Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.885
Study on Security aspects
for LTE support of Vehicle-to-Everything (V2X) Services

3GPP‑Page   fToC   Partial Content
V14.1.0 (Wzip)  2017/09  74 p.
Rapporteur:
Mr. Wong, Marcus
Huawei Tech.(UK) Co.. Ltd

full Table of Contents for  TR 33.885  Word version:  14.1.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 8
2References  p. 8
3Definitions, symbols and abbreviations  p. 9
3.1Definitions  p. 9
3.2Abbreviations  p. 10
4Overview of V2X Services  p. 11
4.1Introduction  p. 11
4.2Architecture  p. 11
4.2.1Architectural Assumptions  p. 11
4.2.2PC5 and LTE-Uu based V2X architecture reference model  p. 12
4.2.3eMBMS and LTE-Uu based V2X architecture reference model  p. 14
4.2.4Security impact  p. 14
5Security Analysis of V2X  p. 15
5.1Key Issue #1: V2X Communication Security  p. 15
5.1.1Key issue details  p. 15
5.1.2Security threats  p. 15
5.1.3Potential Security requirements  p. 15
5.2Key Issue #2: Authorization for LTE-V2X Radio Resources  p. 15
5.2.1Key issue details  p. 15
5.2.2Security threats  p. 16
5.2.3Potential Security requirements  p. 16
5.3Key Issue #3: V2X Entities Secure Environment  p. 16
5.3.1Key issue details  p. 16
5.3.2Security threats  p. 16
5.3.3Potential Security requirements  p. 16
5.4Key Issue #4: Local MBMS Entity (LME) - security of Mv interface  p. 17
5.4.1Key issue details  p. 17
5.4.2Security threats  p. 17
5.4.3Potential Security requirements  p. 17
5.5Key Issue #5: V2V/P authority broadcast communication security by UE for public information announcement over PC5 Interface  p. 18
5.5.1Key issue details  p. 18
5.5.2Security threats  p. 18
5.5.3Potential Security requirements  p. 19
5.6Key Issue #6: Identity/Credentials Security for V2V/P Services  p. 20
5.6.1Key issue details  p. 20
5.6.2Security Threats  p. 20
5.6.3Potential Security requirements  p. 20
5.7Key Issue #7: Vehicle UE privacy  p. 21
5.7.1Key issue details  p. 21
5.7.2Security threats  p. 21
5.7.3Security requirements  p. 22
5.8Key Issue #8: V2X data source accountability  p. 23
5.8.1Key issue details  p. 23
5.8.2Security threats  p. 23
5.8.3Potential Security requirements  p. 23
5.9Key Issue #9: authentication and authorization  p. 23
5.9.1Key issue details  p. 23
5.9.2Security threats  p. 24
5.9.3Potential Security requirements  p. 24
5.10Key Issue #10: Local V2X application server  p. 24
5.10.1Key issue details  p. 24
5.10.2Security threats  p. 24
5.10.3Potential Security requirements  p. 24
5.11Key Issue #11: Choice of cryptoalgorithm  p. 25
5.11.1Key issue details  p. 25
5.11.2Security threats  p. 25
5.11.3Potential Security requirements  p. 25
5.12Key Issue #12: Credential provisioning for V2X services  p. 25
5.12.1Key issue details  p. 25
5.12.2Security threats  p. 26
5.12.3Potential Security requirements  p. 26
5.13Key Issue#13: Data communication security between network entities  p. 26
5.13.1Issue details  p. 26
5.13.2Security threats  p. 26
5.13.3Security Requirements  p. 26
5.14Key Issue#14: V2I broadcast communication security over PC5 interface  p. 27
5.14.1Issue details  p. 27
5.14.2Security threats  p. 27
5.14.3Security Requirements  p. 27
5.15Key Issue#15: Security of UE to V2X Control Function interface  p. 28
5.15.1Issue details  p. 28
