7.2.10 5G ProSe direct link security mode control procedure

24.5543GPPProximity-services (ProSe) in 5G System (5GS) protocol aspectsRelease 17Stage 3TS

7.2.10.1 General

The 5G ProSe direct link security mode control procedure is used to establish security between two UEs during a 5G ProSe direct link establishment procedure or a 5G ProSe direct link re-keying procedure. Security is not established if the UE PC5 signalling integrity protection is not activated. After successful completion of the 5G ProSe direct link security mode control procedure, the selected security algorithms and their non-null associate keys are used to integrity protect and cipher all PC5 signalling messages exchanged over this 5G ProSe direct link between the UEs and the security context can be used to protect all PC5 user plane data exchanged over this 5G ProSe direct link between the UEs. The UE sending the PROSE DIRECT LINK SECURITY MODE COMMAND message is called the "initiating UE" and the other UE is called the "target UE".

7.2.10.2 5G ProSe direct link security mode control procedure initiation by the initiating UE

The initiating UE shall meet the following pre-conditions before initiating the 5G ProSe direct link security mode control procedure:

a) the target UE has initiated a 5G ProSe direct link establishment procedure toward the initiating UE by sending a PROSE DIRECT LINK ESTABLISHMENT REQUEST message and:

1) the PROSE DIRECT LINK ESTABLISHMENT REQUEST message:

i) includes a target user info IE which includes the application layer ID of the initiating UE; or

ii) does not include a target user info IE and the initiating UE is interested in the ProSe service identified by the ProSe identifier in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message; and

2) the initiating UE:

i) if the direct communication is not between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE has either identified an existing KNRP based on the KNRP ID included in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message or derived a new KNRP;

ii) if the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE with the security procedure over user plane being used, has received a new KNRP according to the security procedure over user plane as specified in 3GPP TS 33.503 [34];

iii) if the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE with the security procedure over control plane being used, has received a new KNR_ProSe according to the security procedure over control plane as specified in 3GPP TS 33.503 [34]; or

iv) has decided not to activate security protection based on its UE 5G ProSe direct signalling security policy and the target UE’s 5G ProSe direct signalling security policy; or

b) the target UE has initiated a 5G ProSe direct link re-keying procedure toward the initiating UE by sending a PROSE DIRECT LINK REKEYING REQUEST message and:

1) if the target UE has included a Re-authentication indication in the PROSE DIRECT LINK REKEYING REQUEST message, the initiating UE has derived a new KNRP.

When:

a) the direct communication is not between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE, if a new KNRP has been derived by the initiating UE; or

b) the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE, if a new KNRP or KNR_ProSe has been received by the initiating UE according to the security procedure over user plane or the security procedure over control plane, respectively, as specified in 3GPP TS 33.503 [34];

the initiating UE shall generate the 2 MSBs of KNRP ID to ensure that the resultant KNRP ID will be unique in the initiating UE.

The initiating UE shall select security algorithms in accordance with its UE 5G ProSe direct signalling security policy and the target UE’s 5G ProSe direct signalling security policy. If the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link establishment procedure, the initiating UE shall not select the null integrity protection algorithm if the initiating UE or the target UE’s 5G ProSe direct signalling integrity protection policy is set to "Signalling integrity protection required". If the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link re-keying procedure, the initiating UE:

a) shall not select the null integrity protection algorithm if the integrity protection algorithm currently in use for the 5G ProSe direct link is different from the null integrity protection algorithm;

b) shall not select the null ciphering protection algorithm if the ciphering protection algorithm currently in use for the 5G ProSe direct link is different from the null ciphering protection algorithm;

c) shall select the null integrity protection algorithm if the integrity protection algorithm currently in use is the null integrity protection algorithm; and

d) shall select the null ciphering protection algorithm if the ciphering protection algorithm currently in use is the null ciphering protection algorithm.

