9.1.3 Identification

38.523-13GPP5GSPart 1: ProtocolRelease 17TSUser Equipment (UE) conformance specification

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

9.1.3.1 Identification procedure

9.1.3.1.1 Test Purpose (TP)

(1)

with { The UE is in 5GMM-REGISTERED-INITIATED state and the SS sends an IDENTITY REQUEST message }

ensure that {

when { UE detects transmission failure of IDENTITY RESPONSE message }

then { The UE re-initiates the Initial registration procedure }

}

(2)

with { The UE is in 5GMM-CONNECTED mode and the SS sends an IDENTITY REQUEST message }

ensure that {

when { The UE receives the unprotected IDENTITY REQUEST message with identity type as SUCI }

then { UE transmits the IDENTITY RESPONSE message with identity type set to SUCI }

}

(3)

with { The UE is in 5GMM-CONNECTED mode and the SS sends an IDENTITY REQUEST message }

ensure that {

when { the UE receives an IDENTITY REQUEST with identity type set as IMEISV }

then { UE transmits an IDENTITY RESPONSE with identity type set as IMEISV }

}

(4)

with { The UE is in 5GMM-CONNECTED mode and the SS sends an IDENTITY REQUEST message }

ensure that {

when { the UE receives an IDENTITY REQUEST with identity type set as “IMEI” }

then { UE transmits an IDENTITY RESPONSE with identity type set as “IMEI” }

}

(5)

with { The UE is in 5GMM-CONNECTED mode and the SS sends an IDENTITY REQUEST message }

ensure that {

when { the UE receives an IDENTITY REQUEST with identity type set as “5G-GUTI” and has no valid 5G-GUTI available }

then { UE transmits an IDENTITY RESPONSE with identity type set as “No identity” }

}

9.1.3.1.2 Conformance requirements

References: The conformance requirements covered in the present TC are specified in: TS 24.501, clauses 5.4.3.3, 4.4.4.3 and 5.4.3.5. Unless otherwise stated these are Rel-15 requirements.

[TS 24.501, clause 5.4.3.3]

A UE shall be ready to respond to an IDENTITY REQUEST message at any time whilst in 5GMM-CONNECTED mode.

Upon receipt of the IDENTITY REQUEST message:

a) if the Identity type IE in the IDENTITY REQUEST message is not set to "SUCI", the UE shall send an IDENTITY RESPONSE message to the network. The IDENTITY RESPONSE message shall contain the identification parameters as requested by the network; and

b) if the Identity type IE in the IDENTITY REQUEST message is set to "SUCI", the UE shall:

1) if timer T3519 is not running, generate a fresh SUCI as specified in 3GPP TS 33.501 [24], send an IDENTITY RESPONSE message with the SUCI, start timer T3519 and store the value of the SUCI sent in the IDENTITY RESPONSE message; and

2) if timer T3519 is running, send an IDENTITY RESPONSE message with the stored SUCI.

[TS 24.501, clause 4.4.4.3]

Except the messages listed below, no NAS signalling messages shall be processed by the receiving 5GMM entity in the AMF or forwarded to the 5GSM entity, unless the secure exchange of NAS messages has been established for the NAS signalling connection:

a) REGISTRATION REQUEST;

b) IDENTITY RESPONSE (if requested identification parameter is SUCI);

c) AUTHENTICATION RESPONSE;

d) AUTHENTICATION FAILURE;

e) SECURITY MODE REJECT;

f) DEREGISTRATION REQUEST; and

g) DEREGISTRATION ACCEPT;

NOTE 1: The REGISTRATION REQUEST message is sent by the UE without integrity protection, if the registration procedure is initiated due to an inter-system change in 5GMM-IDLE mode and no current 5G NAS security context is available in the UE. The other messages are accepted by the AMF without integrity protection, as in certain situations they are sent by the UE before security can be activated.

NOTE 2: The DEREGISTRATION REQUEST message can be sent by the UE without integrity protection, e.g. if the UE is registered for emergency services and there is no shared 5G NAS security context available, or if due to user interaction a registration procedure is cancelled before the secure exchange of NAS messages has been established. For these cases the network can attempt to use additional criteria (e.g. whether the UE is subsequently still performing periodic registration update or still responding to paging) before marking the UE as 5GMM-DEREGISTERED.

Integrity protection is never applied directly to 5GSM messages, but to the 5GMM message in which the 5GSM message is included.

Once a current 5G NAS security context exists, until the secure exchange of NAS messages has been established for the NAS signalling connection, the receiving 5GMM entity in the AMF shall process the following NAS signalling messages, even if the MAC included in the message fails the integrity check or cannot be verified, as the 5G NAS security context is not available in the network:

a) REGISTRATION REQUEST;

b) IDENTITY RESPONSE (if requested identification parameter is SUCI);

c) AUTHENTICATION RESPONSE;

d) AUTHENTICATION FAILURE;

e) SECURITY MODE REJECT;

f) DEREGISTRATION REQUEST;

g) DEREGISTRATION ACCEPT; and

h) SERVICE REQUEST;

…

[TS 24.501, clause 5.4.3.5]

The following abnormal cases can be identified:

a) Transmission failure of the IDENTITY RESPONSE message (if the identification procedure is triggered by a registration procedure).

The UE shall re-initiate the registration procedure.

b) Requested identity is not available

If the UE cannot encode the requested identity in the IDENTITY RESPONSE message, e.g. because no valid USIM is available, then it shall encode the identity type as "No identity".

