Tdoc List
2017-10-13 16:56
| TDoc | Title | Source | Type | For | Agenda | Avail | Treated | Decision | Wdrn | Replaced-by | Replaces |
|---|---|---|---|---|---|---|---|---|---|---|---|
| S3‑172200 | Agenda | SA WG3 Chair | agenda |
2Approval of Agenda and Meeting Objectives
| Yes |
Yes
| approved | No | |||
| S3‑172201 | SA3 Work Plan | MCC | other |
6Review and Update of Work Plan
| Yes |
Yes
| noted | No | |||
| S3‑172202 | SA3 meeting calendar | MCC | other |
7Future Meeting Dates and Venues
| Yes |
Yes
| noted | No | |||
| S3‑172203 | Way for protecting sensitive information transmitted between operators | ZTE Corporation, China Mobile, CATR | pCR | Approval |
4.2.12NDS
| Yes |
Yes
| not treated | No | ||
| S3‑172204 | Reply LS on algorithm selection in E-UTRA-NR Dual Connectivity | C1-173748 | LS in |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
YesVodafone:Does the IE relate to the radio or to the core? Do you use LTE IE when you use 5G radio connected to the EPC, or do you use the 5G elements? This would lead to a matrix of four possible combinations and it affects the network selection.
Ericsson and Vodafone agreed that it is related to the core and not to the radio.
| noted | No | |||
| S3‑172205 | Reply LS to LS on PLMN and RAT selection policies for roaming | C1-173751 | LS in |
4.2.15Others
| Yes |
YesVodafone: This is another unnecessary secure area to get away from what the SIM provides.
Qualcomm: CT1 and SA2 are aware about Vodafone's statement, they are looking for a control plane security solution.
Vodafone: OTA solution is misrepresented in the LS.
Qualcomm: the VPLMN only has access to the information passing through, not to the UE at all.
Qualcomm: it is not up to SA3 to discuss OTA solutions.
NTT-Docomo: we don’t understand why SA2 has opted for this.Let's ask them what is the new mechanism's advantage over OTA.
| replied to | No | |||
| S3‑172206 | LS on applicability of service based interface for legacy core network elements | C1-173753 | LS in |
4.2.15Others
| Yes |
YesIt was decided to wait for SA2's response to react to this LS.
| noted | No | |||
| S3‑172207 | Reply LS on 5G signalling protocol requirements | C4-174311 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172208 | LS on Conclusion on Service Based Architecture Protocol Selection | C3-174370,C4-174343 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172209 | LS to SA3 on RAN2 agreements on jumbo frames | R2-1709804 | LS in |
4.2.15Others
| Yes |
YesNokia: I think it has been commented before that ZUC may have problems.
Ericsson: ZUC was checked with ETSI SAGE and there was no problem. This was discussed in the San Diego meeting.
| replied to | No | |||
| S3‑172210 | Reply LS on NR security input parameters | R2-1709969 | LS in |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| noted | No | |||
| S3‑172211 | LS reply on Support for fake gNB detection mechanisms | R2-1709980 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172212 | LS on secure storage and processing of subscription credentials | S1-173475 | LS in |
4.2.15Others
| Yes |
YesORANGE: the stated service requirement is a SA3 requirement.
Vodafone: it's both SA1 and SA3 requirement. It started as a SA1 and SA plenary requirement.
ORANGE: We already have 33.501 requirements on this.
Vodafone: we cannot have a published document referring to the draft 33.501.
Vodafone: it's clearly a security requirement and they have made a commitment to align with our view.
Ericsson: this is a working agreement and it’s a stable requirement.
ORANGE agreed with Vodafone, it’s a security requirement. The SA1 spec is not clearly the place to have this requirement.
| postponed | No | |||
| S3‑172213 | LS on PLMN and RAT selection policies for roaming | S1-173478 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172214 | Reply LS on Address Mapping Requirements | S2-176561 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172215 | LS Response on Service Based Architecture | S2-176692 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172216 | LS on Undetectability of LI Data stored in a UDSF | S3i170259 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172217 | Address Mapping Requirements | S3i170260 | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172218 | Reply LS on 5GS Security aspects seeking resolution | S2-175309 | LS in |
4.2.15Others
| Yes |
Yes
| replied to | No | |||
| S3‑172219 | LS on PLMN and RAT selection policies for roaming | S2-175286 | LS in |
4.2.15Others
| Yes |
YesVodafone: there is a steering of roaming from the SIM to the UE to change the network since Rel-8. A solution exists already.
| replied to | No | |||
| S3‑172220 | Remove editor notes related to privacy requirements | CATT, CATR | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172221 | Add new requirement related to visibility and configurability | CATT, CATR | pCR | Approval |
4.2.7Visibility & configurability
| Yes |
Yes
| not treated | No | ||
| S3‑172222 | Remove editor note related to SIDF and text corrections | CATT | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172223 | Moving Serving Network Name construction into it's own clause | KPN N.V. | pCR | Approval |
4.2.8Primary authentication
| Yes |
YesTIM: Is there a possibility of pre-computing the authentication vector or not?
If we have to change the response depending on to which network we send it to, where is the calculation performed? This had to be taken offline.
| revised | No | S3‑172571 | |
| S3‑172224 | Rewriting Clause 6.1.2 and 6.1.3 in normative language and adding Annex A | KPN N.V. | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172225 | Discussion on provision of SUPI from home to visited network | VODAFONE Group Plc | discussion | Discussion |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172226 | Rewriting Clause 6.1.2 and 6.1.3 in normative language and adding Annex A | KPN N.V. | pCR | Approval |
4.2.8Primary authentication
| Yes |
YesKPN: AUSF is always in the Home Network, that's my understanding.
Nokia: there's a interim requirement about this.
| revised | No | S3‑172569 | |
| S3‑172227 | Security Considerations for Service Based Architecture in 5G | Deutsche Telekom AG | discussion | Endorsement |
4.2.13Service based architecture
| Yes |
YesHuawei: in Goal#5, which scenario supports hop-by-hop security?
DT: In the interconnect case there are situations when end-to-end security is not possible.
NTT-Docomo: some of the goals are already mentioned in our requirements.
It was clarified that these were work principles for a new topic in SA3 and that an endorsement of the goals expressed here would help.
NCSC was confused with folllowing this line of work, so it was decided to revise the document to have a set of goals that everybody could endorse.
ORANGE preferred to remove the reference to the third party in goal#3.
DT: can this be done in phase one?
ORANGE: we can give security recommendations for implementation if we don’t have time for requirements.
The Chair clarified that the TS will not give details on the implementation anyway, and agreed that this could be done.
| revised | No | S3‑172533 | |
| S3‑172228 | PCR to 33.501 – typos and language in multiple clauses. | InterDigital, Inc. | pCR | Approval |
4.2.15Others
| Yes |
Yes
| revised | No | S3‑172521 | |
| S3‑172229 | PCR to 33.501 – Clause 6.7.2 – rephrased for clarity | InterDigital, Inc. | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172230 | PCR to 33.501 – Clause 6.1.3.1 – rephrased for clarity | InterDigital, Inc. | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | ||
| S3‑172231 | Corrections to MCData security procedures | SAMSUNG | CR |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| revised | No | S3‑172532 | ||
| S3‑172232 | Corrections to SgNB security procedures | SAMSUNG | CR | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | ||
| S3‑172233 | pCR on signalling procedure for periodic local authentication | SAMSUNG | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172234 | Discussion on Securing the Network Steering Information | SAMSUNG | pCR | Approval |
4.2.15Others
| Yes |
Yes
| noted | No | ||
| S3‑172235 | pCR for Securing the Network Steering Information | SAMSUNG | pCR | Approval |
4.2.15Others
| Yes |
YesVodafone: In this case, everytime I want to change the preferred list I need to do the authentication again.
End to end security solution is possible but more details are needed.
Mandatory IE in every message was objected by Vodafone.
Where are the keys stored and where all the message are being processed? This had to be considered further.
Vodafone pointed out that the relation with the other lists needed to be clarified.
Nokia also commented that the security impacts on the architecture were big and had to be considered as well.
Vodafone: the impact on security architecture is so big that it would need a TR for this topic only.
| noted | No | ||
| S3‑172236 | Discussion on user plane protection | SAMSUNG | discussion |
4.2.4AS security
| Yes |
Yes
| not treated | No | |||
| S3‑172237 | Discussion on UDM term consistency | SAMSUNG | discussion | Approval |
4.2.8Primary authentication
| Yes |
Yes
| noted | No | ||
| S3‑172238 | Update the skeleton of TS 33.501 for service based architecture | Huawei, Hisilicon | pCR | Approval |
4.2.13Service based architecture
| No |
Yes
| revised | No | S3‑172244 | |
| S3‑172239 | Security requirements for service based architecture | Huawei, Hisilicon | pCR | Approval |
4.2.13Service based architecture
| Yes |
YesVodafone: this doesn’t feel like a requirements section, the language style and the way it is written are not correct.
TIM:optional confidentiality and integrity protection? Mandatory to support or optional?
DT: authentication of network functions as they register should be included here.
The Chair commented that the essence of the document seemed to be fine, but it required some more work with the wording.
It was decided to work on this offline and come back with an input for the next meeting.
| noted | No | ||
| S3‑172240 | NF registration and authentication procedure of Service Based Architecture | Huawei, Hisilicon | pCR | Approval |
4.2.13Service based architecture
| Yes |
YesTIM: premature to bring this. Ericsson agreed.
