Tdoc List

2017-10-13 16:56

Agenda Topic TDoc Title Source Type For Avail Treated Decision Wdrn Replaced-by Replaces
1 Opening of the meeting                      
2 Approval of Agenda and Meeting Objectives S3‑172200 Agenda SA WG3 Chair agenda   Yes
Yes
approved No    
3 IPR Reminder                      
4 Work Areas                      
4.1 EPC enhancements to support 5G New Radio via Dual Connectivity (EDCE5) (Rel-15) S3‑172204 Reply LS on algorithm selection in E-UTRA-NR Dual Connectivity C1-173748 LS in   Yes
YesVodafone:Does the IE relate to the radio or to the core? Do you use LTE IE when you use 5G radio connected to the EPC, or do you use the 5G elements? This would lead to a matrix of four possible combinations and it affects the network selection. Ericsson and Vodafone agreed that it is related to the core and not to the radio.
noted No    
    S3‑172210 Reply LS on NR security input parameters R2-1709969 LS in   Yes
Yes
noted No    
    S3‑172275 Clarification NULL Integirity algorithm for OPtion3 Huawei; Hisilicon CR Approval Yes
YesVodafone: Is this the only place where we do the translation? This can produce some confusion in the future. Huawei: it helps to distinguish the 5G UE from 4G UE. Qualcomm: this will have impact on the system. We will also have to add an emergency calls clarification. This had to be taken offline. Show of hands to see what the feeling is in the room, whether they agree with the concept, not all the small details: 275 from Huawei, UP integrity algorithms should stay: Support --> Vodafone,Huawei 367, removing the algorithms: Support -->Qualcomm, Samsung
not pursued No    
    S3‑172366 Dealing with the text that moves from TS 33.401 to TS 33.501 in EDCE5 Qualcomm Incorporated discussion Discussion Yes
Yes
noted No    
    S3‑172367 Completing the specification of the algorithms to use between UE and SgNB in EDCE5 Qualcomm Incorporated CR Agreement Yes
YesQualcomm: 33.501 will be finished in March but we have to finish EDCE5 by Xmas, so we put it in 33.401 and then move it to 33.501. This text will be gone in March. Vodafone: there is a problem with network selection here. We want to use NR radio as soon as possible but this is wrong thinking. The link to the radio and not to the core is the issue for us. This had to be taken offline.
not pursued No    
    S3‑172415 CR to resolve EDCE5 ENs Nokia CR Approval Yes
Yes
revised No S3‑172575  
    S3‑172575 CR to resolve EDCE5 ENs Nokia CR Approval Yes
Yes
agreed No   S3‑172415
    S3‑172376 Adding a reference to RAN procedures on EDCE5 Qualcomm Incorporated CR Agreement Yes
Yes
agreed No    
    S3‑172377 Clarifying the behaviour of UE to SgNB connection at a MeNB handover Qualcomm Incorporated CR Agreement Yes
Yes
agreed No    
    S3‑172369 Aligning the specification of the key derivation function for key to use in security algorithms between UE and SgNB in EDCE5 with the 5G specification Qualcomm Incorporated CR Agreement Yes
YesNokia: why remove KSgNB-UP-int? This had to be taken offline.
revised No S3‑172576  
    S3‑172576 Aligning the specification of the key derivation function for key to use in security algorithms between UE and SgNB in EDCE5 with the 5G specification Qualcomm Incorporated CR Agreement Yes
Yes
agreed No   S3‑172369
    S3‑172371 Assigning an FC value for EDCE5 key derivations Qualcomm Incorporated CR Agreement Yes
Yes
revised No S3‑172513  
    S3‑172513 Assigning an FC value for EDCE5 key derivations Qualcomm Incorporated CR Agreement Yes
Yes
agreed No   S3‑172371
    S3‑172375 Clarifying the security algorithms that are used between the UE and MeNB and the UE and SgNB Qualcomm Incorporated CR Agreement Yes
Yes
agreed No    
    S3‑172232 Corrections to SgNB security procedures SAMSUNG CR Approval Yes
Yes
agreed No    
    S3‑172298 Editorial corrections for Annex E Huawei; Hisilicon CR Approval Yes
YesOverlaps with 232. Nokia didnít agree with E.1.1: We donít need to talk about SgNB here. This was removed.
revised No S3‑172514  
    S3‑172514 Editorial corrections for Annex E Huawei; Hisilicon CR Approval Yes
Yes
agreed No   S3‑172298
    S3‑172269 Discussion on the reception of UE NR security capabilities Huawei; Hisilicon discussion Approval Yes
Yes
noted No    
    S3‑172270 Reception of UE NR security capabilities Huawei; Hisilicon CR Approval Yes
Yes
not pursued No    
    S3‑172393 Discussion on the signalling and negotiation of the NR security capabilities Ericsson discussion Approval Yes
Yes
noted No    
    S3‑172394 UE supported NR security algorithms indicated in NAS protocol Ericsson CR Agreement Yes
Yes
not pursued No    
    S3‑172372 Discussion of possible methods and proposed solution for negotiating the algorithms for use between a UE and SgNB in EDCE5 Qualcomm Incorporated discussion Discussion Yes
YesNokia: NAS based option impacts all existing eNodeBs. It has a big impact. Qualcomm: not all eNodeBs are upgraded. Huawei, NEC and Ericsson supported the NAS based solution.This was agreed as the way forward.
noted No    
    S3‑172373 Using AS layer signalling to negotiate the algorithm used between the UE and SgNB Qualcomm Incorporated CR Agreement Yes
Yes
not pursued No    
    S3‑172374 Using NAS layer signalling to negotiate the algorithm used between the UE and SgNB Qualcomm Incorporated CR Agreement Yes
Yes
not pursued No    
    S3‑172512 Work status of EDCE5 post SA3#88Bis Qualcomm other Information No
YesIt gathers all the changes of EDCE5 so the CRs in the next meeting donít overlap with the agreed CRs of this meeting.
left for email approval No    
4.2 Security aspects of 5G System - Phase 1 (5GS_Ph1-SEC) (Rel-15) S3‑172580 Key open issues WG Chair discussion Information No
YesList of topics listed in order of priority. This was a list of open issues after the current meeting.The bold parts have higher priority.
noted No    
4.2.1 Key hierarchy S3‑172437 Clause 6.2 (key hierarchy from K to KSEAF) Ericsson discussion Endorsement Yes
Yes
noted No    
    S3‑172285 5G-RAN Key Setting Huawei & Hisilicon pCR Approval Yes
YesEricsson: NAS keys part will be relocated when a clause is created for them. An editor's note was added for this. Vodafone didnít agree with this content and since there was no support it was finally noted.
noted No    
    S3‑172405 Key hierarchy Nokia pCR   Yes
YesORANGE: In "This further key may be stored in the AUSF between authentication and key agreement procedures.", this is implementation-specific and left out to the operator. Alignment with 6.1.1.1 was checked and the operator policy was mentioned there, so no change was necessary. NTT-Docomo: remove reference to 5G phase one in the notes. MCC also commented that mentioning "future phases of 5G" in the note was not appropiate either, and argued agains have it as an editor's note that would stay even after the draft was approved. It was left as an editor's note. Gemalto: replace USIM with 5G USIM. Qualcomm: The current definition of USIM does not cover the case when the UICC is integrated in a tamper resistant environment, which can be the case for 5G. BT objected to "For every key in a network entity, there is a corresponding key in the UE." since the UE could store hundreds of keys for this reason. It was decided to keep this sentence anyway. On the editor's note in 6.6.2: Leaving the first editor's note : 16 companies. Adding "for example" for a legacy USIM used in the second editor's note: three companies. This editor's note was removed.
revised No S3‑172547  
    S3‑172547 Key hierarchy Nokia, Ericsson, Huawei,NEC pCR - Yes
Yes
approved No   S3‑172405
    S3‑172431 5G Key Hierarchy NEC EUROPE LTD pCR Approval Yes
Yes
merged No S3‑172547  
    S3‑172481 Security for multiple NAS connections with single anchor key Ericsson discussion Approval Yes
YesProposal 3 was agreed with the assumption that Kamf is sent as it is, or a derivation of it being sent. Proposal 4 was agreed too. The document was revised to include the proposals that were endorsed.
revised No S3‑172554  
    S3‑172554 Security for multiple NAS connections with single anchor key Ericsson discussion Endorsement Yes
Yes
endorsed No   S3‑172481
    S3‑172491 Multiple registrations Ericsson pCR Approval Yes
YesMCC commented that the introduced defintions were not written as definitions but they were introducing more content. Some rewording was needed, adding notes when appropiate and also move the unnecessary content to the right clauses. Ericsson commented that these were coming from LTE, to which MCC replied that this was an opportunity to improve the definition wording.
