ETSI TS 133 501-2018 Security architecture and procedures for 5G System (V15 1 0 3GPP TS 33 501 version 15 1 0 Release 15).pdf

1、 ETSI TS 133 501 V15.1.0 (2018-07) 5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 15.1.0 Release 15) TECHNICAL SPECIFICATION ETSI ETSI TS 133 501 V15.1.0 (2018-07)13GPP TS 33.501 version 15.1.0 Release 15Reference DTS/TSGS-0333501vf10 Keywords 5G,SECURITY ETSI 650 Rou

2、te des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi

3、.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference

4、in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of

5、 status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.a

6、spx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of E

7、TSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of it

8、s Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 133 501 V15.1.0 (2018-07)23GPP TS 33.501 version 15.1.0 Release 15Intellectual Property Rights Esse

9、ntial patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs

10、); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been c

11、arried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames w

12、hich are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an

13、 endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identit

14、ies, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document

15、“shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when

16、used in direct citation. ETSI ETSI TS 133 501 V15.1.0 (2018-07)33GPP TS 33.501 version 15.1.0 Release 15Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 11g31 Scope 12g32 References 12g33 Definitions and abbreviations . 14g33.1 Definitions 14g33.2 Abbrevia

17、tions . 16g34 Overview of security architecture 17g34.1 Security domains 17g34.2 Security Edge Protection Proxy (SEPP) . 18g35 Security requirements and features 19g35.1 General security requirements 19g35.1.1 Mitigation of bidding down attacks 19g35.1.2 Authentication and Authorization . 19g35.2 Re

18、quirements on the UE . 19g35.2.1 General 19g35.2.2 User data and signalling data confidentiality 19g35.2.3 User data and signalling data integrity 20g35.2.4 Secure storage and processing of subscription credentials . 20g35.2.5 Subscriber privacy 21g35.3 Requirements on the gNB 21g35.3.1 General 21g3

19、5.3.2 User data and signalling data confidentiality 21g35.3.3 User data and signalling data integrity 22g35.3.4 Requirements for the gNB setup and configuration 22g35.3.5 Requirements for key management inside the gNB 22g35.3.6 Requirements for handling user plane data for the gNB . 23g35.3.7 Requir

20、ements for handling control plane data for the gNB 23g35.3.8 Requirements for secure environment of the gNB 23g35.3.9 Requirements for the gNB F1 interfaces. 23g35.3.10 Requirements for the gNB E1 interfaces 23g35.4 Requirements on the ng-eNB . 23g35.5 Requirements on the AMF . 24g35.5.1 Signalling

21、data confidentiality 24g35.5.2 Signalling data integrity 24g35.5.3 Subscriber privacy 24g35.6 Requirements on the SEAF 24g35.7 Void 24g35.8 Requirements on the UDM . 24g35.8.1 Generic requirements 24g35.8.2 Subscriber privacy related requirements to UDM and SIDF 24g35.8a Requirements on AUSF 25g35.9

22、 Core network security 25g35.9.1 Trust boundaries . 25g35.9.2 Requirements on service-based architecture . 25g35.9.2.1 Security Requirements for service registration, discovery and authorization . 25g35.9.2.2 NRF security requirements . 25g35.9.2.3 NEF security requirements 25g35.9.3 Requirements fo

23、r e2e core network interconnection security . 26g35.9.3.1 General 26g35.9.3.2 Requirements for Security Edge Protection Proxy (SEPP) . 26g35.9.3.3 Protection of attributes 27g3ETSI ETSI TS 133 501 V15.1.0 (2018-07)43GPP TS 33.501 version 15.1.0 Release 155.10 Visibility and configurability . 27g35.1

24、0.1 Security visibility 27g35.10.2 Security configurability 27g35.11 Requirements for algorithms, and algorithm selection . 28g35.11.1 Algorithm identifier values . 28g35.11.1.1 Ciphering algorithm identifier values 28g35.11.1.2 Integrity algorithm identifier values 28g35.11.2 Requirements for algor

25、ithm selection . 28g36 Security procedures between UE and 5G network functions . 29g36.1 Primary authentication and key agreement 29g36.1.1 Authentication framework 29g36.1.1.1 General 29g36.1.1.2 EAP framework . 30g36.1.1.3 Granularity of anchor key binding to serving network 30g36.1.1.4 Constructi

26、on of the serving network name 30g36.1.1.4.1 Serving network name . 30g36.1.1.4.2 Construction of the serving network name by the UE . 30g36.1.1.4.3 Construction of the serving network name by the SEAF 31g36.1.2 Initiation of authentication and selection of authentication method . 31g36.1.3 Authenti

