Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.536  Word version:  17.1.0

Top   Top   Up   Prev   None
1…   5…   5.3.3.1.4   5.3.3.1.5   5.3.3.2…   5.4…
5.4 Security for groupcast mode5.4.1 General5.4.2 Requirements5.4.3 Procedures5.5 Security for broadcast mode5.5.1 General5.5.2 Requirements5.5.3 Procedures6 Security for V2X over Uu reference point6.1 General6.2 Requirements6.3 ProceduresA Key derivation functionsA.1 KDF interface and input parameter constructionA.2 Calculation of NRPEK and NRPIKA.3 Calculation of KNRP-sess from KNRP$ Change History

 

5.4  Security for groupcast modep. 20

5.4.1  Generalp. 20

This clause describes the security requirements and the procedures that can be specifically applied for the groupcast mode over the NR PC5 interface.

5.4.2  Requirementsp. 20

5.4.2.1  Requirements for securing the NR based PC5 groupcast modep. 20

There are no requirements for securing the NR based PC5 reference point for groupcast mode.

5.4.2.2  Identity privacy requirements for the NR based PC5 groupcast modep. 20

The 5G System shall protect against link ability attacks on Layer-2 ID and IP address for groupcast mode.
The 5G System shall protect against trackability attacks on Layer-2 ID and IP address for groupcast mode.

5.4.3  Proceduresp. 20

5.4.3.1  Securing the NR based PC5 groupcast modep. 20

There are no particular procedures defined for securing the NR based PC5 groupcast mode.

5.4.3.2  Identity privacy procedures for the PC5 groupcast modep. 20

The below privacy procedures follow the privacy mechanism defined in TS 33.185 for V2X LTE which is intended to mitigate against the threat of tracking the UE by an attacker based on its used source identities.
The UE shall change and randomize its source Layer-2 ID and source IP address including IP prefix (if used) when the V2X application indicates that the Application Layer ID has changed. The UE may change and randomize its source Layer-2 ID and source IP address including IP prefix (if used) at other times (e.g. see clause 5.6.1.1 in TS 23.287). The UE shall provide an indication to the V2X application layer whenever the source Layer-2 ID and/or source IP address are changed.
Up

5.5  Security for broadcast modep. 21

5.5.1  Generalp. 21

This clause describes the security requirements and the procedures that can be specifically applied for the broadcast mode over the NR PC5 interface.

5.5.2  Requirementsp. 21

5.5.2.1  Requirements for securing the NR based PC5 broadcast modep. 21

There are no requirements for securing the NR based PC5 reference point for broadcast mode.

5.5.2.2  Identity privacy requirements for the NR based PC5 broadcast modep. 21

The 5G System shall protect against link ability attacks on Layer-2 ID and IP address for broadcast mode.
The 5G System shall protect against trackability attacks on Layer-2 ID and IP address for broadcast mode.

5.5.3  Proceduresp. 21

5.5.3.1  Securing the NR based PC5 broadcast modep. 21

There are no particular procedures defined for securing the NR based PC5 broadcast mode.

5.5.3.2  Identity privacy procedures for the NR based PC5 broadcast modep. 21

These procedures for the privacy of source Layer-2 ID and source IP address are the same as that given in clause 5.4.3.2 for the source identities in the UE.

6  Security for V2X over Uu reference pointp. 21

6.1  Generalp. 21

This clause contains the security and privacy requirements and procedures that meet the requirements over Uu connectivity with 5G core network.

6.2  Requirementsp. 21

There are no additional security or privacy requirements for V2X beyond those given in TS 33.501 for Uu connectivity with 5G core network.

6.3  Proceduresp. 22

There are no additional security or privacy procedures of V2X beyond those given in TS 33.501 for Uu connectivity with 5G core network.
Up

A (Normative)  Key derivation functionsp. 23

A.1  KDF interface and input parameter constructionp. 23

A.1.1  Generalp. 23

This annex specifies the use of the Key Derivation Function (KDF) specified in TS 33.220 for the current specification. This annex specifies how to construct the input string, S, to the KDF (which is input together with the relevant key). For each of the distinct usages of the KDF, the input parameters S are specified below.

A.1.2  FC value allocationsp. 23

The FC number space used is controlled by TS 33.220.

A.2  Calculation of NRPEK and NRPIKp. 23

When calculating an NRPIK or NRPEK from KNRP-sess, the following parameters shall be used to form the input S to the KDF that is specified in Annex B of TS 33.220:
  • FC = 0x7E
  • P0 = 0x00 if NRPEK is being derived or 0x01 if NRPIK is being derived
  • L0 = length of P0 (i.e. 0x00 0x01)
  • P1 = algorithm identity
  • L1 = length of algorithm identity (i.e. 0x00 0x01)
The algorithm identity shall be set as described in TS 33.501.
The input key shall be the 256-bit KNRP-sess.
For an algorithm key of length n bits, where n is less or equal to 256, the n least significant bits of the 256 bits of the KDF output shall be used as the algorithm key.
Up

A.3  Calculation of KNRP-sess from KNRPp. 23

When calculating KNRP-sess from KNRP, the following parameters shall be used to form the input S to the KDF that is specified in Annex B of TS 33.220:
  • FC = 0x7F
  • P0 = Nonce_1
  • L0 = length of Nonce_1 (i.e. 0x00 0x10)
  • P1 = Nonce_2
  • L1 = length of Nonce_2 (i.e. 0x00 0x10)
The input key shall be the 256-bit KNRP.
Up

$  Change Historyp. 24

Up   Top