Content for TR 33.713 Word version: 19.0.0
1 Scope
2 References
3 Definitions of terms, symbols and abbreviations
4 Architecture and Security Assumptions
1 Scope p. 10
The present document identifies potential threats and security requirements to enable AIoT services for various use cases. Consideration for the energy and complexity constraints of AIoT devices is taken into account in identifying and developing potential security mechanisms to support AIoT services. Specifically, the present document focuses on the following:
- Identify security and privacy and threats introduced by AIoT services for use cases captured in TS 22.369, and for architecture captured in TR 23.700-13.
- Identify security requirements to address the identified threats.
- Develop potential solutions that fulfil the security requirements, taking into account AIoT device constraints agreed upon in other 3GPP working groups.
2 References p. 10
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.369: "Service Requirements for ambient power-enabled IoT".
[3] Void
[4]
TR 23.700-13: "Study on Architecture Support of Ambient power-enabled Internet of Things".
[5]
TS 33.501: "Security Architecture and Procedures for 5G System".
[6] Void
[7]
RFC 4739: "Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol".
[8]
TR 38.848: "Technical Specification Group Radio Access Network; Study on Ambient IoT (Internet of Things) in RAN".
[9]
TR 38.769: "Study on solutions for Ambient IoT (Internet of Things) in NR".
[10]
Jiao L, Wang N, Wang P, et al. Physical layer key generation in 5G wireless networks[J]. IEEE wireless communications, 2019, 26(5): 48-54.
[11]
Zhao H, Zhang Y, Huang X, et al. A physical-layer key generation approach based on received signal strength in smart homes[J]. IEEE Internet of Things Journal, 2021, 9(7): 4917-4927.
[12]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[13]
TS 23.502: "Procedures for the 5G System (5GS)".
3 Definitions of terms, symbols and abbreviations p. 11
3.1 Terms p. 11
For the purposes of the present document, the terms given in TR 21.905, TR 23.700-13, and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
3.2 Symbols p. 11
Void
3.3 Abbreviations p. 11
For the purposes of the present document, the abbreviations given in TR 21.905, TR 23.700-13, and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
ADM
Ambient IoT Data Management
4 Architecture and Security Assumptions p. 11
The following architecture and security assumptions are applied:
- The architecture assumptions and requirements for Ambient IoT services as defined in TR 23.700-13 are used as architecture assumptions in this study.
- Two functional cases are considered as baseline: (1) inventory, (2) command.
- If the existing authentication framework (e.g., 5G-AKA, EAP-AKA', other EAP methods for SNPN) is not reused, a dedicated network for ambient IoT service shall be needed, and security isolation mechanism between the AIoT service domain and operator domain shall be needed (e.g. a security gateway may be deployed) to isolate the operator's legacy domain).
- The topology 1 readers are assumed to be trusted, implying, i.e., authorized to communicate with the AIoT device.