revised No S3‑172555  
    S3‑172555 Multiple registrations Ericsson pCR Approval Yes
Yes
agreed No   S3‑172491
    S3‑172440 Clause 6.2 (key hierarchy, from KSEAF downwards) Ericsson, Huawei pCR Approval Yes
Yes
merged No S3‑172547  
    S3‑172433 Key Hierarchy to support multiple NAS security NEC EUROPE LTD pCR Approval Yes
Yes
noted No    
4.2.2 Key derivation S3‑172384 Discussion on bidding down of security features Qualcomm Incorporated discussion Discussion Yes
Yes
noted No    
    S3‑172401 Preventing bidding down between 5G releases - discussion Nokia discussion   Yes
Yes
noted No    
    S3‑172403 Preventing bidding down between 5G releases - pCR Nokia pCR   Yes
YesEricsson and Huawei didnít agree with this solution.
noted No    
    S3‑172416 Computation of key left at the AUSF for 5G AKA Nokia pCR   Yes
Yes
noted No    
    S3‑172464 Derivation of anchor key for EAP-AKAí Nokia pCR   Yes
Yes
noted No    
    S3‑172458 Computation of key left at the AUSF for EAP-AKAí Nokia pCR   Yes
Yes
noted No    
    S3‑172378 Specifying the usage of EMSK as the key used to derive the 5G keys when using EAP as an authentication method Qualcomm Incorporated pCR Approval Yes
Yes
revised No S3‑172577  
    S3‑172577 Specifying the usage of EMSK as the key used to derive the 5G keys when using EAP as an authentication method Qualcomm Incorporated pCR Approval Yes
YesAdding an editor's note as suggested by Nokia.
approved No   S3‑172378
    S3‑172286 Providing details on the authentication vector and calculation of keys Huawei & Hisilicon pCR Approval Yes
Yes
revised No S3‑172578  
    S3‑172578 Providing details on the authentication vector and calculation of keys Huawei & Hisilicon pCR Approval Yes
Yes
approved No   S3‑172286
    S3‑172436 5G Key Derivation and distribution scheme NEC EUROPE LTD pCR Approval Yes
YesNokia, Ericsson: too early for this diagram and didnít agree with it.
noted No    
    S3‑172262 pCR to TS 33.501: reusing {NCC, NH} to key derivation for handover Huawei; Hisilicon pCR Approval Yes
Yes
revised No S3‑172564  
    S3‑172564 pCR to TS 33.501: reusing {NCC, NH} to key derivation for handover Huawei; Hisilicon pCR Approval Yes
YesIt fixes clashes with 324.
approved No   S3‑172262
    S3‑172321 Clause 8.3.1.1.1 (key handling in handover, general, access stratum) - Disc Ericsson discussion Discussion Yes
Yes
noted No    
    S3‑172322 Clause 8.3.1.1.1 (key handling in handover, general, access stratum) - pCR Ericsson pCR Approval Yes
YesNokia argued about the chain-hole since 4G is working fine.and this may confuse current implementations. Huawei agreed, they wanted some consistency. Ericsson: why keeping something that is wrong and that can be fixed simply? KPN agreed with Ericsson. The Chair requested a show of hands for 322 and 262: Who supports 322: Ericsson,Intel, KPN Who supports 262: Nokia, NTT-Docomo, Huawei, Samsung,Deutsche Telekom The overall sentiment was to go for 262 and 322 was noted.
noted No    
    S3‑172323 Clause 8.3.1.1.1 (key derivation in handover key chaining model) - Disc Ericsson discussion Decision Yes
Yes
noted No    
    S3‑172324 Clause 8.3.1.1.1 (key derivation in handover, general, access stratum) - pCR Ericsson pCR Approval Yes
Yes
approved No    
    S3‑172427 Annex A key derivation function Nokia pCR Approval Yes
YesRevised in order to fix the FC values as proposed by NTT-Docomo. These values will be fixed later and sync with 33.220 so an editor's note was added.
revised No S3‑172557  
    S3‑172557 Annex A key derivation function Nokia pCR Approval Yes
Yes
approved No   S3‑172427
    S3‑172382 Specifying the key derivation when using 5G AKA Qualcomm Incorporated pCR Approval Yes
Yes
noted No    
4.2.3 Mobility S3‑172439 Discussion on skeleton for clause 6.5 and related contents in clauses 6 and 8 NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN pCR Discussion Yes
Yes
noted No    
    S3‑172456 Skeleton for clause 6.5 Security handling in mobility NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN pCR Approval Yes
YesClashing with tdoc 414 from Nokia.
revised No S3‑172558  
    S3‑172558 Skeleton for clause 6.5 Security handling in mobility NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN pCR Approval Yes
Yes
approved No   S3‑172456
    S3‑172459 Update to clause 6.5 Security handling in mobility NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN pCR Approval Yes
Yes459 was merged into 566, 567, 559.
merged No S3‑172559,S3‑172566,S3‑172567  
    S3‑172335 Clause 8.3.1.4.4 (key change on fly, NAS key re-keying) Ericsson pCR Approval Yes
Yes
merged No S3‑172558  
    S3‑172414 Security handling in mobility Nokia pCR   Yes
Yes
revised No S3‑172559  
    S3‑172559 Security handling in mobility Nokia pCR - Yes
Yes
approved No   S3‑172414
    S3‑172387 pCR to provide a normative text for the AMF key derivation/refresh Qualcomm Incorporated pCR Approval Yes
YesIt clashes with 271. NEC and AT&T supported this contribution. AT&T: keep this in phase one, littles changes in phase two. Nokia and Huawei had reservations on the KEY_COUNT. Ericsson proposed to continue the discussion for the next meeting. So this was noted.
noted No   S3‑172010
    S3‑172271 key isolation between AMFs during idle mode mobility Huawei; Hisilicon pCR Approval Yes
YesEricsson preferred this option to the Huawei option.
merged No S3‑172559  
    S3‑172325 Clause 8.3.1.1.2 (key handling in handover, general, non access stratum) Ericsson pCR Approval Yes
Yes
revised No S3‑172561  
    S3‑172561 Clause 8.3.1.1.2 (key handling in handover, general, non access stratum) Ericsson pCR Approval Yes
Yes
approved No   S3‑172325
    S3‑172326 Clause 8.3.1.2 (key derivation for context modification procedure) Ericsson pCR Approval Yes
YesHuawei queried about the "final KNgb". It was revised to clarify this.
revised No S3‑172562  
    S3‑172562 Clause 8.3.1.2 (key derivation for context modification procedure) Ericsson pCR Approval Yes
Yes
approved No   S3‑172326
    S3‑172250 Intra-gNB meaning in 5G RAN architecture Huawei, Hisilicon, China Mobile pCR Approval Yes
YesNokia didnít agree with having this kind of change. Vodafone, ORANGE and BT supported it. NTT-Docomo: where does the PDCP terminate? Better to say this than talking about intra gNB-CU handover. Nokia: we need to say more about the split architecture and an new clause should added for this.
approved No    
    S3‑172327 Clause 8.3.1.3.1 (key derivation during handover, intra-gNB) Ericsson pCR Approval Yes
Yes
revised No S3‑172563  
    S3‑172563 Clause 8.3.1.3.1 (key derivation during handover, intra-gNB) Ericsson pCR Approval Yes
Yes
approved No   S3‑172327
    S3‑172259 Discussion on flexibility of retaining or changing AS security key Huawei; Hisilicon discussion Discussion Yes
YesNokia: we should go to RAN2 when we have a specific question. I canít see the issues. Ericsson: in proposal one we only agree with the Handover; not with the rest. There wasn't much support for this.
noted No    
    S3‑172260 Draft LS on Discussion on flexibility of retaining or changing AS security key Huawei; Hisilicon LS out Approval Yes
Yes
noted No    
    S3‑172246 Flexible retaining AS keys solution Huawei, Hisilicon, China Mobile pCR Approval Yes
YesEricsson: Implementation dependent to say how long to keep the key. China Mobile: wjen the HO is made, we face the situation when the key may be changed or not and when. We support Huawei, we need to know in which situation the key is changed. Nokia didnít agree with the contribution. The best mechanism is the key refresh. Samsung: retaining key time is a very complex procedure. Huawei: the gNodeB needs a mechanism to decided whether to retain a key or not. Itís not a new procedure but a policy.
noted No    
    S3‑172461 Update to clause 8.3 Security handling in mobility NEC EUROPE LTD, Lenovo, Motorola Mobility, Samsung, AT&T, KPN pCR Approval Yes
YesEricsson: remove NSSAI part.
merged No S3‑172566  
    S3‑172328 Clause 8.3.1.3.2/8.3.1.3.2 (key derivation during handover, Xn/N2) - Discussion Ericsson discussion Discussion Yes
Yes
noted No    
    S3‑172329 Clause 8.3.1.3.2 (key derivation during handover, Xn) - pCR Ericsson pCR Approval Yes
YesSupported by Intel, who noted 504. Huawei found it difficult to find a difference with LTE. Nokia: this is a significant improvement over LTE. There might be implications that RAN2,RAN3 should investigate. Qualcom also preferred to hear from RAN3. It was agreed to send an LS to RAN3 cc RAN2.
