7 5G ProSe services

33.5033GPPRelease 17Security Aspects of Proximity based Services (ProSe) in the 5G System (5GS)TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

7.1 General

This clause provides the present document of the SBA services defined for 5G ProSe.

7.2 5G PKMF Services

7.2.1 General

The 5G PKMF supports the key request from another 5G PKMF in another PLMN via the new service operation Npkmf_PKMFKeyRequest_ProseKey.

Table 7.2.1-1 shows the services exposed by 5G PKMF supporting 5G ProSe.

Table 7.2.1-1: 5G ProSe Services provided by 5G PKMF

Service	Service Operations	Operation Semantics	Example Consumer(s)
Npkmf_PKMFKeyRequest	ProseKey	Request/Response	5G PKMF

7.2.2 Npkmf_PKMFKeyRequest service

7.2.2.1 Npkmf_PKMFKeyRequest_ProseKey service operation

Service operation name: Npkmf_PKMFKeyRequest_ProseKey.

Description: Provides ProSe related keying material.

Input, Required: Relay Service Code, K_NRP freshness parameter 1:

1) In the initial Key Request: SUCI of the 5G ProSe Remote UE or UP-PRUK ID.

2) In the subsequent Key Requests for Synchronization Failure handling: RAND, AUTS.

Input, Optional: None.

Output, Required: K_NRP, K_NRP freshness parameter 2.

Output, Optional: GPI.

7.3 AUSF services

7.3.1 General

The AUSF of the 5G ProSe Remote UE supports the 5G ProSe Remote UE specific authentication of a 5G ProSe Remote UE via the AMF of the 5G ProSe UE-to-Network Relay and 5G ProSe UE-to-Network Relay via the new service operation Nausf_UEAuthentication_ProseAuthenticate for the existing Nausf_UEAuthentication service.

Table 7.3.1-1 shows the services exposed by AUSF supporting 5G ProSe.

Table 7.3.1-1: 5G ProSe Services provided by AUSF

Service	Service Operations	Operation Semantics	Example Consumer(s)
Nausf_UEAuthentication	ProseAuthenticate	Request/Response	(Relay) AMF

7.3.2 Nausf_UEAuthentication service

7.3.2.1 Nausf_UEAuthentication_ProseAuthenticate service operation

Service operation name: Nausf_UEAuthentication_ProseAuthenticate.

Description: Authenticate the 5G ProSe Remote UE and provides Prose related keying material.

Input, Required: One of the options below:

1) In the initial authentication request: SUCI or CP-PRUK ID of the 5G ProSe Remote UE, Relay Service Code, Nonce_1.

2) In the subsequent authentication requests: EAP message.

Input, Optional: None.

Output, Required: One of the options below:

1) EAP message,

2) Authentication result and if success K_{NR_ProSe}, Nonce_2 and CP-PRUK ID.

Output, Optional: None.

7.3.2.2 Void

7.4 UDM Services

7.4.1 General

A UDM supports providing the authentication vector for 5G ProSe Remote UE specific authentication via the new service operation Nudm_UEAuthentication_GetProseAv service operation of the existing Nudm_UEAuthentication service.

Table 7.4.1-1 shows the services exposed by UDM supporting 5G ProSe.

Table 7.4.1-1: 5G ProSe Services provided by UDM

Service	Service Operations	Operation Semantics	Example Consumer(s)
Nudm_UEAuthentication	GetProseAv	Request/Response	AUSF
Nudm_UEIdentifier	Deconceal	Request/Resonse	PKMF

7.4.2 Nudm_UEAuthentication Service

7.4.2.1 Nudm_UEAuthentication_GetProseAv service operation

Service operation name: Nudm_UEAuthentication_GetProseAv.

Description: Requester NF gets the authentication data for Prose and the Routing Indicator from UDM. If SUCI is included, this service operation returns the SUPI.

Inputs, Required: SUPI or SUCI, Relay Service Code, Serving network name.

Inputs, Optional: Synchronization Failure indication and related information (i.e. RAND/AUTS).

Outputs, Required: Authentication Vector for Prose, Routing Indicator.

Outputs, Optional: SUPI if SUCI was used as input.

7.4.3 Nudm_UEIdentifier Service

7.4.3.1 Nudm_UEIdentifier_Deconceal service operation

Service operation name: Nudm_UEIdentifier_Deconceal.

Description: Requester NF gets the SUPI from the UDM.

Inputs, Required: SUCI.

Inputs, Optional: None.

Outputs, Required: SUPI.

Outputs, Optional: None.

7.5 Prose Anchor Function Services

7.5.1 General

The Prose Anchor Function (PAnF) supports providing storage for the Prose context info (i.e. SUPI, CP-PRUK, CP-PRUK ID, RSC) for a 5G ProSe Remote UE.

Table 7.5.1-1 shows the PAnF Service and the PAnF Service Operations.

Table 7.5.1-1: List of PAnF Services

Service Name

Service Operations

Operation

Semantics

Example Consumer(s)

Npanf_ProseKey

Npanf_ProseKey_Register

Request/Response

AUSF

Npanf_ProseKey_Get

Request/Response

AUSF

7.5.2 Npanf_ProseKey service

7.5.2.1 Npanf_ProseKey_Register service operation

Service operation name: Npanf_ProseKey_Register.

Description: The NF consumer requests the PAnF to store the Prose context info (i.e. SUPI, CP-PRUK, CP-PRUK ID, RSC).

Input, Required: SUPI, CP-PRUK ID, CP-PRUK, Relay Service Code.

Input, Optional: None.

Output, Required: None.

Output, Optional: None.

7.5.2.2 Npanf_ProseKey_Get service operation

Service operation name: Npanf_ProseKey_Get.

Description: The NF consumer requests CP-PRUK from the PAnF.

Input, Required: CP-PRUK ID, Relay Service Code.

Input, Optional: None.

Output, Required: CP-PRUK.

Output, Optional: None.

7.5.3 Void

Annex A (normative):
Key derivation functions