27、cation procedures 32g36.1.3.1 Authentication procedure for EAP-AKA . 32g36.1.3.2 Authentication procedure for 5G AKA . 34g36.1.3.2.0 5G AKA 34g36.1.3.2.1 Void . 36g36.1.3.2.2 RES* verification failure in SEAF or AUSF or both 36g36.1.3.3 Synchronization failure or MAC failure . 37g36.1.3.3.1 Synchron

28、ization failure or MAC failure in USIM . 37g36.1.3.3.2 Synchronization failure recovery in Home Network . 37g36.1.4 Linking increased home control to subsequent procedures 37g36.1.4.1 Introduction . 37g36.1.4.1a Linking authentication confirmation to Nudm_UECM_Registration procedure from AMF 38g36.1

29、.4.2 Guidance on linking authentication confirmation to Nudm_UECM_Registration procedure from AMF 39g36.2 Key hierarchy, key derivation, and distribution scheme 39g36.2.1 Key hierarchy 39g36.2.2 Key derivation and distribution scheme 41g36.2.2.1 Keys in network entities 41g36.2.2.2 Keys in the UE 43

30、g36.2.3 Handling of user-related keys . 45g36.2.3.1 Key setting 45g36.2.3.2 Key identification 45g36.2.3.3 Key lifetimes . 46g36.3 Security contexts 47g36.3.1 Distribution of security contexts . 47g36.3.1.1 General 47g36.3.1.2 Distribution of subscriber identities and security data within one 5G ser

31、ving network domain . 47g36.3.1.3 Distribution of subscriber identities and security data between 5G serving network domains . 47g36.3.1.4 Distribution of subscriber identities and security data between 5G and EPS serving network domains . 47g36.3.2 Multiple registrations in same or different servin

32、g networks . 48g36.3.2.0 General 48g36.3.2.1 Multiple registrations in different PLMNs 48g36.3.2.2 Multiple registrations in the same PLMN . 48g36.4 NAS security mechanisms 48g36.4.1 General 48g36.4.2 Security for multiple NAS connections 48g36.4.2.1 Multiple active NAS connections with different PL

33、MNs . 48g36.4.2.2 Multiple active NAS connections in the same PLMNs serving network . 49g36.4.3 NAS integrity mechanisms . 49g36.4.3.0 General 49g36.4.3.1 NAS input parameters to integrity algorithm 49g3ETSI ETSI TS 133 501 V15.1.0 (2018-07)53GPP TS 33.501 version 15.1.0 Release 156.4.3.2 NAS integr

34、ity activation . 49g36.4.3.3 NAS integrity failure handling 50g36.4.4 NAS confidentiality mechanisms . 50g36.4.4.0 General 50g36.4.4.1 NAS input parameters to confidentiality algorithm 50g36.4.4.2 NAS confidentiality activation 50g36.4.5 Handling of NAS COUNTs 50g36.4.6 Protection of initial NAS mes

35、sage 51g36.4.7 Security aspects of SMS over NAS 52g36.5 RRC security mechanisms 52g36.5.1 RRC integrity mechanisms . 52g36.5.2 RRC confidentiality mechanisms . 52g36.6 UP security mechanisms 52g36.6.1 UP security policy . 52g36.6.2 UP security activation mechanism 53g36.6.3 UP confidentiality mechan

36、isms 54g36.6.4 UP integrity mechanisms 55g36.7 Security algorithm selection, key establishment and security mode command procedure . 55g36.7.1 Procedures for NAS algorithm selection 55g36.7.1.1 Initial NAS security context establishment . 55g36.7.1.2 AMF change 55g36.7.2 NAS security mode command pr

37、ocedure . 55g36.7.3 Procedures for AS algorithm selection . 57g36.7.3.0 Initial AS security context establishment 57g36.7.3.1 Xn-handover 57g36.7.3.2 N2-handover 58g36.7.3.3 Intra-gNB-CU handover 58g36.7.3.4 Transitions from RRC-INACTIVE to RRC-CONNECTED states . 58g36.7.3.5 RNA Update procedure . 5

38、8g36.7.4 AS security mode command procedure 59g36.8 Security handling in state transitions 60g36.8.1 Key handling at connection and registration state transitions . 60g36.8.1.1 Key handling at transitions between RM-DEREGISTERED and RM-REGISTERED states 60g36.8.1.1.0 General 60g36.8.1.1.1 Transition

