Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.845  Word version:  17.0.0

Top   Top   Up   Prev   None
0…   5…
5 Parameters relevant to securing 5G communication6 Key Issues7 Solutions8 ConclusionsA Models for ARPF deployment$ Change history

 

5  Parameters relevant to securing 5G communicationp. 11

5.1  Overviewp. 11

5.2  Milenage AKA authenticationp. 12

5.3  TUAK AKA authenticationp. 13

5.4  EAP methods for authenticationp. 13

5.5  Proprietary authentication algorithmsp. 13

5.6  AMF related parametersp. 13

5.7  Counter related parametersp. 13

6  Key Issuesp. 14

6.1  Key Issue #1: Separation of authentication subscription data from subscription datap. 14

6.1.1  Key issue detailsp. 14

6.1.2  Security threatsp. 14

6.1.3  Potential security requirementsp. 14

6.2  Key Issue #2: protection of long-term key during storage in UDRp. 14

6.2.1  Key issue detailsp. 14

6.2.2  Security threatsp. 14

6.2.3  Potential security requirementsp. 15

6.3  Key Issue #3: protection of long-term key during transfer out of UDRp. 15

6.3.1  Key issue detailsp. 15

6.3.2  Security threatsp. 15

6.3.3  Potential security requirementsp. 15

6.4  Key Issue #4: protection of Milenage OPc value during storage in UDRp. 15

6.4.1  Key issue detailsp. 15

6.4.2  Security threatsp. 15

6.4.3  Potential security requirementsp. 15

6.5  Key Issue #5: protection of Milenage OPc value during transfer out of UDRp. 16

6.5.1  Key issue detailsp. 16

6.5.2  Security threatsp. 16

6.5.3  Potential security requirementsp. 16

6.6  Key Issue #6: protection of Milenage OP value during storage in UDRp. 16

6.6.1  Key issue detailsp. 16

6.6.2  Security threatsp. 16

6.6.3  Potential security requirementsp. 16

6.7  Key Issue #7: protection of Milenage OP value during transfer out of UDRp. 17

6.7.1  Key issue detailsp. 17

6.7.2  Security threatsp. 17

6.7.3  Potential security requirementsp. 17

6.8  Key Issue #8: protection of sequence number SQNHE during storage in UDRp. 17

6.8.1  Key issue detailsp. 17

6.8.2  Security threatsp. 17

6.8.3  Potential security requirementsp. 17

6.9  Key Issue #9: protection of sequence number SQNHE during transfer out of UDRp. 17

6.9.1  Key issue detailsp. 17

6.9.2  Security threatsp. 18

6.9.3  Potential security requirementsp. 18

6.10  Key Issue #10: protection of TUAK TOPc value during storage in UDRp. 18

6.10.1  Key issue detailsp. 18

6.10.2  Security threatsp. 18

6.10.3  Potential security requirementsp. 18

6.11  Key Issue #11: protection of TUAK TOPc value during transfer out of UDRp. 18

6.11.1  Key issue detailsp. 18

6.11.2  Security threatsp. 18

6.11.3  Potential security requirementsp. 19

7  Solutionsp. 19

7.1  Solution #1: Authorization and Isolation of Authentication Data using existing techniques.p. 19

7.1.1  Introductionp. 19

7.1.2  Solution detailsp. 19

7.1.3  Evaluationp. 19

7.2  Solution #2: Protection of LTK during storage in UDR.p. 20

7.2.1  Introductionp. 20

7.2.2  Solution detailsp. 20

7.2.3  Evaluationp. 20

7.3  Solution #3: Protection of LTK over Nudrp. 21

7.3.1  Introductionp. 21

7.3.2  Solution detailsp. 21

7.3.3  Evaluationp. 21

7.4  Solution #4: Encrypted storage of the long-term key in the UDRp. 21

7.4.1  Introductionp. 21

7.4.2  Solution detailsp. 22

7.4.3  Evaluationp. 22

7.5  Solution #5: Encrypted transfer of the long-term key between UDR and UDM/ARPFp. 22

7.5.1  Introductionp. 22

7.5.2  Solution detailsp. 22

7.5.3  Evaluationp. 22

7.6  Solution #6: Storage of the LTK in the UDRp. 23

7.6.1  Introductionp. 23

7.6.2  Solution detailsp. 23

7.6.3  Evaluationp. 23

7.7  Solution #7: Transfer of the LTK out of the UDRp. 23

7.7.1  Introductionp. 23

7.7.2  Solution detailsp. 24

7.7.3  Evaluationp. 24

7.8  Solution #8: Encrypted transfer of Milenage OPc value between UDR and UDM/ARPFp. 24

7.8.1  Introductionp. 24

7.8.2  Solution detailsp. 24

7.8.3  Evaluationp. 24

7.9  Solution #9: Encrypted transfer of Milenage OP value between UDR and UDM/ARPFp. 25

7.9.1  Introductionp. 25

7.9.2  Solution detailsp. 25

7.9.3  Evaluationp. 25

7.10  Solution #10: Encrypted storage of Milenage OPc value in the UDRp. 25

7.10.1  Introductionp. 25

7.10.2  Solution detailsp. 26

7.10.3  Evaluationp. 26

7.11  Solution #11: Encrypted storage of Milenage OP value in the UDRp. 26

7.11.1  Introductionp. 26

7.11.2  Solution detailsp. 26

7.11.3  Evaluationp. 26

7.12  Solution #12: Access control for protection of SQNHE during storage in UDRp. 27

7.12.1  Introductionp. 27

7.12.2  Solution detailsp. 27

7.12.3  Evaluationp. 27

7.13  Solution #13: Encrypted storage of TUAK TOPc value in the UDRp. 27

7.13.1  Introductionp. 27

7.13.2  Solution detailsp. 27

7.13.3  Evaluationp. 28

7.14  Solution #14: OAuth 2.0 secured transfer of SQNHE out of UDRp. 28

7.14.1  Introductionp. 28

7.14.2  Solution detailsp. 28

7.14.3  Evaluationp. 28

7.15  Solution #15: Encrypted transfer of TUAK TOPc value between UDR and UDM/ARPFp. 28

7.15.1  Introductionp. 28

7.15.2  Solution detailsp. 29

7.15.3  Evaluationp. 29

8  Conclusionsp. 29

A  Models for ARPF deploymentp. 30

A.1  Generalp. 30

A.2  ARPF deployment options in 3GPP TS 33.501 [2] and TS 23.501 [10]p. 30

A.3  ARPF deployment options in UDICOMp. 31

$  Change historyp. 34

Up   Top