Then the initiating UE shall:

a) if the direct communication is not between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE:

1) generate a 128-bit Nonce_2 value;

2) derive KNRP-sess from Nonce_1 received in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message, KNRP and Nonce_2, as specified in 3GPP TS 33.536 [37]; and

3) derive the NR PC5 encryption key NRPEK and the NR PC5 integrity key NRPIK from KNRP-sess and the selected security algorithms as specified in 3GPP TS 33.536 [37];

b) if the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE and the security procedure over control plane as specified in 3GPP TS 33.503 [34] is used:

1) derive Krelay-sess from KNR_ProSe, Nonce_2 and Nonce_1 received in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message as specified in 3GPP TS 33.503 [34]; and

2) derive the NR PC5 encryption key Krelay-enc and the NR PC5 integrity key Krelay-int from Krelay-sess and the selected security algorithms as specified in 3GPP TS 33.503 [34]; or

c) if the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE and the security procedure over user plane as specified in 3GPP TS 33.503 [34] is used:

1) derive KNRP-sess from KNRP, KNRP freshness parameter 2 and KNRP freshness parameter 1 received in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message as specified in 3GPP TS 33.503 [34]; and

2) derive the NR PC5 encryption key NRPEK and the NR PC5 integrity key NRPIK from KNRP-sess and the selected security algorithms as specified in 3GPP TS 33.503 [34]; and

d) create a PROSE DIRECT LINK SECURITY MODE COMMAND message. In this message, the initiating UE:

1) shall include the key establishment information container IE if the 5G ProSe direct link is not for direct communication between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE and a new KNRP has been derived at the initiating UE and the authentication method used to generate KNRP requires sending information to complete the 5G ProSe direct link authentication procedure;

NOTE 1: The key establishment information container is provided by upper layers.

2) shall include the MSBs of KNRP ID IE if a new KNRP has been derived or received at the initiating UE;

3) shall include a Nonce_2 IE set to:

i) the 128-bit nonce value generated by the initiating UE when the direct communication is not between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE;

ii) the KNRP freshness parameter 2 value received by the initiating UE when the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE with the security procedure over user plane as specified in 3GPP TS 33.503 [34] being used; or

iii) the Nonce_2 value received by the initiating UE when the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE with the security procedure over control plane as specified in 3GPP TS 33.503 [34] being used;

for the purpose of session key establishment over this 5G ProSe direct link if the selected integrity protection algorithm is not the null integrity protection algorithm;

4) shall include the selected security algorithms;

5) shall include the UE security capabilities received from the target UE in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message or PROSE DIRECT LINK REKEYING REQUEST message;

6) shall include the UE 5G ProSe direct signalling security policy received from the target UE in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message;

7) shall include the LSB of KNRP-sess ID chosen by the initiating UE as specified in 3GPP TS 33.536 [37] if the selected integrity protection algorithm is not the null integrity protection algorithm;

8) shall include the GPI if received from the 5G PKMF according to the security procedure over user plane as specified in 3GPP TS 33.503 [34], when the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE; and

9) shall include the EAP message if received from the network according to the security procedure over control plane as specified in 3GPP TS 33.503 [34], when the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE.

If the security protection of this 5G ProSe direct link is activated by using non-null integrity protection algorithm or non-null ciphering protection algorithm, the initiating UE shall form the KNRP-sess ID from the MSB of KNRP-sess ID received in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message or PROSE DIRECT LINK REKEYING REQUEST message and the LSB of KNRP-sess ID included in the PROSE DIRECT LINK SECURITY MODE COMMAND message. The initiating UE shall use the KNRP-sess ID to identify the new security context.

