Executive summary:
In this blog, we will see if we can able to justice to our heading – let’s assume, your friend is in out of network zone and try to get back to social media desperately but unable to do it – just kidding . How to solve the problem. Your mobile device is showing full 5G coverage, would you be able to provide connection to your friend? but wait you are far away!
The answer is yes, UE can connect and discover another UE- this service is called proximity service or ProSe in 5G – let’s deep dive into it.
Types of proc Service
- Direct Communication
- UE to Network Relay
- UE to UE relay using multi hop
Fig 1 : Simplified version of UE1 and UE2 connection using Proc application with pc5 interface
Fig 2 : Simplified version of UE relay which in tern provides connection to remote UE which is out of network zone
Fig 3 : Simplified version of Mobile Ad hoc Network (MANET), for simplicity zone defines one network and connect to 5Gc, zone can can be having complex network and can connect to different 5Gc including roaming and non romaing scenario which is out if scope for this bog.
Security of 5G Proximity based Services (ProSe)
Fig 4 : ProSe Security with 5G DDNMF and 5G PKMF function in network to relay
- Uu is a 3GPP radio interface between 5G NR and UE(s), PC5 is a radio interface between UE, relay UE and End UE.End UE only get connection using relay UE using radio interface.
- The policy control function (PCF) supports unified policy framework to govern communication with necessary policies and parameters to use 5G ProSe services. 5G direct discovery name management function (DDNMF) handles network actions required for direct discovery and interacts with UEs via the interface called PC3a.
- 5G ProSe key management function (PKMF) interacts with UEs using the PC8 interface required for the key management and the security procedure for remote/relay UE discovery and communication.
Protection of discovery messages over PC5 interface
- There are 3 types of security that are used to protect the restricted 5G ProSe Direct Discovery messages over the PC5 interface:
- integrity protection
- Scrambling protection
- Message-specific confidentiality
5GDNNMF provision PC5 security policies to the UEs and may overwrite preconfigured policies
Relay communication security
5G ProSe relay communication enables communication between the 5G network and remote UEs (that are out of coverage of the network) via a relay UE. The relay UE is officially called UE-to-network relay.
Both user-plane (UP) based and control-plane (CP) based procedures can be used for 5G ProSe UE-to-Network Relay authorization and security establishment. The UP based procedure uses a UP connection to the 5G PKMF, while the CP based procedure uses the ProSe authentication for PC5 key establishment.
- User plane based procedure . The 5G PKMF of the remote UE is responsible for providing a UE specific security key called Prose remote user key (PRUK) and the key identifier called PRUK ID to the remote UE.
- The remote UE indicates PRUK ID, the relay UE (via its 5G PKMF) gets a new fresh key named K_NRP which is generated from the PRUK (identified by the PRUK ID) from the 5G PKMF of the remote UE.
- The remote UE indicate SUCI, the security mechanism called generic bootstrapping architecture (GBA) Push is triggered (for this blogpost, we won’t go into the details of this).
- Control plane based procedure The remote UE provides PRUK ID, its authentication server function is responsible for providing a new fresh key named K_NRP which is identified by the PRUK ID In case the remote UE provides SUCI, an EAP-AKA based mutual authentication is triggered between the remote UE and its home network. The PRUK is then generated, and a security key derived from the PRUK is provided to the relay UE.
Fig 5 PC5 security establishment procedure for 5G ProSe UE-to-Network relay communication over User Plane
Fig 6 PC5 security establishment procedure for 5G ProSe UE-to-Network relay communication over Control Plane
Conclusion
We have tried to simplify ProSe service in 5G and and different scenario it covers, also provides high level security view of ProSe and using Direct communication and network relay – but the most interesting would be multi hob, Do you belive this would be the future of mobile communication as a decentralized view – would it be cost effective?
Next few blog(s) we will cover satcom, ground stations and inter satellite communication
Happy learning!
