这个问题我的理解是这样的,得看看23501、23502和33501,和安全有关。本意是为了保护在安全上下文建立以前(建立安全上下文是在SMC security mode command流程之后),保护敏感信息不被空口抓到。23501的原文是这样的:“The NAS message container shall be included if the UE is sending a Registration Request message as an Initial NAS message and the UE has a valid 5G NAS security context and the UE needs to send non-cleartext IEs, see clause 4.4.6 in TS 24.501 [25]. If the UE does not need to send non-cleartext IEs, the UE shall send a Registration Request message without including the NAS message container.”。
第2段规范是:
If the UE does not have a valid 5G NAS security context, the UE shall send the Registration Request message without including the NAS message container. The UE shall include the entire Registration Request message (i.e. containing cleartext IEs and non-cleartext IEs) in the NAS message container that is sent as part of the Security Mode Complete message in step 9b.
另外,24501的4.4.6 Protection of initial NAS signalling messages也提到了,原文如下,供参考:
If the UE does not have a valid 5G NAS security context, the UE sends a REGISTRATION REQUEST message including cleartext IEs only. After activating a 5G NAS security context resulting from a security mode control procedure:
1) if the UE needs to send non-cleartext IEs, the UE shall include the entire REGISTRATION REQUEST message (i.e. containing both cleartext IEs and non-cleartext IEs) in the NAS message container IE and shall include the NAS message container IE in the SECURITY MODE COMPLETE message; or
2) if the UE does not need to send non-cleartext IEs, the UE shall include the entire REGISTRATION REQUEST message (i.e. containing cleartext IEs only) in the NAS message container IE and shall include the NAS message container IE in the SECURITY MODE COMPLETE message.
b) If the UE has a valid 5G NAS security context and:
1) the UE needs to send non-cleartext IEs in a REGISTRATION REQUEST or SERVICE REQUEST message,the UE includes the entire REGISTRATION REQUEST or SERVICE REQUEST message (i.e. containing both cleartext IEs and non-cleartext IEs) in the NAS message container IE and shall cipher the value part of the NAS message container IE. The UE shall then send a REGISTRATION REQUEST or SERVICE REQUEST message containing the cleartext IEs and the NAS message container IE;
最后,就是哪些算clearText IE呢?33501的6.4.6 Protection of initial NAS message给出了一些举例:
-- If the UE has no NAS security context, the initial NAS message shall only contain the cleartext IEs, i.e. subscription identifiers (e.g. SUCI or GUTIs), UE security capabilities,
ngKSI, indication that the UE is moving from EPC, Additional GUTI, and IE containing the TAU Request in the case idle mobility from LTE.
作者: admin 时间: 2022-8-14 00:40
刚查了下,所有cleartext IE在24501的4.4.6节有明确定义,没提到的都属于non-cleartext IE.
如下:
Cleartext IEs: Information elements that can be sent without confidentiality protection in initial NAS messages as specified in subclause 4.4.6.
When the initial NAS message is a REGISTRATION REQUEST message, the cleartext IEs are:
- Extended protocol discriminator;
- Security header type;
- Spare half octet;
- Registration request message identity;
- 5GS registration type;
- ngKSI;
- 5GS mobile identity;
- UE security capability;
- Additional GUTI;
- UE status; and
- EPS NAS message container.