UDMp. 26

6.15  Solution #15: NSWO using SNPN credentials from CH AAAp. 27

6.16  Solution #16: Localized Service related authentication and network accessp. 27

6.17  Solution #17: Authentication for UE to access hosting network and receive localized services using existing mechanisms.p. 29

6.18  Solution #18: UE creates the identifier in trusted non-3GPP accessp. 30

6.19  Solution #19: Supporting CH using AAA for N3GPP Security in SNPNp. 31

6.20  Solution #20: NSWO using SNPN credentials from CH AAA via 5GCp. 31

7  Conclusionsp. 32

$  Change historyp. 35

Up   Top