Vodafone: this needs some language check.
| noted | No | ||
| S3‑172241 | Authorization of NF service discovery | Huawei, Hisilicon | pCR | Approval |
4.2.13Service based architecture
| Yes |
YesVodafone pointed out the language aspect, it needed reqording. In roaming scenarion there are no issues with the authentification. The non roaming scenario is not as clear as you think.
TIM: authorization is enough? Authentication could also be necessary.
Ericsson and Nokia: lot of stuff repeated from 23.401.
| noted | No | ||
| S3‑172242 | Authorization of NF service access | Huawei, Hisilicon | pCR | Approval |
4.2.13Service based architecture
| Yes |
YesVodafone: Both flows seem to be very similar. One option combining both flows would be sufficient.
TIM: this is written more like a SA2 contribution. Vodafone agreed, this is pushed towards the service discovery not the authorization.
Ericsson agreed that this was not clear.A way forward would be to add this to the living document.
Interdigital: it describes how to authorise, not about the discovery. I would like to see more of this.
TIM: we are jumping straightly into solutions. Not even for the living document.
Nokia agreed that this should not go as the solution for the TS, but it should go as an option to the living document.
| revised | No | S3‑172539 | |
| S3‑172243 | Protection of the connection between NFs | Huawei, Hisilicon | pCR | Approval |
4.2.13Service based architecture
| Yes |
YesVodafone: there are cost concerns here, it would be too expensive to implement. This needs to have lots of small tunnels better than big tunnels.
Juniper: the cost of TLS proxies is much higher than IPsec so we should be careful with this.
| noted | No | ||
| S3‑172244 | Update the skeleton of TS 33.501 for service based architecture | Huawei, Hisilicon, CATR | pCR | Approval |
4.2.13Service based architecture
| Yes |
Yes
| merged | No | S3‑172534 | S3‑172238 |
| S3‑172245 | Address EN in requirements for gNB setup and configuration | Huawei, Hisilicon, | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172246 | Flexible retaining AS keys solution | Huawei, Hisilicon, China Mobile | pCR | Approval |
4.2.3Mobility
| Yes |
YesEricsson: Implementation dependent to say how long to keep the key.
China Mobile: wjen the HO is made, we face the situation when the key may be changed or not and when. We support Huawei, we need to know in which situation the key is changed.
Nokia didn’t agree with the contribution. The best mechanism is the key refresh.
Samsung: retaining key time is a very complex procedure.
Huawei: the gNodeB needs a mechanism to decided whether to retain a key or not. It’s not a new procedure but a policy.
| noted | No | ||
| S3‑172247 | Requirements for UP and CP for the gNB | Huawei, Hisilicon, China Mobile | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172248 | Support NIA0 algorithm for UP data | Huawei, Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172249 | Meeting SUPI privacy and LI Requirements | Huawei, Hisilicon, Intel | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172250 | Intra-gNB meaning in 5G RAN architecture | Huawei, Hisilicon, China Mobile | pCR | Approval |
4.2.3Mobility
| Yes |
YesNokia didn’t agree with having this kind of change.
Vodafone, ORANGE and BT supported it.
NTT-Docomo: where does the PDCP terminate? Better to say this than talking about intra gNB-CU handover.
Nokia: we need to say more about the split architecture and an new clause should added for this.
| approved | No | ||
| S3‑172251 | Subscriber Privacy under Home network control | Huawei, Hisilicon | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172252 | Security Algorithms Negotiation for Initial AS security context | Huawei, Hisilicon, China Mobile | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172253 | Updates security handling in mobility | Huawei, Hisilicon, Deutsche Telekom AG | pCR | Approval |
4.2.3Mobility
| Yes |
YesKPN: Diffie-Hellman introduces a lot of man-in-the-middle problems.
Huawei: the attacker would have to control the source gNB, access the air interface,…very complex to be able to perform this attack.
NTT-Docomo suppported KPN.
Nokia: Diffie-Hellman consumes a lot of resources and latency.
There was no much support for this contribution.
| noted | No | ||
| S3‑172254 | Moving UE handling SUCI to SUCI clause | Huawei, Hisilicon, China Mobile | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172255 | Adding Forward & Backward Security definition to TS33.501 | Huawei, Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172256 | Security Procedures between 5G Network Functions | Huawei, Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172257 | pCR to TS 33.501 KDF negotiation | Huawei; Hisilicon | pCR | Approval |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172258 | Security Handling for RRC Connection Re-establishment | Huawei; Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172259 | Discussion on flexibility of retaining or changing AS security key | Huawei; Hisilicon | discussion | Discussion |
4.2.3Mobility
| Yes |
YesNokia: we should go to RAN2 when we have a specific question. I can’t see the issues.
Ericsson: in proposal one we only agree with the Handover; not with the rest.
There wasn't much support for this.
| noted | No | ||
| S3‑172260 | Draft LS on Discussion on flexibility of retaining or changing AS security key | Huawei; Hisilicon | LS out | Approval |
4.2.3Mobility
| Yes |
Yes
| noted | No | ||
| S3‑172261 | pCR to TS 33.501: Security Handling at Transition from RRC-INACTIVE to RRC-CONNECTED transition | Huawei; Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172262 | pCR to TS 33.501: reusing {NCC, NH} to key derivation for handover | Huawei; Hisilicon | pCR | Approval |
4.2.2Key derivation
| Yes |
Yes
| revised | No | S3‑172564 | |
| S3‑172263 | Delete allowed NSSAI in NAS SMC | Huawei; Hisilicon | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172264 | Discussion on security of interworking | Huawei; Hisilicon | discussion | Discussion |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172265 | regestration procedures in 5G-RAN during interworking from EPC to 5GC | Huawei; Hisilicon | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172266 | TAU procedures in E-UTRAN during interworking from 5GC to EPC | Huawei; Hisilicon | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172267 | handover procedures during interworking from EPC to 5GC | Huawei; Hisilicon | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172268 | handover procedures during interworking from 5GC to EPC | Huawei; Hisilicon | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172269 | Discussion on the reception of UE NR security capabilities | Huawei; Hisilicon | discussion | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| noted | No | ||
| S3‑172270 | Reception of UE NR security capabilities | Huawei; Hisilicon | CR | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| not pursued | No | ||
| S3‑172271 | key isolation between AMFs during idle mode mobility | Huawei; Hisilicon | pCR | Approval |
4.2.3Mobility
| Yes |
YesEricsson preferred this option to the Huawei option.
| merged | No | S3‑172559 | |
| S3‑172272 | Adding the definition of NEA0 and NIA0(5.6.1) | Huawei; Hisilicon | pCR | Approval |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172273 | Adding the content on security contexts(6.3) | Huawei; Hisilicon | pCR | Approval |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172274 | Adding the content on Subscription identification procedure(6.8.4) | Huawei; Hisilicon | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172275 | Clarification NULL Integirity algorithm for OPtion3 | Huawei; Hisilicon | CR | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
YesVodafone: Is this the only place where we do the translation? This can produce some confusion in the future.
Huawei: it helps to distinguish the 5G UE from 4G UE.
Qualcomm: this will have impact on the system. We will also have to add an emergency calls clarification.
This had to be taken offline.
Show of hands to see what the feeling is in the room, whether they agree with the concept, not all the small details:
275 from Huawei, UP integrity algorithms should stay:
Support --> Vodafone,Huawei
367, removing the algorithms:
Support -->Qualcomm, Samsung
| not pursued | No | ||
| S3‑172276 | Discussion on a framework of AS security | Huawei; Hisilicon | discussion | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172277 | AS Security Negotiation and Activation | Huawei, Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172278 | UP security policy | Huawei; Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172279 | UP protection features | Huawei; Hisilicon | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172280 | Corrections on 33501 | Huawei; Hisilicon | pCR | Approval |
4.2.15Others
| Yes |
Yes
| revised | No | S3‑172519 | |
| S3‑172281 | pCR to TS 33.501 add management plane protection to 7.2 | Huawei; Hisilicon | pCR | Approval |
4.2.12NDS
| Yes |
Yes
| not treated | No | ||
| S3‑172282 | pCR to TS 33.501 add reference to management plane to 5.2.4 | Huawei; Hisilicon | pCR | Approval |
4.2.12NDS
| Yes |
Yes
| not treated | No | ||
| S3‑172283 | Remove editor note related to SUCI | CATT | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172284 | Raw public key provisioning | CATT | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172285 | 5G-RAN Key Setting | Huawei & Hisilicon | pCR | Approval |
4.2.1Key hierarchy
| Yes |
YesEricsson: NAS keys part will be relocated when a clause is created for them. An editor's note was added for this.
Vodafone didn’t agree with this content and since there was no support it was finally noted.
| noted | No | ||
| S3‑172286 | Providing details on the authentication vector and calculation of keys | Huawei & Hisilicon | pCR | Approval |
4.2.2Key derivation
| Yes |
Yes
| revised | No | S3‑172578 | |
| S3‑172287 | Discussion on secondary authentication | Huawei & Hisilicon | discussion | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172288 | Secondary authentication via NEF | Huawei & Hisilicon | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172289 | Security Procedures with EAP-TLS | Huawei & Hisilicon | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172290 | EAP Framework | Huawei & Hisilicon | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| revised | No | S3‑172552 | |
| S3‑172291 | Confidentiality of NSSAI | Huawei & Hisilicon | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
YesORANGE: How can we use theHome Network public key for the encryption if we are in the serving network?
China Mobile: we cannot agree with this contribution.