5.15.3Security Requirements  p. 28
5.16Key Issue #16: Detectability of Malicious LTE-V2X UE Behavior- achieving trust and confidence in messages  p. 29
5.16.1Key issue details  p. 29
5.16.2Security threats  p. 29
5.16.3Security requirements  p. 29
5.17Key Issue #17: Securing the communication between V2X AS and LTE network  p. 29
5.17.1Key issue details  p. 29
5.17.2Security threats  p. 30
5.17.3Potential Security requirements  p. 30
6Proposed Solutions  p. 30
6.1Security for one to many V2X Direct Communication  p. 30
6.1.1Overview of one to many V2X Direct Communication  p. 30
6.1.1.1Security flows  p. 30
6.1.1.1.1Overview  p. 30
6.1.1.1.1.1UE Security Credential Provisioning with Identity based Cryptography  p. 33
6.1.1.1.1.1.1V2X Data Source Accountability based on Identity based Cryptography  p. 36
6.1.1.1.1.2UE Security Credential Provisioning with Certificate  p. 36
6.1.1.1.1.2.1V2X Data Source Accountability based on Certificate  p. 38
6.1.1.1.1.3UE Security Credential Provisioning and Tracing with Identity based Cryptography  p. 38
6.1.1.1.1.3.1Introduction  p. 38
6.1.1.1.1.3.2solution details  p. 38
6.1.1.1.1.3.2.1Credential Provisioning  p. 38
6.1.1.1.1.3.2.2Identity Tracing  p. 40
6.1.1.1.2Secure One to Many V2x Communication  p. 41
6.1.1.1.2.1Broadcast Messages Protected by Identity based Authentication  p. 41
6.1.1.1.2.2Broadcast Messages Protected by Certificate based authentication  p. 42
6.1.1.1.2.2.1Certificate Format  p. 43
6.1.1.1.2.2.2Certificate Refreshment  p. 43
6.1.1.1.3Security Architecture for V2X (PC5 and LTE-UU based)  p. 44
6.1.1.1.4The Format of PDCP Layer for Protection the Broadcast Messages  p. 45
6.1.1.1.4.1PDCP Format for Broadcast Messages Protected by Identity based Authentication  p. 45
6.1.1.1.4.2PDCP Format for Broadcast Messages Protected by Certificate based Authentication  p. 46
6.2Solution #2: V2X Communication Security  p. 46
6.2.1Security requirements addressed  p. 46
6.2.2Solution details  p. 46
6.2.3Justification for the solution  p. 46
6.3Solution for attach identifier obfuscation for vehicle UE privacy  p. 47
6.3.1Security requirements addressed  p. 47
6.3.2Solution details  p. 48
6.3.3LI support  p. 49
6.4Data communication security between network entities  p. 50
6.4.1Security requirements addressed  p. 50
6.4.2Solution details  p. 50
6.5Solution for Vehicle UE privacy from the MNO based on attach data  p. 51
6.5.1Security requirements addressed  p. 51
6.5.2Solution details  p. 51
6.5.2.1Simultaneous re-attach with new identities  p. 51
6.5.2.2MME Load spreading  p. 51
6.5.2.3Re-attach boundary time determination  p. 51
6.5.2.4Detach and Re-attach triggers  p. 53
6.6Solution for Vehicle UE privacy based on data traversing the network  p. 53
6.6.1Security requirements addressed  p. 53
6.6.2Solution details  p. 53
6.7Solution for authorization and accountability  p. 54
6.7.1Addressed key issues  p. 54
6.7.2Justification of the solution  p. 54
6.7.3Description of the solution  p. 55
6.8Security of UE to V2X Control Function interface  p. 56
6.8.1Security requirements addressed  p. 56
6.8.2Solution details  p. 56
6.8.2.1Security procedures for configuration transfer to the UICC  p. 56
6.8.2.2Security procedures for data transfer to the UE  p. 57
