TR 33.858
Study on Security aspects of enhanced support of Non-Public Networks (NPN)
Phase 2

3GPP‑Page fToC_↓ Partial Content _→

V18.1.0 (Wzip) 2023/09 35 p.

Rapporteur:: Dr. Jost, Christine
Ericsson LM

full Table of Contents for TR 33.858 Word version: 18.1.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Scope p. 8

References p. 8

Definitions of terms, symbols and abbreviations p. 9

3.1	Terms p. 9
3.2	Symbols p. 9
3.3	Abbreviations p. 9

Assumptions p. 9

Key issues p. 9

5.1

Key issue #1: Security of non-3GPP access for SNPN p. 9

5.1.1	Key issue details p. 9
5.1.2	Threats p. 9
5.1.3	Potential security requirements p. 10

5.2

Key issue #2: Authentication for UE access to hosting network p. 10

5.2.1	Key issue details p. 10
5.2.2	Threats p. 10
5.2.3	Potential security requirements p. 10

Proposed solutions p. 11

6.0

Mapping of solutions to key issues p. 11

6.1

Solution #1: Authentication mechanism for untrusted non-3GPP Access in SNPN scenarios p. 11

6.1.1	Introduction p. 11
6.1.2	Solution details p. 12
6.1.3	System impact p. 12
6.1.4	Evaluation p. 12

6.2

Solution #2: Authentication mechanism for trusted non-3GPP Access in SNPN scenarios p. 12

6.2.1	Introduction p. 12
6.2.2	Solution details p. 13
6.2.3	System impact p. 13
6.2.4	Evaluation p. 13

6.3

Solution #3: Use of anonymous SUCI in trusted non-3GPP access for SNPN p. 13

6.3.1	Introduction p. 13
6.3.2	Solution details p. 14
6.3.3	System impact p. 14
6.3.4	Evaluation p. 14

6.4

Solution #4: Authentication for devices that do not support 5GC NAS over WLAN access in SNPN scenarios p. 14

6.4.1	Introduction p. 14
6.4.2	Solution details p. 14
6.4.3	System impact p. 15
6.4.4	Evaluation p. 15

6.5

Solution #5: Anonymous authentication during connection establishment in trusted non-3GPP network access. p. 15

6.5.1	Introduction p. 15
6.5.2	Solution details p. 15
6.5.3	System impact p. 16
6.5.4	Evaluation p. 16

6.6

Solution #6: Trusted non-3GPP Access for SNPN p. 16

6.6.1	Introduction p. 16
6.6.2	Solution details p. 16
6.6.3	System impact p. 16
6.6.4	Evaluation p. 16

6.7

Solution #7: Untrusted non-3GPP Access for SNPN p. 16

6.7.1	Introduction p. 16
6.7.2	Solution details p. 17
6.7.3	System impact p. 17
6.7.4	Evaluation p. 17

6.8

Solution #8: Reusing Existing N3GPP Security for SNPN p. 17

6.8.1	Introduction p. 17
6.8.2	Solution details p. 17
6.8.3	Evaluation p. 17

6.9

Solution #9: NSWO support in SNPN using any key-generating EAP-method p. 18

6.9.1	Introduction p. 18
6.9.2	Solution details p. 18
6.9.3	System impact p. 19
6.9.4	Evaluation p. 19

6.10

Solution #10: Access to localized services using existing mechanisms p. 19

6.10.1

Introduction p. 19

6.10.2

Solution details p. 19

6.10.2.1	Solution for access to localized services based on Home Network Credentials p. 19
6.10.2.2	Solution for access to localized services based on Onboarding Mechanism p. 19

6.10.3

System Impact p. 22

6.10.4

Evaluation p. 22

6.11

Solution #11: High-level solution on authentication for UE access to hosting network p. 22

6.11.1	Introduction p. 22
6.11.2	Solution details p. 22
6.11.3	System impact p. 23
6.11.4	Evaluation p. 23

6.12

Solution #12: Localised service authentication through onboarding procedure and registration afterwards. p. 23

6.12.1	Introduction p. 23
6.12.2	Solution details p. 24
6.12.3	System impact p. 24
6.12.4	Evaluation p. 24

6.13

Solution #13: Home network primary authentication - secondary authentication towards localised service p. 25

6.13.1	Introduction p. 25
6.13.2	Solution details p. 25
6.13.3	System impact p. 25
6.13.4	Evaluation p. 26

6.14

Solution #14: NSWO support in SNPN using any key-generating EAP-method for SNPN using CH AUSF/UDM p. 26

6.14.1	Introduction p. 26
6.14.2	Solution details p. 26
6.14.3	System impact p. 26
6.14.4	Evaluation p. 27

6.15

Solution #15: NSWO using SNPN credentials from CH AAA p. 27

6.15.1	Introduction p. 27
6.15.2	Solution details p. 27
6.15.3	System impact p. 27
6.15.4	Evaluation p. 27

6.16

Solution #16: Localized Service related authentication and network access p. 27

6.16.1	Introduction p. 27
6.16.2	Solution details p. 28
6.16.3	System impact p. 29
6.16.4	Evaluation p. 29

6.17

Solution #17: Authentication for UE to access hosting network and receive localized services using existing mechanisms. p. 29

6.17.1	Introduction p. 29
6.17.2	Solution details p. 29
6.17.3	System impact p. 30
6.17.4	Evaluation p. 30

6.18

Solution #18: UE creates the identifier in trusted non-3GPP access p. 30

6.18.1	Introduction p. 30
6.18.2	Solution details p. 30
6.18.3	System impact p. 31
6.18.4	Evaluation p. 31

6.19

Solution #19: Supporting CH using AAA for N3GPP Security in SNPN p. 31

6.19.1	Introduction p. 31
6.19.2	Solution details p. 31
6.19.3	Evaluation p. 31

6.20

Solution #20: NSWO using SNPN credentials from CH AAA via 5GC p. 31

6.20.1	Introduction p. 31
6.20.2	Solution details p. 32
6.20.3	System impact p. 32
6.20.4	Evaluation p. 32

Conclusions p. 32

7.1

Conclusions for KI#1 Security of non-3GPP access for SNPN p. 32

7.1.1	Scope p. 32
7.1.2	Conclusion for Untrusted N3GPP access to SNPN p. 33
7.1.3	Conclusion for Trusted N3GPP access to SNPN p. 33
7.1.4	Conclusion for N5CW device access to SNPN p. 33
7.1.5	Conclusion for NSWO support in SNPN p. 34

7.2

Conclusions for KI#2 Authentication for UE access to hosting network p. 34

7.3

Other conclusions p. 34

Change history p. 35

TR 33.858 Study on Security aspects of enhanced support of Non-Public Networks (NPN) Phase 2

full Table of Contents for TR 33.858 Word version: 18.1.0

TR 33.858
Study on Security aspects of enhanced support of Non-Public Networks (NPN)
Phase 2