Content for TR 33.854 Word version: 17.1.0
6.16 Solution #16: Preventing malicious revocation from unauthorized UTM/USS
6.16.1 Solution overview
6.16.2 Solution details
6.16.3 Solution evaluation
6.16 Solution #16: Preventing malicious revocation from unauthorized UTM/USS p. 58
6.16.1 Solution overview p. 58
This solution proposes to address the fake UTM/USS issue in KI#1. Unauthorized UTM/USS, including fake UTM/USS and competitor UTM/USS, may perform malicious UAV service revocation due to the lack of authorization checking by the 3GPP network, the contribution provides a solution to prevent the malicious revocation sent by the unauthorized UTM/USS.
According to the conclusion in TR 23.754, the UTM/USS shows the 3GPP UAV ID (i.e. GPSI) to invoke MNO services and to revoke authentication & authorization. However, an unauthorized UTM/USS may perform malicious revocation to 3GPP network by sending 3GPP UAV ID captured from other places (e.g. the same 3GPP UAV ID is reused for multiple UTM/USSs or eavesdropping on the GPSIs which are sent out from 3GPP network). To prevent the above attack, this solution allows the UAV-NF to check the revocation request is sent from the serving UTM/USS of the UAV (i.e. the authorized UTM/USS).
6.16.2 Solution details p. 59
Upon a successful USS UAV Authentication and Authorization (UUAA) procedure between UAV and UTM/USS, the UAV-NF (a UAVF or UFES as specified in TR 23.754) stores a UUAA identity mapping between the 3GPP UAV ID and the UTM/USS identifier. Upon a successful pairing authorization procedure, the UAV-NF stores a pairing identity mapping between the 3GPP UAV ID and the UTM/USS identifier.
During either UUAA revocation or pairing revocation, the UTM/USS uses 3GPP UAV ID to invoke the corresponding revocation, the revocation request message sent from UTM/USS includes its UTM/USS identifier. The UAV-NF verifies the revocation request by checking the 3GPP UAV ID and UTM/USS identifier match the previously maintained mapping relationships accordingly (either UUAA ID mapping or pairing ID mapping). The UAV-NF stops the subsequent revocation procedures if the 3GPP UAV ID and the UTM/USS identifier sent from the UTM/USS do not match the previously maintained mapping relationships.
6.16.3 Solution evaluation p. 59
This solution addresses the fake UTM/USS issue in Key Issue #1 by introducing additional checks at UAV-NF (aka UAVF or UFES) to avoid unauthorized revocation (UUAA revocation or pairing revocation). This solution requires UAV-NF to associate the 3GPP UAV ID with the UTM/USS identifier after UUAA procedures. The UTM/USS is required to send both 3GPP UAV ID and UTM/USS identifier to UAV-NF to perform revocation(s). The UAV-NF needs to verify the associated identities provided by the UTM/USS before the rest revocation procedures.
