Action item for Nokia remains open until next meeting.

 

Revised to move the PLMN RAT selection documents to another agenda item.

 

ORANGE: relationship number VI is not correct, according to TS 33.102. Huawei agreed that this could be changed.

ORANGE: what is relationship II?

Huawei: Network Domain Security.

Telecom Italia suggested some changes in bullet number one.

IDEMIA: I) should go to USIM.

 

 

 

 

Qualcomm: no need to re-open these discussions after what we have agreed.

NEC: there would be a backward compatilibity issue here.

Docomo: keep the Kseaf. KPN, BT, DT agreed.

China Mobile: ask SA2.

BT: SA3 decided to keep it; security issues are dealt here.

The Chair commented that there was major support on keeping the Kseaf.

 

There was some disagreement to remove the editor's note on KAUSF and KSEAF needing to be identified. This was considered still an open issue for some companies.

Huawei: when do we need to identify the KSEAF?

Docomo: Once the KAUSF is identified the KSEAF is identified as well, and viceversa.

 

Huawei: we don’t agree with "The KSEAF  shall be stored at the SEAF".

Docomo: take the requirement out of the note. We also need to number the notes.

 

Only the first change was approved.

 

The definition clause affects tdoc 830 from IDEMIA.

 

Discussed in the conference call. Provided for information.

 

 

Discussed together with 577 and 726. Nokia supported the Downlink count option.

NEC: which downlink count you refer to? There are two.

Qualcomm: the one for the 3GPP access.

 

Huawei: the advantage is that you don’t need to derive a new KAMF.ZTE supported this, as they considered this was the simplest way.

Ericsson: you need to signal the GUAMI to the UE first before the connection and this would be redundant, since you have to send it again later.

Samsung preferred the NONCE solution. Qualcomm agreed to go this way to progress.

 

Ericsson commented that this interface was supposed to be proprietary and that removing the editor's note should be enough.

 

Docomo: do we have this concept od deactivation?

It was agreed to remove it.

Ericsson, Qualcomm: the second requirement in 5.1.3.1 is not really a requirement, it’s a procedure.

It was taken offline where to place this second sentence.

 

Vodafone disagreed with this proposal.

Ericsson: this has UE impact so we disagree with the key separation.

Huawei: we would have here two different entities with the same key for different traffic for the same UE, and this should be communicated to RAN3 in the LS response.

Nokia: the two entities are not visible to the UE.

The Chair commented that the support was leaning to the Nokia proposal.

 

 

Huawei and Ericsson: we cannot mandate IPSec here.

It was commented that the discussion included a pCR at the end, so the type was changed.

The sentence with IPSec was modified to require confidentiality and integrity protection in the E1 interface.

 

Vodafone: The assumption that VM is in the cloud is irrelevant. We don’t agree with this.Ericsson agreed and added that SA3 should not mandate IPsec.

 

It was decided to send an LS to RAn2,RAN3 and SA2 to inform them about this document.

 

 

Docomo: When are we planning to fill in the text? I'd rather have this as a draftCR/CR in the next meeting.

 

Deutsche Telekom didn’t agree with removing this clause. They wanted to see a detail of what Ies to protect and which ones not to protect.

Ericsson: the work here on the IEs hasn’t progressed with contributions, hence we remove it.

Qualcomm: ask SA2 whether we are protecting an IE that is needed.

Huawei: too late to go back to SA2 to ask for any changes, we agree with Ericsson.

The Chair asked for a show of hands:

BT,Nokia,Huawei, China Mobile supported this document.

Against: Deutsche Telekom, Qualcomm, T-Mobile.

 

It was agreed to add the abreviations of g-NodeB and NG-RAN and so on instead of the definitions (which are in the SA2 and RAN documents).

 

 

Addressing comments from Qualcomm and Docomo.

Ericsson didn’t see it clear why the second Editor's note was removed.

It was agreed to leave both editor's notes.

 

Ericsson: you can also use the PLMNid as well, better than the GUTI, that might change in the same PLMN several times. This is more an implementation issue.

Nokia agreed with Ericsson.

 

Qualcomm, Nokia and Ericsson didn’t  agree with the use of timers.

 

Qualcomm: Not key change but security context change in the last bullet.

Ericsson: we are not closing this discussion, just starting it to trigger the work; this is a huge table that needs further input from companies.

The Chair commented for the minutes that more rules are expected on this topic.

 

 

Huawei: this is a security procedure for a SA2 issue.

Ericsson: there is a note on the SA2 spec that this is depending on a solution from CT1, and it’s likely that it will not incorporated in phase two.

 

BT and Docomo supported this contribution. Since there seemed to be a general support to this the document was endorsed.

 

Ericsson: this is misplaced, it should go somewhere else.

Huawei: temporary identifier, what does it mean?

