Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 33.536  Word version:  16.0.0

Top   Top   Up   Prev   Next
1…   5…   5.3.3…   5.3.3.2   5.4…

 

5.3.3.2  Identity privacy for the PC5 unicast link

5.3.3.2.1  General
The link identifier update procedure given in TS 23.287 is used to provide privacy for the identities in the unicast link. This procedure only provides privacy if a non-NULL confidentiality algorithm is selected. This means the messages in this procedure are sent confidentiality protected (i.e. using a non-NULL confidentiality algorithm) and hence the new identities agreed by the UEs are only known to the involved UEs. A three-way message exchange procedure is required with this procedure since both UEs need to change their identifiers during the same procedure and to allow these new values to be acknowledged before them being used. This procedure is used to preserve the privacy for the identities that are seen in the clear for an ongoing unicast connection.
A separate privacy threat that allows to link two subsequent connections is caused by either the same K NRP ID or same partial K NRP ID value being sent in the Direct Communication Request message for subsequent connections. The Layer-2 link release procedure given in TS 23.287 is used to provide privacy for the K NRP ID. The messages in the Layer-2 link release procedure are always sent protected and hence the new K NRP ID agreed by the UEs is only known to the involved UEs.
Up
5.3.3.2.2  Procedures
5.3.3.2.2.1  Link identifier update
Figure 5.3.3.2.2-1 shows the flows for changing the identities of the UEs involved in PC5 unicast link. The figure only displays the security parameters (K NRP-sess ID)that are changed and the Layer-2 IDs but not the other parameters described in TS 23.287.
[not reproduced yet]
Figure 5.3.3.2.2.1-1: Link identifier update procedure
Up
The procedure proceeds with the following steps and provides additional handling on top of what is provided in TS 23.287.
Step 0.
UE_1 and UE_2 are communicating via a unicast link and have established the security for the link.
1. UE_1 decides to change its identifiers and sends a Link Identifier Update Request message to UE_2 (see TS 23.287). In addition to the changed identifiers, UE_1 shall include the MSB of K NRP-sess ID in the Link Identifier Update Request message. These bits shall be chosen so that they uniquely identify K NRP-sess at UE_1.
Step 2.
UE_2 shall choose the LSB of K NRP-sess ID so that they uniquely identify K NRP-sess at UE_2. UE_2 shall form the new K NRP-sess ID from the MSB received from UE_1 and the LSB that UE_2 chose. UE_2 shall associate the new K NRP-sess ID with the updated Layer-2 IDs (see TS 23.287) and shall use this new K NRP-sess ID when it uses the updated Layer-2 IDs. In addition to its updated identifiers, UE_2 shall send the LSB of K NRP-sess ID to UE_1 along with the received MSB of K NRP-sess ID and other identifiers received from UE_1 in the Link Identifier Update Response message. UE_1 shall check that the returned MSB of K NRP-sess ID is identical to the one sent in step 1.
Step 3.
UE_1 shall form the new K NRP-sess ID from the LSB received from UE_2 and the MSB chosen by UE_1 (in step 1). UE_1 shall associate the new K NRP-sess ID with the updated Layer-2 IDs (see TS 23.287) and shall use this new K NRP-sess ID when it uses the updated Layer-2 IDs. UE_1 shall send the Link Identifier Update Ack message to UE_2 including the LSB of K NRP-sess ID and other identifiers received from UE_2. UE_2 shall check that the returned LSB of K NRP-sess ID are identical to the one sent in step 2.
Up
5.3.3.2.2.2  Layer-2 link releaseWord‑p. 18
Figure 5.3.3.2.2.2-2 shows the message flows for changing the K NRP ID of the UEs involved in PC5 unicast link to remediate the privacy threat for the K NRP ID. This message flow is based on the Layer-2 link release procedure provided in clause 6.3.3.3 of TS 23.287. The messages in the Layer-2 link release procedure are always sent protected and hence the new K NRP ID agreed by the UEs is only known to the involved UEs. The new K NRP ID is used on a subsequent unicast link establishment procedure (see clause 5.3.3.1.4.3).
[not reproduced yet]
Figure 5.3.3.2.2.2-2: Layer-2 link release procedure
Up
Step 0.
UE_1 and UE_2 have a unicast link established as described in TS 23.287.
Step 1.
UE_1 sends a Disconnect Request message to UE_2 in order to release the layer-2 link (see TS 23.287). UE_1 shall include the MSB of K NRP ID in the Disconnect Request message. These bits shall be chosen so that they uniquely identify K NRP at UE_1.
Step 2.
UE_2 shall choose the LSB of K NRP ID so that they uniquely identify K NRP at UE_2. UE_2 shall form the new K NRP ID from the MSB received from UE_1 and the LSB that UE_2 chose. UE_2 may use this new K NRP ID when it reconnects with UE_1. UE_2 shall send the LSB of K NRP ID to UE_1 in the Disconnect Response message. Upon reception of the Disconnect Response message, UE_1 shall form the new K NRP ID from the LSB received from UE_2 and the MSB that was chosen by UE_1 (in step 1). UE_1 may use this new K NRP ID when it reconnects with UE_2.
Up

Up   Top   ToC