Content for  TR 33.854  Word version:  17.1.0

Top   Top   Up   Prev   Next
1…   5…   6…   6.1…   6.2…   6.3…   6.4…   6.5…   6.6…   6.7…   6.8…   6.9…   6.10…   6.11…   6.12…   6.13…   6.14…   6.15…   6.16…   7…


6.11  Solution #11: UAV and UAVC pairing authorization through bound IDsp. 43

6.11.1  Solution overviewp. 43

This solution addresses the key issue #2: Pairing authorization for UAV and UAVC.
This solution assumes UAV and UAVC are equipped with SUPI and credentials from PLMN. The pairing authorization is performed after UAV or UAVC is authenticated by 3GPP systems through Primary authentication. It is performed when UAV is being authenticated/authorized, or after it has been authenticated/authorized by USS/UTM.

6.11.2  Solution detailsp. 43  UAV and UAVC pairing authorizationp. 43

A general overview of the procedure involving UAV and UAVC paring authorization is shown in Figure below.
Copy of original 3GPP image for 3GPP TS 33.854, Fig. A general overview on UAV and UAVC pairing authorization
Step 0.
  1. UAV and UAVC: provisioned with UAV IDs and corresponding credentials, e.g. their private/public key pairs and certificates issued by UAS service providers/operators. Regarding pairing, there are two options considered: 1) provision is not required, it will be provisioned at USS/UTM 2) pairing is provisioned at both UAV and UAVC, e.g. indicated using certificates.
  2. USS/UTM: provisioned with its private/public key pairs. The UAS service providers/operators have registered their public keys or their root CAs with USS/UTM so that USS/UTM can verify their issued certificates. Regarding pairing, similarly, there are two options: 1) pairing of UAV and UAVC has been provisioned and UAV-ID and UAVC-ID are bound together; 2) no pairing information provisioned.
Step 1.
Primary Authentication: UE1 (UAV) and UE2 (UAVC) are equipped with SUPI and 3GPP credentials and need to perform Primary Authentication as normal UEs before getting UAS services.
Step 2.
For UAS-type UE, UAS authentication is performed for UAV.
Step 3.
USS/UTM authorize UAV and UAVC pairing:
  1. Case 1 (pairing information is provisioned at USS/UTM): based on bound UAV-ID and UAVC-ID to determine whether pairing request from UAV (with UAV-ID and GPSI) or UAVC (with UAVC-ID and GPSI) can be authorized.
  2. Case 2 (UAV-ID and UAVC-ID are paired and bound): based on bound information sent from UAV or UAVC to determine whether pairing request from UAV (with UAV-ID and GPSI) or UAVC (with UAVC-ID and GPSI) can be authorized. USS/UTM may need to verify the certificates presented by UAV/UAVC.
Step 3-1.
UAV sends a pairing request message, e.g. in a PDU Establishment Request message to USS through the network (e.g. AMF or SMF and UFES). The message will include UAV-ID and its UE ID (e.g. GUTI). For Case 2, it includes UAV-ID (and UE ID if available) of the paired UAVC as well.
Step 3-2.
USS determines whether to authorize the pairing of UAV and UAVC
Step 3-3.
USS informs PLMN and UAV the authorization results. The message includes UAV-ID and GPSI of the UAV. and It may include the UAVC-ID and GPSI of the paired UAVC if available. Based on the results, the PLMN (e.g. SMF) may determine whether the PDU session is authorized for UAV and UAVC communications.
Step 4.
UAVC communicates with UAV through UPF (UP).
Up  Revocationp. 45

USS/UTM may trigger revocation pairing of UAV and UAVC pairing at any time. The call flow is shown in the Figure
Copy of original 3GPP image for 3GPP TS 33.854, Fig. UAS pairing revocation procedure
Figure UAS pairing revocation procedure
(⇒ copy of original 3GPP image)
Step 1.
The USS/UTM sends the UAA revocation request to SMF through UFES to revoke the UAVC pairing for a UAV. The UAV and UAVC are identified by their GPSI and UAS-ID respectively in the UAA revocation Request.
Step 2.
The SMF may inform UAV or UAVC with the UAA pairing revocation message.
Step 3.
The SMF responses USS that the pairing of UAV and UAVC has been revoked.

6.11.3  Solution evaluationp. 45

This solution addresses the key issue #2.
In this solution, pairing information is assumed to be pre-provisioned, 1) provisioned at USS/UTM; 2) provisioned at UAV/UAVC (the provisioning is not scope of 3GPP). Pairing authorization is performed at USS/UTM after UAV is authenticated by PLMN. Pairing authorization is sent to PLMN with associated IDs (e.g. GPSI and/or UAV IDs).
This solution supports pairing revocation triggered by USS/UTM at any time.
Further evaluation on SMF enforcing authorization of C2 traffic is needed.

Up   Top   ToC