Tech-
invite
3GPP
space
IETF
RFCs
SIP
Quick
21
22
23
24
25
26
27
28
29
31
32
33
34
35
36
37
38
4‑5x
Content for
TR 33.864
Word version: 17.0.0
0…
4…
4
Architecture and security assumptions of AMF re-allocation
5
Key issues
6
Solutions
7
Conclusions
A
AMF re-allocation
$
Change history
4
Architecture and security assumptions of AMF re-allocation
Word‑p. 8
4.1
General
Word‑p. 8
4.2
Procedure of Registration with AMF re-allocation
Word‑p. 8
4.3
Architecture and security assumptions
Word‑p. 10
5
Key issues
Word‑p. 11
5.1
Key Issue #1: Security of AMF re-allocation procedures
Word‑p. 11
5.1.1
Key issue details
Word‑p. 11
5.1.2
Security threats
Word‑p. 11
5.1.3
Potential security requirements
Word‑p. 12
6
Solutions
Word‑p. 12
6.1
Solution #1: AMF re-allocation via RAN using existing security states
Word‑p. 12
6.1.1
Introduction
Word‑p. 12
6.1.2
Solution details
Word‑p. 12
6.1.2.1
Overview
Word‑p. 12
6.1.2.2
Message flows
Word‑p. 13
6.1.3
Evaluation
Word‑p. 14
6.2
Solution #2: Security of AMF re-allocation when 5G NAS security context is rerouted via RAN
Word‑p. 15
6.2.1
Introduction
Word‑p. 15
6.2.2
Solution details
Word‑p. 15
6.2.3
Evaluation
Word‑p. 18
6.3
Solution #3: Solving registration failure with AMF re-allocation via RAN
Word‑p. 19
6.3.1
Solution Overview
Word‑p. 19
6.3.2
Solution Details
Word‑p. 19
6.3.3
Security Evaluation
Word‑p. 23
6.4
Solution #4: Solution to enable NAS Security for AMF reallocation and reroute via RAN Scenario
Word‑p. 23
6.4.1
Introduction
Word‑p. 23
6.4.2
Solution details
Word‑p. 23
6.4.3
Evaluation
Word‑p. 27
6.5
Solution #5: AMF re-allocation by re-directing UE to new AMF
Word‑p. 28
6.5.1
Solution Overview
Word‑p. 28
6.5.2
Solution Details
Word‑p. 29
6.5.2.1
Handling Different cases of communicating AMFs (Figure 4.3-1)
Word‑p. 30
6.5.3
Evaluation
Word‑p. 31
6.6
Solution #6: Solution to provide Security context to AMF capable of serving the UE to ensure system availability
Word‑p. 31
6.6.1
Introduction
Word‑p. 31
6.6.2
Solution details
Word‑p. 31
6.6.3
Evaluation
Word‑p. 36
6.7
Solution #7: Solution to enable Reallocated AMF to serve the UE
Word‑p. 37
6.7.1
Introduction
Word‑p. 37
6.7.2
Solution details
Word‑p. 37
6.7.3
Evaluation
Word‑p. 41
6.8
Solution #8: Solution to enable UE connection directly to the slice AMF
Word‑p. 42
6.8.1
Introduction
Word‑p. 42
6.8.2
Solution details
Word‑p. 42
6.8.2.1
Solution phase 1
Word‑p. 42
6.8.2.2
Solution phase 2
Word‑p. 43
6.8.3
Evaluation
Word‑p. 44
6.9
Solution #9: Security of AMF re-allocation when 5G NAS security context is rerouted via RAN
Word‑p. 45
6.9.1
Introduction
Word‑p. 45
6.9.2
Solution details
Word‑p. 45
6.9.3
Evaluation
Word‑p. 48
6.10
Solution #10: Solution to reroute 5G NAS security context via RAN
Word‑p. 49
6.10.1
Introduction
Word‑p. 49
6.10.2
Solution details
Word‑p. 49
6.10.3
Evaluation
Word‑p. 52
6.11
Solution #11: Solution for AMF re-allocation by triggering a new registration procedure
Word‑p. 53
6.11.1
Introduction
Word‑p. 53
6.11.2
Solution details
Word‑p. 53
6.11.3
Evaluation
Word‑p. 55
6.12
Solution #12: AMF re-allocation and secured reroute via RAN enabled by AUSF
Word‑p. 56
6.12.1
Introduction
Word‑p. 56
6.12.2
Solution details
Word‑p. 56
6.12.3
Evaluation
Word‑p. 59
7
Conclusions
Word‑p. 60
7.1
Conclusion for key issue #1 - Security of AMF re-allocation procedures
Word‑p. 60
A
AMF re-allocation
Word‑p. 61
A.1
Registration failure issue with AMF re-allocation via RAN
Word‑p. 61
A.1.1
General
Word‑p. 61
A.1.2
Description of Registration Failure Issue
Word‑p. 61
$
Change history
Word‑p. 65