Technical Aspects of LI for AKMA with Roaming Input to Joint SA3/SA3LI Call

technical aspects of li for akma with roaming n.w
1 / 6
Embed
Share

Explore the technical aspects of Lawful Interception (LI) for Authenticated Key Management Architecture (AKMA) with roaming input in the joint SA3/SA3LI call. Understand the implications on cryptographic parameters, decryption means, and interface usage to ensure secure communication across different CSPs and jurisdictions.

  • Technical
  • Lawful Interception
  • AKMA
  • Roaming
  • Cryptographic Parameters
rayaanacharya
aan_r Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Technical aspects of LI for AKMA with Roaming Input to joint SA3/SA3LI call, Sep 7 2022 Source: NDRE NOTE: The slides in their present form do not constitute an official, agreed view of SA3LI

  2. Scenario in scope AUSF AF AAnF UPF HPLMN NOTE 1: LI-solution for non-roaming case exists in 33.127 VPLMN UPF AMF/SEAF NOTE 2: The roaming case with AF in VPLMN believed straightforward AKMA-enabled encryption NOTE 3: AF could also be in external DN, this is out-of-scope/FFS UE (outbound roamer from HPLMN)

  3. Most relevant requirements (TS 33.126) R6.4 - 175 subscriber is roaming, independently of whether or not the subscriber is an LI Target in the VPLMN, the home CSP shall provide to the visited CSP the means to decrypt user services which are encrypted between the ME and an entity outside the visited CSP and using cryptographic parameters established in the home CSP. R6.4 - 180 Retroactive Decryption - The CSP shall ensure that the crypto keys, algorithm and parameters delivered to the LEA enable the LEA to decrypt encrypted Target Communications retroactively. R6.4 - 190 Mid Communication Interception - The CSP shall retain sufficient key material for the duration of any communications such that it is possible to decrypt already on going communications, when using CSP provided or managed encryption. R6.6 - 50 Undetectability across CSPs - The CSP shall be able to perform interception such that no CSP not obligated by the warrant can detect that interception is taking place. CSP provided cryptographic parameters in roaming When a home CSP s

  4. Implications on information & functionality cryptographic parameters , means to decrypt needs to comprise: Selected encryption algorithms / cipher suite All inputs to encryption algorithms: key(s), nonce(s), counter(s), etc undetectability across CSPs + retroactive decryption The parameters have to be provided from HPLMN always and for all outbound roamers (regardless of whether they are LI Targets in HPLMN or not) undetectability across CSPs + mid communication intercept crypto parameters needs to be provided as soon as the AKMA context is established Last but not least: The AKMA roaming architecture should define a point of decryption in the VPLMN (e.g. a middlebox in a UPF)

  5. Implications on interface usage We wish to avoid interfaces between LI domains of two different CSPs as it jeopardizes security/undetecability across CSPs/jurisdictions Therefore, the transfer of cryptographic parameters should to be integrated into a normal signaling (SBI) interface between HPLMN and VPLMN Potential idea: transfer keys/parameters from one of {AUSF, AAnF, AF} in HPLMN to AMF/SEAF in VPLMN The SEAF can then provide the parameters to the VPLMN point of decryption

  6. Final aspects Some of the crypto parameters may only be known at AF E.g. nonce, selected cipher suite, etc Standard TLS cipher suites might include Diffie-Hellman derived key material, so AKMA-specific keys only might be insufficient Provide all necessary key material or simply avoid DH cipher suites

Related


Future of FTTR Products: Non-Collocated AP MLD Framework

Future of FTTR Products: Non-Collocated AP MLD Framework

elsbeth
Seamless Roaming for Multi-link Device in IEEE 802.11-23

Seamless Roaming for Multi-link Device in IEEE 802.11-23

petra
Coordinated Roaming Proposal for IEEE 802.11 Networks

Coordinated Roaming Proposal for IEEE 802.11 Networks

huey
IEEE 802.11-20/1247r0 VBSS for Multi-AP Coordination

IEEE 802.11-20/1247r0 VBSS for Multi-AP Coordination

pike
Reducing Roaming Handoff Time for Improved User Experience in IEEE 802.11 Networks

Reducing Roaming Handoff Time for Improved User Experience in IEEE 802.11 Networks

amelie
NAO Website Technical Discovery Summary

NAO Website Technical Discovery Summary

sophronia
Advancements in iTAD: Intelligent Telepresence and Assistive Devices 2020-2021

Advancements in iTAD: Intelligent Telepresence and Assistive Devices 2020-2021

bexley
Improving Latency Performance for Mobile Clients Using Non-Collocated AP MLD Framework

Improving Latency Performance for Mobile Clients Using Non-Collocated AP MLD Framework

esteban
Få dina bekymmer lösta med Nicecargbg.coms experttjänster för fordonsbesiktnin

Få dina bekymmer lösta med Nicecargbg.coms experttjänster för fordonsbesiktnin

Nicecarbg
Embracing Technician Commitment for Technical Excellence

Embracing Technician Commitment for Technical Excellence

livia
IEEE 802.11-24/171r6 TGbn Motions List - January 2024

IEEE 802.11-24/171r6 TGbn Motions List - January 2024

bsme
UHR Seamless Roaming: Functionality and Security Architecture Proposal

UHR Seamless Roaming: Functionality and Security Architecture Proposal

tra_orr
Dog Population Management and Rabies Control in Vietnam

Dog Population Management and Rabies Control in Vietnam

josiahsg
Omnispace: Redefining Global Mobile Connectivity with 5G NTN Technology

Omnispace: Redefining Global Mobile Connectivity with 5G NTN Technology

alofq
AI/ML-Based Roaming Enhancements for IEEE 802.11 Networks

AI/ML-Based Roaming Enhancements for IEEE 802.11 Networks

godfreym
The Agony of a Caged Tiger - Poem Analysis

The Agony of a Caged Tiger - Poem Analysis

bentl
IEEE 802.11-20/0834r1: Recap of Association and Fast BSS Transition

IEEE 802.11-20/0834r1: Recap of Association and Fast BSS Transition

ahint
NHS Community Pharmacy Blood Pressure Check Service Technical Toolkit Overview

NHS Community Pharmacy Blood Pressure Check Service Technical Toolkit Overview

wilsey_f
IEEE 802.11-23 MLD Roaming Scenarios

IEEE 802.11-23 MLD Roaming Scenarios

shege
Overview of 5G System Architecture and User Plane Functionality

Overview of 5G System Architecture and User Plane Functionality

bel_del
Discussion on Multi-AP Coordination Architecture in IEEE 802.11-23

Discussion on Multi-AP Coordination Architecture in IEEE 802.11-23

kish678
Evolution of IP Pool Information Management in 5G Networks

Evolution of IP Pool Information Management in 5G Networks

shireman_j

More Related Content