Content for  TR 33.854  Word version:  17.1.0

Top   Top   Up   Prev   Next
1…   5…   6…   6.1…   6.2…   6.3…   6.4…   6.5…   6.6…   6.7…   6.8…   6.9…   6.10…   6.11…   6.12…   6.13…   6.14…   6.15…   6.16…   7…


6.13  Solution #13: Authorization of UAV/UAVC when connected to EPSp. 47

6.13.1  Solution overviewp. 47

This solution addresses Key issues #1: and Key issue #2: Pairing authorization for UAV and UAVC.

6.13.2  Solution detailsp. 47  Generalp. 47

The solution uses a UAV Flight Enablement Subsystem (UFES) as a single point of contact between the PLMN and USS/UTM in order to limit the impact on the 3GPP system, although it is not strictly necessary for authentication and authorization solution to work. The authentication and authorization procedures are shown when connected to EPS and the authentication/authorization takes place during PDN connection establishment. The procedure in clause are used to authenticate and authorize a UAV.
Up  Authentication and authorizationp. 47

Figure shows how the UAV can be authenticated and authorized by the USS/UTM when connected to EPS.
Copy of original 3GPP image for 3GPP TS 33.854, Fig. Authentication and authorization of a UAV connection to EPS
The steps are as follows:
Step 1.
The UAV sends an Attach Request to the MME. The UAV includes the Aviation Connectivity payload which contains the allocated CAA-Level UAV ID and flight/pairing information in the message.
Step 2.
The MME authenticates the UAV and establishes the security.
Step 3.
The MME determines the subscription is an aerial subscription and selects the SMF+PGW-C to establish the default bearer.
Step 4.
The MME sends a Create Session Request message to the SMF+PGW-C. The message includes the Aviation Connectivity payload.
Step 5.
The SMF+PGW-C responds with a Create Session Response. At this point the UAV is restricted from sending user plane traffic.
Step 6.
The MME sends an Attach Accept message to the UAV.
Step 7.
The UAV responds with an Attach Complete message to the MME.
Step 8.
The SMF+PGW-C requests a UAV authentication and authorization from the UFES and includes the Aviation Connectivity payload in the request.
Step 9.
The UFES forwards the information to the USS/UTM. Only authorized USS/UTMs will be used in order to ensure only legitimate entities can provide authorization for UAVs.
Step 10a. and 10b.
There can be several round trips required for authentication of the UAV by the USS/UTM depending on the authentication method used by the USS/UTM and UAV. The authentication method and the content of messages used for authentication are out of scope of 3GPP. The content of the messages is carried in containers that are passed along and not processed by the entities between the UAV and USS/UTM.
Step 11.
On a successful authentication and authorization of the UAV, the USS/UTM stores the 3GPP UAV ID with the CAA-level UAV ID. The USS/UTM informs the UFES that the UAV has been successfully authenticated and authorized by the USS/UTM. The USS/UTM includes authorization information for both the network and the UAV.
Step 12.
The UFES further informs the SMF+PGW-C that the UAV has been successfully authenticated and authorized by the USS/UTM. The UFES passes the received authorization information onto the SMF+PGW-C. The SMF+PGW-C stores the network authorization information as part of the UE context. The network authorization information further contains the information whether USS/UTM authentication and authorization is required during future registrations and whether to allow UE to establish PDN connections(s) dedicated for the UAS service with or without further USS/UTM authentication and authorization. The network part of the authorization data contains authorization information applicable to existing PDN connections, which influence SMF+PGW-C decisions for the traffic on these connections. For example, the information may indicate to disable all connectivity of the UAV except for the connectivity to USS/UTM.
Step 13.
The SMF+PGW-C sends the Update Bearer Request message to the MME and include the UAV authorization information. The MME responds with the Update Bearer Response message. The SMF+PGW-C also set the traffic filters to allow traffic based on the received authorization information.
Step 14.
The MME passes the UAV authorization information to the UAV to inform the UAV that the authorization was successful. The UAV authorization information contains any needed aviation information, e.g. a new CAA-level UAV ID.
Step 15.
If using different PDN connections for C2 traffic, the UAV triggers a PDN connection set-up procedure which may include a further UAV authentication and authorization.
Step 16.
C2 traffic can start to pass between UAV and UAVC.
Up  Revocationp. 49

Figure shows how the authorization for some connectivity can be revoked.
Copy of original 3GPP image for 3GPP TS 33.854, Fig. UAV connectivity revocation
Figure UAV connectivity revocation
(⇒ copy of original 3GPP image)
Step 1.
The USS/UTM decides to revoke the UAV's authorization for some connectivity.
Step 2.
The USS/UTM sends an Authorization Revoke request to the UFES including the 3GPP UAV ID and details of the connectivity (e.g. UAV-C's IP address) to be revoked (e.g. a pairing with a UAV-C is no longer needed).
Step 3.
The UFES passes the Authorization Revoke request to the relevant SMF+PGW-C(s) which are selected based on the details of the connectivity to be revoked.
Step 4.
The SMF+PGW-C removes the connectivity of the UAV based on the received details (e.g. prevents the UAV from communicating with the UAV-C).
Step 5.
The SMF+PGW-C confirms to the UFES that the revocation of connectivity has happened.
Step 6.
The UFES confirms to the USS/UTM that the revocation of connectivity has happened.

6.13.3  Solution evaluationp. 50

This solution addresses key issues #1 and key issue #2 for a UAV connected to a 4G core network. The solution provides a method for the USS/UTM to authenticate and authorize a UAV before the UAV can access UAS services from the 3GPP system and in particular before a connection between a paired UAV and UAV-C can be enabled. The solution also provides a method of revoking the authorization and ensure only legitimate USS/UTMs can provide the authorizations for UAVs.

Up   Top   ToC