The present document studies the security aspects of enhancements for 5G Multicast-Broadcast Services. The study focuses on the key issues, security requirements and solutions of (a) how to authenticate and authorize the UEs for multicast communication services, (b) how to protect the MBS traffic, including the key management, (c) how to protect the new interfaces between AF and 5GC for MBS service.
The present document studies the security of 5G multicast-broadcast services based on FS_5MBS study in TR 23.757. Potential security requirements are identified and possible security solutions are proposed to address these security requirements.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
5G system aims to enable general Multicast-Broadcast Service (MBS), e.g. public safety, V2X application, group communications and IoT applications, etc.
As in LTE, 5G MBS service also have two modes: Transport Only Mode in which the multicast and broadcast contents are transparent to the 3GPP network functions, and Full Service Mode in which the 3GPP network functions are aware of the contents.
Two delivery methods are envisioned for 5G MBS service, from the view point of 5G core network (5GC): 5GC Individual MBS traffic delivery method, and 5GC shared MBS traffic delivery method. For the former, 5GC receives a single copy of MBS data packets and delivers separate copies of those MBS data packets to individual UEs via per-UE PDU sessions, while for the latter, 5G CN receives a single copy of MBS data packets and delivers a single copy of those MBS packets packet to a RAN node, which then delivers them to one or multiple UEs.
RAN delivers MBS data to UEs using either Point-to-Point delivery or Point-to-Multipoint (PTM) delivery.
The study item includes security aspects on multicast and broadcast service:
Security of authentication and authorization for multicast communication services