ETSI TS 133 163 V15.6.0 (2019-10)

ETSI TS 133 163 V15.6.0 (2019-10)






TECHNICAL SPECIFICATION
LTE;
5G;
Battery Efficient Security for very low throughput
Machine Type Communication (MTC) devices (BEST)
(3GPP TS 33.163 version 15.6.0 Release 15)

---------------------- Page: 1 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 1 ETSI TS 133 163 V15.6.0 (2019-10)



Reference
RTS/TSGS-0333163vf60
Keywords
5G,LTE,SECURITY
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2019.
All rights reserved.

DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 2 ETSI TS 133 163 V15.6.0 (2019-10)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Legal Notice
This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP).
The present document may refer to technical specifications or reports using their 3GPP identities. These shall be
interpreted as being references to the corresponding ETSI deliverables.
The cross reference between 3GPP and ETSI identities can be found under http://webapp.etsi.org/key/queryform.asp.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI

---------------------- Page: 3 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 3 ETSI TS 133 163 V15.6.0 (2019-10)
Contents
Intellectual Property Rights . 2
Legal Notice . 2
Modal verbs terminology . 2
Foreword . 5
Introduction . 5
1 Scope . 6
2 References . 6
3 Definitions and abbreviations . 7
3.1 Definitions . 7
3.2 Abbreviations . 7
4 Security Procedures for Battery Efficient Security for Very Low Throughput MTC Devices
(BEST) . 7
4.1 Introduction . 7
4.2 BEST Framework Service Description . 8
4.2.1 Architecture . 8
4.3 Procedures between the UE and the HSE . 9
4.3.1 Overview of BEST procedures . 9
4.3.2 BEST Session Initiation and Key Agreement . 10
4.3.3 BEST Session Key Management . 10
4.3.4 BEST Session Termination . 10
4.3.5 BEST Message Reject . 10
4.4 Procedures between the HSE and the EAS . 11
4.4.1 Message Exchange Overview . 11
4.4.2 EAS Registration for BEST Service . 11
4.4.3 Key Request . 11
4.4.4 Key Refresh . 12
4.4.5 Session Termination . 12
4.4.6 Message Reject . 12
4.5 BEST Data Service . 12
4.6 Key Management . 13
4.6.1 Key Agreement and Refresh . 13
4.6.1.1 Key setup messaging between HSE and UE . 13
4.6.1.2 Usage of Keys . 15
4.6.1.3 Key Setup for BEST session end point modification . 16
4.6.1.4 BEST Key Handling . 16
4.6.2 BEST Key Hierarchy . 16
4.6.2.1 Introduction . 16
4.6.2.2 BEST Key Hierarchy for Separate BEST Domain . 17
5 Derivation of BEST Keys. 17
5.1 BEST key derivation . 17
5.1.0 Key derivation function . 17
5.1.1 Derivation of UE-to-HSE keys and Intermediate Key . 17
5.1.2 Derivation of EAS specific pre-shared key (K ) . 18
EAS_PSK
5.1.3 Derivation of UE-to-EAS keys . 18
6 End to Middle Secured Data Protocol (EMSDP) . 19
6.1 Introduction . 19
6.2 EMSDP Protocol Description. 19
6.2.1 Data Stack . 19
6.2.2 EMSDP general structure . 20
6.2.3 EMSDP Counter and Session ID Schemes . 22
6.2.3.1 Optimised EMSDP counter scheme . 22
6.2.3.2 Optimised EMSDP Session ID scheme. 22
ETSI

---------------------- Page: 4 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 4 ETSI TS 133 163 V15.6.0 (2019-10)
6.2.4 EMSDP Integrity protection . 22
6.2.5 EMSDP Encryption . 23
6.2.6 EMSDP Control Plane Commands . 25
6.2.6.1 Overview . 25
6.2.6.1.1 EMSDP Session Request . 25
6.2.6.1.2 EMSDP Session Start . 28
6.2.6.1.3 EMSDP Session Start Confirmation message . 31
6.2.6.1.4 EMSDP Session Terminate Request and Response. 32
6.2.6.1.5 EMSDP Manage Keys Request . 32
6.2.6.1.6 EMSDP Manage Keys Response. 32
6.2.6.1.7 EMSDP Message Reject command . 33
6.2.7 Procedures for BEST when using EMSDP . 34
6.2.7.1 Introduction . 34
6.2.7.2 Procedures for BEST Key Agreement Only Service using EMSDP . 34
6.2.7.3 Procedures for BEST User Plane Integrity Protected Service using EMSDP . 36
6.2.7.4 Procedures for BEST User Plane Confidential Service using EMSDP . 37
7 BEST Service Management . 37
7.1 Ability to Enable and Disable the BEST service . 37
Annex A (informative): Structure of APN names for BEST . 39
Annex B (informative): HSE to EAS interface based on Restful HTTP . 40
B.1 Introduction . 40
B.2 Restful HTTP interface . 40
B.2.1 Overview . 40
B.2.2 Procedures over the RESTful HTTP reference point . 41
B.2.2.1 Overview of the procedures . 41
B.2.2.2 Initial registration by EAS . 41
B.2.2.3 Obtaining UE specific pre-shared key from the EAS . 41
B.2.2.4 Obtaining UE specific pre-shared key during BEST Session Setup . 41
B.2.2.5 Deregistration by EAS . 41
Annex C (informative): Change history . 42
History . 43