revised No S3‑172566  
    S3‑172566 Clause 8.3.1.3.2 (key derivation during handover, Xn) - pCR Ericsson,NEC pCR Approval Yes
Yes
approved No   S3‑172329
    S3‑172330 Clause 8.3.1.3.3 (key derivation during handover, N2) - pCR Ericsson pCR Approval Yes
Yes
revised No S3‑172567  
    S3‑172567 Clause 8.3.1.3.3 (key derivation during handover, N2) - pCR Ericsson,NEC pCR Approval Yes
Yes
approved No   S3‑172330
    S3‑172253 Updates security handling in mobility Huawei, Hisilicon, Deutsche Telekom AG pCR Approval Yes
YesKPN: Diffie-Hellman introduces a lot of man-in-the-middle problems. Huawei: the attacker would have to control the source gNB, access the air interface,Övery complex to be able to perform this attack. NTT-Docomo suppported KPN. Nokia: Diffie-Hellman consumes a lot of resources and latency. There was no much support for this contribution.
noted No    
    S3‑172504 Security key handling during Xn handover Intel pCR Approval Yes
Yes
noted No   S3‑172320
    S3‑172388 pCR to provide a normative text for AS key derivation Qualcomm Incorporated pCR Approval Yes
Yes
noted No   S3‑172011
    S3‑172389 pCR to provide a normative text for AS key hierarchy Qualcomm Incorporated pCR Approval Yes
YesEricsson, Huawei and Nokia didnít support this.
noted No   S3‑172012
    S3‑172331 Clause 8.3.1.3.4 (key derivation during handover, UE handling) Ericsson pCR Approval Yes
Yes
approved No    
    S3‑172332 Clause 8.3.1.4.1 (key change on fly, general) Ericsson pCR Approval Yes
Yes
approved No    
    S3‑172333 Clause 8.3.1.4.2 (key change on fly, AS key re-keying) Ericsson pCR Approval Yes
Yes
revised No S3‑172568  
    S3‑172568 Clause 8.3.1.4.2 (key change on fly, AS key re-keying) Ericsson pCR Approval Yes
Yes
approved No   S3‑172333
    S3‑172334 Clause 8.3.1.4.3 (key change on fly, AS key refresh) Ericsson pCR Approval Yes
Yes
approved No    
    S3‑172320 Security key handling during Xn handover Intel pCR Approval Yes
Yes
revised No S3‑172504  
    S3‑172565 LS on handling concurrent running of security procedures Ericsson LS out Approval Yes
Yes
approved No    
4.2.4 AS security S3‑172343 UE-assisted network-based detection of false base station - disc Ericsson discussion Discussion Yes
Yes
not treated No    
    S3‑172344 UE-assisted network-based detection of false base station - pCR Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172245 Address EN in requirements for gNB setup and configuration Huawei, Hisilicon, pCR Approval Yes
Yes
not treated No    
    S3‑172256 Security Procedures between 5G Network Functions Huawei, Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172247 Requirements for UP and CP for the gNB Huawei, Hisilicon, China Mobile pCR Approval Yes
Yes
not treated No    
    S3‑172417 Clause 5.2.9 CU-DU interface requirements Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172248 Support NIA0 algorithm for UP data Huawei, Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172500 Integrity for UP, RRC and NAS Huawei; Hisilicon pCR   Yes
Yes
not treated No    
    S3‑172502 Replay protection for UP, RRC and NAS Huawei; Hisilicon pCR   Yes
Yes
not treated No    
    S3‑172501 Confidentiality for UP, RRC and NAS Huawei; Hisilicon pCR   Yes
Yes
not treated No    
    S3‑172255 Adding Forward & Backward Security definition to TS33.501 Huawei, Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172236 Discussion on user plane protection SAMSUNG discussion   Yes
Yes
not treated No    
    S3‑172252 Security Algorithms Negotiation for Initial AS security context Huawei, Hisilicon, China Mobile pCR Approval Yes
Yes
not treated No    
    S3‑172276 Discussion on a framework of AS security Huawei; Hisilicon discussion Approval Yes
Yes
not treated No    
    S3‑172336 Clause 8 (open issues in AS security) - Disc Ericsson discussion Discussion Yes
Yes
not treated No    
    S3‑172277 AS Security Negotiation and Activation Huawei, Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172278 UP security policy Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172279 UP protection features Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172337 Clause 8.1.2.1.1 (AS algo. initial context) for RRC Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172338 Clause 8.1.2.2 (AS security mode command procedure) for RRC Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172339 Clause 8 (user plane security - integrity protection) Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172340 Clause 8 (user plane security - confidentiality) Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172341 Clause 8 (relation between RRC and user plane security algorithms) Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172342 Clause 8 (conflict between RAN and CN) Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172258 Security Handling for RRC Connection Re-establishment Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172261 pCR to TS 33.501: Security Handling at Transition from RRC-INACTIVE to RRC-CONNECTED transition Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172233 pCR on signalling procedure for periodic local authentication SAMSUNG pCR Approval Yes
Yes
not treated No    
    S3‑172419 Clause 8.4 UP security mechanisms Nokia pCR Approval Yes
Yes
not treated No    
4.2.5 NAS security S3‑172406 New requirements for algorithm selection in TS 33.501 Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172400 Exception lists of NAS and RRC message to be integrity protected and encrypted Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172420 Clause 6.6.3 NAS integrity Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172395 Registration state transitions in TS 33.501 Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172421 Clause 6.6.5 Handling of NAS counts Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172430 Connection state transitions in TS 33.501 Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172296 Adding content to NAS security Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172383 Aligning the protection of initial NAS messages and the NAS Security Mode procedure subclauses Qualcomm Incorporated pCR Approval Yes
Yes
not treated No    
    S3‑172425 Clause 6.7.2 NAS SMC procedure Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172229 PCR to 33.501 Ė Clause 6.7.2 Ė rephrased for clarity InterDigital, Inc. pCR Approval Yes
Yes
not treated No    
    S3‑172263 Delete allowed NSSAI in NAS SMC Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172423 Clause 6.7.1.2 AMF change Nokia pCR Approval Yes
Yes
not treated No    
4.2.6 Security context management S3‑172413 New UE requirement to store two 5G security contexts in TS 33.501 Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172272 Adding the definition of NEA0 and NIA0(5.6.1) Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172370 Providing details of the key derivation for the security algorithm keys Qualcomm Incorporated pCR Approval Yes
Yes
not treated No    
    S3‑172273 Adding the content on security contexts(6.3) Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172408 Handling security contexts within the serving network Nokia pCR   Yes
Yes
not treated No    
    S3‑172411 Clause 6.3.2 (Handling security contexts within the serving network) Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172410 Distribution of security contexts Nokia pCR   Yes
Yes
not treated No    
    S3‑172412 Security handling in state transitions Nokia pCR   Yes
Yes
not treated No    
    S3‑172257 pCR to TS 33.501 KDF negotiation Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172462 Discussion on 5G UE Security Capabilities with KDF identifiers NEC EUROPE LTD pCR Discussion Yes
Yes
not treated No    
    S3‑172466 5G UE Security Capabilities with KDF identifiers NEC EUROPE LTD pCR Approval Yes
Yes
not treated No    
4.2.7 Visibility & configurability S3‑172495 Security Visibility clarification LG Electronics pCR Approval Yes
Yes
not treated No    
    S3‑172221 Add new requirement related to visibility and configurability CATT, CATR pCR Approval Yes
Yes
not treated No    
    S3‑172486 pCR to 33.501 5.4.1 - Clarification of security indication NTT DOCOMO, Department of Commerce pCR Approval Yes
Yes
not treated No    
    S3‑172399 Visibility and configurability supporting serving network authorization Nokia pCR   Yes
YesQualcomm didnít agree with this whole scheme, it would affect the service. Some reservations among the companies on the display of the serving network identifier or MCC. NTT-Docomo: what if you have an handover to a cell of the forbidden operator? Huawei: the user doesn't know who the roaming partner of the HPLMN is. They didn't understand the use of this. LG supported the idea of this contribution but didnít understand the use of the MCC here. The authorization part should be removed. BT: displaying the country code, shouldnít it be GSMA input? The security levels for roaming partners is their field.
not treated No    
4.2.8 Primary authentication S3‑172226 Rewriting Clause 6.1.2 and 6.1.3 in normative language and adding Annex A KPN N.V. pCR Approval Yes
YesKPN: AUSF is always in the Home Network, that's my understanding. Nokia: there's a interim requirement about this.
