Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 33.434  Word version:  16.0.0

Top   Top   None   None   Next
1…   5…   A…

 

1  ScopeWord‑p. 7
The present document specifies the security features and mechanisms to support the Service Enabler Architecture Layer (SEAL) in 5G. Specifically security architecture, functional model(s), security aspects of SEAL reference points (e.g. SEAL-UU, etc.), Key Management (KM) procedures, Identity Management (IdM) procedures and SEAL access authentication and authorization for supporting efficient use and deployment of vertical applications over the 3GPP systems are specified.

2  References

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]  TR 21.905   "Vocabulary for 3GPP Specifications".
[2]  TS 23.434   "Service Enabler Architecture Layer for Verticals (SEAL); Functional architecture and information flows".
[3]  RFC 6749:  "The OAuth 2.0 Authorization Framework".
[4]  RFC 6750:  "The OAuth 2.0 Authorization Framework: Bearer Token Usage".
[5]  OpenID Connect 1.0: "OpenID Connect Core 1.0 incorporating errata set 1", http://openid.net/specs/openid-connect-core-1_0.html.
[6]  TS 33.310   "Network Domain Security (NDS); Authentication Framework (AF)".
[7]  TS 23.401   "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access".
[8]  TS 23.501   "System Architecture for the 5G System; Stage 2".
[9]  RFC 7521:  "Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants".
[10]  RFC 7523:  "JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants".
[11]  RFC 7797:  " JSON Web Signature (JWS) Unencoded Payload Option ".
[12]  RFC 7515:  "JSON Web Signature (JWS)".
[13]  RFC 7662:  "OAuth 2.0 Token Introspection".
[14]  TS 33.210   " 3G security; Network Domain Security (NDS); IP network layer security".
[15]  TS 33.222   "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
[16]  TS 33.501   "Security architecture and procedures for 5G system".
Up

3  Definitions of terms, symbols and abbreviationsWord‑p. 8

3.1  Terms

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
For the purposes of the present document, the terms and definitions given in TS 23.434 apply.

3.2  Symbols

Void.

3.3  Abbreviations

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
SEAL
Service Enabler Architecture Layer for Verticals
SIM-C
SEAL Identity Management Client
SIM-S
SEAL Identity Management Server
SKM-C
SEAL-Key Management Client
SKM-S
SEAL Key Management Server
VAL
Vertical Application Layer
Up

4  SEAL security requirements

4.1  VAL user authentication and authorization

[SEAL-SEC-4.1-a]
All users of the VAL Service shall be authenticated.
[SEAL-SEC-4.1-b]
The VAL Client and the VAL Server shall mutually authenticate each other prior to providing the VAL UE with the VAL Service User profile and access to user-specific services.
[SEAL-SEC-4.1-c]
The transmission of configuration data and user profile data between an authorized VAL server in the network and the VAL UE shall be confidentiality protected, integrity protected and protected from replays.
[SEAL-SEC-4.1-d]
The VAL service should take measures to detect and mitigate DoS attacks to minimize the impact on the network and on VAL users.
[SEAL-SEC-4.1-e]
The VAL service shall provide a means to support confidentiality of VAL user identities.
[SEAL-SEC-4.1-f]
The VAL service shall provide a means to support confidentiality of VAL signalling.
Up

4.2  Inter-domain

[SEAL-SEC-4.2-a]
VAL systems should take measures to protect themselves from external attacks at the system border.

Up   Top   ToC