M.1 Introduction

31.1023GPPCharacteristics of the Universal Subscriber Identity Module (USIM) applicationRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

IOPS allows to provide network service to Public Safety users even in the case the network has no or only limited backhaul connectivity. One of the main issues in such cases is the missing backhaul to perform authentication. A solution has been defined by using local HSSs which take over the responsibility for authentication in IOPS mode.

A problem identified for IOPS security when making use of local HSS is the higher probability of a compromise of a local HSS. Therefore the security solution described in 3GPP TS 33.401 [52] uses a local HSS with different authentication credentials than the standard HSS in normal operation. Additionally there might be several local HSSs and to further reduce the impact of possible compromised local HSSs, each local HSS should use different authentication credentials.

The security solution described in 3GPP TS 33.401 [52] is based on a USIM application dedicated for IOPS and using derived individual keys per local HSS.

3GPP TS 23.401 [69] Annex K specifies a PLMN identity dedicated for IOPS mode of operation. Additionally a USIM dedicated for IOPS uses an Access Control Class of ’11’ or ’15’.