The initiating UE shall set the source layer-2 ID and destination layer-2 ID as follows:

1) if the initiating UE is acting as a 5G ProSe layer-3 UE-to-network relay UE, and the EAP-AKA’ based authentication method is used as specified in clause 6.3.3.3 of 3GPP TS 33.503 [34],

the source layer-2 ID set to the source layer-2 ID used in PROSE AA MESSAGE TRANSPORT REQUEST message, and the destination layer-2 ID set to the the destination layer-2 ID used in PROSE AA MESSAGE TRANSPORT REQUEST message;

2) if the initiating UE is not acting as a 5G ProSe UE-to-network relay UE, and a 5G ProSe direct link authentication procedure has been initiated:

the source layer-2 ID set to the source layer-2 ID used in PROSE DIRECT LINK AUTHENTICATION REQUEST message, and the destination layer-2 ID set to the the destination layer-2 ID used in PROSE DIRECT LINK AUTHENTICATION REQUEST message;

3) otherwise, self-assign a source layer-2 ID, and the destination layer-2 ID set to the source layer-2 ID in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message.

NOTE 2: The UE implementation ensures that any value of the self-assigned source layer-2 ID is different from any other self-assigned source layer-2 ID(s) in use for 5G ProSe direct discovery as specified in clause 6.2.14, clause 6.2.15 and clause 8.2.1, and is different from any other provisioned destination layer-2 ID(s) as specified in clause 5.2.

NOTE 3: It is possible for the target UE to reuse the target UE’s layer-2 ID used in previous 5G ProSe direct link with the same peer UE.

After the PROSE DIRECT LINK SECURITY MODE COMMAND message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the source layer-2 ID and the destination layer-2 ID, NRPIK (or Krelay-int when applicable), NRPEK (or Krelay-enc when applicable) if applicable, KNRP-sess ID, the selected security algorithm as specified in TS 33.536 [37]; an indication of activation of the 5G ProSe direct signalling security protection for the 5G ProSe direct link with the new security context, if applicable and start timer T5089. The initiating UE shall not send a new PROSE DIRECT LINK SECURITY MODE COMMAND message to the same target UE while timer T5089 is running.

NOTE 4: The PROSE DIRECT LINK SECURITY MODE COMMAND message is integrity protected (and not ciphered) at the lower layer using the new security context.

If the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link re-keying procedure, the initiating UE shall provide to the lower layers an indication of activation of the 5G ProSe direct user plane security protection for the 5G ProSe direct link with the new security context, if applicable, along with the initiating UE’s layer-2 ID for 5G ProSe direct communication and the target UE’s layer-2 ID for 5G ProSe direct communication.

Figure 7.2.10.2.1: 5G ProSe direct link security mode control procedure

7.2.10.3 5G ProSe direct link security mode control procedure accepted by the target UE

Upon receipt of a PROSE DIRECT LINK SECURITY MODE COMMAND message, if a new assigned initiating UE’s layer-2 ID is included and if the 5G ProSe direct link authentication procedure has not been executed, the target UE shall replace the original initiating UE’s layer-2 ID with the new assigned initiating UE’s layer-2 ID for 5G ProSe direct communication. The target UE shall check the selected security algorithms IE included in the PROSE DIRECT LINK SECURITY MODE COMMAND message. If "null integrity algorithm" is included in the selected security algorithms IE, the integrity protection is not offered for this 5G ProSe direct link and the signalling messages are transmitted unprotected. If "null ciphering algorithm" and an integrity algorithm other than "null integrity algorithm" are included in the selected algorithms IE, the ciphering protection is not offered for this 5G ProSe direct link and the signalling messages are transmitted unprotected. If the target UE’s 5G ProSe direct signalling integrity protection policy is set to "Signalling integrity protection required", the target UE shall check the selected security algorithms IE in the PROSE DIRECT LINK SECURITY MODE COMMAND message does not include the null integrity protection algorithm. If the selected integrity protection algorithm is not the null integrity protection algorithm, the target UE shall:

a) if the direct communication is not between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE:

1) derive KNRP-sess from KNRP, Nonce_1 and Nonce_2 received in the PROSE DIRECT LINK SECURITY MODE COMMAND message as specified in 3GPP TS 33.536 [37];

