Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TR 33.839  Word version:  17.1.0

Top   Top   Up   Prev   None
1…   4…   6…
6 Proposed solutions7 Conclusions$ Change history

 

6  Proposed solutionsWord‑p. 20

6.0  Mapping of Solutions to Key IssuesWord‑p. 20

6.1  Solution #1: DNS request protectionWord‑p. 21

6.1.1  IntroductionWord‑p. 21

6.1.2  Solution detailsWord‑p. 21

6.1.3  Solution EvaluationWord‑p. 21

6.2  Solution #2: Authentication between EEC and ECS based on primary authenticationWord‑p. 22

6.2.1  IntroductionWord‑p. 22

6.2.2  Solution detailsWord‑p. 22

6.2.2.1  ProcedureWord‑p. 22

6.2.2.2  Derivation of Kedge and Kedge IDWord‑p. 23

6.2.2.3  Generation of MACEECWord‑p. 23

6.2.3  Solution EvaluationWord‑p. 23

6.3  Solution #3: Authentication/Authorization framework for Edge Enabler Client and ServersWord‑p. 24

6.3.1  IntroductionWord‑p. 24

6.3.2  Solution detailsWord‑p. 24

6.3.3  Solution evaluationWord‑p. 26

6.4  Solution #4: Authentication/Authorization framework for Edge Enabler Client and ServersWord‑p. 26

6.4.1  IntroductionWord‑p. 26

6.4.2  Solution detailsWord‑p. 27

6.4.3  Solution evaluationWord‑p. 28

6.5  Solution #5: Authentication and Authorization between the Edge Enabler Client and the Edge Enabler ServerWord‑p. 29

6.5.1  IntroductionWord‑p. 29

6.5.2  Solution detailsWord‑p. 29

6.5.3  Solution evaluationWord‑p. 30

6.6  Solution #6: Authentication and Authorization between the Edge Enabler Client and the Edge Enabler ServerWord‑p. 30

6.6.1  IntroductionWord‑p. 30

6.6.2  Solution detailsWord‑p. 31

6.6.3  Solution evaluationWord‑p. 32

6.7  Solution #7: Authentication and Authorization with the Edge Data NetworkWord‑p. 32

6.7.1  Solution overviewWord‑p. 32

6.7.3  Solution evaluationWord‑p. 35

6.8  Solution #8: Authentication between EEC and EESWord‑p. 36

6.8.1  Solution overviewWord‑p. 36

6.8.2  Solution detailsWord‑p. 36

6.8.3  Solution evaluationWord‑p. 37

6.9  Solution #9: Authentication and authorization between EEC and ECS based on AKMAWord‑p. 37

6.9.1  IntroductionWord‑p. 37

6.9.2  Solution detailsWord‑p. 38

6.9.3  Solution EvaluationWord‑p. 39

6.10  Solution #10: Authentication and Authorization between the Edge Enabler Client and the Edge Configuration ServerWord‑p. 39

6.10.1  IntroductionWord‑p. 39

6.10.2  Solution detailsWord‑p. 40

6.10.3  Solution EvaluationWord‑p. 40

6.11  Solution #11: Authentication between EEC and ECSWord‑p. 40

6.11.1  Solution overviewWord‑p. 40

6.11.2  Solution detailsWord‑p. 41

6.11.3  Solution evaluationWord‑p. 42

6.12  Solution #12: Onboarding and authentication/authorization framework for Edge Enabler Server and Edge Configuration ServerWord‑p. 42

6.12.1  IntroductionWord‑p. 42

6.12.2  Solution detailsWord‑p. 43

6.12.3  Solution evaluationWord‑p. 44

6.13  Solution #13: Transport security for EDGE-1-9 interfacesWord‑p. 44

6.13.1  IntroductionWord‑p. 44

6.13.2  Solution detailsWord‑p. 44

13.2.0  GeneralWord‑p. 44

6.13.2.1  Type AWord‑p. 44

6.13.2.2  Type BWord‑p. 44

6.13.2.3  Type CWord‑p. 45

6.13.3  Solution EvaluationWord‑p. 45

6.14  Solution #14: Protection of Network Information Provisioning to Local AF directlyWord‑p. 45

6.14.1  Solution overviewWord‑p. 45

6.14.2  Solution detailsWord‑p. 46

6.14.3  Solution evaluationWord‑p. 46

6.15  Solution #15: Network capability re-exposure via Edge Enabler ServerWord‑p. 47

6.15.1  IntroductionWord‑p. 47

6.15.2  Solution detailsWord‑p. 47

6.15.3  Solution EvaluationWord‑p. 47

6.16  Solution #16: EEC authentication and authorization framework with ECS and EESWord‑p. 48

6.16.1  IntroductionWord‑p. 48

6.16.2  Solution detailsWord‑p. 48

6.16.3  Solution EvaluationWord‑p. 49

6.17  Solution #17: EEC/EES/ECS authentication and transport protection with TLSWord‑p. 50

6.17.1  Solution overviewWord‑p. 50

6.17.2  Solution detailsWord‑p. 50

6.17.2.1  Authentication and transport protection for the EDGE-1, EDGE-3, EDGE-4, EDGE-6 and EDGE-9 interfacesWord‑p. 50

6.17.2.2  Authentication of the GPSI in EEC-EES/ECS communicationWord‑p. 51

6.17.3  Solution evaluationWord‑p. 52

6.18  Solution #18: Authentication and Authorization Framework for EDGE-4 interfaces using Primary authentication and proxy interfaceWord‑p. 53

