Difference between revisions of "My 5G lawful interception notes"
m (added 5G location references subsection) |
m (→References) |
||
Line 165: | Line 165: | ||
=== References === | === References === | ||
33 127 § 7.3.4 | * 33 127 § 7.3.4 | ||
33 128 § 7.3.2 | * 33 128 § 7.3.2 | ||
<center>[[My lawful interception notes]]</center> | <center>[[My lawful interception notes]]</center> |
Revision as of 09:26, 19 November 2020
5G target identifier info
5G identifiers in general
See 3GPP 23.003 document that defines the principal purpose and use of different naming, numbering, addressing and identification resources (i.e. Identifiers (ID)) within the digital cellular telecommunications system and the 3GPP system.
Identifier Acronym | Full Identifier | Defined in | Meaning |
---|---|---|---|
SUPI | Subscription Permanent Identifier | 3GPP 23.501 § 5.9.2 | A globally unique 5G Subscription Permanent Identifier (SUPI) shall be allocated to each subscriber in the 5G System and provisioned in the UDM/UDR. The SUPI is used only inside 3GPP system, and its privacy is specified in TS 33.501. The SUPI may contain:
A SUPI containing a network-specific identifier shall take the form of a Network Access Identifier (NAI) using the NAI RFC 7542 based user identification as defined in TS 23.003. When UE needs to indicate its SUPI to the network (e.g. as part of the Registration procedure), the UE provides the SUPI in concealed form as defined in TS 23.003. In order to enable roaming scenarios, the SUPI shall contain the address of the home network (e.g. the MCC and MNC in the case of an IMSI based SUPI). For interworking with the EPC, the SUPI allocated to the 3GPP UE shall always be based on an IMSI to enable the UE to present an IMSI to the EPC. The usage of SUPI for W-5GAN is further specified in TS 23.316. |
SUCI | Subscription Concealed Identifier | 3GPP 23.501 § 5.9.2a | The Subscription Concealed Identifier (SUCI) is a privacy preserving identifier containing the concealed SUPI. It is specified in TS 33.501. The usage of SUCI for W-5GAN access is further specified in TS 23.316. |
PEI | Permanent Equipment Identifier | 3GPP 23.501 § 5.9.3 | A Permanent Equipment Identifier (PEI) is defined for the 3GPP UE accessing the 5G System.
The PEI can assume different formats for different UE types and use cases. The UE shall present the PEI to the network together with an indication of the PEI format being used. If the UE supports at least one 3GPP access technology (i.e. NG-RAN, E-UTRAN, UTRAN or GERAN), the UE must be allocated a PEI in the IMEI or IMEISV format. In the scope of this release, the PEI may be one of the following:
|
5G-GUTI | 5G Globally Unique Temporary Identifier | 3GPP 23.501 § 5.9.4 | The AMF shall allocate a 5G Globally Unique Temporary Identifier (5G-GUTI) to the UE that is common to both 3GPP and non-3GPP access. It shall be possible to use the same 5G-GUTI for accessing 3GPP access and non-3GPP access security context within the AMF for the given UE. An AMF may re-assign a new 5G-GUTI to the UE at any time. The AMF provides a new 5G-GUTI to the UE under the conditions specified in clause 6.12.3 in TS 33.501. When the UE is in CM-IDLE, the AMF may delay providing the UE with a new 5G-GUTI until the next NAS transaction.
