3GPP TS 24.501 version 16.6.0 Release 16
4.4 NAS security
4.4.6 Protection of initial NAS signalling messages
1) the UE needs to send non-cleartext IEs in a REGISTRATION REQUEST
or SERVICE REQUEST message, the UE includes the entire REGISTRATION
REQUEST or SERVICE REQUEST message (i.e. containing both cleartext IEs
and non-cleartext IEs) in the NAS message container IE and shall cipher
the value part of the NAS message container IE. The UE shall then send
a REGISTRATION REQUEST or SERVICE REQUEST message containing
the cleartext IEs and the NAS message container IE;
During PDU Session Establishment,
if gNB sends PDUSessionResourceReleaseResponse,
AMF was crashed.
In this case, AMF/SMF remove Session Context and sends ErrorIndication.
An assert occurs when a NAS message retransmission occurs.
Because there is no `enb_ue` context.
Therefore, before removing enb_ue, all Timers must be stopped
to prevent retransmission of NAS messages.
TS24.501
8.2.11 DL NAS transport
8.2.11.4 5GMM cause
The AMF shall include this IE when the Payload container IE
contains an uplink payload which was not forwarded and
the Payload container type IE is not set to "Multiple payloads".
-0-
As such, this function 'nas_5gs_send_gsm_reject()' must be used
only when an N1 SM message has been forwarded to the SMF.
Confirmation for non-cleartext IE should only be applied
to the initial NAS message. Registration requests and Service requests
with UplinkNASTransport do not have to.
All process will be forcely exited if it failed to encode the S1AP/NGAP/GTP/PFCP message. It is to make sure there was no problem with the encoding of open5gs.
1. DownlinkNASTransport
If AMF has not sent it previously, UE-AMBR is included in Registration
accept.
2. InitialContextSetupRequest
If PDUSessionResourceSetup is available, UE-AMBR is included
3. PDUSessionResourceSetupRequest
If AMF has not sent it previously, UE-AMBR is included
4. HandoverRequest
If PDUSessionResourceSetup is available, UE-AMBR is included
1. If UE does not use a NAS container for Non-cleartext IEs,
Open5GS AMF will send Registration reject message.
2. If UE sends Non-cleartext IEs without Integrity-protected,
Open5GS AMF will send Registration reject message.
3. If UE does not send NAS container in Security mode complete message,
Open5GS AMF will send Registration reject message.
The AMF shall assign a new 5G-GUTI for a particular UE:
a) during a successful initial registration procedure;
b) during a successful registration procedure
for mobility registration update; and
c) after a successful service request procedure invoked as a response
to a paging request from the network and before the release
of the N1 NAS signalling connection as specified in subclause 5.4.4.1.
The AMF should assign a new 5G-GUTI for a particular UE
during a successful registration procedure
for periodic registration update. The AMF may assign a new 5G-GUTI
at any time for a particular UE by performing
the generic UE configuration update procedure.
1. UE sends PDU session establishment request to the AMF.
2. AMF initiates Release Due to Duplicate Session ID.
3. SMF cannot find the session by SM-Context-Ref.
For the above condition, AMF sends NGAP ErrorIndication to the UE.
If parameter.ignore_requsted_nssai is true,
AMF will ignore the UE Requested NSSAI and create an allowed-NSSAI
based on the Default S-NSSAI in the Subscription DB.
AMF checks whether it can serve all the S-NSSAI(s) from
the Requested NSSAI present in the Subscribed S-NSSAIs
(potentially using configuration for mapping S-NSSAI values
between HPLMN and Serving PLMN), or all the S-NSSAI(s) marked
as default in the Subscribed S-NSSAIs in the case that
no Requested NSSAI was provided or none of the S-NSSAIs
in the Requested NSSAI are permitted,
i.e. do not match any of the Subscribed S-NSSAIs or not available
at the current UE's Tracking Area (see clause 5.15.3).
If both Delete-Session-Request/Response and
UEContextReleaseCommand/UEContextReleaseComplete are failed at the same time,
UE cannot attach to the EPC infinitely.
So, I've add the protection code
if timer expires when MME does not receive Delete-Session-Response.
Sukchan Lee
Kenny Barlee