Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TR 33.850  Word version:  17.0.0

Top   Top   None   None   Next
0…   5…

 

0  IntroductionWord‑p. 6

The present document studies the security aspects of enhancements for 5G Multicast-Broadcast Services. The study focuses on the key issues, security requirements and solutions of (a) how to authenticate and authorize the UEs for multicast communication services, (b) how to protect the MBS traffic, including the key management, (c) how to protect the new interfaces between AF and 5GC for MBS service.

1  ScopeWord‑p. 7

The present document studies the security of 5G multicast-broadcast services based on FS_5MBS study in TR 23.757. Potential security requirements are identified and possible security solutions are proposed to address these security requirements.

2  ReferencesWord‑p. 7

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TR 23.757: "Study on architectural enhancements for 5G multicast-broadcast services".
[3]
TS 33.246: "Security of Multimedia Broadcast/Multicast Service (MBMS)".
[4]
TS 23.246: "Multimedia Broadcast/Multicast Service (MBMS); Architecture and functional description".
[5]
TS 33.535: "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)".
[6]
TS 33.501: "Security architecture and procedures for 5G system".
[7]
TS 23.468: "Group Communication System Enablers for LTE (GCSE_LTE); Stage 2".
[8]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".
[9]
TS 23.247: "Architectural enhancements for 5G multicast-broadcast services".
[10]
TS 38.323: "NR; Packet Data Convergence Protocol (PDCP) specification".
[11]
TS 23.502: "Procedures for the 5G System (5GS)".
Up

3  Definitions of terms, symbols and abbreviationsWord‑p. 7

3.1  TermsWord‑p. 7

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

3.2  SymbolsWord‑p. 7

Void.

3.3  AbbreviationsWord‑p. 8

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
MBS
Multicast/Broadcast Service
MBSF
Multicast/Broadcast Service Function
MBSF-C
MBSF Control Plane
MBSF-U
MBSF User Plane
MBSTF
Multicast/Broadcast Service Transport Function
MUK
Multicast User Key
PTP
Point-to-Point
PTM
Point-to-Multipoint
Up

4  Overview of Multicast-Broadcast Services (MBS)Word‑p. 8

5G system aims to enable general Multicast-Broadcast Service (MBS), e.g. public safety, V2X application, group communications and IoT applications, etc.
As in LTE, 5G MBS service also have two modes: Transport Only Mode in which the multicast and broadcast contents are transparent to the 3GPP network functions, and Full Service Mode in which the 3GPP network functions are aware of the contents.
Two delivery methods are envisioned for 5G MBS service, from the view point of 5G core network (5GC): 5GC Individual MBS traffic delivery method, and 5GC shared MBS traffic delivery method. For the former, 5GC receives a single copy of MBS data packets and delivers separate copies of those MBS data packets to individual UEs via per-UE PDU sessions, while for the latter, 5G CN receives a single copy of MBS data packets and delivers a single copy of those MBS packets packet to a RAN node, which then delivers them to one or multiple UEs.
RAN delivers MBS data to UEs using either Point-to-Point delivery or Point-to-Multipoint (PTM) delivery.
The study item includes security aspects on multicast and broadcast service:
  • Security of authentication and authorization for multicast communication services
  • Security protection of MBS traffic
  • Security protection of key distribution
  • Security protection between AF and 5GC
Up

Up   Top   ToC