ETSI

---------------------- Page: 5 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 5 ETSI TS 133 163 V15.6.0 (2019-10)
Foreword
This Technical Specification has been produced by the 3rd Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an
identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
1 presented to TSG for information;
2 presented to TSG for approval;
3 or greater indicates TSG approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
Introduction
This document describes communication security and key agreement processes that are optimised for battery
constrained, very low throughput Machine Type Communication (MTC) devices.
Specifically:
- N-PDU data tampering and eavesdropping
- Efficient user data protection challenges
- VPLMN Specific Needs
- End-to-end security

ETSI

---------------------- Page: 6 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 6 ETSI TS 133 163 V15.6.0 (2019-10)
1 Scope
The present document defines communication security processes designed for very low throughput Machine Type
Communication (MTC) devices that are battery constrained.
These processes consist of:
- A Key agreement service for End to Middle and End to End security use
- An End to Middle secure transport service that includes the ability to verify and confidentiality protect low
throughput data.
- An End to End secure transport service that includes the ability to verify and confidentiality protect low
throughput data.

2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same
Release as the present document.
[1] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications".
[2] 3GPP TR 33.863: "Study on battery efficient security for very low throughput Machine Type
Communication (MTC) devices".
[3] 3GPP TS 33.102: "3G security; Security architecture".
[4] 3GPP TS 23.401: "General Packet Radio Service (GPRS) enhancements for Evolved Universal
Terrestrial Radio Access Network (E-UTRAN) access".
[5] 3GPP TS 24.008: "Mobile radio interface Layer 3 specification; Core network protocols; Stage 3".
[6] 3GPP TS 55.241: "Specification of the GIA4 integrity algorithm for GPRS; GIA4 specification"
[7] 3GPP TS 55.251: "Specification of the GEA5 encryption and GIA5 integrity algorithms for GPRS;
GEA5 and GIA5 algorithm specification"
[8] 3GPP TS 35.201: " Specification of the 3GPP confidentiality and integrity algorithms; Document
1: f8 and f9 specification".
[9] 3GPP TS 35.215: "Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 1: UEA2
and UIA2 specifications"
[10] 3GPP TS 35.221: "Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 1: EEA3
and EIA3 specifications".
[11] 3GPP TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[12] 3GPP TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture".
[13] 3GPP TS 33.220: " Generic Authentication Architecture (GAA); Generic Bootstrapping
Architecture (GBA)".
ETSI

---------------------- Page: 7 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 7 ETSI TS 133 163 V15.6.0 (2019-10)
[14] 3GPP TS 31.102: "Characteristics of the Universal Subscriber Identity Module (USIM)
application".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following
apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP
TR 21.905 [1].
BEST: Battery Efficient Security for very low Throughput Machine Type Communication (MTC) devices
BEST Capable UE: A UE that is enabled for the BEST service
Enterprise Key: A secret key shared by the Enterprise Application Server and the UE for application in the BEST
service
EAS PSK: An Enterprise Application Service specific key derived by the HSE and the UE from the Intermediate key
and meant to be forwarded to a specific EAS by the HSE.
Intermediate Key: A key derived by the HSE and the UE from CK and IK to be used to derive the EAS PSK
Intermediate Key Identifier: A key identifier that identifies an Intermediate Key
UE-to-HSE keys: Keys derived by the HSE and the UE from CK and IK to be used on control and/or user plane
between the UE and HSE.
UE-to-EAS keys: Keys derived by the EAS and the UE from EAS PSK and an Enterprise Key to be used for user plane
between UE and EAS.
UE-to-HSE: UE to Home PLMN Security Endpoint
UE-to-EAS: UE to Enterprise Application Server

3.2 Abbreviations
For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1] and the following apply. An
abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in
3GPP TR 21.905 [1].
EAS Enterprise Application Server
HSE HPLMN Security Endpoint

4 Security Procedures for Battery Efficient Security for
Very Low Throughput MTC Devices (BEST)
4.1 Introduction
This specification defines elements, protocols and procedures that enable battery efficient security for low throughput
devices such as MTC devices. The BEST service is a secure channel between a UE and a HSE, optimised for low
throughput and high latency devices that are battery constrained. The security is between the UE and either an element
in the service provider home network (the HSE) or an element in the enterprise domain (the EAS). The design is
modular and extensible so that it can be used to satisfy a wide range of use cases.
ETSI

---------------------- Page: 8 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 8 ETSI TS 133 163 V15.6.0 (2019-10)
The following services are defined:
- BEST key agreement only service – This service is a battery efficient service for key agreement between a BEST
compliant UE and the HSE or the EAS. The user plane for this service is provided by the application layer
between the UE and the EAS and is out of scope of this specification.
- BEST user plane integrity protected service – This service is a battery efficient integrity protected user plane
service for low throughput devices. This service includes the key agreement and includes integrity protected
security over small data over NAS User Plane. The user plane for this service can be either terminated in the
HSE (so called UE-to-HSE mode) or in the EAS (so called UE-to-EAS mode). Control messages are always
terminated in the HSE.
- BEST user plane confidential service – This service is a battery efficient integrity and confidentiality protected
user plane service for low throughput devices. The user plane for this service can be either terminated in the HSE
(so called UE-to-HSE mode) or in the EAS (so called UE-to-EAS mode). Control messages are always
terminated in the HSE.