39、 from RM-REGISTERED to RM-DEREGISTERED . 60g36.8.1.1.2 Transition from RM-DEREGISTERED to RM-REGISTERED . 61g36.8.1.1.2.1 General. 61g36.8.1.1.2.2 Full native 5G NAS security context available 61g36.8.1.1.2.3 Full native 5G NAS security context not available 62g36.8.1.1.2.4 UE registration over a se

40、cond access type to the same AMF 62g36.8.1.2 Key handling at transitions between CM-IDLE and CM-CONNECTED states . 63g36.8.1.2.0 General 63g36.8.1.2.1 Transition from CM-IDLE to CM-CONNECTED 63g36.8.1.2.2 Establishment of keys for cryptographically protected radio bearers in 3GPP access 63g36.8.1.2.

41、3 Establishment of keys for cryptographically protected traffic in non-3GPP access 64g36.8.1.2.4 Transition from CM-CONNECTED to CM-IDLE 64g36.8.1.3 Key handling for the Registration procedure when registered in 5G-RAN 64g36.8.2 Security handling at RRC state transitions . 65g36.8.2.1 Security handl

42、ing at transitions between RRC_INACTIVE and RRC-CONNECTED states 65g36.8.2.1.1 General 65g36.8.2.1.2 State transition from RRCCONNECTED to RRCINACTIVE 65g36.8.2.1.3 State transition from RRCINACTIVE to RRCCONNECTED to a new gNB . 66g36.8.2.1.4 State transition from RRCINACTIVE to RRCCONNECTED to the

43、 same gNB 67g36.8.2.2 Key handling during mobility in RRC-INACTIVE state 67g36.8.2.2.1 General 67g36.8.2.2.2 RAN-based notification area update to a new gNB . 67g36.8.2.2.3 RAN-based notification area update to the same gNB 67g36.9 Security handling in mobility . 67g36.9.1 General 67g36.9.2 Key hand

44、ling in handover . 67g36.9.2.1 General 67g36.9.2.1.1 Access stratum . 67g3ETSI ETSI TS 133 501 V15.1.0 (2018-07)63GPP TS 33.501 version 15.1.0 Release 156.9.2.1.2 Non access stratum 69g36.9.2.2 Key derivations for context modification procedure . 69g36.9.2.3 Key derivations during handover 69g36.9.2

45、.3.1 Intra-gNB-CU handover 69g36.9.2.3.2 Xn-handover 69g36.9.2.3.3 N2-Handover . 70g36.9.2.3.4 UE handling . 71g36.9.3 Key handling in mobility registration update . 72g36.9.4 Key-change-on-the-fly 73g36.9.4.1 General 73g36.9.4.2 NAS key re-keying 74g36.9.4.3 NAS key refresh 74g36.9.4.4 AS key re-ke

46、ying 74g36.9.4.5 AS key refresh . 75g36.9.5 Rules on Concurrent Running of Security Procedures . 75g36.9.5.1 Rules related to AS and NAS security context synchronization . 75g36.9.5.2 Rules related to parallel NAS connections 75g36.10 Dual connectivity . 76g36.10.1 Introduction. 76g36.10.1.1 General

47、 76g36.10.1.2 Dual Connectivity protocol architecture for MR-DC with 5GC . 76g36.10.2 Security mechanisms and procedures for DC . 77g36.10.2.1. SN Addition or modification . 77g36.10.2.2 Secondary Node key update 78g36.10.2.2.1 General 78g36.10.2.2.2 MN initiated 78g36.10.2.2.3 SN initiated 78g36.10

48、.2.3 SN release and change 78g36.10.3 Establishing the security context between the UE and SN . 78g36.10.3.1 SN Counter maintenance . 78g36.10.3.2 Derivation of keys . 79g36.10.3.3 Negotiation of security algorithms 79g36.10.4 Protection of traffic between UE and SN 79g36.11 Security handling for RR

49、C Connection Re-establishment Procedure 80g36.12 Subscription identifier privacy . 81g36.12.1 Subscription permanent identifier . 81g36.12.2 Subscription concealed identifier 81g36.12.3 Subscription temporary identifier . 82g36.12.4 Subscription identification procedure . 82g36.12.5 Subscription identifier de-concealing function (SIDF) . 83g36.13 Signalling procedure for PDCP COUNT check . 83g36.14 Steering of roaming security mechanism . 84g36.14.1 General 84g36.14.2 Security mechanisms 84g36.14.2.1 Procedure for steering of UE in VPLMN during registration . 84g36.14.2.2 Pr