revised No S3‑172569  
    S3‑172569 Rewriting Clause 6.1.2 and 6.1.3 in normative language and adding Annex A KPN N.V. pCR Approval Yes
Yes
approved No   S3‑172226
    S3‑172230 PCR to 33.501 Ė Clause 6.1.3.1 Ė rephrased for clarity InterDigital, Inc. pCR Approval Yes
Yes
approved No    
    S3‑172237 Discussion on UDM term consistency SAMSUNG discussion Approval Yes
Yes
noted No    
    S3‑172478 5G AKA Discussion of Option 1 and Option 2 Huawei, HiSilicon pCR Decision Yes
YesInterdigital supported this contribution. Nokia pointed out that this contribution was not supported in past conference calls. A show of hands proved that most of the companies didnít still support it.
noted No    
    S3‑172223 Moving Serving Network Name construction into it's own clause KPN N.V. pCR Approval Yes
YesTIM: Is there a possibility of pre-computing the authentication vector or not? If we have to change the response depending on to which network we send it to, where is the calculation performed? This had to be taken offline.
revised No S3‑172571  
    S3‑172571 Moving Serving Network Name construction into it's own clause KPN N.V. pCR Approval Yes
Yes
approved No   S3‑172223
    S3‑172397 Authentication and Authorization Ė requirements and more Nokia pCR   Yes
YesNTT-Docomo: refer to the relevant specifications instead of just saying 2G,3G,4G in the notes. Qualcomm agreed, no need to have all these notes. NTT-Docomo commented that this information would be useful for the future summary of the WID. Qualcomm had issues with serving network authentication and authorization. NTT-Docomo supported the effort of this contribution. The Chair commented that there was quite a lot of support for this contribution except Qualcomm's reservations. Qualcomm proposed to keep the requirements and remove the notes. There was further discussion on the serving network athorization and 399 was open in order to detail it further. It was agreed to add an editor's note on the serving network auth to be FFS. The case of the emergency calls was also left for further study.
revised No S3‑172572  
    S3‑172572 Authentication and Authorization Ė requirements and more Nokia pCR - Yes
Yes
approved No   S3‑172397
    S3‑172475 Conveying authentication result from AUSF to UDM Nokia pCR   Yes
Yes
revised No S3‑172573  
    S3‑172573 Conveying authentication result from AUSF to UDM Nokia pCR - Yes
Yes
approved No   S3‑172475
    S3‑172485 pCR to 33.501 6.1.3.2 Ė Mandate sending of AC NTT DOCOMO pCR Approval Yes
Yes
approved No    
    S3‑172487 pCR to 33.501 6.1.2, 6.1.3.2 Ė only one authentication vector at a time NTT DOCOMO pCR Approval Yes
YesSamsung and Qualcomm supported this contribution. NCSC: it is possible that this doesnít work in IOPS. This had to be taken offline.
noted No    
    S3‑172489 pCR to 33.501 6.1.3.2 Ė Mandate signalling of expiry time of NTT DOCOMO pCR Approval Yes
YesBT:unstable, prone to all kind of service attacks. There seemed to be support in this document with some fixes. Ericsson proposed a note to address BT's concerns: the serving network should have time to run the authentication.
revised No S3‑172574  
    S3‑172574 pCR to 33.501 6.1.3.2 Ė Mandate signalling of expiry time of NTT DOCOMO pCR Approval Yes
Yes
approved No   S3‑172489
    S3‑172290 EAP Framework Huawei & Hisilicon pCR Approval Yes
Yes
revised No S3‑172552  
    S3‑172552 EAP Framework Huawei & Hisilicon pCR Approval Yes
YesOverlapped with 402. Vodafone commented that the Note should be an editor's note since it is talking about the future. This didnít have any support so it was noted.
noted No   S3‑172290
    S3‑172402 EAP framework Ericsson, Nokia, Samsung, Qualcomm Incorporated, Intel, Huawei pCR Approval Yes
YesORANGE and Oberthur had issues with this contribution. It was taken offline.
revised No S3‑172579  
    S3‑172579 EAP framework Ericsson, Nokia, Samsung, Qualcomm Incorporated, Intel, Huawei pCR Approval Yes
Yes
approved No   S3‑172402
    S3‑172480 AKA Procedure in Interworking and Migration Scenarios Huawei, HiSilicon pCR Decision Yes
YesVodafone: I thought that AKA matched in the HSS- equivalent and the USIM. There wasn't any support for this contribution.
noted No    
    S3‑172289 Security Procedures with EAP-TLS Huawei & Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172224 Rewriting Clause 6.1.2 and 6.1.3 in normative language and adding Annex A KPN N.V. pCR Approval Yes
Yes
withdrawn Yes    
4.2.9 Secondary authentication S3‑172457 Secondary authentication - Clause 12.1.2 - Resolve EN on use of Normative language Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172460 Secondary Authentication - Resolve Editorís Notes Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172463 Secondary Authentication - Update text with corresponding service operations used to carry EAP messages Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172287 Discussion on secondary authentication Huawei & Hisilicon discussion Approval Yes
Yes
not treated No    
    S3‑172288 Secondary authentication via NEF Huawei & Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172496 Clarification on network slice access authentication and authorization LG Electronics pCR Approval Yes
Yes
not treated No    
    S3‑172380 Identifying a problem with secondary authentication Qualcomm Incorporated pCR Approval Yes
Yes
not treated No   S3‑172008
    S3‑172318 Solution to prevent unauthorized access to external Data Network Intel pCR Approval Yes
Yes
not treated No    
    S3‑172319 Binding Primary and Secondary authentication Intel discussion Discussion Yes
Yes
not treated No    
    S3‑172293 ID linkage verification in secondary authentication Huawei & Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172292 DN authorization grant and revocation Huawei & Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172317 Secondary Re-Authentication Intel pCR Approval Yes
Yes
not treated No    
    S3‑172294 Secondary authentication for multiple PDU sessions Huawei & Hisilicon pCR Approval Yes
Yes
not treated No    
4.2.10 Interworking S3‑172264 Discussion on security of interworking Huawei; Hisilicon discussion Discussion Yes
Yes
not treated No    
    S3‑172385 Security handling for interworking between NextGen Core and EPC Qualcomm Incorporated discussion Approval Yes
Yes
not treated No   S3‑172009
    S3‑172404 Discussion on the security for interworking between EPC and 5GC Ericsson discussion Approval Yes
Yes
not treated No    
    S3‑172469 Interworking - Discussion paper on security context Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172477 Interworking - Discussion paper on issues when Interworking with a legacy MME Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172492 Interworking - Discussion paper on integrity protection of idle mobility MM message during interworking Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172265 regestration procedures in 5G-RAN during interworking from EPC to 5GC Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172429 Idle mode mobility from 4G to 5G Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172266 TAU procedures in E-UTRAN during interworking from 5GC to EPC Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172432 Security for Idle mode mobility from 5G to 4G Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172407 Proposal for a new subclause 9.X on mapping of security contexts during interworking between 4G and 5G Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172409 Proposal for a new subclause 9.Y on interworking security in idle mode Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172386 pCR to provide a solution for interworking between NextGen Core and EPC Qualcomm Incorporated pCR Approval Yes
Yes
not treated No   S3‑172014
    S3‑172267 handover procedures during interworking from EPC to 5GC Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172434 Security for Handover from 4G to 5G Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172268 handover procedures during interworking from 5GC to EPC Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172438 Security for Handover from 5G to 4G Nokia pCR Approval Yes
Yes
not treated No    
    S3‑172295 Interworking with EPC without N26 Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
4.2.11 Non-3GPP access S3‑172490 Drawbacks of the NAS-over-IKE solution Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco discussion Approval Yes
Yes
revised No S3‑172510  
    S3‑172510 Drawbacks of the NAS-over-IKE solution Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco discussion Endorsement Yes
YesQualcomm: Initial NAS protection in 501 is not understood here, in 2.7. The security concern is not valid. Ericsson agreed with this.They also commented that the document was more SA2 oriented than security oriented. ORANGE and Intel agreed with Qualcomm about the clause 2.7. Nokia and Samsung agreed with the security conccerns in this document.
noted No   S3‑172490
    S3‑172398 Re-authentication in Solution 1.49 Ericsson discussion Endorsement Yes
YesNEC commented that this is not such a rare case. Ericsson: Reauthentication will not happen all the time.Most people connect to a few selected Wifi networks. Broadcom: not about one user but about multiple number of users in this situation.
noted No    
    S3‑172483 Details of EAP-5G Solution for registration via untrusted non-3GPP access Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco discussion Approval Yes
Yes
revised No S3‑172511  
    S3‑172511 Details of EAP-5G Solution for registration via untrusted non-3GPP access Motorola Mobility, Lenovo, Broadcom, Brocade, Rogers Wireless, Samsung, ITRI, CATT, Cisco discussion Endorsement Yes
Yes
noted No   S3‑172483
    S3‑172391 Discussion on Security for Non-3GPP access to 5GC Qualcomm Incorporated discussion Endorsement Yes
Yes
noted No    
    S3‑172468 Skeleton for clause 11 NEC EUROPE LTD pCR Approval Yes
YesNokia: 5 should go to clause 11. Qualcomm agreed. 11.6 and 11.7 were not agreed to be here.
