The ability to store various security parameters is standardised for the ARPF and the UDR. However, the security of this storage and the security related to transporting security parameters from the UDR to the UDM/ARPF are not defined.
The present document provides the background and lists potential solutions for identified key issues.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
TS 35.231: "Specification of the Tuak algorithm set: A second example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: Algorithm specification ".
For the purposes of the present document, the terms given in TR 21.905, TS 33.501 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905, or TS 33.501.
Authentication subscription data:
part of the subscription data supporting authentication.
Denial of service attack where a service is unavailable due to too many requests to use the service.
data required by UDM/ARPF for supporting authentication, access and mobility, session management and other procedures within the 5GC.
For the purposes of the present document, the abbreviations given in TR 21.905, TS 33.501 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 and TS 33.501.
As defined in TS 33.501, the UDM plays a key role in primary authentication and the privacy feature by supporting the ARPF and SIDF functionality.
The ARPF and SIDF functionality requires the use of certain security parameters. The security parameters used for the ARPF functionality (authentication subscription data) are specified in clause 5.1. When UDM makes use of the UDR to manage subscription data, part of the security parameters required by the ARPF and SIDF may be stored in UDR as described in clause 4.2.
Model #A is the model where security parameters for the execution of primary authentication are stored only at the ARPF. This model corresponds to a fully stateful ARPF deployment model where UDR is not used for securing security parameters.
Model #B is the model where security parameters for the execution of primary authentication are stored only at the UDR. This model corresponds to a maximally stateless ARPF deployment model where UDR is used for storing all security parameters.
Model #C is the model where the security parameters for the execution of primary authentication common across subscribers within a PLMN are stored in the ARPF and the security parameters specific to individual subscribers are stored in the UDR. This model corresponds to a stateless ARPF deployment model where UDR is used for storing subscriber specific security parameters.
3GPP TS 33.501 defines primary authentication to enable mutual authentication between the UE and the network. It uses the pre-shared long-term Key which is bind to a unique SUPI to authenticate each other. The long-term Key is stored in the USIM and the ARPF of home network separately. The ARPF processes the K only in its secure environment, the ARPF is a service offered by UDM.
Two methods including EAP-AKA' and 5G-AKA are defined for primary authentication, which method is used for mutual authentication is determined by the ARPF/UDM. The authentication methods are stored in the ARPF. The other security parameters (e.g. SQN, AMF) in addition to the K required for the primary authentication are also held by the ARPF.
During the registration procedure, the AMF determines to trigger the primary authentication on-demand for the UE. If the primary authentication is required, the AMF requests it from the AUSF. Upon request from the AMF, the AUSF executes authentication of the UE. In the primary authentication procedure, the ARPF is required for key storage, authentication methods storage, and key derivation.
3GPP TS 33.501 defines secondary authentication for a DN to authenticate and/or authorize a UE to access the DN. The EAP framework based authentication is introduced for secondary authentication between the UE and the DN-AAA server in the DN.
During the PDU session establishment procedure, the SMF (in non-roaming and Home Routed roaming cases, the H-SMF; in LBO case, the V-SMF) determines whether the secondary authentication is required via exchanging with UDM. If secondary authentication is required, the SMF triggers EAP authentication procedure. The UE and the DN AAA server exchange EAP message for secondary authentication. On the network side, the credential of the UE for secondary authentication is stored in DN-AAA.
In the secondary authentication procedure, the ARPF is not involved.
3GPP TS 33.501 defines a mechanism for subscription identifier privacy over-the-air. It uses the SUCI which is a privacy preserving identifier generated at the UE and containing the concealed SUPI, using a Home Network Public Key securely provisioned in the USIM and in control of the home network.
The Home Network Private Key used for subscriber privacy is protected from physical attacks in the UDM: TS 33.501, clause 184.108.40.206, specifies that "the ARPF holds the home network private key that is used by the SIDF to deconceal the SUCI and reconstruct the SUPI".
In the network side, the SIDF (Subscription Identifier De-concealing Function) is responsible for de-concealment of the SUCI using a Home Network Private Key. The SIDF is a service offered by UDM and holds the Home Network Public Key Identifier(s) for the private/public key pair(s) used for subscriber privacy.