2) derive NRPIK from KNRP-sess and the selected integrity algorithm as specified in 3GPP TS 33.536 [37]; and

3) if the KNRP-sess is derived and the selected ciphering protection algorithm is not the null ciphering protection algorithm, then the target UE shall derive NRPEK from KNRP-sess and the selected ciphering algorithm as specified in 3GPP TS 33.536 [37]; or

b) if the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE:

1) if the security procedure over control plane as specified in 3GPP TS 33.503 [34] is used, derive Krelay-sess according to the security procedure over control plane, and derive Krelay-int from Krelay-sess and the selected integrity algorithm as specified in 3GPP TS 33.503 [34]. If the Krelay-sess is derived and the selected ciphering protection algorithm is not the null ciphering protection algorithm, then the target UE shall derive Krelay-enc from Krelay-sess and the selected ciphering algorithm as specified in 3GPP TS 33.503 [34]; or

2) if security procedure over user plane as specified in 3GPP TS 33.503 [34] is used, derive KNRP-sess according to the security procedure over user plane, and derive NRPIK from KNRP-sess and the selected integrity algorithm as specified in 3GPP TS 33.503 [34]. If the KNRP-sess is derived and the selected ciphering protection algorithm is not the null ciphering protection algorithm, then the target UE shall derive NRPEK from KNRP-sess and the selected ciphering algorithm as specified in 3GPP TS 33.503 [34].

The target UE shall determine whether or not the PROSE DIRECT LINK SECURITY MODE COMMAND message can be accepted by:

a) checking that the selected security algorithms in the PROSE DIRECT LINK SECURITY MODE COMMAND message does not include the null integrity protection algorithm if the target UE’s 5G ProSe direct signalling integrity protection policy is set to "Signalling integrity protection required";

b) asking the lower layers to check the integrity of the PROSE DIRECT LINK SECURITY MODE COMMAND message using NRPIK (or Krelay-int when applicable) and the selected integrity protection algorithm, if the selected integrity protection algorithm is not the null integrity protection algorithm;

c) checking that the received UE security capabilities have not been altered compared to the values that the target UE sent to the initiating UE in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message or PROSE DIRECT LINK REKEYING REQUEST message;

d) if the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link establishment procedure,

1) checking that the received UE 5G ProSe direct signalling security policy has not been altered compared to the values that the target UE sent to the initiating UE in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message; and

2) checking that the LSB of KNRP-sess ID included in the PROSE DIRECT LINK SECURITY MODE COMMAND message are not set to the same value as those received from another UE in response to the target UE’s PROSE DIRECT LINK ESTABLISHMENT REQUEST message; and

e) if the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link re-keying procedure and the integrity protection algorithm currently in use for the 5G ProSe direct link is different from the null integrity protection algorithm, checking that the selected security algorithms in the PROSE DIRECT LINK SECURITY MODE COMMAND message do not include the null integrity protection algorithm.

If the target UE did not include a KNRP ID in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message, the target UE included a Re-authentication indication in the PROSE DIRECT LINK REKEYING REQUEST message or the initiating UE has chosen to derive:

a) a new KNRP if the direct communication is not between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE; the target UE shall derive KNRP as specified in 3GPP TS 33.536 [37];

b) a new KNRP, if the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE and the security procedure over user plane as specified in 3GPP TS 33.503 [34] is used, the target UE shall derive KNRP as specified in 3GPP TS 33.536 [37]; or

c) a new KNR_ProSe, if the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE and the security procedure over control plane as specified in 3GPP TS 33.503 [34] is used, the target UE shall derive KNR_ProSe as specified in 3GPP TS 33.536 [37]; and

the target UE shall choose the 2 LSBs of KNRP ID to ensure that the resultant KNRP ID will be unique in the target UE. The target UE shall form KNRP ID from the received MSB of KNRP ID and its chosen 2 LSBs of KNRP ID and shall store the complete KNRP ID with KNRP.

