Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.501  Word version:  18.6.0

Top   Top   Up   Prev   Next
1…   4…   5…   5.3…   5.9…   5.10…   6…   6.1.3…   6.1.4…   6.2…   6.2.2…   6.3…   6.4…   6.5…   6.6…   6.7…   6.8…   6.9…   6.10…   6.11   6.12…   6.13   6.14…   6.15…   6.16…   7…   7A…   7A.2.3…   7B…   8…   9…   10…   11…   12…   13…   13.2.2…   13.2.4…   13.3…   13.4…   14…   15…   16…   A…   B…   C…   D…   E…   F…   G…   I…   I.9…   J…   K…   M…   N…   O…   P…   R   S…   T…   U…   V…   W…   X…   Y…   Z…

 

T (Normative)  Security for edge computing |R17|p. 289

T.1  Generalp. 289

The 5G Edge computing service is described in TS 23.548. It defines the enhancements of 5G System to support Edge Computing.

T.2  Security of network exposure to edge application serverp. 289

It is defined in clause 6.4 of TS 23.548 that the network could expose network information to the local AF with two scenarios, i.e.
  • Case 1: L-PSA UPF may expose the network information to local AF via Local NEF, or
  • Case 2: L-PSA UPF may expose the network information to local AF directly. However, How to deliver the information on N6 is out of scope.
For the Case 1, the Security aspects of Network Exposure Function specified in clause 12 shall be used for the network information exposure.
Up

T.3  Security of EAS discovery procedure via EASDF in non-roaming Scenariop. 289

DNS over TLS as specified in RFC 7858 and RFC 8310 shall be supported by the UE and the EASDF. The DNS connection shall be authenticated and encrypted.
The security information of the EASDF can be preconfigured in the UE by using out of band mechanisms; or if the core network is used to configure the security information, the SMF either is preconfigured with the EASDF security information (authenticat ion information, supported security mechanisms, port number, etc.), or the SMF retrieves the EASDF security information from the EASDF, and provides the security information to the UE as follows:
The SMF provides the EASDF security information to the UE via PCO.
According to the clause 6.4.1.3 of TS 24.501, upon receiving the DNS server security information, the UE passes it to the upper layer. The UE uses this information to send the DNS over TLS. Additionally, the clause 10.5.6.3 of TS 24.008 provides the configuration of the different options of DNS over TLS specified in the RFC 7858.
Up

T.4  Security of EAS discovery procedure via V-EASDF in roaming Scenario |R18|p. 289

DNS over TLS as specified in RFC 7858 and RFC 8310 shall be supported by the UE and the V-EASDF. The DNS connection shall be authenticated and encrypted.
The security information of the V-EASDF can be preconfigured in the UE by using out of band mechanisms; or if the core network is used to configure the security information, the V-SMF either is preconfigured with the V-EASDF security information (authentication information, supported security mechanisms, port number, etc.), or the V-SMF retrieves the V-EASDF security information from the V-EASDF, and provides the security information to the UE as follows:
  • In the case of LBO roaming, the V-SMF provides the V-EASDF security information to the UE via PCO.
  • In the case of HR with Session Breakout (HR-SBO) roaming scenarios, during the PDU session establishment or modification procedure, the V-SMF provides the V-EASDF security information via Nsmf_PDUSession_Create/ Nsmf_PDUSession_Update to H-SMF when the V-SMF determines to use a V-EASDF for EAS discovery, and the H-SMF provides the V-EASDF security information to UE via PCO if HR SBO is authorized.
According to the clause 6.4.1.3 of TS 24.501, upon receiving the DNS server security information, the UE passes it to the upper layer. The UE uses this information to send the DNS over TLS. Additionally, the clause 10.5.6.3 of TS 24.008 provides the configuration of the different options of DNS over TLS specified in the RFC 7858.
Up

Up   Top   ToC