noted No    
    S3‑172472 5G AKA to be used over all access network types Ė clause 6 Nokia pCR   Yes
YesQualcomm: no need to have this Editor's note. Nokia: it's a reminder.
approved No    
    S3‑172474 5G AKA to be used over all access network types Ė clause 11 Nokia pCR   Yes
Yes
approved No    
    S3‑172390 pCR: Security for Non-3GPP access to 5GC Qualcomm Incorporated pCR Approval Yes
Yes
noted No    
    S3‑172471 Security aspects of Non-3GPP access using 5G Core Network NEC EUROPE LTD pCR Approval Yes
YesNokia: not based on the SA2 procedure. They haven't defined such handover. NEC: the intention is to add this procedure. Huawei: this is in SA2 scope. We can only define the security aspect of a handover procedure.
noted No    
    S3‑172546 LS on N3GPP access Ericsson LS out Approval Yes
Yes
approved No    
4.2.12 NDS S3‑172203 Way for protecting sensitive information transmitted between operators ZTE Corporation, China Mobile, CATR pCR Approval Yes
Yes
not treated No    
    S3‑172281 pCR to TS 33.501 add management plane protection to 7.2 Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172282 pCR to TS 33.501 add reference to management plane to 5.2.4 Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
4.2.13 Service based architecture S3‑172227 Security Considerations for Service Based Architecture in 5G Deutsche Telekom AG discussion Endorsement Yes
YesHuawei: in Goal#5, which scenario supports hop-by-hop security? DT: In the interconnect case there are situations when end-to-end security is not possible. NTT-Docomo: some of the goals are already mentioned in our requirements. It was clarified that these were work principles for a new topic in SA3 and that an endorsement of the goals expressed here would help. NCSC was confused with folllowing this line of work, so it was decided to revise the document to have a set of goals that everybody could endorse. ORANGE preferred to remove the reference to the third party in goal#3. DT: can this be done in phase one? ORANGE: we can give security recommendations for implementation if we donít have time for requirements. The Chair clarified that the TS will not give details on the implementation anyway, and agreed that this could be done.
revised No S3‑172533  
    S3‑172533 Security Considerations for Service Based Architecture in 5G Deutsche Telekom AG discussion Endorsement Yes
Yes
endorsed No   S3‑172227
    S3‑172244 Update the skeleton of TS 33.501 for service based architecture Huawei, Hisilicon, CATR pCR Approval Yes
Yes
merged No S3‑172534 S3‑172238
    S3‑172396 Introducing clause for Secrity Aspects of Service Based Architecture Ericsson pCR Approval Yes
Yes
merged No S3‑172534  
    S3‑172479 Skeleton for interconnection network security Nokia pCR   Yes
YesVodafone: no requirements? Nokia: they are in another document. Vodafone preferred this approach to the Huawei proposal. They also commented that SBA for roaming would be more complex and a separate clause would be needed for this. BT didnít agree with splitting for roaming. Alex (BT) warned about the trust boundaries. Nokia commented that both trust boundaries and platform requirements can be treated in the next meeting. Inputs on this will be brought into the Reno meeting.
revised No S3‑172534  
    S3‑172534 Skeleton for interconnection network security Nokia pCR - Yes
Yes
approved No   S3‑172479
    S3‑172476 Clarification of requirements on e2e core interconnection network security Nokia pCR   Yes
Yes
revised No S3‑172536  
    S3‑172536 Clarification of requirements on e2e core interconnection network security Nokia pCR - Yes
Yes
approved No   S3‑172476
    S3‑172239 Security requirements for service based architecture Huawei, Hisilicon pCR Approval Yes
YesVodafone: this doesnít feel like a requirements section, the language style and the way it is written are not correct. TIM:optional confidentiality and integrity protection? Mandatory to support or optional? DT: authentication of network functions as they register should be included here. The Chair commented that the essence of the document seemed to be fine, but it required some more work with the wording. It was decided to work on this offline and come back with an input for the next meeting.
noted No    
    S3‑172240 NF registration and authentication procedure of Service Based Architecture Huawei, Hisilicon pCR Approval Yes
YesTIM: premature to bring this. Ericsson agreed. Vodafone: this needs some language check.
noted No    
    S3‑172470 Discussion and pCR on authorization issue for 5G core network with SBA China Mobile Com. Corporation pCR   Yes
YesInterdigital: the Note is solution related, it shouldnít be here. Vodafone: this doesnít read lile a requirement. It needs proper wording.TIM agreed. People seemed to agree with the document, although rewording was needed. The note was removed.
revised No S3‑172538  
    S3‑172538 Discussion and pCR on authorization issue for 5G core network with SBA China Mobile Com. Corporation pCR - Yes
Yes
approved No   S3‑172470
    S3‑172241 Authorization of NF service discovery Huawei, Hisilicon pCR Approval Yes
YesVodafone pointed out the language aspect, it needed reqording. In roaming scenarion there are no issues with the authentification. The non roaming scenario is not as clear as you think. TIM: authorization is enough? Authentication could also be necessary. Ericsson and Nokia: lot of stuff repeated from 23.401.
noted No    
    S3‑172242 Authorization of NF service access Huawei, Hisilicon pCR Approval Yes
YesVodafone: Both flows seem to be very similar. One option combining both flows would be sufficient. TIM: this is written more like a SA2 contribution. Vodafone agreed, this is pushed towards the service discovery not the authorization. Ericsson agreed that this was not clear.A way forward would be to add this to the living document. Interdigital: it describes how to authorise, not about the discovery. I would like to see more of this. TIM: we are jumping straightly into solutions. Not even for the living document. Nokia agreed that this should not go as the solution for the TS, but it should go as an option to the living document.
revised No S3‑172539  
    S3‑172539 Authorization of NF service access Huawei, Hisilicon pCR Approval Yes
YesApproved to go to the living document in 540.
approved No   S3‑172242
    S3‑172243 Protection of the connection between NFs Huawei, Hisilicon pCR Approval Yes
YesVodafone: there are cost concerns here, it would be too expensive to implement. This needs to have lots of small tunnels better than big tunnels. Juniper: the cost of TLS proxies is much higher than IPsec so we should be careful with this.
noted No    
    S3‑172238 Update the skeleton of TS 33.501 for service based architecture Huawei, Hisilicon pCR Approval No
Yes
revised No S3‑172244  
    S3‑172540 Living document on SBA China Mobile other Approval Yes
Yes
approved No    
4.2.14 Privacy (not covered by other headings) S3‑172220 Remove editor notes related to privacy requirements CATT, CATR pCR Approval Yes
Yes
not treated No    
    S3‑172509 Privacy requirements on the UE Nokia pCR Decision Yes
Yes
not treated No   S3‑172352
    S3‑172297 Caculation of SUCI in ME Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172358 UDM requirements - key management and privacy Nokia pCR Decision Yes
Yes
not treated No    
    S3‑172222 Remove editor note related to SIDF and text corrections CATT pCR Approval Yes
Yes
not treated No    
    S3‑172356 SIDF functionality Nokia pCR Decision Yes
Yes
not treated No    
    S3‑172284 Raw public key provisioning CATT pCR Approval Yes
Yes
not treated No    
    S3‑172346 Clauses 6.8.3 (5G-GUTI refresh at periodic registration update) Ericsson, Telecom Italia pCR Approval Yes
Yes
not treated No    
    S3‑172347 Clauses 6.8.3 (5G-GUTI refresh at network triggered service request) Ericsson, Telecom Italia pCR Approval Yes
Yes
not treated No    
    S3‑172362 Cleaning up sections 6.8.1 and 6.8.2 about Subscription (Concealed) Identifier KPN N.V. pCR Approval Yes
Yes
not treated No    
    S3‑172254 Moving UE handling SUCI to SUCI clause Huawei, Hisilicon, China Mobile pCR Approval Yes
Yes
not treated No    
    S3‑172354 Merging and enhancing 6.8.1 and 6.8.2 Nokia pCR Decision Yes
Yes
not treated No    
    S3‑172251 Subscriber Privacy under Home network control Huawei, Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172249 Meeting SUPI privacy and LI Requirements Huawei, Hisilicon, Intel pCR Approval Yes
Yes
not treated No    
    S3‑172506 LI conformity when privacy is used Nokia pCR Decision Yes
Yes
not treated No   S3‑172359
    S3‑172345 Clauses 6.1.3 and 6.7.2 (auth procedures and NAS SMC, SUPI from UE for LI) Ericsson, Telecom Italia pCR Approval Yes
Yes
not treated No    
    S3‑172225 Discussion on provision of SUPI from home to visited network VODAFONE Group Plc discussion Discussion Yes
Yes
not treated No    
    S3‑172365 Comments on S3-172225 KPN N.V. discussion Discussion Yes
Yes
not treated No    
    S3‑172316 Changes to Initiation of Authentication and subscription identity procedure. Intel pCR Approval Yes
Yes
not treated No    
    S3‑172570 Changes to Initiation of Authentication and subscription identity procedure. Intel pCR Approval No
Yes
withdrawn Yes    
    S3‑172355 SIDF purpose in initiation of authentication Nokia pCR Decision Yes
Yes
not treated No    
    S3‑172488 pCR to 33.501 6.1.3.1, 6.1.3.2 Ė SUPI assurance in SEAF NTT DOCOMO pCR Approval Yes
Yes
not treated No    
    S3‑172348 Selection of SUCI null-scheme Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172363 Procedure for Visited Network to request SUPI attach KPN N.V. pCR Approval Yes
Yes
not treated No    
    S3‑172364 Annex C: Adding Creation of the 'visited network requests null-scheme message' KPN N.V. pCR Approval Yes
Yes
not treated No    
    S3‑172357 Null scheme clarifications - resolving ed.note Nokia pCR Decision Yes
Yes
not treated No    
    S3‑172353 Requirement on AMF Nokia pCR Decision Yes
Yes
not treated No    
    S3‑172274 Adding the content on Subscription identification procedure(6.8.4) Huawei; Hisilicon pCR Approval Yes
Yes
not treated No    
    S3‑172283 Remove editor note related to SUCI CATT pCR Approval Yes
Yes
not treated No    
    S3‑172497 SUCI calculation Gemalto, G&D, Morpho & Oberthur (IDEMIA), Vodafone pCR Approval Yes
Yes
revised No S3‑172530  
    S3‑172530 SUCI calculation Gemalto, G&D, Morpho & Oberthur (IDEMIA), Vodafone pCR Approval Yes
Yes
not treated No   S3‑172497
    S3‑172503 pCR: Calculation of SUCI Qualcomm Incorporated pCR Approval Yes
Yes
not treated No   S3‑172392
    S3‑172351 (Resubmission) Annex X.3 (SUCI, ECIES scheme normative Annex) Ericsson pCR Approval Yes
Yes
not treated No    
    S3‑172349 (Resubmission) Discussion for drafting reply to S2-175309, relates NSSAI privacy Ericsson discussion Discussion Yes
YesQualcomm: it has to go to phase one or it wonít be usable. China Mobile didnít support proposal 3 but they were fine with the rest. Ericsson: the consequence is that the authentication of the network slice will be delayed. There was no agreement with the proposal one. Huawei supported proposal three. Interdigital didn't support proposal 4. The Chair suggested a show of hands: Proposal one not in phase one: 9 companies Proposal one in phase one: 4 companies After this Qualcomm decided to go for phase two in order to make progress.
