Content for TR 33.845 Word version: 17.0.0

...

0 Introduction p. 7

The ability to store various security parameters is standardised for the ARPF and the UDR. However, the security of this storage and the security related to transporting security parameters from the UDR to the UDM/ARPF are not defined.

The present document provides the background and lists potential solutions for identified key issues.

1 Scope p. 8

The present document details the following:

The security assumptions relating to security communication in 5G.
The security assumptions related to protecting subscriber privacy.
The home network parameters that are relevant to securing the communication in 5G and protecting subscriber privacy.
Key Issues, threats and requirements relevant to securing the communication in 5G and protecting subscriber privacy.
Solutions that potentially resolve the key issues described.

The present document does not describe the storage of security parameters in the UE or the serving network or the transportation of secure information between the home network and the serving network.

2 References p. 8

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]

TR 21.905: "Vocabulary for 3GPP Specifications".

[2]

TS 33.501: "Security Architecture and Procedures for 5G System".

[3]

TS 35.205: "Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: General".

[4]

TS 35.231: "Specification of the Tuak algorithm set: A second example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: Algorithm specification ".

[5]

TS 23.632: "User Data Interworking, Coexistence and Migration".

[6]

TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture".

[7]

TS 33.402: "3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses".

[8]

TS 33.203: "3G security; Access security for IP-based services".

[9]

TS 33.220: "3G security; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".

[10]

TS 23.501: "System Architecture for the 5G System; Stage 2".

[11]

TS 29.505: "5G System; Usage of the Unified Data Repository services for Subscription Data".

[12]

TS 29.500: "5G System; Technical Realization of Service Based Architecture".

[13]

TS 23.502: "Procedures for the 5G System; Stage 2".

[14]

TS 33.102: "Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture".

3 Definitions of terms, symbols and abbreviations p. 9

3.1 Terms p. 9

For the purposes of the present document, the terms given in TR 21.905, TS 33.501 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905, or TS 33.501.

Authentication subscription data:

part of the subscription data supporting authentication.

DOS attack:

Denial of service attack where a service is unavailable due to too many requests to use the service.

Subscription data:

data required by UDM/ARPF for supporting authentication, access and mobility, session management and other procedures within the 5GC.

3.2 Symbols p. 9

Void.

3.3 Abbreviations p. 9

For the purposes of the present document, the abbreviations given in TR 21.905, TS 33.501 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 and TS 33.501.

4 Security assumptions relating to communication security in 5G p. 9

4.1 Overview p. 9

As defined in TS 33.501, the UDM plays a key role in primary authentication and the privacy feature by supporting the ARPF and SIDF functionality.

The ARPF and SIDF functionality requires the use of certain security parameters. The security parameters used for the ARPF functionality (authentication subscription data) are specified in clause 5.1. When UDM makes use of the UDR to manage subscription data, part of the security parameters required by the ARPF and SIDF may be stored in UDR as described in clause 4.2.

4.2 Models for ARPF and UDR setup p. 10

4.2.1 Model #A: Security parameters stored only in the ARPF p. 10

Model #A is the model where security parameters for the execution of primary authentication are stored only at the ARPF. This model corresponds to a fully stateful ARPF deployment model where UDR is not used for securing security parameters.

4.2.2 Model #B: Security parameters stored only in the UDR p. 10

Model #B is the model where security parameters for the execution of primary authentication are stored only at the UDR. This model corresponds to a maximally stateless ARPF deployment model where UDR is used for storing all security parameters.

4.2.3 Model #C: Security parameters stored both in the ARPF and the UDR p. 10

Model #C is the model where the security parameters for the execution of primary authentication common across subscribers within a PLMN are stored in the ARPF and the security parameters specific to individual subscribers are stored in the UDR. This model corresponds to a stateless ARPF deployment model where UDR is used for storing subscriber specific security parameters.

4.3 Primary Authentication p. 10

3GPP TS 33.501 defines primary authentication to enable mutual authentication between the UE and the network. It uses the pre-shared long-term Key which is bind to a unique SUPI to authenticate each other. The long-term Key is stored in the USIM and the ARPF of home network separately. The ARPF processes the K only in its secure environment, the ARPF is a service offered by UDM.

Two methods including EAP-AKA' and 5G-AKA are defined for primary authentication, which method is used for mutual authentication is determined by the ARPF/UDM. The authentication methods are stored in the ARPF. The other security parameters (e.g. SQN, AMF) in addition to the K required for the primary authentication are also held by the ARPF.

During the registration procedure, the AMF determines to trigger the primary authentication on-demand for the UE. If the primary authentication is required, the AMF requests it from the AUSF. Upon request from the AMF, the AUSF executes authentication of the UE. In the primary authentication procedure, the ARPF is required for key storage, authentication methods storage, and key derivation.

4.4 Secondary Authentication p. 10

3GPP TS 33.501 defines secondary authentication for a DN to authenticate and/or authorize a UE to access the DN. The EAP framework based authentication is introduced for secondary authentication between the UE and the DN-AAA server in the DN.

During the PDU session establishment procedure, the SMF (in non-roaming and Home Routed roaming cases, the H-SMF; in LBO case, the V-SMF) determines whether the secondary authentication is required via exchanging with UDM. If secondary authentication is required, the SMF triggers EAP authentication procedure. The UE and the DN AAA server exchange EAP message for secondary authentication. On the network side, the credential of the UE for secondary authentication is stored in DN-AAA.

In the secondary authentication procedure, the ARPF is not involved.

4.5 Privacy p. 11

3GPP TS 33.501 defines a mechanism for subscription identifier privacy over-the-air. It uses the SUCI which is a privacy preserving identifier generated at the UE and containing the concealed SUPI, using a Home Network Public Key securely provisioned in the USIM and in control of the home network.

The Home Network Private Key used for subscriber privacy is protected from physical attacks in the UDM: clause 6.2.2.1 of TS 33.501 specifies that "the ARPF holds the home network private key that is used by the SIDF to deconceal the SUCI and reconstruct the SUPI".

In the network side, the SIDF (Subscription Identifier De-concealing Function) is responsible for de-concealment of the SUCI using a Home Network Private Key. The SIDF is a service offered by UDM and holds the Home Network Public Key Identifier(s) for the private/public key pair(s) used for subscriber privacy.