Interdigital didn’t support it either.
Ericsson: the HN public key mechanism is optional, that is Huawei's intention here.
Nokia: then the "shall" is not correct here.
| noted | No | ||
| S3‑172292 | DN authorization grant and revocation | Huawei & Hisilicon | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172293 | ID linkage verification in secondary authentication | Huawei & Hisilicon | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172294 | Secondary authentication for multiple PDU sessions | Huawei & Hisilicon | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172295 | Interworking with EPC without N26 | Huawei; Hisilicon | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172296 | Adding content to NAS security | Huawei; Hisilicon | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172297 | Caculation of SUCI in ME | Huawei; Hisilicon | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172298 | Editorial corrections for Annex E | Huawei; Hisilicon | CR | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
YesOverlaps with 232. Nokia didn’t agree with E.1.1: We don’t need to talk about SgNB here. This was removed.
| revised | No | S3‑172514 | |
| S3‑172299 | pCR on editorial correction of TS 33.501 | NEC EUROPE LTD | pCR | Approval |
4.2.15Others
| Yes |
YesNokia: 5GS is used in SA2 as EPS.
It was commented that pCRs for this meeting would clash and make the implementation harder. The Rapporteur would have to take care of this.
It was also commented that the abbreviations for AIR and AMF would have to be dealt with since they refer to different terms. Notes would clarify this issue.
| revised | No | S3‑172518 | |
| S3‑172300 | [MCSec] 33180 R14 client check at GMK provisioning | Motorola Solutions | CR | Agreement |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172301 | [MCSec] 33180 R14 add transmission control for MCVideo | Motorola Solutions | CR | Agreement |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| agreed | No | ||
| S3‑172302 | [MCSec] 33180 R14 MCPTT to MCX fixes | Motorola Solutions | CR | Agreement |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| agreed | No | ||
| S3‑172303 | [MCSec] 33180 R14 SIP MESSAGE clarification for MCData | Motorola Solutions | CR | Agreement |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| agreed | No | ||
| S3‑172304 | [eMCSec] 33180 R15 client check at GMK provisioning (mirror) | Motorola Solutions | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172305 | [eMCSec] 33180 R15 add transmission control for MCVideo (mirror) | Motorola Solutions | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172306 | [eMCSec] 33180 R15 MCPTT to MCX fixes (mirror) | Motorola Solutions | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172307 | [eMCSec] 33180 R15 SIP MESSAGE clarification for MCData (mirror) | Motorola Solutions | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172308 | Draft skeleton proposal for TR33.811 | Huawei, Hisilicon, China Mobile | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesMCC commented that this was an old template, so the new draft should be built on the new template with the 5G logo.
The structure was approved in any case.
| approved | No | ||
| S3‑172309 | Adding references to TR 33.811 | Huawei, Hisilicon, China Mobile | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesORANGE commented that TR 33.899 was a draft that was stopped, never approved, and that the reference should go away.
MCC commented that references should be added as needed, since it can be the case that they will never be used.
The document was noted.
| noted | No | ||
| S3‑172310 | Introduction section for TR33.811 | Huawei, Hisilicon, China Mobile | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesNokia: don’t refer to the SA2 TR and SA3 TR on 5G.
Vodafone disagreed with the first paragraph. The introduction should set the scene and in here they are referring to what 3GPP groups did in the past. They proposed to note the document and avoid having an Introduction clause.
BT and ORANGE agreed.
| noted | No | ||
| S3‑172311 | A proposal for the scope of the TR33.811 | Huawei, Hisilicon | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesBT: it's not clear what we need to do this.
ORANGE wasn't happy with the way the scope was written and proposed to go back to the study objectives and put it here.
| revised | No | S3‑172549 | |
| S3‑172312 | A key issue of interface security for TR33.811 | Huawei, Hisilicon, CATR | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesNokia: the requirements are not complete, add an edito's note about this.
MCC: make sure that the clauses give "potential requirements" since this is a TR and be careful with using normative text throughout the document since it is informative in nature, not normative.
ORANGE was concerned that this was not in line with the TS in SA5 and proposed to have it noted. Vodafone agreed. The key issue is not an issue and the key issue details are not correct. It needs a lot of work.
BT supported this contribution.
NTT-Docomo: we should take into account the finished SA5 TR as well, not only on the normative work that they are currently doing.
ORANGE: the TS and TR in SA5 have different scopes. The study item is clear with having the SA5 TS as the object of the study.
It was agreed to remove the requirements, since they were object of major concern for several companies.
| revised | No | S3‑172550 | |
| S3‑172313 | A key issue on security capabilities for TR33.811 | Huawei, Hisilicon | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesVodafone: the key issue is not an issue. The threats under the security requirements don't match with the key issue details.This needs substantial work in the wording.
It was decided to revise the document targeting the key issue details.
| revised | No | S3‑172551 | |
| S3‑172314 | A key issue on security protection of messages exchanged with customers | Huawei, Hisilicon | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesVodafone: the key issue is not worded as key issue. And there are actually two key issues here, not one.
| noted | No | ||
| S3‑172315 | A key issue on security isolation of network slices | Huawei, Hisilicon | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
YesNokia: Where is this security isolation coming from?
Huawei: this is coming from TR 28.801.
Nokia: there was no agreement on the security isolation in our TR 33.899.
Vodafone: same as the others, the key issue details are wrong. The title should be"leakage of slice data beween slices", and then write the text accordingly.
| noted | No | ||
| S3‑172316 | Changes to Initiation of Authentication and subscription identity procedure. | Intel | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172317 | Secondary Re-Authentication | Intel | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172318 | Solution to prevent unauthorized access to external Data Network | Intel | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172319 | Binding Primary and Secondary authentication | Intel | discussion | Discussion |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172320 | Security key handling during Xn handover | Intel | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| revised | No | S3‑172504 | |
| S3‑172321 | Clause 8.3.1.1.1 (key handling in handover, general, access stratum) - Disc | Ericsson | discussion | Discussion |
4.2.2Key derivation
| Yes |
Yes
| noted | No | ||
| S3‑172322 | Clause 8.3.1.1.1 (key handling in handover, general, access stratum) - pCR | Ericsson | pCR | Approval |
4.2.2Key derivation
| Yes |
YesNokia argued about the chain-hole since 4G is working fine.and this may confuse current implementations. Huawei agreed, they wanted some consistency.
Ericsson: why keeping something that is wrong and that can be fixed simply?
KPN agreed with Ericsson.
The Chair requested a show of hands for 322 and 262:
Who supports 322:
Ericsson,Intel, KPN
Who supports 262:
Nokia, NTT-Docomo, Huawei, Samsung,Deutsche Telekom
The overall sentiment was to go for 262 and 322 was noted.
| noted | No | ||
| S3‑172323 | Clause 8.3.1.1.1 (key derivation in handover key chaining model) - Disc | Ericsson | discussion | Decision |
4.2.2Key derivation
| Yes |
Yes
| noted | No | ||
| S3‑172324 | Clause 8.3.1.1.1 (key derivation in handover, general, access stratum) - pCR | Ericsson | pCR | Approval |
4.2.2Key derivation
| Yes |
Yes
| approved | No | ||
| S3‑172325 | Clause 8.3.1.1.2 (key handling in handover, general, non access stratum) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| revised | No | S3‑172561 | |
| S3‑172326 | Clause 8.3.1.2 (key derivation for context modification procedure) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
YesHuawei queried about the "final KNgb". It was revised to clarify this.
| revised | No | S3‑172562 | |
| S3‑172327 | Clause 8.3.1.3.1 (key derivation during handover, intra-gNB) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| revised | No | S3‑172563 | |
| S3‑172328 | Clause 8.3.1.3.2/8.3.1.3.2 (key derivation during handover, Xn/N2) - Discussion | Ericsson | discussion | Discussion |
4.2.3Mobility
| Yes |
Yes
| noted | No | ||
| S3‑172329 | Clause 8.3.1.3.2 (key derivation during handover, Xn) - pCR | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
YesSupported by Intel, who noted 504.
Huawei found it difficult to find a difference with LTE.
Nokia: this is a significant improvement over LTE. There might be implications that RAN2,RAN3 should investigate.
Qualcom also preferred to hear from RAN3.
It was agreed to send an LS to RAN3 cc RAN2.
| revised | No | S3‑172566 | |
| S3‑172330 | Clause 8.3.1.3.3 (key derivation during handover, N2) - pCR | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| revised | No | S3‑172567 | |
| S3‑172331 | Clause 8.3.1.3.4 (key derivation during handover, UE handling) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | ||
| S3‑172332 | Clause 8.3.1.4.1 (key change on fly, general) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | ||
| S3‑172333 | Clause 8.3.1.4.2 (key change on fly, AS key re-keying) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| revised | No | S3‑172568 | |
| S3‑172334 | Clause 8.3.1.4.3 (key change on fly, AS key refresh) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | ||
| S3‑172335 | Clause 8.3.1.4.4 (key change on fly, NAS key re-keying) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| merged | No | S3‑172558 | |
| S3‑172336 | Clause 8 (open issues in AS security) - Disc | Ericsson | discussion | Discussion |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172337 | Clause 8.1.2.1.1 (AS algo. initial context) for RRC | Ericsson | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172338 | Clause 8.1.2.2 (AS security mode command procedure) for RRC | Ericsson | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172339 | Clause 8 (user plane security - integrity protection) | Ericsson | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172340 | Clause 8 (user plane security - confidentiality) | Ericsson | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172341 | Clause 8 (relation between RRC and user plane security algorithms) | Ericsson | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172342 | Clause 8 (conflict between RAN and CN) | Ericsson | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172343 | UE-assisted network-based detection of false base station - disc | Ericsson | discussion | Discussion |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172344 | UE-assisted network-based detection of false base station - pCR | Ericsson | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172345 | Clauses 6.1.3 and 6.7.2 (auth procedures and NAS SMC, SUPI from UE for LI) | Ericsson, Telecom Italia | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172346 | Clauses 6.8.3 (5G-GUTI refresh at periodic registration update) | Ericsson, Telecom Italia | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172347 | Clauses 6.8.3 (5G-GUTI refresh at network triggered service request) | Ericsson, Telecom Italia | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172348 | Selection of SUCI null-scheme | Ericsson | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172349 | (Resubmission) Discussion for drafting reply to S2-175309, relates NSSAI privacy | Ericsson | discussion | Discussion |
4.2.14Privacy (not covered by other headings)
| Yes |
YesQualcomm: it has to go to phase one or it won’t be usable.