noted No    
    S3‑172361 was S3-171949 Discussion of NSSAI privacy Nokia pCR Decision Yes
YesBT and Interdigital disagreed with the conclusion. Ericsson and LG disagreed with this one.
noted No    
    S3‑172360 was S3-171950 TS - NSSAI privacy Nokia pCR Decision Yes
Yes
noted No    
    S3‑172379 Discussion on sending S-NSSAIs to the network unprotected Qualcomm Incorporated discussion Endorsement Yes
YesEricsson: why such a strong requirement on the deployment? We donít agree with this at all. LG: I doubt that this is efficient. One policy for all UE, not slice based.
noted No    
    S3‑172291 Confidentiality of NSSAI Huawei & Hisilicon pCR Approval Yes
YesORANGE: How can we use theHome Network public key for the encryption if we are in the serving network? China Mobile: we cannot agree with this contribution. Interdigital didnít support it either. Ericsson: the HN public key mechanism is optional, that is Huawei's intention here. Nokia: then the "shall" is not correct here.
noted No    
    S3‑172493 NSSAI Privacy Discussion LG Electronics discussion Endorsement Yes
YesLG: Send the solutions to SA2 and let them decide.
noted No    
    S3‑172494 NSSAI Privacy handling LG Electronics discussion Endorsement Yes
YesEricsson didn't understand the solution
noted No    
    S3‑172350 (Resubmission) draft Reply LS on Reply LS on 5GS Security aspects seeking resolution Ericsson pCR Approval Yes
YesORANGE: donít send privacy sensitive information in the NSSAI. Nokia: NAS security established, there is encryption already and it is protected. Qualcomm asked to be in the minutes: Although SA3 is sending the LS the interim agreement hasnít changed. The agreed LS is in 517.
noted No    
    S3‑172352 Privacy requirements on the UE Nokia pCR Decision Yes
Yes
revised No S3‑172509  
    S3‑172359 LI conformity when privacy is used Nokia pCR Decision Yes
Yes
revised No S3‑172506  
    S3‑172392 pCR: Calculation of SUCI Qualcomm Incorporated pCR Approval Yes
Yes
revised No S3‑172503  
    S3‑172473 SUCI calculation Gemalto, G&D, Morpho & Oberthur (IDEMIA) pCR Approval Yes
Yes
withdrawn Yes    
4.2.15 Others S3‑172206 LS on applicability of service based interface for legacy core network elements C1-173753 LS in   Yes
YesIt was decided to wait for SA2's response to react to this LS.
noted No    
    S3‑172207 Reply LS on 5G signalling protocol requirements C4-174311 LS in   Yes
Yes
noted No    
    S3‑172208 LS on Conclusion on Service Based Architecture Protocol Selection C3-174370,C4-174343 LS in   Yes
Yes
noted No    
    S3‑172209 LS to SA3 on RAN2 agreements on jumbo frames R2-1709804 LS in   Yes
YesNokia: I think it has been commented before that ZUC may have problems. Ericsson: ZUC was checked with ETSI SAGE and there was no problem. This was discussed in the San Diego meeting.
replied to No    
    S3‑172515 Reply to: LS to SA3 on RAN2 agreements on jumbo frames Ericsson LS out approval Yes
Yes
approved No    
    S3‑172211 LS reply on Support for fake gNB detection mechanisms R2-1709980 LS in   Yes
Yes
noted No    
    S3‑172212 LS on secure storage and processing of subscription credentials S1-173475 LS in   Yes
YesORANGE: the stated service requirement is a SA3 requirement. Vodafone: it's both SA1 and SA3 requirement. It started as a SA1 and SA plenary requirement. ORANGE: We already have 33.501 requirements on this. Vodafone: we cannot have a published document referring to the draft 33.501. Vodafone: it's clearly a security requirement and they have made a commitment to align with our view. Ericsson: this is a working agreement and itís a stable requirement. ORANGE agreed with Vodafone, itís a security requirement. The SA1 spec is not clearly the place to have this requirement.
postponed No    
    S3‑172213 LS on PLMN and RAT selection policies for roaming S1-173478 LS in   Yes
Yes
noted No    
    S3‑172214 Reply LS on Address Mapping Requirements S2-176561 LS in   Yes
Yes
noted No    
    S3‑172215 LS Response on Service Based Architecture S2-176692 LS in   Yes
Yes
noted No    
    S3‑172216 LS on Undetectability of LI Data stored in a UDSF S3i170259 LS in   Yes
Yes
noted No    
    S3‑172217 Address Mapping Requirements S3i170260 LS in   Yes
Yes
noted No    
    S3‑172218 Reply LS on 5GS Security aspects seeking resolution S2-175309 LS in   Yes
Yes
replied to No    
    S3‑172517 Reply to: Reply LS on 5GS Security aspects seeking resolution Qualcomm LS out approval Yes
Yes
approved No    
    S3‑172219 LS on PLMN and RAT selection policies for roaming S2-175286 LS in   Yes
YesVodafone: there is a steering of roaming from the SIM to the UE to change the network since Rel-8. A solution exists already.
replied to No    
    S3‑172516 Reply to: LS on PLMN and RAT selection policies for roaming Huawei LS out approval Yes
YesA solution has been discussed and it is possible. There were several issues that SA3 had agreed to include in the LS: need of feedback on specific messages, where the keys are stored and messages prepared, serious implications on security architecture, why OTA solution doesnít work,Ö but companies differed on the different versions of the LS in the drafts folder (v2 and v3).
revised No S3‑172581  
    S3‑172581 Reply to: LS on PLMN and RAT selection policies for roaming Huawei LS out approval Yes
Yes
approved No   S3‑172516
    S3‑172205 Reply LS to LS on PLMN and RAT selection policies for roaming C1-173751 LS in   Yes
YesVodafone: This is another unnecessary secure area to get away from what the SIM provides. Qualcomm: CT1 and SA2 are aware about Vodafone's statement, they are looking for a control plane security solution. Vodafone: OTA solution is misrepresented in the LS. Qualcomm: the VPLMN only has access to the information passing through, not to the UE at all. Qualcomm: it is not up to SA3 to discuss OTA solutions. NTT-Docomo: we donít understand why SA2 has opted for this.Let's ask them what is the new mechanism's advantage over OTA.
