Difference between revisions of "My 3GPP 24.501 notes"
m (→4.1 Overview) |
m (→4.4.1 General) |
||
| Line 33: | Line 33: | ||
The signalling procedures for the control of NAS security are part of the 5GMM protocol and are described in detail in clause 5. | The signalling procedures for the control of NAS security are part of the 5GMM protocol and are described in detail in clause 5. | ||
:NOTE: ''The use of ciphering in a network is an operator option.'' In this subclause, for the ease of description, it is assumed that ciphering is used, unless explicitly indicated otherwise. Operation of a network without ciphering is achieved by configuring the AMF so that it always selects the "null ciphering algorithm", 5G-EA0. | :NOTE: ''The use of ciphering in a network is an operator option.'' In this subclause, for the ease of description, it is assumed that ciphering is used, unless explicitly indicated otherwise. Operation of a network without ciphering is achieved by configuring the AMF so that it always selects the "null ciphering algorithm", 5G-EA0. | ||
=== 4.4.2 Handling of 5G NAS security contexts === | |||
==== 4.4.2.5 Establishment of secure exchange of NAS messages ==== | |||
Secure exchange of NAS messages via a NAS signalling connection is usually established by the AMF during the registration procedure by initiating a security mode control procedure. After successful completion of the security mode control procedure, all NAS messages exchanged between the UE and the AMF are sent integrity protected using the current 5G security algorithms, and except for the messages specified in subclause 4.4.5, all NAS messages exchanged between the UE and the AMF are sent ciphered using the current 5G security algorithms. | |||
Revision as of 11:17, 25 October 2022
4.1 Overview
The non-access stratum (NAS) described in 24.501 forms the highest stratum of the control plane between UE and AMF (reference point "N1" see 3GPP TS 23.501) for both 3GPP and non-3GPP access.
Main functions of the protocols that are part of the NAS are:
- support of mobility of the user equipment (UE) including also common procedures such as authentication, identification, generic UE configuration update and security mode control procedures;
- support of session management procedures to establish and maintain data connectivity between the UE and the data network; and
- NAS transport procedure to provide a transport of SMS, LPP, LCS, UE policy container, SOR transparent container and UE parameters update information payload.
Principles for the handing of 5GS security contexts and for the activation of ciphering and integrity protection, when a NAS signalling connection is established, are provided in subclause 4.4.
For the support of the above functions, the following procedures are supplied within this specification:
- elementary procedures for 5GS mobility management in clause 5; and
- elementary procedures for 5GS session management in clause 6.
Signalling procedures for the control of NAS security are described as part of the 5GMM common procedures in subclause 5.4.
Complete NAS transactions consist of specific sequences of elementary procedures. Examples of such specific sequences can be found in 3GPP TS 23.502.
The NAS for 5GS follows the protocol architecture model for layer 3 as described in 3GPP TS 24.007.
4.2 Coordination between the protocols for 5GS mobility management and 5GS session management
A 5GS session management (5GSM) message is piggybacked in specific 5GS mobility management (5GMM) transport messages. To this purpose, the 5GSM messages can be transmitted in an information element in the 5GMM transport messages. In this case, the UE, the AMF and the SMF execute the 5GMM procedure and the 5GSM procedure in parallel. The success of the 5GMM procedure is not dependent on the success of the piggybacked 5GSM procedure.
The UE can only initiate the 5GSM procedure when there is a 5GMM context established at the UE.
See spec for full details...
4.4 NAS security
4.4.1 General
This clause describes the principles for the handling of 5G NAS security contexts in the UE and in the AMF, the procedures used for the security protection of NAS messages between the UE and the AMF, and the procedures used for the protection of NAS IEs between the UE and the UDM. Security protection involves integrity protection and ciphering of the 5GMM messages. 5GSM messages are security protected indirectly by being piggybacked by the security protected 5GMM messages (i.e. UL NAS TRANSPORT message and the DL NAS TRANSPORT message).
The signalling procedures for the control of NAS security are part of the 5GMM protocol and are described in detail in clause 5.
- NOTE: The use of ciphering in a network is an operator option. In this subclause, for the ease of description, it is assumed that ciphering is used, unless explicitly indicated otherwise. Operation of a network without ciphering is achieved by configuring the AMF so that it always selects the "null ciphering algorithm", 5G-EA0.
4.4.2 Handling of 5G NAS security contexts
4.4.2.5 Establishment of secure exchange of NAS messages
Secure exchange of NAS messages via a NAS signalling connection is usually established by the AMF during the registration procedure by initiating a security mode control procedure. After successful completion of the security mode control procedure, all NAS messages exchanged between the UE and the AMF are sent integrity protected using the current 5G security algorithms, and except for the messages specified in subclause 4.4.5, all NAS messages exchanged between the UE and the AMF are sent ciphered using the current 5G security algorithms.