If the GPI is included in the PROSE DIRECT LINK SECURITY MODE COMMAND message and the direct communication is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE, the target UE shall derive the UP-PRUK and obtain the UP-PRUK ID from the GPI, and use the UP-PRUK in deriving the KNRP, according to the security procedure over user plane as specified in 3GPP TS 33.503 [34].

If the target UE accepts the PROSE DIRECT LINK SECURITY MODE COMMAND message, the target UE shall create a PROSE DIRECT LINK SECURITY MODE COMPLETE message. In this message, the target UE:

a) if the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link establishment procedure:

1) shall include the PQFI and the corresponding PC5 QoS parameters if the 5G ProSe direct link is not for 5G ProSe direct communication between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE; or

2) may include the PQFI and the corresponding PC5 QoS parameters if the 5G ProSe direct link is for 5G ProSe direct communication between 5G ProSe layer-3 remote UE and 5G ProSe layer-3 UE-to-network relay UE;

NOTE 1: The PQFI and the corresponding PC5 QoS parameters are not included if the 5G ProSe direct link is for 5G ProSe direct communication between 5G ProSe layer-2 remote UE and 5G ProSe layer-2 UE-to-network relay UE.

b) if IP communication is used and the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link establishment procedure, shall include an IP address configuration IE set to one of the following values:

1) "IPv6 router" if IPv6 address allocation mechanism is supported by the target UE, i.e., acting as an IPv6 router; or

2) "address allocation not supported" if IPv6 address allocation mechanism is not supported by the target UE;

c) if IP communication is used, the IP address configuration IE is set to "address allocation not supported" and the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link establishment procedure, shall include a link local IPv6 address IE formed locally based on IETF RFC 4862 [25];

d) if a new KNRP was derived, shall include the 2 LSBs of KNRP ID; and

e) if the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link establishment procedure, shall include its UE 5G ProSe direct user plane security policy for this 5G ProSe direct link. In the case where the different ProSe services are mapped to the different 5G ProSe direct user plane security policies, when more than one ProSe identifier is included in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message, each of the user plane security polices of those ProSe services shall be compatible, e.g., "user plane integrity protection not needed" and "user plane integrity protection required" are not compatible.

If the selected integrity protection algorithm is not the null integrity protection algorithm, the target UE shall form the KNRP-sess ID from the MSB of KNRP-sess ID it had sent in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message or PROSE DIRECT LINK REKEYING REQUEST message and the LSB of KNRP-sess ID received in the PROSE DIRECT LINK SECURITY MODE COMMAND message. The target UE shall use the KNRP-sess ID to identify the new security context.

After the PROSE DIRECT LINK SECURITY MODE COMPLETE message is generated, the target UE shall pass this message to the lower layers for transmission along with the target UE’s layer-2 ID for 5G ProSe direct communication and the initiating UE’s layer-2 ID for 5G ProSe direct communication, NRPIK (or Krelay-int when applicable), NRPEK (or Krelay-enc when applicable) if applicable, KNRP-sess ID, the selected security algorithm as specified in 3GPP TS 33.536 [37] and an indication of activation of the 5G ProSe direct signalling security protection for the 5G ProSe direct link with the new security context, if applicable.

NOTE 2: The PROSE DIRECT LINK SECURITY MODE COMPLETE message and further 5G ProSe direct signalling messages are integrity protected and ciphered (if applicable) at the lower layer using the new security context.

If the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link re-keying procedure, the target UE shall provide to the lower layers an indication of activation of the 5G ProSe direct user plane security protection for the 5G ProSe direct link with the new security context, if applicable, along with the initiating UE’s layer-2 ID for 5G ProSe direct communication and the target UE’s layer-2 ID for 5G ProSe direct communication.