replied to No    
    S3‑172499 Response to LS from SA3 to TC Cyber regarding 256-bit key lengths ETSI TC CYBER LS in   Yes
Yes
noted No    
    S3‑172299 pCR on editorial correction of TS 33.501 NEC EUROPE LTD pCR Approval Yes
YesNokia: 5GS is used in SA2 as EPS. It was commented that pCRs for this meeting would clash and make the implementation harder. The Rapporteur would have to take care of this. It was also commented that the abbreviations for AIR and AMF would have to be dealt with since they refer to different terms. Notes would clarify this issue.
revised No S3‑172518  
    S3‑172518 pCR on editorial correction of TS 33.501 NEC EUROPE LTD pCR Approval Yes
Yes
approved No   S3‑172299
    S3‑172280 Corrections on 33501 Huawei; Hisilicon pCR Approval Yes
Yes
revised No S3‑172519  
    S3‑172519 Corrections on 33501 Huawei; Hisilicon pCR Approval Yes
Yes
approved No   S3‑172280
    S3‑172484 Editorials against 33.501 NTT DOCOMO pCR Approval Yes
Yes
revised No S3‑172520  
    S3‑172520 Editorials against 33.501 NTT DOCOMO pCR Approval Yes
Yes
approved No   S3‑172484
    S3‑172228 PCR to 33.501 Ė typos and language in multiple clauses. InterDigital, Inc. pCR Approval Yes
Yes
revised No S3‑172521  
    S3‑172521 PCR to 33.501 Ė typos and language in multiple clauses. InterDigital, Inc. pCR Approval Yes
Yes
approved No   S3‑172228
    S3‑172381 Proposed re-wording to the bidding down requirement Qualcomm Incorporated pCR Approval Yes
YesChina Mobile asked about the situation when both the UE and network are made to believe they are in 2G. Qualcomm clarified that this is a requirement for 5G. Nokia: mention "5G security features". Ericsson: clarify that the attacker is external. NTT docomo: external to the security domain. This had to be taken offline.
merged No S3‑172520  
    S3‑172368 Providing full details of the integrity and ciphering algorithms for TS 33.501 Qualcomm Incorporated pCR Approval Yes
Yes
revised No S3‑172523  
    S3‑172523 Providing full details of the integrity and ciphering algorithms for TS 33.501 Qualcomm Incorporated pCR Approval Yes
YesQualcomm clarified that these are both user plane and control plane algorithms.BT asked to distinguish them.
approved No   S3‑172368
    S3‑172422 Skeleton for Security for IMS Emergency session Nokia pCR Approval Yes
Yes
approved No    
    S3‑172424 Security for Authenticated IMS Emergency sessions Nokia pCR Approval Yes
YesQualcomm: emergency sessions are part of phase one? Nokia: it is for phase one for 3GPP access.
revised No S3‑172524  
    S3‑172524 Security for Authenticated IMS Emergency sessions Nokia pCR Approval Yes
YesAddressing Ericsson's comments on authentication aspects.
approved No   S3‑172424
    S3‑172426 Security for unauthenticated IMS Emergency sessions Nokia pCR Approval Yes
YesTIM: what is older SIM? Nokia: non-5G SIM. It was commented to better refer to "USIM" instead of SIM.
revised No S3‑172525  
    S3‑172525 Security for unauthenticated IMS Emergency sessions Nokia pCR Approval Yes
Yes
approved No   S3‑172426
    S3‑172482 Discussion on protection of Network Steering Information Ericsson discussion Approval Yes
Yes
noted No    
    S3‑172234 Discussion on Securing the Network Steering Information SAMSUNG pCR Approval Yes
Yes
noted No    
    S3‑172235 pCR for Securing the Network Steering Information SAMSUNG pCR Approval Yes
YesVodafone: In this case, everytime I want to change the preferred list I need to do the authentication again. End to end security solution is possible but more details are needed. Mandatory IE in every message was objected by Vodafone. Where are the keys stored and where all the message are being processed? This had to be considered further. Vodafone pointed out that the relation with the other lists needed to be clarified. Nokia also commented that the security impacts on the architecture were big and had to be considered as well. Vodafone: the impact on security architecture is so big that it would need a TR for this topic only.
noted No    
    S3‑172505 First response on ECIES for concealing IMSI or SUPI ETSI SAGE LS in   Yes
Yes
noted No    
    S3‑172428 Editorial updates in TS 33.501 NEC EUROPE LTD pCR Approval No
Yes
withdrawn Yes    
    S3‑172522 Draft TS 33.501 NTT-Docomo draft TS Approval No
Yes
left for email approval No    
    S3‑172553 LS on support of jumbo frames using EIA3 Vodafone LS out Approval Yes
Yes
approved No    
    S3‑172560 pCR to TS33.501 clause 5.4.2 taken from S3-172484 NTT-Docomo pCR Approval No
Yes
withdrawn Yes    
4.3 Security of the Mission Critical Service (MCSec) (Rel-14) S3‑172231 Corrections to MCData security procedures SAMSUNG CR   Yes
Yes
revised No S3‑172532  
    S3‑172532 Corrections to MCData security procedures SAMSUNG CR - Yes
Yes
agreed No   S3‑172231
    S3‑172300 [MCSec] 33180 R14 client check at GMK provisioning Motorola Solutions CR Agreement Yes
Yes
withdrawn Yes    
    S3‑172301 [MCSec] 33180 R14 add transmission control for MCVideo Motorola Solutions CR Agreement Yes
Yes
agreed No    
    S3‑172302 [MCSec] 33180 R14 MCPTT to MCX fixes Motorola Solutions CR Agreement Yes
Yes
agreed No    
    S3‑172303 [MCSec] 33180 R14 SIP MESSAGE clarification for MCData Motorola Solutions CR Agreement Yes
Yes
agreed No    
    S3‑172452 [MCSEC] Clarification on SSRC use in group communications in TS 33.180 Rel-14 NCSC CR Agreement Yes
Yes
revised No S3‑172541  
    S3‑172541 [MCSEC] Clarification on SSRC use in group communications in TS 33.180 Rel-14 NCSC CR Agreement Yes
Yes
agreed No   S3‑172452
4.4 Mission Critical Security Enhancements (eMCSec) (Rel-15) S3‑172443 [eMCSEC] Adding KMS Redirect Responses to TS 33.180 NCSC CR Agreement Yes
Yes
revised No S3‑172528  
    S3‑172528 [eMCSEC] Adding KMS Redirect Responses to TS 33.180 NCSC CR Agreement Yes
Yes
agreed No   S3‑172443
    S3‑172444 [eMCSEC] KMS enhancement, including Migration KMS, for TS 33.180 NCSC CR Agreement Yes
Yes
revised No S3‑172535  
    S3‑172535 [eMCSEC] KMS enhancement, including Migration KMS, for TS 33.180 NCSC CR Agreement Yes
Yes
agreed No   S3‑172444
    S3‑172448 [eMCSEC] Addition of Clause on Logging, Audit and Discreet Monitoring for TS 33.180 NCSC CR Agreement Yes
Yes
revised No S3‑172537  
    S3‑172537 [eMCSEC] Addition of Clause on Logging, Audit and Discreet Monitoring for TS 33.180 NCSC CR Agreement Yes
Yes
agreed No   S3‑172448
    S3‑172451 [eMCSEC] Addition of signalling Proxies to TS 33.180 NCSC CR Agreement Yes
Yes
revised No S3‑172544  
    S3‑172544 [eMCSEC] Addition of signalling Proxies to TS 33.180 NCSC CR Agreement Yes
Yes
agreed No   S3‑172451
    S3‑172418 Key Management of end-to-end encryption for mission critical communications between LMR users and 3GPP users Sepura PLC discussion Endorsement Yes
YesThere were some concerns so it was decided to send an LS to SA6 instead of endorsing this document.