China Mobile didn’t support proposal 3 but they were fine with the rest.
Ericsson: the consequence is that the authentication of the network slice will be delayed.
There was no agreement with the proposal one.
Huawei supported proposal three.
Interdigital didn't support proposal 4.
The Chair suggested a show of hands:
Proposal one not in phase one: 9 companies
Proposal one in phase one: 4 companies
After this Qualcomm decided to go for phase two in order to make progress.
| noted | No | ||
| S3‑172350 | (Resubmission) draft Reply LS on Reply LS on 5GS Security aspects seeking resolution | Ericsson | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
YesORANGE: don’t send privacy sensitive information in the NSSAI.
Nokia: NAS security established, there is encryption already and it is protected.
Qualcomm asked to be in the minutes:
Although SA3 is sending the LS the interim agreement hasn’t changed.
The agreed LS is in 517.
| noted | No | ||
| S3‑172351 | (Resubmission) Annex X.3 (SUCI, ECIES scheme normative Annex) | Ericsson | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172352 | Privacy requirements on the UE | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| revised | No | S3‑172509 | |
| S3‑172353 | Requirement on AMF | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172354 | Merging and enhancing 6.8.1 and 6.8.2 | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172355 | SIDF purpose in initiation of authentication | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172356 | SIDF functionality | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172357 | Null scheme clarifications - resolving ed.note | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172358 | UDM requirements - key management and privacy | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172359 | LI conformity when privacy is used | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| revised | No | S3‑172506 | |
| S3‑172360 | was S3-171950 TS - NSSAI privacy | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| noted | No | ||
| S3‑172361 | was S3-171949 Discussion of NSSAI privacy | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
YesBT and Interdigital disagreed with the conclusion.
Ericsson and LG disagreed with this one.
| noted | No | ||
| S3‑172362 | Cleaning up sections 6.8.1 and 6.8.2 about Subscription (Concealed) Identifier | KPN N.V. | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172363 | Procedure for Visited Network to request SUPI attach | KPN N.V. | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172364 | Annex C: Adding Creation of the 'visited network requests null-scheme message' | KPN N.V. | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172365 | Comments on S3-172225 | KPN N.V. | discussion | Discussion |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172366 | Dealing with the text that moves from TS 33.401 to TS 33.501 in EDCE5 | Qualcomm Incorporated | discussion | Discussion |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| noted | No | ||
| S3‑172367 | Completing the specification of the algorithms to use between UE and SgNB in EDCE5 | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
YesQualcomm: 33.501 will be finished in March but we have to finish EDCE5 by Xmas, so we put it in 33.401 and then move it to 33.501. This text will be gone in March.
Vodafone: there is a problem with network selection here. We want to use NR radio as soon as possible but this is wrong thinking. The link to the radio and not to the core is the issue for us.
This had to be taken offline.
| not pursued | No | ||
| S3‑172368 | Providing full details of the integrity and ciphering algorithms for TS 33.501 | Qualcomm Incorporated | pCR | Approval |
4.2.15Others
| Yes |
Yes
| revised | No | S3‑172523 | |
| S3‑172369 | Aligning the specification of the key derivation function for key to use in security algorithms between UE and SgNB in EDCE5 with the 5G specification | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
YesNokia: why remove KSgNB-UP-int?
This had to be taken offline.
| revised | No | S3‑172576 | |
| S3‑172370 | Providing details of the key derivation for the security algorithm keys | Qualcomm Incorporated | pCR | Approval |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172371 | Assigning an FC value for EDCE5 key derivations | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| revised | No | S3‑172513 | |
| S3‑172372 | Discussion of possible methods and proposed solution for negotiating the algorithms for use between a UE and SgNB in EDCE5 | Qualcomm Incorporated | discussion | Discussion |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
YesNokia: NAS based option impacts all existing eNodeBs. It has a big impact.
Qualcomm: not all eNodeBs are upgraded.
Huawei, NEC and Ericsson supported the NAS based solution.This was agreed as the way forward.
| noted | No | ||
| S3‑172373 | Using AS layer signalling to negotiate the algorithm used between the UE and SgNB | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| not pursued | No | ||
| S3‑172374 | Using NAS layer signalling to negotiate the algorithm used between the UE and SgNB | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| not pursued | No | ||
| S3‑172375 | Clarifying the security algorithms that are used between the UE and MeNB and the UE and SgNB | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | ||
| S3‑172376 | Adding a reference to RAN procedures on EDCE5 | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | ||
| S3‑172377 | Clarifying the behaviour of UE to SgNB connection at a MeNB handover | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | ||
| S3‑172378 | Specifying the usage of EMSK as the key used to derive the 5G keys when using EAP as an authentication method | Qualcomm Incorporated | pCR | Approval |
4.2.2Key derivation
| Yes |
Yes
| revised | No | S3‑172577 | |
| S3‑172379 | Discussion on sending S-NSSAIs to the network unprotected | Qualcomm Incorporated | discussion | Endorsement |
4.2.14Privacy (not covered by other headings)
| Yes |
YesEricsson: why such a strong requirement on the deployment? We don’t agree with this at all.
LG: I doubt that this is efficient. One policy for all UE, not slice based.
| noted | No | ||
| S3‑172380 | Identifying a problem with secondary authentication | Qualcomm Incorporated | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | S3‑172008 | |
| S3‑172381 | Proposed re-wording to the bidding down requirement | Qualcomm Incorporated | pCR | Approval |
4.2.15Others
| Yes |
YesChina Mobile asked about the situation when both the UE and network are made to believe they are in 2G. Qualcomm clarified that this is a requirement for 5G.
Nokia: mention "5G security features".
Ericsson: clarify that the attacker is external.
NTT docomo: external to the security domain.
This had to be taken offline.
| merged | No | S3‑172520 | |
| S3‑172382 | Specifying the key derivation when using 5G AKA | Qualcomm Incorporated | pCR | Approval |
4.2.2Key derivation
| Yes |
Yes
| noted | No | ||
| S3‑172383 | Aligning the protection of initial NAS messages and the NAS Security Mode procedure subclauses | Qualcomm Incorporated | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172384 | Discussion on bidding down of security features | Qualcomm Incorporated | discussion | Discussion |
4.2.2Key derivation
| Yes |
Yes
| noted | No | ||
| S3‑172385 | Security handling for interworking between NextGen Core and EPC | Qualcomm Incorporated | discussion | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | S3‑172009 | |
| S3‑172386 | pCR to provide a solution for interworking between NextGen Core and EPC | Qualcomm Incorporated | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | S3‑172014 | |
| S3‑172387 | pCR to provide a normative text for the AMF key derivation/refresh | Qualcomm Incorporated | pCR | Approval |
4.2.3Mobility
| Yes |
YesIt clashes with 271.
NEC and AT&T supported this contribution.
AT&T: keep this in phase one, littles changes in phase two.
Nokia and Huawei had reservations on the KEY_COUNT.
Ericsson proposed to continue the discussion for the next meeting. So this was noted.
| noted | No | S3‑172010 | |
| S3‑172388 | pCR to provide a normative text for AS key derivation | Qualcomm Incorporated | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| noted | No | S3‑172011 | |
| S3‑172389 | pCR to provide a normative text for AS key hierarchy | Qualcomm Incorporated | pCR | Approval |
4.2.3Mobility
| Yes |
YesEricsson, Huawei and Nokia didn’t support this.
| noted | No | S3‑172012 | |
| S3‑172390 | pCR: Security for Non-3GPP access to 5GC | Qualcomm Incorporated | pCR | Approval |
4.2.11Non-3GPP access
| Yes |
Yes
| noted | No | ||
| S3‑172391 | Discussion on Security for Non-3GPP access to 5GC | Qualcomm Incorporated | discussion | Endorsement |
4.2.11Non-3GPP access
| Yes |
Yes
| noted | No | ||
| S3‑172392 | pCR: Calculation of SUCI | Qualcomm Incorporated | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| revised | No | S3‑172503 | |
| S3‑172393 | Discussion on the signalling and negotiation of the NR security capabilities | Ericsson | discussion | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| noted | No | ||
| S3‑172394 | UE supported NR security algorithms indicated in NAS protocol | Ericsson | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| not pursued | No | ||
| S3‑172395 | Registration state transitions in TS 33.501 | Ericsson | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172396 | Introducing clause for Secrity Aspects of Service Based Architecture | Ericsson | pCR | Approval |
4.2.13Service based architecture
| Yes |
Yes
| merged | No | S3‑172534 | |
| S3‑172397 | Authentication and Authorization – requirements and more | Nokia | pCR |
4.2.8Primary authentication
| Yes |
YesNTT-Docomo: refer to the relevant specifications instead of just saying 2G,3G,4G in the notes. Qualcomm agreed, no need to have all these notes.