CATT: GUTI.

 

Ericsson noted that this part needed some cleaning up.

Nokia commented that this text would have to go somewhere else.

 

BT and ORANGE supported this, with modifications.

KPN: not always we have a human with the UE.It depends on the application.

 

 

It was agreed that the content of this document needs to be revised and added to an informative annex.

 

KPN and Qualcomm disagreed with the changes.

BT: it’s a bit late to introduce a big change in the security architecture.

 

Nokia: the timer was added to avoid the UDM being overloaded with multiple requests.

 

Similar to 584, they were merged.

 

ORANGE preferred the Note here to the option in 585. It was also agreed to have normative text instead of the note.

ORANGE: Do you need to know the SUPI when authenticating from LI perspective?

Mark: no, we are fine with this document.

ORANGE: why "The feature to link authentication confirmation to subsequent procedures is optional to support within the home network"?

This was optional to use, not to support.

Nokia: we don’t need this, it is up to the operator.

It was agreed to remove it.

 

Nokia had doubts on the USIM being able to compute the keys in step 8.

Vodafone clarified that this indeed happens, and also that the text was taken from LTE.

Qualcomm: there is normative text in the note "The ME shall perform additional verifications as described in step 8 in Figure 6.1.3.2-1 in clause 6.1.3.2.".

 

NCSC: In Step 5 send more information.

Nokia: This  is presenting a solution against an attack scenario cited by an external paper by researchers. The scenario they cited is not new and it exists even in LTE. But in actual implementations this attack doesn’t happen because of the reliability mechanisms built in to the transport protocol. It may be a good idea to build the transaction identifier in to the authentication protocol, but the current proposal is not correct. When the source AUSF requests Authentication vectors from ARPF/UDM, it is requesting using the SUCI/SUPI it received from the UE. To bind the response it receives from the ARPF/UDM, the response message should contain the SUCI/SUPI from the Request message, not the actual /de-concealed SUPI by the UDM for which the AVs are generated.

 

NEC: having the SUPI go back is a concern and may be subject to IMSI catchers.

It was discussed how to handle comments from parties outside 3GPP (e.g. researchers). The Chair commented that 3GPP was setting up an official procedure to answer to these kind of comments.

 

ORANGE: the definition is wrong, it is not a subscriber credential.

 

The Chair proposed a show of hands:

 

Who supports tdoc 691?

Vodafone, BT, TIM, IDEMIA,ORANGE,DT, KPN.

 

USIM in tamper resistant secure hardware?

Qualcomm, Lenovo, Nokia, Samsung, China Mobile, Ericsson, Huawei, Intel, Sprint.

 

Who objects to store the USIM in the UICC tdoc 691?

Samsung, Qualcomm, Intel, Ericsson,Nokia, Huawei.

 

Gemalto: what's the timeline for this? There may be things happening in ETSI SCP.

ORANGE replied that SSP could be included later.  

ORANGE: we prefer to have a requirement more than a definition.

Vodafone: ETSI SSP has created an STF to develop specs for the SSP for June.There may be technical issues that would not be accepted, this is the risk. Vodafone is the STF leader and will make sure that this is aligned with SA3 work.

KPN: the note doesn’t help, I prefer ORANGE's option.

Qualcomm didn’t agree with having this proposal.Don't restrict this to the UICC. Samsung and Huawei supported this.

BT: what happens if you have EAP TLS in primary authentication? ORANGE replied that EAP TLS is used in very specific scenarios and should go into an informative annex.We have to make sure that certificates are appropiately stored in the device.

ORANGE: Any secure element that claims to be tamper resistance we will have an inter-operatibility issue and  it will go into conflict with GSMA work in embedded UICCs.

Vodafone: we support that the USIM shall reside in the UICC. It is mandatory in the industry as ORANGE has pointed out.

Vodafone,ORANGE: a 5G spec not putting the USIM in the UICC would not be acceptable for us. BT agreed, but they liked the eUICC concept.

 

 

 

 

 

Qualcomm: Why not using USIP for the calculation in all cases? This was taken offline.

 

Overlaps with 809.

 

BT: where to keep a list of serving network names?

ORANGE:A list maintaining a list of serving network names? IETF will not do that. This concept is not clear in the contribution.

This had to be clarified offline.

 

Ericsson: not the right reference. It's not currently in TS 24.502.

This was taken offline.

 

 

Nokia: keep the editor's note on KAUSF, there are still open issues.

 Ericsson: we cannot agree with this document in the current form.

There is an LS to CT4 and SA2 in 814 related to this document.

 

Ericsson: Where's the PUI defined? SA2 uses the term but it doesn’t seem to be defined.

Ericsson: in step 13, is it describing behaviour externally to the network? We don’t do that.

Step 13 was not agreed. The definition of PUI had to be checked offline.