noted No    
    S3‑172455 [eMCSEC] LS to SA6 on configuration parameters NCSC LS out Approval Yes
Yes
withdrawn Yes    
    S3‑172304 [eMCSec] 33180 R15 client check at GMK provisioning (mirror) Motorola Solutions CR Agreement Yes
Yes
withdrawn Yes    
    S3‑172305 [eMCSec] 33180 R15 add transmission control for MCVideo (mirror) Motorola Solutions CR Agreement Yes
Yes
withdrawn Yes    
    S3‑172306 [eMCSec] 33180 R15 MCPTT to MCX fixes (mirror) Motorola Solutions CR Agreement Yes
Yes
withdrawn Yes    
    S3‑172307 [eMCSec] 33180 R15 SIP MESSAGE clarification for MCData (mirror) Motorola Solutions CR Agreement Yes
Yes
withdrawn Yes    
    S3‑172453 [eMCSEC] Clarification on SSRC use in group communications in TS 33.180 Rel-15 NCSC CR Agreement Yes
Yes
withdrawn Yes    
    S3‑172545 LS to SA6 on end to end encryption for mission critical communications between LMR users and 3GPP users. NCSC LS out Approval Yes
Yes
approved No    
4.5 5G Phase-1 New SIDs or WIDs (Rel-15) S3‑172465 Discussion on necessity and way forward of security study for 5G core network with SBA China Mobile Com. Corporation discussion Discussion Yes
Yes
noted No    
    S3‑172467 New WID for enhanced security function to 5GC Service Based Architecture China Mobile Com. Corporation WID new   Yes
YesNokia didnít agree with having this as a separate WID in the same timescale as the 5G phase one work.Guenther proposed to extend the objectives of the current 5G work.ORANGE agreed. Deutsche Telekom agreed to have this work as well, in one way or another. Vodafone supported this work on service architecture for 5G. NTT-Docomo: this needs to go to phase one, but it makes more sense to have it as a revision of the current WID.Ericsson agreed. BT: I'm concerned about the objective 2 on different PLMNs. Too ambitious to include roaming interfaces. The Chair suggested to add this in the current WID within its objectives and present a revision of the 5G WID to the plenary. ORANGE: in the current WID we are already saying that we need to address the security features of whatever SA2 is doing, so this is covered already. We donít need to change the objectives every time SA2 comes up with something. Vodafone: this is to show that we are focusing our attention on this issue.
noted No    
    S3‑172498 New SID on 256-bit algorithms for 5G VODAFONE Group Plc SID new Agreement Yes
Yes
noted No    
    S3‑172507 Comments to "New SID on 256-bit algorithms for 5G" Ericsson discussion Discussion Yes
YesBT supported removing the quantum part.
merged No S3‑172556  
    S3‑172508 New SID on 256-bit algorithms for 5G Ė with Nokia comments Nokia SID new   Yes
YesAT&T: too much detail. They didnít support going for Statements like strengthening the OTA. I have problems with the justification rather than the objectives. Option preferred by ORANGE among the proposed studies. They had issues with the justification. Vodafone: this gives a wider scope. Interdigital: expanding the scope when there is so little time to work on this? Qualcomm: look at the entire system, not only the OTA. We prefer the Nokia option. NCSC preferred the Nokia option for having the better scope. AT&T: the use of commercial devices for the secure communication is not acceptable. US department of commerce: 128 bit keys is our recommendation. We support the study item but it should focus less on the quantum part. NCSC: according to the latest NIST document, the 128 bits should be sufficient until at least 2030. Alex (BT) was concerned about having to adapt the whole commercial network to fit a relatively small portion of users. KPN agreed with this.
revised No S3‑172556  
    S3‑172556 New SID on 256-bit algorithms for 5G Nokia SID new - Yes
Yes
agreed No   S3‑172508
    S3‑172531 Revised WID 5G security phase one China Mobile WID revised Agreement Yes
Yes
agreed No    
5 Studies                      
5.1 Study on Mission Critical Security Enhancements (FS_MC_Sec) (Rel-14) S3‑172435 [eMCSEC] Update to KMS Discovery Solution in TR 33.880 NCSC pCR Approval Yes
Yes
revised No S3‑172526  
    S3‑172526 [eMCSEC] Update to KMS Discovery Solution in TR 33.880 NCSC pCR Approval Yes
Yes
approved No   S3‑172435
    S3‑172441 [eMCSEC] KMS Discovery Use cases for TR 33.880 NCSC pCR Approval Yes
Yes
revised No S3‑172527  
    S3‑172527 [eMCSEC] KMS Discovery Use cases for TR 33.880 NCSC pCR Approval Yes
Yes
approved No   S3‑172441
    S3‑172442 [eMCSEC] Evaluation of KMS Discovery in TR 33.880 NCSC pCR Approval Yes
Yes
approved No    
    S3‑172445 [eMCSEC] KMS Lookup (DNSSec) solution for TR 33.880 NCSC pCR Approval No
Yes
withdrawn Yes    
    S3‑172446 [eMCSEC] Key Issues on Interworking and Interconnetion security for TR 33.880 NCSC pCR Approval Yes
Yes
approved No    
    S3‑172447 [eMCSEC] Five solutions on Interworking security for TR 33.880 NCSC pCR Approval Yes
Yes
revised No S3‑172529  
    S3‑172529 [eMCSEC] Five solutions on Interworking security for TR 33.880 NCSC pCR Approval Yes
Yes
approved No   S3‑172447
    S3‑172449 [eMCSEC] Update of Signalling Proxies solution (#1.5) for TR 33.880 NCSC pCR Approval Yes
Yes
approved No    
    S3‑172450 [eMCSEC] Evaluation of Signalling Proxies for TR 33.880 NCSC pCR Approval Yes
Yes
approved No    
    S3‑172454 [eMCSEC] Update to EAR solution in TR 33.880 NCSC pCR Approval No
Yes
withdrawn Yes    
    S3‑172542 Draft TR 33.880 NCSC draft TR Approval Yes
Yes
approved No    
    S3‑172543 LS to SA6 on the use of signalling proxies as a deployment option NCSC LS out Approval Yes
Yes
approved No    
5.2 New Study on security aspect of 5G Network Slicing Provisioning (FS_ NETSLICE-MGT_Sec) (Rel-15) S3‑172308 Draft skeleton proposal for TR33.811 Huawei, Hisilicon, China Mobile pCR Approval Yes
YesMCC commented that this was an old template, so the new draft should be built on the new template with the 5G logo. The structure was approved in any case.
approved No    
    S3‑172309 Adding references to TR 33.811 Huawei, Hisilicon, China Mobile pCR Approval Yes
YesORANGE commented that TR 33.899 was a draft that was stopped, never approved, and that the reference should go away. MCC commented that references should be added as needed, since it can be the case that they will never be used. The document was noted.
noted No    
    S3‑172310 Introduction section for TR33.811 Huawei, Hisilicon, China Mobile pCR Approval Yes
YesNokia: donít refer to the SA2 TR and SA3 TR on 5G. Vodafone disagreed with the first paragraph. The introduction should set the scene and in here they are referring to what 3GPP groups did in the past. They proposed to note the document and avoid having an Introduction clause. BT and ORANGE agreed.
noted No    
    S3‑172311 A proposal for the scope of the TR33.811 Huawei, Hisilicon pCR Approval Yes
YesBT: it's not clear what we need to do this. ORANGE wasn't happy with the way the scope was written and proposed to go back to the study objectives and put it here.
revised No S3‑172549  
    S3‑172549 A proposal for the scope of the TR33.811 Huawei, Hisilicon pCR Approval Yes
Yes
approved No   S3‑172311
    S3‑172312 A key issue of interface security for TR33.811 Huawei, Hisilicon, CATR pCR Approval Yes
YesNokia: the requirements are not complete, add an edito's note about this. MCC: make sure that the clauses give "potential requirements" since this is a TR and be careful with using normative text throughout the document since it is informative in nature, not normative. ORANGE was concerned that this was not in line with the TS in SA5 and proposed to have it noted. Vodafone agreed. The key issue is not an issue and the key issue details are not correct. It needs a lot of work. BT supported this contribution. NTT-Docomo: we should take into account the finished SA5 TR as well, not only on the normative work that they are currently doing. ORANGE: the TS and TR in SA5 have different scopes. The study item is clear with having the SA5 TS as the object of the study. It was agreed to remove the requirements, since they were object of major concern for several companies.
revised No S3‑172550  
    S3‑172550 A key issue of interface security for TR33.811 Huawei, Hisilicon, CATR pCR Approval Yes
Yes
approved No   S3‑172312
    S3‑172313 A key issue on security capabilities for TR33.811 Huawei, Hisilicon pCR Approval Yes
YesVodafone: the key issue is not an issue. The threats under the security requirements don't match with the key issue details.This needs substantial work in the wording. It was decided to revise the document targeting the key issue details.
revised No S3‑172551  
    S3‑172551 A key issue on security capabilities for TR33.811 Huawei, Hisilicon pCR Approval No
Yes
noted No   S3‑172313
    S3‑172314 A key issue on security protection of messages exchanged with customers Huawei, Hisilicon pCR Approval Yes
YesVodafone: the key issue is not worded as key issue. And there are actually two key issues here, not one.
noted No    
    S3‑172315 A key issue on security isolation of network slices Huawei, Hisilicon pCR Approval Yes
YesNokia: Where is this security isolation coming from? Huawei: this is coming from TR 28.801. Nokia: there was no agreement on the security isolation in our TR 33.899. Vodafone: same as the others, the key issue details are wrong. The title should be"leakage of slice data beween slices", and then write the text accordingly.
noted No    
    S3‑172548 draft TR 33.811 Huawei draft TR Approval No
Yes
left for email approval No    
6 Review and Update of Work Plan S3‑172201 SA3 Work Plan MCC other   Yes
Yes
noted No    
7 Future Meeting Dates and Venues S3‑172202 SA3 meeting calendar MCC other   Yes
Yes
noted No    
8 Any Other Business