NTT-Docomo commented that this information would be useful for the future summary of the WID.
Qualcomm had issues with serving network authentication and authorization.
NTT-Docomo supported the effort of this contribution. The Chair commented that there was quite a lot of support for this contribution except Qualcomm's reservations. Qualcomm proposed to keep the requirements and remove the notes.
There was further discussion on the serving network athorization and 399 was open in order to detail it further.
It was agreed to add an editor's note on the serving network auth to be FFS.
The case of the emergency calls was also left for further study.
| revised | No | S3‑172572 | ||
| S3‑172398 | Re-authentication in Solution 1.49 | Ericsson | discussion | Endorsement |
4.2.11Non-3GPP access
| Yes |
YesNEC commented that this is not such a rare case.
Ericsson: Reauthentication will not happen all the time.Most people connect to a few selected Wifi networks.
Broadcom: not about one user but about multiple number of users in this situation.
| noted | No | ||
| S3‑172399 | Visibility and configurability supporting serving network authorization | Nokia | pCR |
4.2.7Visibility & configurability
| Yes |
YesQualcomm didn’t agree with this whole scheme, it would affect the service.
Some reservations among the companies on the display of the serving network identifier or MCC.
NTT-Docomo: what if you have an handover to a cell of the forbidden operator?
Huawei: the user doesn't know who the roaming partner of the HPLMN is. They didn't understand the use of this.
LG supported the idea of this contribution but didn’t understand the use of the MCC here. The authorization part should be removed.
BT: displaying the country code, shouldn’t it be GSMA input? The security levels for roaming partners is their field.
| not treated | No | |||
| S3‑172400 | Exception lists of NAS and RRC message to be integrity protected and encrypted | Ericsson | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172401 | Preventing bidding down between 5G releases - discussion | Nokia | discussion |
4.2.2Key derivation
| Yes |
Yes
| noted | No | |||
| S3‑172402 | EAP framework | Ericsson, Nokia, Samsung, Qualcomm Incorporated, Intel, Huawei | pCR | Approval |
4.2.8Primary authentication
| Yes |
YesORANGE and Oberthur had issues with this contribution. It was taken offline.
| revised | No | S3‑172579 | |
| S3‑172403 | Preventing bidding down between 5G releases - pCR | Nokia | pCR |
4.2.2Key derivation
| Yes |
YesEricsson and Huawei didn’t agree with this solution.
| noted | No | |||
| S3‑172404 | Discussion on the security for interworking between EPC and 5GC | Ericsson | discussion | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172405 | Key hierarchy | Nokia | pCR |
4.2.1Key hierarchy
| Yes |
YesORANGE: In "This further key may be stored in the AUSF between authentication and key agreement procedures.", this is implementation-specific and left out to the operator.
Alignment with 6.1.1.1 was checked and the operator policy was mentioned there, so no change was necessary.
NTT-Docomo: remove reference to 5G phase one in the notes.
MCC also commented that mentioning "future phases of 5G" in the note was not appropiate either, and argued agains have it as an editor's note that would stay even after the draft was approved. It was left as an editor's note.
Gemalto: replace USIM with 5G USIM.
Qualcomm: The current definition of USIM does not cover the case when the UICC is integrated in a tamper resistant environment, which can be the case for 5G.
BT objected to "For every key in a network entity, there is a corresponding key in the UE." since the UE could store hundreds of keys for this reason. It was decided to keep this sentence anyway.
On the editor's note in 6.6.2:
Leaving the first editor's note : 16 companies.
Adding "for example" for a legacy USIM used in the second editor's note: three companies. This editor's note was removed.
| revised | No | S3‑172547 | ||
| S3‑172406 | New requirements for algorithm selection in TS 33.501 | Ericsson | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172407 | Proposal for a new subclause 9.X on mapping of security contexts during interworking between 4G and 5G | Ericsson | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172408 | Handling security contexts within the serving network | Nokia | pCR |
4.2.6Security context management
| Yes |
Yes
| not treated | No | |||
| S3‑172409 | Proposal for a new subclause 9.Y on interworking security in idle mode | Ericsson | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172410 | Distribution of security contexts | Nokia | pCR |
4.2.6Security context management
| Yes |
Yes
| not treated | No | |||
| S3‑172411 | Clause 6.3.2 (Handling security contexts within the serving network) | Ericsson | pCR | Approval |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172412 | Security handling in state transitions | Nokia | pCR |
4.2.6Security context management
| Yes |
Yes
| not treated | No | |||
| S3‑172413 | New UE requirement to store two 5G security contexts in TS 33.501 | Ericsson | pCR | Approval |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172414 | Security handling in mobility | Nokia | pCR |
4.2.3Mobility
| Yes |
Yes
| revised | No | S3‑172559 | ||
| S3‑172415 | CR to resolve EDCE5 ENs | Nokia | CR | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| revised | No | S3‑172575 | |
| S3‑172416 | Computation of key left at the AUSF for 5G AKA | Nokia | pCR |
4.2.2Key derivation
| Yes |
Yes
| noted | No | |||
| S3‑172417 | Clause 5.2.9 CU-DU interface requirements | Nokia | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172418 | Key Management of end-to-end encryption for mission critical communications between LMR users and 3GPP users | Sepura PLC | discussion | Endorsement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
YesThere were some concerns so it was decided to send an LS to SA6 instead of endorsing this document.
| noted | No | ||
| S3‑172419 | Clause 8.4 UP security mechanisms | Nokia | pCR | Approval |
4.2.4AS security
| Yes |
Yes
| not treated | No | ||
| S3‑172420 | Clause 6.6.3 NAS integrity | Nokia | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172421 | Clause 6.6.5 Handling of NAS counts | Nokia | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172422 | Skeleton for Security for IMS Emergency session | Nokia | pCR | Approval |
4.2.15Others
| Yes |
Yes
| approved | No | ||
| S3‑172423 | Clause 6.7.1.2 AMF change | Nokia | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172424 | Security for Authenticated IMS Emergency sessions | Nokia | pCR | Approval |
4.2.15Others
| Yes |
YesQualcomm: emergency sessions are part of phase one?
Nokia: it is for phase one for 3GPP access.
| revised | No | S3‑172524 | |
| S3‑172425 | Clause 6.7.2 NAS SMC procedure | Nokia | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172426 | Security for unauthenticated IMS Emergency sessions | Nokia | pCR | Approval |
4.2.15Others
| Yes |
YesTIM: what is older SIM?
Nokia: non-5G SIM.
It was commented to better refer to "USIM" instead of SIM.
| revised | No | S3‑172525 | |
| S3‑172427 | Annex A key derivation function | Nokia | pCR | Approval |
4.2.2Key derivation
| Yes |
YesRevised in order to fix the FC values as proposed by NTT-Docomo. These values will be fixed later and sync with 33.220 so an editor's note was added.
| revised | No | S3‑172557 | |
| S3‑172428 | Editorial updates in TS 33.501 | NEC EUROPE LTD | pCR | Approval |
4.2.15Others
| No |
Yes
| withdrawn | Yes | ||
| S3‑172429 | Idle mode mobility from 4G to 5G | Nokia | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172430 | Connection state transitions in TS 33.501 | Ericsson | pCR | Approval |
4.2.5NAS security
| Yes |
Yes
| not treated | No | ||
| S3‑172431 | 5G Key Hierarchy | NEC EUROPE LTD | pCR | Approval |
4.2.1Key hierarchy
| Yes |
Yes
| merged | No | S3‑172547 | |
| S3‑172432 | Security for Idle mode mobility from 5G to 4G | Nokia | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172433 | Key Hierarchy to support multiple NAS security | NEC EUROPE LTD | pCR | Approval |
4.2.1Key hierarchy
| Yes |
Yes
| noted | No | ||
| S3‑172434 | Security for Handover from 4G to 5G | Nokia | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172435 | [eMCSEC] Update to KMS Discovery Solution in TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| revised | No | S3‑172526 | |
| S3‑172436 | 5G Key Derivation and distribution scheme | NEC EUROPE LTD | pCR | Approval |
4.2.2Key derivation
| Yes |
YesNokia, Ericsson: too early for this diagram and didn’t agree with it.
