Although in general the security features should be transparent to the user or application, for certain events and according to the user's or application's concern, greater visibility of the operation of following security feature shall be provided:
AS confidentiality: (AS confidentiality, Confidentiality algorithm, bearer information)
AS integrity: (AS integrity, Integrity algorithm, bearer information)
NAS confidentiality: (NAS confidentiality, Confidentiality algorithm)
NAS integrity: (NAS integrity, Integrity algorithm)
The UE shall provide above security information to the applications in the UE (e.g. via APIs), on a per PDU session granularity.
The serving network identifier shall be available for applications in the UE.
Security configurability lets a user to configure certain security feature settings on a UE that allows the user to manage additional capability or use certain advanced security features.
The following configurability feature should be provided:
Granting or denying access to USIM without authentication as described in TS 33.401.
The 5G-RG shall be equipped with UICC where the subscription credentials resides. If provisioned by the home operator, the 5G-RG shall store the Home Network Public Key required for concealing the SUPI in the UICC.
The 5G-RG shall support all the security requirements and features of the UE defined in clause 5.2
The Network slice specific and SNPN authentication and authorization function (NSSAAF) shall handle the Network Slice Specific Authentication requests from the serving AMF as specified in clause 16
. The NSSAAF shall also support functionality for access to SNPN using credentials from Credentials Holder using AAA Server as specified in clause I.2.2.2
The NSSAAF is responsible to send the NSSAA requests to the appropriate AAA-S.
The NSSAAF shall support AAA-S triggered Network Slice-Specific Re-authentication and Re-authorization and Slice-Specific Authorization Revocation and translate any AAA protocol into a Service Based format.
NSSAAF shall translate the Service based messages from the serving AMF or AUSF to AAA protocols towards AAA-P/AAA-S.