9.1.3.1.3 Test description

9.1.3.1.3.1 Pre test conditions

System Simulator:

– NGC Cell A is configured as "Serving cell" according to TS 38.508-1 [4] Table 6.3.2.2-1.

– System information combination NR-1 as defined in TS 38.508-1 [4] clause 4.4.3.1.2 is used.

UE:

None.

Preamble:

– The UE is in state Switched OFF (State 0N-B) as per TS 38.508-1 [4] Table 4.4A.2-0.

9.1.3.1.3.2 Test procedure sequence

Table 9.1.3.1.3.2-1: Main behaviour

St	Procedure	Message Sequence		TP	Verdict
		U – S	Message
–	Void	–	–	–	–
1	The UE is switched on.	–	–	–	–
2-4	The UE establishes RRC connection by executing steps 2-4 of Table 4.5.2.2-2 in TS 38.508-1 [4].	–	–	–	–
5	SS is configured to not allocate any UL grant and RA Response, so that the UE cannot send the IDENTITY RESPONSE to SS.	–	–	–	–
6	The SS transmits an IDENTITY REQUEST requesting SUCI in the IE identity type.	<–	IDENTITY REQUEST	–	–
6A	SS starts timer of T3511 (Note 1).	–	–	–	–
6B	SS locally releases the RRC connection.	–	–	–	–
6C	Wait for T3511 to time out.	–	–	–	–
6D	SS configures the RA Response.	–	–	–	–
7-9	The UE establishes RRC connection by executing steps 2-4 of Table 4.5.2.2-2 in TS 38.508-1 [4]. (Note 2)	–	–	1	P
10	The SS transmits an unprotected IDENTITY REQUEST requesting SUCI in the IE identity type.	<–	IDENTITY REQUEST	–	–
11	Check: Does the UE respond with an IDENTITY RESPONSE message with IE identity type set to “SUCI”?	–>	IDENTITY RESPONSE	2	P
11A	The SS transmits a REGISTRATION REJECT (Cause #3, illegal UE).	<–	REGISTRATION REJECT	–	–
11B	The SS releases the RRC.	–	–	–	–
11C	The UE is Switched OFF.	–	–	–	–
11D	The UE is Switched ON.	–	–	–	–
12-24	Steps 1–13 of Table 4.5.2.2-2 in TS 38.508-1 [4] are performed.	–
25	The SS transmits an IDENTITY REQUEST requesting 5G-GUTI in the IE identity type.	<–	IDENTITY REQUEST	–	–
26	Check: Does the UE respond with an IDENTITY RESPONSE message with IE identity type set to “No identity”?	–>	IDENTITY RESPONSE	5	P
27-29Ba1	Steps 14-19a1 of Table 4.5.2.2-2 in TS 38.508-1 [4] are performed.	–	–	–	–
30	The SS transmits an IDENTITY REQUEST requesting IMEISV in the IE identity type.	<–	IDENTITY REQUEST	–	–
31	Check: Does the UE respond with an IDENTITY RESPONSE message with IE identity type set to IMEISV?	–>	IDENTITY RESPONSE	3	P
32	The SS transmits an IDENTITY REQUEST requesting IMEI in the IE identity type.	<–	IDENTITY REQUEST	–	–
33	Check: Does the UE respond with an IDENTITY RESPONSE message with IE identity type set to IMEI?	–>	IDENTITY RESPONSE	4	P
34-35	Void	–	–	–	–
Note 1: To send the IDENTITY RESPONSE, the UE will initiate RACH to get UL grant. Since there is no RA Response, registration failure due to lower layer failure will occur, then T3511 will start. Note 2: The UL grant is restarted in step 8.

9.1.3.1.3.3 Specific message contents

Table 9.1.3.1.3.3-1: IDENTITY REQUEST (step 6, 10 Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-21
Information Element	Value/remark	Comment	Condition
Identity type	‘001’B	SUCI

Table 9.1.3.1.3.3-2: IDENTITY RESPONSE (step 11 Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-22
Information Element	Value/remark	Comment	Condition
Identity type	‘001’B	SUCI

Table 9.1.3.1.3.3-3: IDENTITY REQUEST (step 30 Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-21
Information Element	Value/remark	Comment	Condition
Identity type	‘101’B	IMEISV

Table 9.1.3.1.3.3-4: IDENTITY RESPONSE (step 31 Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-22
Information Element	Value/remark	Comment	Condition
Identity type	‘101’B	IMEISV

Table 9.1.3.1.3.3-5: IDENTITY REQUEST (step 32 Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-21
Information Element	Value/remark	Comment	Condition
Identity type	‘011’B	IMEI

Table 9.1.3.1.3.3-6: IDENTITY RESPONSE (step 33 Table 9.1.3.1.3.2-1)

Derivation path: TS 38.508-1 [4], Table 4.7.1-22
Information Element	Value/remark	Comment	Condition
Identity type	‘011’B	IMEI

Table 9.1.3.1.3.3-7: IDENTITY REQUEST (step 25 Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-21
Information Element	Value/remark	Comment	Condition
Identity type	‘010’B	5G-GUTI

Table 9.1.3.1.3.3-8: IDENTITY RESPONSE (step 26 Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-22
Information Element	Value/remark	Comment	Condition
Identity type	‘000’B	No Identity

Table 9.1.3.1.3.3-9: Void

Table 9.1.3.1.3.3-10: REGISTRATION REJECT (step 11A Table 9.1.3.1.3.2-1)

Derivation Path: TS 38.508-1 [4], Table 4.7.1-9
Information Element	Value/remark	Comment	Condition
5GMM cause	‘00000011’B	Illegal UE