The 5G-GUTI shall be structured as When the GUAMI identifies only one AMF, the 5G-TMSI identifies the UE uniquely within the AMF. However, when AMF assigns a 5G-GUTI to the UE with a GUAMI value used by more than one AMF, the AMF shall ensure that the 5G-TMSI value used within the assigned 5G-GUTI is not already in use by the other AMF(s) sharing that GUAMI value. The Globally Unique AMF ID (GUAMI) shall be structured as NOTE 1: The AMF Region ID addresses the case that there are more AMFs in the network than the number of AMFs that can be supported by AMF Set ID and AMF Pointer by enabling operators to re-use the same AMF Set IDs and AMF Pointers in different regions. NOTE 2: In the case of SNPNs, the PLMN IDs may be shared among SNPNs such that the constructed GUAMIs are not globally unique. However, PLMN ID and NID are provided together, separate from the GUAMI, to uniquely identify selected or supported SNPN in RRC and N2. NOTE 3: See TS 23.003 for details on the structure of the fields of GUAMI. The 5G-S-TMSI is the shortened form of the GUTI to enable more efficient radio signalling procedures (e.g. during Paging and Service Request) and is defined as As specified in TS 38.304 and TS 36.304 for 3GPP access, the NG-RAN uses the 10 Least Significant Bits of the 5G-TMSI in the determination of the time at which different UEs are paged. Hence, the AMF shall ensure that the 10 Least Significant Bits of the 5G-TMSI are evenly distributed. As specified in TS 38.331 and TS 36.331 for 3GPP access, the NG-RAN's RRC Connection Establishment's contention resolution process assumes that there is a low probability of the same 5G-TMSI being allocated by different AMFs to different UEs. The AMFs' process for allocating the 5G-TMSI should take this account. NOTE 4: To achieve this, the AMF could, for example, use a random seed number for any process it uses when choosing the UE's 5G-TMSI. |
AMF Name | 3GPP 23.501 § 5.9.5 | An AMF is identified by an AMF Name. AMF Name is a globally unique FQDN, the structure of AMF Name FQDN is defined in TS 23.003]. An AMF can be configured with one or more GUAMIs. At a given time, GUAMI with distinct AMF Pointer value is associated to one AMF name only. | |
IGI | Internal-Group Identifier | 3GPP 23.501 § 5.9.7 | The subscription data for an UE in UDR may associate the subscriber with groups. A group is identified by an Internal-Group Identifier.
NOTE 1: A UE can belong to a limited number of groups, the exact number is defined in stage 3 specifications. |
GPSI | Generic Public Subscription Identifier | 3GPP 23.003 § 28.8 | The Generic Public Subscription Identifier (GPSI) is defined in clause 5.9.8 of 3GPP TS 23.501.
The GPSI is defined as:
NOTE: Depending on the protocol used to convey the GPSI, the GPSI type can take different formats. |
NAI | Network Access Identifier | Example | |
Email address | |||
E164Number | |||
Lawful interception (LI) at each network or service function and applicable target identifiers.
Target identifier | AMF | SMF/UPF | UDM | SMSF | Location | MMS Proxy-Relay |
---|---|---|---|---|---|---|
SUPIIMSI | ✓ | ✓ | ✓ | ✓ | ✓ | |
SUPINAI | ✓ | ✓ | ✓ | ✓ | ✓ | |
PEIIMEI | ✓ | ✓ | ✓ | ✓ | ||
PEIIMEISV | ✓ | ✓ | ✓ | ✓ | ||
GPSIMSISDN | ✓ | ✓ | ✓ | ✓ | ✓ | |
GPSINAI | ✓ | ✓ | ✓ | ✓ | ||
PEI | ✓ | |||||
GPSI | ✓ | |||||
SUPI | ✓ | |||||
E164Number | ✓ | |||||
EmailAddress | ✓ | |||||
IMPI | ✓ | |||||
IMPU | ✓ | |||||
IMSI | ✓ | |||||
NAI | ✓ |
IRI events
Network layer
The IRI-POI present in the AMF shall generate xIRI, when it detects the following specific events or information:
- Registration.
- Deregistration.
- Location update.
- Start of interception with already registered UE.
- Unsuccessful communication related attempt.
The IRI-POI present in the SMF/UPF shall generate xIRI, when it detects the following specific events or information:
- PDU session establishment.
- PDU session modification.
- PDU session release.
- Start of interception with an established PDU session.
The IRI-POI present in the SMSF shall generate xIRI, when it detects the following specific events or information:
- SMS message.
Service layer
The IRI-POI present in the UDM shall generate xIRI, when the UDM detects the following specific events or information:
- Serving system.
- Subscriber record change.
- Cancel location.
- Location information request.
The IRI-POI present in the IMS Signalling Function generates the following xIRI:
- Encapsulated SIP message.
- CC unavailable in serving PLMN.
- Start of interception with an established IMS session.
The IRI-POI present in the MMS Proxy-Relay shall generate xIRI, when it detects the following specific events or information:
- An MMS message is sent by the target or sent to the target.
5G location info notes
References
- 33 127 § 7.3.4
- 33 128 § 7.3.2