7.2.11 5G ProSe direct link re-keying procedure

24.5543GPPProximity-services (ProSe) in 5G System (5GS) protocol aspectsRelease 17Stage 3TS

7.2.11.1 General

The purpose of the 5G ProSe direct link re-keying procedure is to derive:

a) a new KNRP-sess and, optionally, a new KNRP for an existing 5G ProSe direct link that is not between 5G ProSe remote UE and 5G ProSe UE-to-network relay UE;

b) a new KNRP-sess for an existing 5G ProSe direct link that is between 5G ProSe remote UE and 5G ProSe UE-to-network relay UE when the security procedure over user plane as specified in 3GPP TS 33.503 [34] is used; or

c) a new Krelay-sess for an existing 5G ProSe direct link that is between 5G ProSe remote UE and 5G ProSe UE-to-network relay UE when the security procedure over control plane as specified in 3GPP TS 33.503 [34] is used.

The UE sending the PROSE DIRECT LINK REKEYING REQUEST message is called the "initiating UE" and the other UE is called the "target UE".

NOTE 1: There is no benefit in performing the 5G ProSe direct link re-keying procedure when using the null integrity protection algorithm, hence it is recommended not to trigger it when using the null integrity protection algorithm.

7.2.11.2 5G ProSe direct link re-keying procedure initiation by the initiating UE

The initiating UE shall meet the following pre-condition before initiating the 5G ProSe direct link re-keying procedure:

a) there is a 5G ProSe direct link between the initiating UE and the target UE; and

1) if the session key KNRP-sess or Krelay-sess (see clause 7.2.11.1) used to protect 5G ProSe direct link needs to be refreshed and neither timer T5089 nor T5091 are running;

2) if the UE wants to refresh KNRP, when the 5G ProSe direct link is not between 5G ProSe remote UE and 5G ProSe UE-to-network relay UE, and neither timer T5089 nor T5091 are running; or

3) if the lower layers indicate that a 5G ProSe direct link re-keying procedure needs to be performed.

In order to initiate the 5G ProSe direct link re-keying procedure, the initiating UE shall create a PROSE DIRECT LINK REKEYING REQUEST message. In this message, the initiating UE:

a) shall include the Key establishment information container IE if the 5G ProSe direct link is not for direct communication between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE and the null integrity protection algorithm is not in use;

NOTE 1: The key establishment information container is provided by upper layers.

b) shall include a Nonce_1 IE set to the 128-bit nonce value generated by the initiating UE for the purpose of session key refresh over this 5G ProSe direct link if the null integrity protection algorithm is not in use;

c) shall include its UE security capabilities indicating the list of algorithms that the initiating UE supports for the re-keying of this 5G ProSe direct link;

d) shall include the MSB of KNRP-sess ID or the MSB of Krelay-sess ID (see clause 7.2.11.1) chosen by the initiating UE as specified in 3GPP TS 33.503 [34] if the null integrity protection algorithm is not in use;

NOTE 2: The MSB of KNRP-sess ID IE in the PROSE DIRECT LINK REKEYING REQUEST message is used to hold the value of MSB of KNRP-sess ID or MSB of Krelay-sess ID.

e) may include a Re-authentication indication if the initiating UE wants to derive a new KNRP and the 5G ProSe direct link re-keying procedure is not between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE;

NOTE 3: When the 5G ProSe direct link re-keying procedure is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE, the Re-authentication indication is not included because a new KNRP is always derived according to the security procedure over user plane or the security procedure over control plane as specified in 3GPP TS 33.503 [34].

f) shall include the User security key ID IE set to:

1) UP-PRUK ID of the initiating UE if:

i) the UE has a valid UP-PRUK;

ii) the 5G ProSe direct link re-keying procedure is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE; and

iii) the security procedure over user plane as specified in 3GPP TS 33.503 [34] is used; or

2) CP-PRUK ID of the initiating UE that is associated with the relay service code of the target UE if:

i) the UE has a valid CP-PRUK associated with the relay service code of the target UE;

ii) the 5G ProSe direct link re-keying procedure is between the 5G ProSe remote UE and the 5G ProSe UE-to-network relay UE; and

iii) the security procedure over control plane as specified in 3GPP TS 33.503 [34] is used; and

g) shall include the HPLMN ID of the 5G ProSe Remote UE if the UP-PRUK ID is included and is not in NAI format (see 3GPP TS 33.503 [34]).