| noted | No | ||
| S3‑172437 | Clause 6.2 (key hierarchy from K to KSEAF) | Ericsson | discussion | Endorsement |
4.2.1Key hierarchy
| Yes |
Yes
| noted | No | ||
| S3‑172438 | Security for Handover from 5G to 4G | Nokia | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172439 | Discussion on skeleton for clause 6.5 and related contents in clauses 6 and 8 | NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN | pCR | Discussion |
4.2.3Mobility
| Yes |
Yes
| noted | No | ||
| S3‑172440 | Clause 6.2 (key hierarchy, from KSEAF downwards) | Ericsson, Huawei | pCR | Approval |
4.2.1Key hierarchy
| Yes |
Yes
| merged | No | S3‑172547 | |
| S3‑172441 | [eMCSEC] KMS Discovery Use cases for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| revised | No | S3‑172527 | |
| S3‑172442 | [eMCSEC] Evaluation of KMS Discovery in TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | ||
| S3‑172443 | [eMCSEC] Adding KMS Redirect Responses to TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| revised | No | S3‑172528 | |
| S3‑172444 | [eMCSEC] KMS enhancement, including Migration KMS, for TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| revised | No | S3‑172535 | |
| S3‑172445 | [eMCSEC] KMS Lookup (DNSSec) solution for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| No |
Yes
| withdrawn | Yes | ||
| S3‑172446 | [eMCSEC] Key Issues on Interworking and Interconnetion security for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | ||
| S3‑172447 | [eMCSEC] Five solutions on Interworking security for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| revised | No | S3‑172529 | |
| S3‑172448 | [eMCSEC] Addition of Clause on Logging, Audit and Discreet Monitoring for TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| revised | No | S3‑172537 | |
| S3‑172449 | [eMCSEC] Update of Signalling Proxies solution (#1.5) for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | ||
| S3‑172450 | [eMCSEC] Evaluation of Signalling Proxies for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | ||
| S3‑172451 | [eMCSEC] Addition of signalling Proxies to TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| revised | No | S3‑172544 | |
| S3‑172452 | [MCSEC] Clarification on SSRC use in group communications in TS 33.180 Rel-14 | NCSC | CR | Agreement |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| revised | No | S3‑172541 | |
| S3‑172453 | [eMCSEC] Clarification on SSRC use in group communications in TS 33.180 Rel-15 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172454 | [eMCSEC] Update to EAR solution in TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| No |
Yes
| withdrawn | Yes | ||
| S3‑172455 | [eMCSEC] LS to SA6 on configuration parameters | NCSC | LS out | Approval |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172456 | Skeleton for clause 6.5 Security handling in mobility | NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN | pCR | Approval |
4.2.3Mobility
| Yes |
YesClashing with tdoc 414 from Nokia.
| revised | No | S3‑172558 | |
| S3‑172457 | Secondary authentication - Clause 12.1.2 - Resolve EN on use of Normative language | Nokia | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172458 | Computation of key left at the AUSF for EAP-AKA’ | Nokia | pCR |
4.2.2Key derivation
| Yes |
Yes
| noted | No | |||
| S3‑172459 | Update to clause 6.5 Security handling in mobility | NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN | pCR | Approval |
4.2.3Mobility
| Yes |
Yes459 was merged into 566, 567, 559.
| merged | No | S3‑172559,S3‑172566,S3‑172567 | |
| S3‑172460 | Secondary Authentication - Resolve Editor’s Notes | Nokia | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172461 | Update to clause 8.3 Security handling in mobility | NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN | pCR | Approval |
4.2.3Mobility
| Yes |
YesEricsson: remove NSSAI part.
| merged | No | S3‑172566 | |
| S3‑172462 | Discussion on 5G UE Security Capabilities with KDF identifiers | NEC EUROPE LTD | pCR | Discussion |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172463 | Secondary Authentication - Update text with corresponding service operations used to carry EAP messages | Nokia | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172464 | Derivation of anchor key for EAP-AKA’ | Nokia | pCR |
4.2.2Key derivation
| Yes |
Yes
| noted | No | |||
| S3‑172465 | Discussion on necessity and way forward of security study for 5G core network with SBA | China Mobile Com. Corporation | discussion | Discussion |
4.55G Phase-1 New SIDs or WIDs (Rel-15)
| Yes |
Yes
| noted | No | ||
| S3‑172466 | 5G UE Security Capabilities with KDF identifiers | NEC EUROPE LTD | pCR | Approval |
4.2.6Security context management
| Yes |
Yes
| not treated | No | ||
| S3‑172467 | New WID for enhanced security function to 5GC Service Based Architecture | China Mobile Com. Corporation | WID new |
4.55G Phase-1 New SIDs or WIDs (Rel-15)
| Yes |
YesNokia didn’t agree with having this as a separate WID in the same timescale as the 5G phase one work.Guenther proposed to extend the objectives of the current 5G work.ORANGE agreed.
Deutsche Telekom agreed to have this work as well, in one way or another.
Vodafone supported this work on service architecture for 5G.
NTT-Docomo: this needs to go to phase one, but it makes more sense to have it as a revision of the current WID.Ericsson agreed.
BT: I'm concerned about the objective 2 on different PLMNs. Too ambitious to include roaming interfaces.
The Chair suggested to add this in the current WID within its objectives and present a revision of the 5G WID to the plenary.
ORANGE: in the current WID we are already saying that we need to address the security features of whatever SA2 is doing, so this is covered already. We don’t need to change the objectives every time SA2 comes up with something.
Vodafone: this is to show that we are focusing our attention on this issue.
| noted | No | |||
| S3‑172468 | Skeleton for clause 11 | NEC EUROPE LTD | pCR | Approval |
4.2.11Non-3GPP access
| Yes |
YesNokia: 5 should go to clause 11. Qualcomm agreed.
11.6 and 11.7 were not agreed to be here.
| noted | No | ||
| S3‑172469 | Interworking - Discussion paper on security context | Nokia | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172470 | Discussion and pCR on authorization issue for 5G core network with SBA | China Mobile Com. Corporation | pCR |
4.2.13Service based architecture
| Yes |
YesInterdigital: the Note is solution related, it shouldn’t be here.
Vodafone: this doesn’t read lile a requirement. It needs proper wording.TIM agreed.
People seemed to agree with the document, although rewording was needed.
The note was removed.
| revised | No | S3‑172538 | ||
| S3‑172471 | Security aspects of Non-3GPP access using 5G Core Network | NEC EUROPE LTD | pCR | Approval |
4.2.11Non-3GPP access
| Yes |
YesNokia: not based on the SA2 procedure. They haven't defined such handover.
NEC: the intention is to add this procedure.
Huawei: this is in SA2 scope. We can only define the security aspect of a handover procedure.
| noted | No | ||
| S3‑172472 | 5G AKA to be used over all access network types – clause 6 | Nokia | pCR |
4.2.11Non-3GPP access
| Yes |
YesQualcomm: no need to have this Editor's note.
Nokia: it's a reminder.
| approved | No | |||
| S3‑172473 | SUCI calculation | Gemalto, G&D, Morpho & Oberthur (IDEMIA) | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| withdrawn | Yes | ||
| S3‑172474 | 5G AKA to be used over all access network types – clause 11 | Nokia | pCR |
4.2.11Non-3GPP access
| Yes |
Yes
| approved | No | |||
| S3‑172475 | Conveying authentication result from AUSF to UDM | Nokia | pCR |
4.2.8Primary authentication
| Yes |
Yes
| revised | No | S3‑172573 | ||
| S3‑172476 | Clarification of requirements on e2e core interconnection network security | Nokia | pCR |
4.2.13Service based architecture
| Yes |
Yes
| revised | No | S3‑172536 | ||
| S3‑172477 | Interworking - Discussion paper on issues when Interworking with a legacy MME | Nokia | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172478 | 5G AKA Discussion of Option 1 and Option 2 | Huawei, HiSilicon | pCR | Decision |
4.2.8Primary authentication
| Yes |
YesInterdigital supported this contribution.
Nokia pointed out that this contribution was not supported in past conference calls. A show of hands proved that most of the companies didn’t still support it.
| noted | No | ||
| S3‑172479 | Skeleton for interconnection network security | Nokia | pCR |
4.2.13Service based architecture
| Yes |
YesVodafone: no requirements?
Nokia: they are in another document.
Vodafone preferred this approach to the Huawei proposal.
They also commented that SBA for roaming would be more complex and a separate clause would be needed for this.
BT didn’t agree with splitting for roaming.
Alex (BT) warned about the trust boundaries.
Nokia commented that both trust boundaries and platform requirements can be treated in the next meeting. Inputs on this will be brought into the Reno meeting.
| revised | No | S3‑172534 | ||
| S3‑172480 | AKA Procedure in Interworking and Migration Scenarios | Huawei, HiSilicon | pCR | Decision |
4.2.8Primary authentication
| Yes |
YesVodafone: I thought that AKA matched in the HSS- equivalent and the USIM.
There wasn't any support for this contribution.
| noted | No | ||
| S3‑172481 | Security for multiple NAS connections with single anchor key | Ericsson | discussion | Approval |
4.2.1Key hierarchy
| Yes |
YesProposal 3 was agreed with the assumption that Kamf is sent as it is, or a derivation of it being sent. Proposal 4 was agreed too.
The document was revised to include the proposals that were endorsed.
| revised | No | S3‑172554 | |
| S3‑172482 | Discussion on protection of Network Steering Information | Ericsson | discussion | Approval |
4.2.15Others
| Yes |
Yes
| noted | No | ||
| S3‑172483 | Details of EAP-5G Solution for registration via untrusted non-3GPP access | Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco | discussion | Approval |
4.2.11Non-3GPP access
| Yes |
Yes
| revised | No | S3‑172511 | |
| S3‑172484 | Editorials against 33.501 | NTT DOCOMO | pCR | Approval |
4.2.15Others
| Yes |
Yes
| revised | No | S3‑172520 | |
| S3‑172485 | pCR to 33.501 6.1.3.2 – Mandate sending of AC | NTT DOCOMO | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | ||
| S3‑172486 | pCR to 33.501 5.4.1 - Clarification of security indication | NTT DOCOMO, Department of Commerce | pCR | Approval |
4.2.7Visibility & configurability
| Yes |
Yes
| not treated | No | ||
| S3‑172487 | pCR to 33.501 6.1.2, 6.1.3.2 – only one authentication vector at a time | NTT DOCOMO | pCR | Approval |
4.2.8Primary authentication
| Yes |
YesSamsung and Qualcomm supported this contribution.