6.8.2.3Alternative security procedure for data transfer between UE and V2X Control Function  p. 58
6.9Solution using encrypted IMSI to proven MNO identifying the UE  p. 60
6.9.1Security requirements addressed  p. 60
6.9.2Solution details  p. 60
6.9.2.1Overview  p. 60
6.9.2.2HPLMN issuing the V2X subscription  p. 61
6.9.2.2.1Details of use case  p. 61
6.9.2.2.2Attachment flows  p. 61
6.9.2.2.3Encrypting IMSI and AVs  p. 63
6.9.2.2.3.1General  p. 63
6.9.2.3Regular subscription  p. 63
6.9.2.3.1Details of use case  p. 63
6.9.2.3.2Attachment flows  p. 63
6.9.2.4Changes from legacy LTE  p. 65
6.9.2.4.1Changes for V2X MNO subscription  p. 65
6.9.2.4.2Changes for regular subscription  p. 65
6.9.3Evaluation  p. 66
6.10Solution for communication security with the V2X network entities  p. 66
6.10.1Addressed key issues  p. 66
6.10.2Justification of the solution  p. 66
6.10.3Description of the solution  p. 66
6.10.3.1Security of the reference point V3 between the V-UE and the V2X Control Function  p. 66
6.10.3.2Security of the reference point V2  p. 66
6.10.3.3Network domain security  p. 66
6.11Solution #11: V2X Communication Security  p. 66
6.11.1Security requirements addressed  p. 66
6.11.2Solution details  p. 66
6.12Hiding UE identity from other V2X UEs and the serving network  p. 67
6.12.1Requirements addressed  p. 67
6.12.2Solution details  p. 67
6.12.2.1Overview  p. 67
6.12.2.2Pseudonym generation, provisioning and usage  p. 67
6.12.2.3Impact to legacy LTE  p. 69
6.12.2.4Evaluation  p. 69
6.13Solution against V2X UE tracking based on PC5 autonomous mode  p. 70
6.13.1Addressed key issues  p. 70
6.13.2Justification of the solution  p. 70
6.13.3Description of the solution  p. 70
6.13.4Evaluation  p. 70
6.14Providing privacy from serving network by using a dedicated V2X MVNO  p. 70
6.14.1Addressed key issues  p. 70
6.14.2Description of the solution  p. 71
6.14.2.1Deployment model  p. 71
6.14.2.2Concealment of the IMSI  p. 71
6.14.3Evaluation  p. 71
6.15A Vehicle UE Privacy Protection Framework with Homomorphic Encryption  p. 72
6.15.1Introduction  p. 72
6.15.2Example of Homomorphic Encryption  p. 72
6.15.3Proposed Framework  p. 72
7Conclusion  p. 73
7.1Conclusion on V2X communication security  p. 73
7.2Conclusion on V3 interface security  p. 74
7.3Conclusion on the security between network entities  p. 74
7.4Interim agreement on PC5 security  p. 74
7.6 Agreement on V2X UE authorization security  p. 74
AOverview of IEEE 1609.2 Security Standards for WAV  p. 75
A.1DSRC/WAVE  p. 75
A.2WAVE standards  p. 75
A.3WAVE security  p. 75
BNetwork options for PC3 security  p. 77
B.1General  p. 77
B.2ProSe Function using standalone BSF  p. 77
B.3BSF - ProSe Function/NAF colocation  p. 77
B.4ProSe Function with bootstrapping entity  p. 78
COverview of existing privacy solution for V2X  p. 79
DPrivacy by regulation  p. 80
D.1Introduction  p. 80
D.2Regulatory situation in EU  p. 81
D.2.1GDPR and ePD  p. 81
D.2.2Relevant paragraphs from General Data Protection Regulation (GDPR)  p. 81
D.2.3Relevant paragraphs from e-Privacy Directive (ePD)  p. 82
D.3Regulatory situation in US  p. 84
D.3.1National Highway Traffic Safety Administration (NHTSA)  p. 84
D.3.2Relevant citations from DOT HS 812 014  p. 84
$Change history  p. 85

Up   Top