13.2.2 PC5 unicast / link Security Mode
38.523-13GPP5GSPart 1: ProtocolRelease 17TSUser Equipment (UE) conformance specification
13.2.2.1 Test Purpose (TP)
(1)
with { UE having received a DIRECT LINK SECURITY MODE COMMAND message }
ensure that {
when { The DIRECT LINK SECURITY MODE COMMAND message includes non matching UE security capabilities }
then { UE transmits a DIRECT LINK SECURITY MODE REJECT message }
}
13.2.2.2 Conformance requirements
References: The conformance requirements covered in the present TC are specified in: TS 24.587 [FFS], subclause 6.1.2.7.5. Unless otherwise stated these are Rel-16 requirements.
[TS 24.587, subclause 6.1.2.7.5]
If the DIRECT LINK SECURITY MODE COMMAND message cannot be accepted, the target UE shall send a DIRECT LINK SECURITY MODE REJECT message, and the target UE shall abort the ongoing procedure that triggered the initiation of the PC5 unicast link security mode control procedure unless the ongoing procedure is a PC5 unicast link establishment procedure and the Target user info is not included in the DIRECT LINK ESTABLISHMENT REQUEST message. The DIRECT LINK SECURITY MODE REJECT message contains a PC5 signalling protocol cause IE indicating one of the following cause values:
#7: integrity failure;
#8: UE security capabilities mismatch;
#9: LSBs of KNRP-sess ID conflict;
#10:UE PC5 unicast signalling security policy mismatch;
#11:lack of resources for PC5 unicast link; or
#111: protocol error, unspecified.
…
If the target UE detects that the received UE security capabilities IE in the DIRECT LINK SECURITY MODE COMMAND message has been altered compared to the latest values that the target UE sent to the initiating UE in the DIRECT LINK ESTABLISHMENT REQUEST message or DIRECT LINK REKEYING REQUEST message, the target UE shall include PC5 signalling protocol cause #8 "UE security capabilities mismatch" in the DIRECT LINK SECURITY MODE REJECT message.
…
After the DIRECT LINK SECURITY MODE REJECT message is generated, the target UE shall pass this message to the lower layers for transmission along with the initiating UE’s layer-2 ID for unicast communication and the target UE’s layer-2 ID for unicast communication.
Upon receipt of the DIRECT LINK SECURITY MODE REJECT message, the initiating UE shall stop timer T5007, provide an indication to the lower layer of deactivation of the PC5 unicast security protection and deletion of security context for the PC5 unicast link, if applicable and:
a) if the PC5 signalling protocol cause IE in the DIRECT LINK SECURITY MODE REJECT message is set to #9 "LSBs of KNRP-sess ID conflict", retransmit the DIRECT LINK SECURITY MODE COMMAND message with a different value for the 8 LSBs of KNRP-sess ID and restart timer T5007; or
b) if the PC5 signalling protocol cause IE is set to the value other than #9 "LSBs of KNRP-sess ID conflict", abort the ongoing procedure that triggered the initiation of the PC5 unicast link security mode control procedure.
13.2.2.3 Test description
13.2.2.3.1 Pre-test conditions
System Simulator:
– NR-SS-UE
– NR-SS-UE1 operating as NR sidelink communication device on the resources (i.e. the frequency included in pre-configuration) that UE is expected to use for transmission and reception via PC5 interface.
– NR-SS-UE 1 is synchronised on GNSS.
– GNSS simulator
– The GNSS simulator is started and configured for Scenario #1.
UE:
– UE is authorised to perform NR sidelink communication.
– The UE is equipped with a USIM containing default values as per TS 38.508-1 [4] clause 4.8.3.3.3.
– UE is synchronised on GNSS.
Preamble:
– The UE is in state 4-A and Test Mode (On), Test Loop Function (Off) as defined in TS 38.508-1 [4] , Table 4.5.7.2-1 using generic procedure parameter Sidelink (On), Cast Type (Unicast), UE initiating unicast mode NR sidelink communication, GNSS Sync (On).
13.2.2.3.2 Test procedure sequence
Table 13.2.2.3.2-1: Main behaviour
|
St |
Procedure |
Message Sequence |
TP |
Verdict |
|
|
U – S |
Message |
||||
|
1 |
The NR-SS-UE1 releases unicast mode sidelink connection by executing steps 1-2 of Table 4.9.30.2.2-1 in TS 38.508-1 [4]. |
– |
– |
– |
– |
|
2 |
Trigger UE to close UE test loop mode E (transmission mode). NOTE: The UE test loop mode E may be closed by MMI or AT command (+CCUTLE). |
– |
– |
– |
– |
|
3 |
The UE transmits a DIRECT LINK ESTABLISHMENT REQUEST message. |
–> |
PC5-S: DIRECT LINK ESTABLISHMENT REQUEST |
– |
– |
|
4 |
The NR-SS-UE1 transmits a DIRECT LINK SECURITY MODE COMMAND message including non matching UE security capabilities |
<– |
PC5-S: DIRECT LINK SECURITY MODE COMMAND |
– |
– |
|
5 |
The UE transmits a DIRECT LINK SECURITY MODE REJECT message with PC5 signalling protocol cause #8 UE security capabilities mismatch. |
–> |
PC5-S: DIRECT LINK SECURITY MODE REJECT |
1 |
P |
|
6-12 |
The UE establishes unicast mode sidelink connection by executing steps 2-8 of Table 4.9.22.2.2-1 in TS38.508-1 [4]. |
– |
– |
– |
– |
|
13 |
Trigger UE to deactivate UE test loop mode. NOTE: The deactivation of UE test loop mode may be performed by MMI or AT command (+CATM). |
– |
– |
– |
– |
13.2.2.3.3 Specific message contents
Table 13.2.2.3.3-1: Message DIRECT LINK ESTABLISHMENT REQUEST (step 3, Table 13.2.2.3.2-1)
|
Derivation path: TS 38.508-1 [4], Table 4.7.4-7 with condition Tx |
Table 13.2.2.3.3-2: Message DIRECT LINK SECURITY MODE COMMAND (step 4, Table 13.2.2.3.2-1)
|
Derivation path: TS 38.508-1 [4], Table 4.7.4-18 with condition Rx |
|||
|
Information Element |
Value/Remark |
Comment |
Condition |
|
UE security capabilities |
|||
|
Length of UE security capabilities contents |
’02’H |
||
|
5G-EA algorithms |
‘1100 0000’B |
5G-EA0 and 5G-EA1 supported |
|
|
5G-IA algorithms |
‘1100 0000’B |
5G-IA0 and 5G-IA1 supported |
|
Table 13.2.2.3.3-3: Message DIRECT LINK SECURITY MODE REJECT (step 5, Table 13.2.2.3.2-1)
|
Derivation path: TS 38.508-1 [4], Table 4.7.4-20 with condition Tx |
|||
|
Information Element |
Value/Remark |
Comment |
Condition |
|
PC5 signalling protocol cause |
‘0000 1000’B |
UE security capabilities mismatch |
|