NCSC: it is possible that this doesn’t work in IOPS. This had to be taken offline.
| noted | No | ||
| S3‑172488 | pCR to 33.501 6.1.3.1, 6.1.3.2 – SUPI assurance in SEAF | NTT DOCOMO | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | ||
| S3‑172489 | pCR to 33.501 6.1.3.2 – Mandate signalling of expiry time of | NTT DOCOMO | pCR | Approval |
4.2.8Primary authentication
| Yes |
YesBT:unstable, prone to all kind of service attacks.
There seemed to be support in this document with some fixes. Ericsson proposed a note to address BT's concerns: the serving network should have time to run the authentication.
| revised | No | S3‑172574 | |
| S3‑172490 | Drawbacks of the NAS-over-IKE solution | Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco | discussion | Approval |
4.2.11Non-3GPP access
| Yes |
Yes
| revised | No | S3‑172510 | |
| S3‑172491 | Multiple registrations | Ericsson | pCR | Approval |
4.2.1Key hierarchy
| Yes |
YesMCC commented that the introduced defintions were not written as definitions but they were introducing more content. Some rewording was needed, adding notes when appropiate and also move the unnecessary content to the right clauses. Ericsson commented that these were coming from LTE, to which MCC replied that this was an opportunity to improve the definition wording.
| revised | No | S3‑172555 | |
| S3‑172492 | Interworking - Discussion paper on integrity protection of idle mobility MM message during interworking | Nokia | pCR | Approval |
4.2.10Interworking
| Yes |
Yes
| not treated | No | ||
| S3‑172493 | NSSAI Privacy Discussion | LG Electronics | discussion | Endorsement |
4.2.14Privacy (not covered by other headings)
| Yes |
YesLG: Send the solutions to SA2 and let them decide.
| noted | No | ||
| S3‑172494 | NSSAI Privacy handling | LG Electronics | discussion | Endorsement |
4.2.14Privacy (not covered by other headings)
| Yes |
YesEricsson didn't understand the solution
| noted | No | ||
| S3‑172495 | Security Visibility clarification | LG Electronics | pCR | Approval |
4.2.7Visibility & configurability
| Yes |
Yes
| not treated | No | ||
| S3‑172496 | Clarification on network slice access authentication and authorization | LG Electronics | pCR | Approval |
4.2.9Secondary authentication
| Yes |
Yes
| not treated | No | ||
| S3‑172497 | SUCI calculation | Gemalto, G&D, Morpho & Oberthur (IDEMIA), Vodafone | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| revised | No | S3‑172530 | |
| S3‑172498 | New SID on 256-bit algorithms for 5G | VODAFONE Group Plc | SID new | Agreement |
4.55G Phase-1 New SIDs or WIDs (Rel-15)
| Yes |
Yes
| noted | No | ||
| S3‑172499 | Response to LS from SA3 to TC Cyber regarding 256-bit key lengths | ETSI TC CYBER | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172500 | Integrity for UP, RRC and NAS | Huawei; Hisilicon | pCR |
4.2.4AS security
| Yes |
Yes
| not treated | No | |||
| S3‑172501 | Confidentiality for UP, RRC and NAS | Huawei; Hisilicon | pCR |
4.2.4AS security
| Yes |
Yes
| not treated | No | |||
| S3‑172502 | Replay protection for UP, RRC and NAS | Huawei; Hisilicon | pCR |
4.2.4AS security
| Yes |
Yes
| not treated | No | |||
| S3‑172503 | pCR: Calculation of SUCI | Qualcomm Incorporated | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | S3‑172392 | |
| S3‑172504 | Security key handling during Xn handover | Intel | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| noted | No | S3‑172320 | |
| S3‑172505 | First response on ECIES for concealing IMSI or SUPI | ETSI SAGE | LS in |
4.2.15Others
| Yes |
Yes
| noted | No | |||
| S3‑172506 | LI conformity when privacy is used | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | S3‑172359 | |
| S3‑172507 | Comments to "New SID on 256-bit algorithms for 5G" | Ericsson | discussion | Discussion |
4.55G Phase-1 New SIDs or WIDs (Rel-15)
| Yes |
YesBT supported removing the quantum part.
| merged | No | S3‑172556 | |
| S3‑172508 | New SID on 256-bit algorithms for 5G – with Nokia comments | Nokia | SID new |
4.55G Phase-1 New SIDs or WIDs (Rel-15)
| Yes |
YesAT&T: too much detail. They didn’t support going for Statements like strengthening the OTA. I have problems with the justification rather than the objectives.
Option preferred by ORANGE among the proposed studies. They had issues with the justification.
Vodafone: this gives a wider scope.
Interdigital: expanding the scope when there is so little time to work on this?
Qualcomm: look at the entire system, not only the OTA. We prefer the Nokia option.
NCSC preferred the Nokia option for having the better scope.
AT&T: the use of commercial devices for the secure communication is not acceptable.
US department of commerce: 128 bit keys is our recommendation. We support the study item but it should focus less on the quantum part.
NCSC: according to the latest NIST document, the 128 bits should be sufficient until at least 2030.
Alex (BT) was concerned about having to adapt the whole commercial network to fit a relatively small portion of users. KPN agreed with this.
| revised | No | S3‑172556 | ||
| S3‑172509 | Privacy requirements on the UE | Nokia | pCR | Decision |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | S3‑172352 | |
| S3‑172510 | Drawbacks of the NAS-over-IKE solution | Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco | discussion | Endorsement |
4.2.11Non-3GPP access
| Yes |
YesQualcomm: Initial NAS protection in 501 is not understood here, in 2.7. The security concern is not valid. Ericsson agreed with this.They also commented that the document was more SA2 oriented than security oriented.
ORANGE and Intel agreed with Qualcomm about the clause 2.7.
Nokia and Samsung agreed with the security conccerns in this document.
| noted | No | S3‑172490 | |
| S3‑172511 | Details of EAP-5G Solution for registration via untrusted non-3GPP access | Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco | discussion | Endorsement |
4.2.11Non-3GPP access
| Yes |
Yes
| noted | No | S3‑172483 | |
| S3‑172512 | Work status of EDCE5 post SA3#88Bis | Qualcomm | other | Information |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| No |
YesIt gathers all the changes of EDCE5 so the CRs in the next meeting don’t overlap with the agreed CRs of this meeting.
| left for email approval | No | ||
| S3‑172513 | Assigning an FC value for EDCE5 key derivations | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172371 | |
| S3‑172514 | Editorial corrections for Annex E | Huawei; Hisilicon | CR | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172298 | |
| S3‑172515 | Reply to: LS to SA3 on RAN2 agreements on jumbo frames | Ericsson | LS out | approval |
4.2.15Others
| Yes |
Yes
| approved | No | ||
| S3‑172516 | Reply to: LS on PLMN and RAT selection policies for roaming | Huawei | LS out | approval |
4.2.15Others
| Yes |
YesA solution has been discussed and it is possible.
There were several issues that SA3 had agreed to include in the LS: need of feedback on specific messages, where the keys are stored and messages prepared, serious implications on security architecture, why OTA solution doesn’t work,… but companies differed on the different versions of the LS in the drafts folder (v2 and v3).
| revised | No | S3‑172581 | |
| S3‑172517 | Reply to: Reply LS on 5GS Security aspects seeking resolution | Qualcomm | LS out | approval |
4.2.15Others
| Yes |
Yes
| approved | No | ||
| S3‑172518 | pCR on editorial correction of TS 33.501 | NEC EUROPE LTD | pCR | Approval |
4.2.15Others
| Yes |
Yes
| approved | No | S3‑172299 | |
| S3‑172519 | Corrections on 33501 | Huawei; Hisilicon | pCR | Approval |
4.2.15Others
| Yes |
Yes
| approved | No | S3‑172280 | |
| S3‑172520 | Editorials against 33.501 | NTT DOCOMO | pCR | Approval |
4.2.15Others
| Yes |
Yes
| approved | No | S3‑172484 | |
| S3‑172521 | PCR to 33.501 – typos and language in multiple clauses. | InterDigital, Inc. | pCR | Approval |
4.2.15Others
| Yes |
Yes
| approved | No | S3‑172228 | |
| S3‑172522 | Draft TS 33.501 | NTT-Docomo | draft TS | Approval |
4.2.15Others
| No |
Yes
| left for email approval | No | ||
| S3‑172523 | Providing full details of the integrity and ciphering algorithms for TS 33.501 | Qualcomm Incorporated | pCR | Approval |
4.2.15Others
| Yes |
YesQualcomm clarified that these are both user plane and control plane algorithms.BT asked to distinguish them.
| approved | No | S3‑172368 | |
| S3‑172524 | Security for Authenticated IMS Emergency sessions | Nokia | pCR | Approval |
4.2.15Others
| Yes |
YesAddressing Ericsson's comments on authentication aspects.
