Tech-invite3GPPspaceIETF RFCsSIP

Content for  TR 33.854  Word version:  17.1.0

Top   Top   Up   Prev   Next
1…   5…   6…   6.1…   6.2…   6.3…   6.4…   6.5…   6.6…   6.7…   6.8…   6.9…   6.10…   6.11…   6.12…   6.13…   6.14…   6.15…   6.16…   7…


6.1  Solution #1: UAS authentication and authorizationp. 16

6.1.1  Solution overviewp. 16

This solution addresses the key issue #1.
This solution assumes each UAV or UAVC is provisioned with a PLMN UE ID (SUPI) and the corresponding credential so that it can be authenticated (primary authentication) by the PLMN as a normal UE. In addition, UAV or UAVC is provisioned with a UAS ID and corresponding credentials to perform UAS authentication and authorization (UAA) with USS/UTM.
The UAA is mandatory for UAA or UAVC and is based on EAP framework, where AMF is taking the role of the transparent Authenticator.

6.1.2  Solution detailsp. 16  Registrationp. 16

The call flow of this solution is shown in the Figure below.
Copy of original 3GPP image for 3GPP TS 33.854, Fig. UAA procedure
Figure UAA procedure
(⇒ copy of original 3GPP image)
UAV (or UAVC) sends registration request to AMF. It may indicate that this is a registration for UAS.
AMF initiates Primary authentication as a normal UE
After successful Primary authentication, AMF checks whether UAV (or UAVC) requires UAA. This may be based on the subscription information retrieved from UDM in step 2
AMF returns a Registration Accept message to the UAV and indicates that UAA is pending.
UAA starts with EAP message exchanges.
  1. AMF may optionally request UAS ID from UE.
  2. UAV (or UAVC) responses with UAS ID. It may indicate whether this is a UAV or UAVC.
  3. AMF sends UAA requests to UFES (as defined in TR 23.754) with UAS-ID and UAV or UAVC indicator in the EAP message. In addition, UAA request contains GPSI for USS/UTM to identify the UAV. GPSI is bound to UAS-ID. UFES locates the corresponding USS and forwards the UAA requests to it.
  4. USS/UTM response with EAP messages to AMF through UFES accordingly
  5. EAP messages may continue based on the EAP method used.
Based on the EAP authentication outcome, USS/UTM sends the results to AMF through UFES. If successful, USS/UTM sends the EAP-Success message, together with UAV/UAVC's GPSI and UAS-ID that can uniquely identity the UAV/UAVC.
AMF stores the results, together with SUPI (converted from GPSI), UAS-ID, and UAV/UAVC indicator
AMF triggers the UE Configuration Update procedure. The message AMF sent to UE includes the UAS-ID and may include an indication it is for a UAV (or UAVC), if needed.
Up  Revocationp. 18

USS/UTM may trigger revocation of UAA at any time. The call flow is shown in the Figure
Copy of original 3GPP image for 3GPP TS 33.854, Fig. UAA revocation procedure
Figure UAA revocation procedure
(⇒ copy of original 3GPP image)
Step 1.
The USS/UTM sends the UAA revocation request to AMF through UFES to revoke the UAS service for a UAV. The UAV is identified by the GPSI and UAS-ID in the UAA revocation Request.
Step 2.
The AMF may inform UAV with the UAA revocation message.
Step 3.
The AMF responses USS that the UAV's authentication and authorization is revoked.
Step 4.
The network may deregister the UAV if needed, as per current procedure.

6.1.3  Solution evaluationp. 18

This solution addresses the key issue #1 (the fourth requirement for the fake USS/UTM has not been addressed).
In this solution, each UAV is assumed to be provisioned with UE ID (i.e. SUPI by PLMN) as well as UAS ID (by USS/UTM), together with corresponding credentials for authentication. The UAS authentication and authorization (UAA) with USS/UTM is performed after UAV is authenticated with the network (using UE ID).
This solution supports multiple UAA methods to meet potential different authentication requirements from USS/UTM. EAP framework can be used to carry the UAA messages.
This solution supports revocation triggered by USS/UTM at any time.

Up   Top   ToC