The ARP parameter allows the NG-RAN node to choose whether the bearer establishment request should be made or rejected in the event of congestion.
The QFI value is coded on 6 bits. The 5QI value is set between 1 and 85. For any 5QI value less than or equal to 64, the QFI indicator and 5QI can be the same.
When the mobile is in the RRC_CONNECTED state, the management of QoS rules is delegated to the 5G-NR radio interface.
A user’s plane traffic in a PDU session with the same QFI flag is handled with the same traffic routing rules (e.g. sequencing rules, admission level).
The role of the radio node is to configure one or more radio data bearers (RAB: Radio Access Bearer) and to perform a mapping between the QFI and the bearer(s) from a TFT flow filtering template (Traffic Flow Template).
For uplink, there are two ways to control the mapping between the radio bearers and the QoS of IP flows:
1 – reflective QoS for which the mobile replicates QoS rules received in downlink (configuration of the TFT flow policy rules);
2 – explicit configuration for which the uplink QoS configuration is defined by configuring the radio bearer.
Figure 1.10. QFI management in the user’s plane
1.5. Security architecture
The security architecture implemented on the 5G mobile is based on:
1 – mutual authentication between the 5GC core network and mobile (UICC);
2 – ciphering and integrity of NAS signaling messages exchanged between the mobile and the AMF;
3 – AS security through the 5G-NR radio interface between the mobile and the NG-RAN node. Security concerns the integrity control and encryption of RRC messages and IP packets. Integrity on IP packets is optional.
Data integrity:
1 – ensures that the data have not been altered by a third party between transmission and reception;
2 – verifies the transmitting source;
3 – ensures that a message already received is not reused.
Encryption ensures the confidentiality of data exchanged between two entities.
The security of the NAS and AS messages consists of deriving different keys at the level of the mobile and at the level of the following entities (Figure 1.11):
1 – The AMF:
2 – KAMF key;
3 – KNASint key from the KAMF key for the integrity check of the NAS signaling;
4 – KNASenc key from the KAMF key for the encryption of the NAS signaling.
5 – The radio node:
6 – KgNB key from the KAMF key;
7 – KRRCenc key derived from the KgNB key for the encryption of RRC signaling on the 5G-NR interface;
8 – KRRCint key derived from the KgNB key for the integrity check of RRC signaling on the 5G-NR interface;
9 – KUPenc key derived from the KgNB key for encrypting IP traffic on the 5G-NR interface;
10 – optionally, a KUPint key derived from the KgNB key for the integrity check of IP traffic on the 5G-NR interface.
Figure 1.11. Security architecture
The mobile must support the NAS security based on information transmitted by the 5G core network and AS security, according to the indications sent by the NG-RAN access node.
5G security is based on the use of:
1 – NEA encryption algorithms (Encryption Algorithm for 5G);
2 – NIA (Integrity Algorithm for 5G) integrity control algorithms;
3 – the KUPenc, KRRCenc, KNASenc encryption keys consist of 128 bits.
The encryption and integrity control algorithms are similar to those used on the LTE interface:
1 – NEA0/NIA0: no ciphering;
2 – 128-NEA1/128-NIA1: algorithm SNOW 3G (flow ciphering);
3 – 128-NEA2/128-NIA2: algorithm AES (bloc ciphering);
4 – 128-NEA3/128-NIA3: algorithm ZUC (flow ciphering).
Encryption and integrity are based on the following parameters:
