Security Anchor Functionality

In Release 15, the SEAF (Security Anchor Functionality) was formally introduced as part of the new 5G Core security architecture, residing within the AMF. Its primary role is to act as the termination point for primary authentication and key agreement, establishing a security anchor with the UE. This enables the derivation of separate keys for securing access stratum and non-access stratum signaling.

• Clarifications to security requirements and features (clause 5) TS 33.501CR0161
• Security Negotiation for RRC INACTIVE TS 33.501CR0183
• Security Mechanism for Steering of Roaming TS 33.501CR0214
• CR-slice-management-security TS 33.501CR0290
• Security mechanisms for non-SBA interfaces in 5GC TS 33.501CR0374
• Application layer security on the N32 interface TS 33.501CR0376

+ 60 more changes

In Release 16, the SEAF's role was enhanced to support new security procedures for emerging services and architectures. This included defining security aspects for non-public networks, 5G LAN services, and Time Sensitive Communication (TSC), ensuring secure access for TSC-enabled UEs. Furthermore, Release 16 specified security for roaming interfaces in indirect communication and introduced security requirements for the Inter-PLMN User Plane Security (IPUPS) Function.

• Description of solution 11 in 23.725 for Ethernet anchor relocation TS 23.501CR0755
• Adding UDR NF Group ID association functionality TS 23.501CR1384
• Security for non-public networks TS 33.501CR0641
• Security for SRVCC for 5G to UTRAN CS TS 33.501CR0660
• Security for roaming interfaces in indirect communication TS 33.501CR0675
• Security requirements for SeCoP TS 33.501CR0692

+ 27 more changes

In Release 17, the SEAF's scope was expanded to support new functionalities including security for Mobile Network Slice as a Service (MNSA), enhanced security for multicast/broadcast services (5MBS), and security aspects for edge computing and non-public networks (eNPN). The release also introduced clarifications and security context handling for inter-RAT mobility (IRAT) and proximity-based services (ProSe). Furthermore, specific security procedures were defined for the Service Communication Proxy (SCP) and the Inter PLMN UP Security (IPUPS) functionality within the roaming architecture.

• Additional authorization functionality in support of MPS for Data Transport Service TS 23.501CR2971
• Adding the functionality on MINT TS 23.501CR3019
• New Annex for Edge computing security TS 33.501CR1222
• Security aspects of eNPN TS 33.501CR1252
• Security aspects of 5MBS TS 33.501CR1255
• Security aspects of eNA TS 33.501CR1256

+ 25 more changes

In Release 18, the SEAF's role was enhanced to provide specific security handling in network sharing scenarios, as detailed in the corresponding Change Request. This included updates to ensure secure interconnection and topology hiding on inter-PLMN interfaces, aligning with the existing Security Edge Protection Proxy (SEPP) functionality. Furthermore, security aspects were defined for new procedures like EAS discovery via (V-)EASDF in roaming scenarios and for AI/ML model storage and sharing.

• Assistance to Member Selection Functionality for Application Operation TS 23.501CR3910
• Introduction of the MPQUIC Steering Functionality TS 23.501CR3973
• Update to UE member selection assistance functionality for application operation TS 23.501CR4622
• Security aspects of MSGin5G Service in rel-18 TS 33.501CR1565
• Security aspects of enhanced support of Non-Public Networks phase 2 TS 33.501CR1671
• Security of EAS discovery procedure via V-EASDF in roaming Scenario TS 33.501CR1741

+ 21 more changes

In Release 19, the SEAF function's enhancements are not explicitly detailed in the provided grounding context or Change Request titles. The listed CRs focus on other security and functionality areas such as UPF NAT, N6 delay measurement security, and trust anchoring for N32-f/PRINS, but do not specify new SEAF capabilities or procedures. Therefore, based solely on the given materials, no specific new feature for the SEAF in Release 19 can be described.

• Adding the NAT information exposure and Packet Inspection functionality in the UPF NF profile TS 23.501CR5420
• Exposure enhancements for static UE IP address assignment and 5G VN group's User Plane Security Policy TS 23.501CR5492
• Functional Description of Energy Efficiency Control Functionality TS 23.501CR5740
• NAT functionality in the UPF of BH PDU Session TS 23.501CR5650
• Adding security aspects of MSGin5G service Ph3 TS 33.501CR2047
• Security of Signalling Traffic Monitoring TS 33.501CR2089

+ 20 more changes

In Release 20, the SEAF's new functionality includes a defined procedure to make specific security parameters visible to RIs (Routing Instances). This enhancement is detailed alongside other system security updates, such as corrections for energy consumption calculations in specific PDU session scenarios.

• Procedure to making some security parameters visible to RIs TS 33.501CR2191
• Correction on Energy Consumption calculation for redundant transmission or PDU Session with multiple PDU Session Anchors TS 23.501CR6522