| approved | No | S3‑172424 | |
| S3‑172525 | Security for unauthenticated IMS Emergency sessions | Nokia | pCR | Approval |
4.2.15Others
| Yes |
Yes
| approved | No | S3‑172426 | |
| S3‑172526 | [eMCSEC] Update to KMS Discovery Solution in TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | S3‑172435 | |
| S3‑172527 | [eMCSEC] KMS Discovery Use cases for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | S3‑172441 | |
| S3‑172528 | [eMCSEC] Adding KMS Redirect Responses to TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172443 | |
| S3‑172529 | [eMCSEC] Five solutions on Interworking security for TR 33.880 | NCSC | pCR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | S3‑172447 | |
| S3‑172530 | SUCI calculation | Gemalto, G&D, Morpho & Oberthur (IDEMIA), Vodafone | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| Yes |
Yes
| not treated | No | S3‑172497 | |
| S3‑172531 | Revised WID 5G security phase one | China Mobile | WID revised | Agreement |
4.55G Phase-1 New SIDs or WIDs (Rel-15)
| Yes |
Yes
| agreed | No | ||
| S3‑172532 | Corrections to MCData security procedures | SAMSUNG | CR | - |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| agreed | No | S3‑172231 | |
| S3‑172533 | Security Considerations for Service Based Architecture in 5G | Deutsche Telekom AG | discussion | Endorsement |
4.2.13Service based architecture
| Yes |
Yes
| endorsed | No | S3‑172227 | |
| S3‑172534 | Skeleton for interconnection network security | Nokia | pCR | - |
4.2.13Service based architecture
| Yes |
Yes
| approved | No | S3‑172479 | |
| S3‑172535 | [eMCSEC] KMS enhancement, including Migration KMS, for TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172444 | |
| S3‑172536 | Clarification of requirements on e2e core interconnection network security | Nokia | pCR | - |
4.2.13Service based architecture
| Yes |
Yes
| approved | No | S3‑172476 | |
| S3‑172537 | [eMCSEC] Addition of Clause on Logging, Audit and Discreet Monitoring for TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172448 | |
| S3‑172538 | Discussion and pCR on authorization issue for 5G core network with SBA | China Mobile Com. Corporation | pCR | - |
4.2.13Service based architecture
| Yes |
Yes
| approved | No | S3‑172470 | |
| S3‑172539 | Authorization of NF service access | Huawei, Hisilicon | pCR | Approval |
4.2.13Service based architecture
| Yes |
YesApproved to go to the living document in 540.
| approved | No | S3‑172242 | |
| S3‑172540 | Living document on SBA | China Mobile | other | Approval |
4.2.13Service based architecture
| Yes |
Yes
| approved | No | ||
| S3‑172541 | [MCSEC] Clarification on SSRC use in group communications in TS 33.180 Rel-14 | NCSC | CR | Agreement |
4.3Security of the Mission Critical Service (MCSec) (Rel-14)
| Yes |
Yes
| agreed | No | S3‑172452 | |
| S3‑172542 | Draft TR 33.880 | NCSC | draft TR | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | ||
| S3‑172543 | LS to SA6 on the use of signalling proxies as a deployment option | NCSC | LS out | Approval |
5.1Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14)
| Yes |
Yes
| approved | No | ||
| S3‑172544 | [eMCSEC] Addition of signalling Proxies to TS 33.180 | NCSC | CR | Agreement |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172451 | |
| S3‑172545 | LS to SA6 on end to end encryption for mission critical communications between LMR users and 3GPP users. | NCSC | LS out | Approval |
4.4Mission Critical Security Enhancements (eMCSec) (Rel-15)
| Yes |
Yes
| approved | No | ||
| S3‑172546 | LS on N3GPP access | Ericsson | LS out | Approval |
4.2.11Non-3GPP access
| Yes |
Yes
| approved | No | ||
| S3‑172547 | Key hierarchy | Nokia, Ericsson, Huawei,NEC | pCR | - |
4.2.1Key hierarchy
| Yes |
Yes
| approved | No | S3‑172405 | |
| S3‑172548 | draft TR 33.811 | Huawei | draft TR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| No |
Yes
| left for email approval | No | ||
| S3‑172549 | A proposal for the scope of the TR33.811 | Huawei, Hisilicon | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
Yes
| approved | No | S3‑172311 | |
| S3‑172550 | A key issue of interface security for TR33.811 | Huawei, Hisilicon, CATR | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| Yes |
Yes
| approved | No | S3‑172312 | |
| S3‑172551 | A key issue on security capabilities for TR33.811 | Huawei, Hisilicon | pCR | Approval |
5.2New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15)
| No |
Yes
| noted | No | S3‑172313 | |
| S3‑172552 | EAP Framework | Huawei & Hisilicon | pCR | Approval |
4.2.8Primary authentication
| Yes |
YesOverlapped with 402.
Vodafone commented that the Note should be an editor's note since it is talking about the future.
This didn’t have any support so it was noted.
| noted | No | S3‑172290 | |
| S3‑172553 | LS on support of jumbo frames using EIA3 | Vodafone | LS out | Approval |
4.2.15Others
| Yes |
Yes
| approved | No | ||
| S3‑172554 | Security for multiple NAS connections with single anchor key | Ericsson | discussion | Endorsement |
4.2.1Key hierarchy
| Yes |
Yes
| endorsed | No | S3‑172481 | |
| S3‑172555 | Multiple registrations | Ericsson | pCR | Approval |
4.2.1Key hierarchy
| Yes |
Yes
| agreed | No | S3‑172491 | |
| S3‑172556 | New SID on 256-bit algorithms for 5G | Nokia | SID new | - |
4.55G Phase-1 New SIDs or WIDs (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172508 | |
| S3‑172557 | Annex A key derivation function | Nokia | pCR | Approval |
4.2.2Key derivation
| Yes |
Yes
| approved | No | S3‑172427 | |
| S3‑172558 | Skeleton for clause 6.5 Security handling in mobility | NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172456 | |
| S3‑172559 | Security handling in mobility | Nokia | pCR | - |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172414 | |
| S3‑172560 | pCR to TS33.501 clause 5.4.2 taken from S3-172484 | NTT-Docomo | pCR | Approval |
4.2.15Others
| No |
Yes
| withdrawn | Yes | ||
| S3‑172561 | Clause 8.3.1.1.2 (key handling in handover, general, non access stratum) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172325 | |
| S3‑172562 | Clause 8.3.1.2 (key derivation for context modification procedure) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172326 | |
| S3‑172563 | Clause 8.3.1.3.1 (key derivation during handover, intra-gNB) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172327 | |
| S3‑172564 | pCR to TS 33.501: reusing {NCC, NH} to key derivation for handover | Huawei; Hisilicon | pCR | Approval |
4.2.2Key derivation
| Yes |
YesIt fixes clashes with 324.
| approved | No | S3‑172262 | |
| S3‑172565 | LS on handling concurrent running of security procedures | Ericsson | LS out | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | ||
| S3‑172566 | Clause 8.3.1.3.2 (key derivation during handover, Xn) - pCR | Ericsson,NEC | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172329 | |
| S3‑172567 | Clause 8.3.1.3.3 (key derivation during handover, N2) - pCR | Ericsson,NEC | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172330 | |
| S3‑172568 | Clause 8.3.1.4.2 (key change on fly, AS key re-keying) | Ericsson | pCR | Approval |
4.2.3Mobility
| Yes |
Yes
| approved | No | S3‑172333 | |
| S3‑172569 | Rewriting Clause 6.1.2 and 6.1.3 in normative language and adding Annex A | KPN N.V. | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | S3‑172226 | |
| S3‑172570 | Changes to Initiation of Authentication and subscription identity procedure. | Intel | pCR | Approval |
4.2.14Privacy (not covered by other headings)
| No |
Yes
| withdrawn | Yes | ||
| S3‑172571 | Moving Serving Network Name construction into it's own clause | KPN N.V. | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | S3‑172223 | |
| S3‑172572 | Authentication and Authorization – requirements and more | Nokia | pCR | - |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | S3‑172397 | |
| S3‑172573 | Conveying authentication result from AUSF to UDM | Nokia | pCR | - |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | S3‑172475 | |
| S3‑172574 | pCR to 33.501 6.1.3.2 – Mandate signalling of expiry time of | NTT DOCOMO | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | S3‑172489 | |
| S3‑172575 | CR to resolve EDCE5 ENs | Nokia | CR | Approval |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172415 | |
| S3‑172576 | Aligning the specification of the key derivation function for key to use in security algorithms between UE and SgNB in EDCE5 with the 5G specification | Qualcomm Incorporated | CR | Agreement |
4.1EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15)
| Yes |
Yes
| agreed | No | S3‑172369 | |
| S3‑172577 | Specifying the usage of EMSK as the key used to derive the 5G keys when using EAP as an authentication method | Qualcomm Incorporated | pCR | Approval |
4.2.2Key derivation
| Yes |
YesAdding an editor's note as suggested by Nokia.
| approved | No | S3‑172378 | |
| S3‑172578 | Providing details on the authentication vector and calculation of keys | Huawei & Hisilicon | pCR | Approval |
4.2.2Key derivation
| Yes |
Yes
| approved | No | S3‑172286 | |
| S3‑172579 | EAP framework | Ericsson, Nokia, Samsung, Qualcomm Incorporated, Intel, Huawei | pCR | Approval |
4.2.8Primary authentication
| Yes |
Yes
| approved | No | S3‑172402 | |
| S3‑172580 | Key open issues | WG Chair | discussion | Information |
4.2Security aspects of 5G System - Phase 1 (5GS_Ph1-SEC) (Rel-15)
| No |
YesList of topics listed in order of priority. This was a list of open issues after the current meeting.The bold parts have higher priority.
| noted | No | ||
| S3‑172581 | Reply to: LS on PLMN and RAT selection policies for roaming | Huawei | LS out | approval |
4.2.15Others
| Yes |
Yes
| approved | No | S3‑172516 |