7.2.10.4 5G ProSe direct link security mode control procedure completion by the initiating UE

Upon receiving a PROSE DIRECT LINK SECURITY MODE COMPLETE message, the initiating UE shall stop timer T5089. If the selected integrity protection algorithm is not the null integrity protection algorithm, the UE checks the integrity of the PROSE DIRECT LINK SECURITY MODE COMPLETE message. If the integrity check passes, the initiating UE shall then continue the procedure which triggered the 5G ProSe direct link security mode control procedure. If the selected integrity protection algorithm is the null integrity protection algorithm, the UE continues the procedure without checking the integrity protection.

After receiving the PROSE DIRECT LINK SECURITY MODE COMPLETE message, the initiating UE shall delete the old security context it has for the target UE, if any.

7.2.10.5 5G ProSe direct link security mode control procedure not accepted by the target UE

If the PROSE DIRECT LINK SECURITY MODE COMMAND message cannot be accepted, the target UE shall send a PROSE DIRECT LINK SECURITY MODE REJECT message and the target UE shall abort the ongoing procedure that triggered the initiation of the 5G ProSe direct link security mode control procedure unless the ongoing procedure is a 5G ProSe direct link establishment procedure and the Target user info is not included in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message. The PROSE DIRECT LINK SECURITY MODE REJECT message contains a PC5 signalling protocol cause IE indicating one of the following cause values:

#5: lack of resources for 5G ProSe direct link;

#7: integrity failure;

#8: UE security capabilities mismatch;

#9: LSB of KNRP-sess ID conflict;

#10: UE PC5 unicast signalling security policy mismatch;

#14: Authentication synchronisation error; or

#111: protocol error, unspecified.

If this 5G ProSe direct link security mode control procedure is triggered during the 5G ProSe direct link establishment procedure and the implementation-specific maximum number of established NR 5G ProSe direct links has been reached, then the target UE shall send a PROSE DIRECT LINK SECURITY MODE REJECT message containing PC5 signalling protocol cause value #5 "lack of resources for 5G ProSe direct link".

If the PROSE DIRECT LINK SECURITY MODE COMMAND message cannot be accepted because the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link establishment procedure, that the selected security algorithms in the PROSE DIRECT LINK SECURITY MODE COMMAND message included the null integrity protection algorithm and the target UE’s 5G ProSe direct signalling integrity protection policy is set to "Signalling integrity protection required", the target UE shall include PC5 signalling protocol cause #10 "UE PC5 unicast signalling security policy mismatch" in the PROSE DIRECT LINK SECURITY MODE REJECT message.

If the PROSE DIRECT LINK SECURITY MODE COMMAND message cannot be accepted because the 5G ProSe direct link security mode control procedure was triggered during a 5G ProSe direct link re-keying procedure, the integrity protection algorithm currently in use for the 5G ProSe direct link is different from the null integrity protection algorithm and the selected security algorithms in the PROSE DIRECT LINK SECURITY MODE COMMAND message include the null integrity protection algorithm, the target UE, the target UE shall include PC5 signalling protocol cause #10 "UE PC5 unicast signalling security policy mismatch" in the PROSE DIRECT LINK SECURITY MODE REJECT message.

If the target UE detects that the received UE security capabilities IE in the PROSE DIRECT LINK SECURITY MODE COMMAND message has been altered compared to the latest values that the target UE sent to the initiating UE in the PROSE DIRECT LINK ESTABLISHMENT REQUEST message or PROSE DIRECT LINK REKEYING REQUEST message, the target UE shall include PC5 signalling protocol cause #8 "UE security capabilities mismatch" in the PROSE DIRECT LINK SECURITY MODE REJECT message.

If the target UE detects that the LSB of KNRP-sess ID included in the PROSE DIRECT LINK SECURITY MODE COMMAND message are set to the same value as those received from another UE in response to the target UE’s PROSE DIRECT LINK ESTABLISHMENT REQUEST message, the target UE shall include PC5 signalling protocol cause #9 "LSB of KNRP-sess ID conflict" in the PROSE DIRECT LINK SECURITY MODE REJECT message.

