5 Security requirements

33.5583GPPRelease 17Security aspects of enhancement of support for enabling edge applicationsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.1 General security requirements

The Edge application architecture defined in the TS 23.558 [5] shall satisfy the following requirements.

5.1.1 Authentication and authorization

Authentication and Authorization between Edge Enabler Client (EEC) and Edge Configuration Server (ECS): Edge Configuration Server (ECS) shall be able to provide mutual authentication with Edge Enabler Client (EEC) over EDGE-4 Interface. ECS shall determine whether EEC is authorized to access ECS’s services.

Authentication and Authorization between EEC and EES: Edge Enabler Server (EES) shall provide mutual authentication with EEC over EDGE-1 Interface. EES shall determine whether EEC is authorized to access EES’s services.

Authentication and Authorization between Edge Enabler Server (EES) and ECS: ECS shall provide mutual authentication with EES over EDGE-6 Interface. ECS shall determine whether EES is authorized to access ECS’s services.

Authentication and Authorization between EESs: EES shall provide mutual authentication with another EES over EDGE-9 Interface. EES shall determine whether peer EES is authorized to access EES’s services.

Authentication and Authorization in EES capability exposure to EAS: EES shall provide mutual authentication with EAS over EDGE-3 Interface. EES shall determine whether EAS is authorized to access EES’s services and expose EEC Capabilities. The Edge application architecture shall support EASs to obtain the user’s authorization to access sensitive information (e.g. user’s location).

NOTE1: The corresponding security requirements defined in TS 23.558 [5] is AR-5.2.6.2-a/b/d/e/f/g.

5.1.2 Interface security

Confidentiality, integrity, and replay protection shall be supported on the EDGE-1-4 and EDGE 6-9 interfaces.

NOTE 1: The interfaces are defined in the Figure 6.2.4 of TS 23.558 [5]. The corresponding security requirement defined in TS 23.558 [5] is AR-5.2.6.2-c.

NOTE 2: The security requirement of EDGE 5 is out of the scope of this specification, since its details are out of the scope of this release of this specification, according to TS 23.558 [5].

The privacy requirements AR-5.2.6.2-h defined in TS 23.558 [5] are implicitly supported, since all the interfaces will be confidentiality and integrity protected.

5.1.3 User consent requirements

User consent for edge computing shall comply with TS 33.501 [3] (Annex V).

If EES, trusted by the 3GPP Core Network, is utilizing 5GC services without NEF, the EES acts as the consent enforcing entity. Otherwise, if the EES is utilizing 5GC services via NEF, the NEF acts as the consent enforcing entity.

User consent architecture in the present document is only applicable when EES or NEF and data provider are operated by the same entity.