After the PROSE DIRECT LINK REKEYING REQUEST message is generated, the initiating UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication and start timer T5091. The UE shall not send a new PROSE DIRECT LINK REKEYING REQUEST message to the same target UE while timer T5091 is running.

NOTE 4: In order to ensure successful 5G ProSe direct link re-keying, T5091 should be set to a value larger than the sum of T5092 and T5089.

Figure 7.2.11.2.1: 5G ProSe direct link re-keying procedure

7.2.11.3 5G ProSe direct link re-keying procedure accepted by the target UE

Upon receipt of a PROSE DIRECT LINK REKEYING REQUEST message, if the PROSE DIRECT LINK REKEYING REQUEST message includes a Re-authentication indication, the target UE shall derive a new KNRP. This may require performing one or more 5G ProSe direct link authentication procedures as specified in clause 7.2.12.

NOTE: How many times the 5G ProSe direct link authentication procedure needs to be performed to derive a new KNRP depends on the authentication method used.

Then the target UE shall initiate a 5G ProSe direct link security mode control procedure as specified in in clause 7.2.10, where if the 5G ProSe direct link re-keying procedure is sent from the 5G ProSe remote UE to the 5G ProSe UE-to-network relay UE, the target UE shall proceed to establish a new KNRP or KNR_ProSe according to the security procedure over user plane or the security procedure over control plane, respectively, as specified in 3GPP TS 33.503 [34].

Upon successful completion of the 5G ProSe direct link security mode control procedure, the target UE shall create a PROSE DIRECT LINK REKEYING RESPONSE message.

After the PROSE DIRECT LINK REKEYING RESPONSE message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

7.2.11.4 5G ProSe direct link re-keying procedure completion by the initiating UE

Upon receipt of the PROSE DIRECT LINK REKEYING RESPONSE message, the initiating UE shall stop timer T5091 and check the integrity of the PROSE DIRECT LINK REKEYING RESPONSE message using the new NRPIK.

After receiving the PROSE DIRECT LINK REKEYING RESPONSE message, the initiating UE shall delete the old security context it has for the target UE.

7.2.11.5 Abnormal cases at the initiating UE

The following abnormal cases can be identified:

a) Timer T5091 expires.

The initiating UE shall retransmit the PROSE DIRECT LINK REKEYING REQUEST message and restart timer T5091. After reaching the maximum number of allowed retransmissions, the initiating UE shall abort the 5G ProSe direct link re-keying procedure, shall provide an indication of deactivation of the PC5 unicast security protection and deletion of security context for the 5G ProSe direct link to the lower layer, if applicable, along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication and may initiate the 5G ProSe direct link release procedure.

NOTE: The maximum number of allowed retransmissions is UE implementation specific.

b) The need to use this 5G ProSe direct link no longer exists before the 5G ProSe direct link re-keying procedure is completed.

The initiating UE shall abort the procedure and shall provide an indication of deactivation of the PC5 unicast security protection and deletion of security context for the 5G ProSe direct link to the lower layer, if applicable, along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.

c) For the same 5G ProSe direct link, if the initiating UE receives a PROSE DIRECT LINK IDENTIFIER UPDATE REQUEST message after initiating the 5G ProSe direct link re-keying procedure, the initiating UE shall stop the timer T5091, abort the 5G ProSe direct link re-keying procedure and proceed with the 5G ProSe direct link identifier update procedure.