If the 5G ProSe direct link security mode control procedure is for direct communication between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE, and the PROSE DIRECT LINK SECURITY MODE COMMAND message cannot be accepted due to a synchronisation error when processing the authentication vector contained in the GPI sent by the 5G ProSe UE-to-network relay UE to the 5G ProSe remote UE, if any, the target UE shall include PC5 signalling protocol cause #14 "Authentication synchronisation error" in the PROSE DIRECT LINK SECURITY MODE REJECT message and shall include the RAND and AUTS parameters in the PROSE DIRECT LINK SECURITY MODE REJECT message.

After the PROSE DIRECT LINK SECURITY MODE REJECT message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for 5G ProSe direct communication and the target UE’s layer-2 ID for 5G ProSe direct communication.

Upon receipt of the PROSE DIRECT LINK SECURITY MODE REJECT message, the initiating UE shall stop timer T5089, provide an indication to the lower layer of deactivation of the 5G ProSe direct security protection and deletion of security context for the 5G ProSe direct link, if applicable and:

a) if the PC5 signalling protocol cause IE in the PROSE DIRECT LINK SECURITY MODE REJECT message is set to #9 "LSB of KNRP-sess ID conflict", retransmit the PROSE DIRECT LINK SECURITY MODE COMMAND message with a different value for the LSB of KNRP-sess ID and restart timer T5089;

b) if the PC5 signalling protocol cause IE in the PROSE DIRECT LINK SECURITY MODE REJECT message is set to #14 "Authentication synchronisation error", the message contained a RAND and an AUTS, and the 5G ProSe direct link security mode control procedure is for direct communication between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE, may fetch a fresh GPI from the PKMF by sending a Key Request message including RAND and AUTS as specified in 3GPP TS 33.503 [34]; or

c) if the PC5 signalling protocol cause IE is set to the value other than #9 "LSB of KNRP-sess ID conflict" and other than #14 "Authentication synchronisation error", abort the ongoing procedure that triggered the initiation of the 5G ProSe direct link security mode control procedure.

7.2.10.6 Abnormal cases

7.2.10.6.1 Abnormal cases at the initiating UE

a) Timer T5089 expires.

The initiating UE shall retransmit the PROSE DIRECT LINK SECURITY MODE COMMAND message and restart timer T5089. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the 5G ProSe direct link security mode control procedure, shall provide an indication to the lower layer of deactivation of the 5G ProSe direct security protection and deletion of security context for the 5G ProSe direct link, if applicable and shall abort the ongoing procedure that triggered the initiation of the 5G ProSe direct link security mode control procedure.

NOTE 1: The maximum number of allowed retransmissions is UE implementation specific.

b) The need to use this 5G ProSe direct link no longer exists before the 5G ProSe direct link security mode control procedure is completed.

The initiating UE shall abort the procedure, shall provide an indication to the lower layer of deactivation of the 5G ProSe direct security protection and deletion of security context for the 5G ProSe direct link, if applicable and shall abort the ongoing procedure that triggered the initiation of the 5G ProSe direct link security mode control procedure.

c) If PROSE DIRECT LINK MODIFICATION REQUEST message or PROSE DIRECT LINK IDENTIFIER UPDATE REQUEST message is received when the timer T5089 is running, the initiating UE shall discard the PROSE DIRECT LINK MODIFICATION REQUEST message or PROSE DIRECT LINK IDENTIFIER UPDATE REQUEST message.

d) If PROSE DIRECT LINK RELEASE REQUEST message is received when the timer T5089 is running, the initiating UE shall stop the timer T5089, abort the 5G ProSe direct link security mode control procedure and proceed with the 5G ProSe direct link release procedure.

NOTE 2: The abnormal cases as described in bullet c) or d) only happen when the 5G ProSe direct link security mode control procedure is used to establish security between two UEs during a 5G ProSe direct link re-keying procedure.