6.18.1  IntroductionWord‑p. 53

6.18.2  Solution detailsWord‑p. 54

6.18.3  Solution EvaluationWord‑p. 55

6.19  Solution #19: Authentication/authorization between UE and Edge Data Network based on the secondary authenticationWord‑p. 55

6.19.1  IntroductionWord‑p. 55

6.19.2  Solution detailsWord‑p. 55

6.19.3  Solution EvaluationWord‑p. 56

6.20  Solution #20: Authentication and authorization in EES capability exposure based on CAPIFWord‑p. 56

6.20.1  IntroductionWord‑p. 56

6.20.2  Solution detailsWord‑p. 56

6.20.3  Solution EvaluationWord‑p. 57

6.21  Solution #21: security for the interface between the SMF and LDNSRWord‑p. 57

6.21.1  Solution overviewWord‑p. 57

6.21.2  Solution detailsWord‑p. 57

6.21.3  Solution evaluationWord‑p. 58

6.22  Solution #22: Authorization during Edge Data Network changeWord‑p. 58

6.22.1  IntroductionWord‑p. 58

6.22.2  Solution detailsWord‑p. 58

6.22.3  Solution EvaluationWord‑p. 60

6.23  Solution #23: Authentication and Authorization between EEC and ECS/EESWord‑p. 60

6.23.1  Solution overviewWord‑p. 60

6.23.2  Solution detailsWord‑p. 60

6.23.3  Solution evaluationWord‑p. 60

6.24  Solution #24: Using TLS with AKMA to protect edge interfacesWord‑p. 61

6.24.1  Solution overviewWord‑p. 61

6.24.2  Solution detailsWord‑p. 61

6.24.2.1  GeneralWord‑p. 61

6.24.2.2  Shared key-based UE authentication with certificate-based AF authenticationWord‑p. 61

6.24.2.2.1  GeneralWord‑p. 61
6.24.1.2.2  ProceduresWord‑p. 61

6.24.2.3  Shared key-based mutual authentication between UE and AFWord‑p. 62

6.24.2.3.1  GeneralWord‑p. 62
6.24.2.3.2  ProceduresWord‑p. 62

6.24.3  Solution evaluationWord‑p. 62

6.25  Solution #25: Practical authorization during Edge Data Network changeWord‑p. 62

6.25.1  IntroductionWord‑p. 62

6.25.2  Solution detailsWord‑p. 63

6.25.3  Solution EvaluationWord‑p. 64

6.26  Solution #26: GBA-based solution for EEC authentication and authorization framework with ECS and EESWord‑p. 64

6.26.1  IntroductionWord‑p. 64

6.26.2  Solution detailsWord‑p. 64

6.26.3  Solution EvaluationWord‑p. 66

6.27  Solution #27: Using TLS with Edge Security Service to protect edge interfacesWord‑p. 67

6.27.1  Solution overviewWord‑p. 67

6.27.2  Solution detailsWord‑p. 68

6.27.3  Solution evaluationWord‑p. 70

6.28  Solution #28: Authentication between EEC and ECS based on AKMAWord‑p. 70

6.28.1  IntroductionWord‑p. 70

6.28.2  Solution detailsWord‑p. 70

6.28.2.1  ProcedureWord‑p. 70

6.28.2.2  Derivation of Kedge and Kedge IDWord‑p. 71

6.28.2.3  Generation of MACEECWord‑p. 72

6.28.3  Solution EvaluationWord‑p. 72

6.29  Solution #29: Using TLS with GBA to protect edge interfacesWord‑p. 72

6.29.1  Solution overviewWord‑p. 72

6.29.2  Solution detailsWord‑p. 72

6.29.2.1  GeneralWord‑p. 72

6.29.2.2  Shared key-based UE authentication with certificate-based AF authenticationWord‑p. 72

6.29.2.2.1  GeneralWord‑p. 72

6.29.2.3  Shared key-based mutual authentication between UE and AFWord‑p. 72

6.29.2.3.1  GeneralWord‑p. 72

6.29.3  Solution evaluationWord‑p. 73

6.30  Solution #30: An AKMA-based solution for authentication and interface protection between EEC and EES/ECSWord‑p. 73

6.30.1  Solution overviewWord‑p. 73

6.30.2  Solution detailsWord‑p. 73

6.30.3  Solution evaluationWord‑p. 74

6.31  Solution #31: Enhancing TLS with GBA for usage with EdgeWord‑p. 75

6.31.1  Solution overviewWord‑p. 75

6.31.2  Solution detailsWord‑p. 75

6.31.3  Solution evaluationWord‑p. 75

7  ConclusionsWord‑p. 75

7.1  Conclusions for Key Issue #1Word‑p. 75

7.2  Conclusions for Key Issue #2Word‑p. 76

7.3  Conclusions for Key Issue #3Word‑p. 76

7.4  Conclusions for Key Issue #4Word‑p. 76

7.5  Conclusions for Key Issue #5Word‑p. 76

7.6  Conclusions for Key Issue #6Word‑p. 76

7.7  Conclusions for Key Issue #7Word‑p. 77

7.8  Conclusions for Key Issue #8Word‑p. 77

7.9  Conclusions for Key Issue #9Word‑p. 77

7.10  Conclusions for Key Issue #10Word‑p. 77

$  Change historyWord‑p. 78

Up   Top