It may be possible for the UE to have concurrent BEST sessions.

4.2 BEST Framework Service Description
4.2.1 Architecture

UTRAN
EMKS
S6a
SGSN
HSS
GERAN
S6a
S3
S6a
S1-MME
MME
S6a
S12
S11
S4
LTE-Uu S10
SGi
PDN
Serving SGi
S5/S8
E-UTRAN
UE HSE
Gateway Gateway
S1-U
BEST-C and BEST-U
EAS-C and
EAS-U
Enterprise
Application
Server

Figure 4.2.1-1: The architecture of the extended user plane protection service
The BEST service requires the following components:
- Home Security Endpoint (HSE) – This is the termination point in the home network that performs the following
functions:
- Terminating the control plane for BEST between the UE and the HSE
- Terminating the secure communication for BEST between the UE and the HSE and forwarding to and from
the Data Network via the Sgi if UE-to-HSE security is selected.
- Routing the user plane traffic for BEST between the UE and the Enterprise Application Server (EAS) via the
Sgi if UE-to-EAS security is selected.
- Anchor for BEST Key agreement only service. Exposes an interface for EAS to obtain MNO provided pre-
shared key.
ETSI

---------------------- Page: 9 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 9 ETSI TS 133 163 V15.6.0 (2019-10)
- End to Middle Key Server (EMKS) – This is an optional key server element that manages the key
communication with the HSS (for quintets) and stores keys to reduce loading on the HSE and HSS. The EMKS
has interfaces to the HSS (S6a) and the HSE (S6a).
The BEST service uses the following interfaces:
- S6a between the HSS and the HSE
- S6a between the HSS and EMKS
- S6a between the EMKS and the HSE
- BEST-C and BEST-U between the UE and the HSE
- EAS-C and EAS-U between the HSE and the EAS. Definition of this interface is out of scope. Annex B
describes a candidate interface based on Restful HTTP for the communication between the HSE and the EAS.

4.3 Procedures between the UE and the HSE
4.3.1 Overview of BEST procedures
To use the BEST service, the UE shall setup a PDN connection to connect to the HSE. The UE may either use a locally
stored IP address to locate the HSE or use a "BEST APN" where the traffic is directed by the PDN Gateway to the
correct HSE for that UE. Once a connection to the HSE exists, the UE may initiate the BEST service. It is up to the UE
as to when it establishes the PDU session that is used for BEST control plane and user plane messages.
The BEST service consists of 5 general processes between the UE and the HSE: session initiation and key agreement,
key management, data transfer, session termination, and message rejection. The details of the End to Middle Secure
Data Protocol (EMSDP) used for the BEST control plane service and optionally for user plane security service, is
detailed in clause 6.
When BEST user plane (UP) security services are used, UP data plane messages are between the UE and the HSE in
UE to HSE security mode, and between the UE and the EAS in UE to EAS security mode.
Note:
UE HSE
- Bidirectional arrows indicate that the
message can be initiated by either party.
- Arrows with dashed lines indicate optional
messages.
EMSDP Session Request (UE ID, BEST capabilities, Enterprise information (opt))
Session Initiation and Key Agreement

(Control Plane)
EMSDP Session Start (Key Agreement, Session Parameters, Request Validation, HSE ID(opt)))
EMSDP Session Start Confirmation (Authentication result) (conditional)

Data Transmission (User Plane)
Data Transfer
EMSDP Manage Keys Request (Key ID) (opt)
Session Key Management (Control Plane)
EMSDP Manage Keys Response (Key ID, Key Agreement)
EMSDP Session Terminate Request
Session Termination (Control Plane)
EMSDP Session Terminate Response
Message Reject (Control Plane)
EMSDP Message Reject

ETSI

---------------------- Page: 10 ----------------------
3GPP TS 33.163 version 15.6.0 Release 15 10 ETSI TS 133 163 V15.6.0 (2019-10)
Figure 4.3.1-1: Generalised BEST service flow
4.3.2 BEST Session Initiation and Key Agreement
The UE shall initiate a BEST session using the EMSDP Session Request message following the establishment of the
PDN connection To optimise the message flow for battery constrained devices, the EMSDP Session Response is
combined with Session Key Agreement.
The EMSDP Session Request message shall include the UE Identity, BEST ca
...