Content for TR 33.926 Word version: 17.6.0

1… 4… 5… 6… A… B… C… D… E… F… G… H… I… J… K… L… M… O… P…

J.1 Network product class description for the SMF J.2 Assets and threats specific to the SMF J.2.1 Critical assets J.2.2 Threats related to SMF assets
...

J Aspects specific to the network product class SMF |R16| p. 56

J.1 Network product class description for the SMF p. 56

J.1.1 Introduction p. 56

This Annex covers the aspects specific to the SMF network product class.

J.1.2 Minimum set of functions defining the SMF network product class p. 56

As part of the SMF network product, it is expected that the SMF to contain SMF application, a set of running processes (typically more than one) executing the software package for the SMF functions and OAM functions that is specific to the SMF network product model. Functionalities specific to the SMF network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.511.

J.2 Assets and threats specific to the SMF p. 56

J.2.1 Critical assets p. 56

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the SMF to be protected are:

SMF Application;
Session related data (e.g. subscriber's identities (e.g. SUPI), APN name, UE's IP address, QoS, etc.), network usage, charging data record, charging ID, etc.) ,
User plane data,
The interfaces of SMF to be protected and which are within SCAS scope:
- Service based interface, Nsmf, for providing services to AMF, AF, NEF, and SMF
- Service based interface for consuming services from UDM, AMF, PCF, NEF NRF, UDSF, CHF, and SMF
- N4 interface
- Console interface, for local access: local interface on SMF
- OAM interface, for remote access: interface between SMF and OAM system
NOTE 1:
The detailed interfaces of the SMF class are described in clause 4, Network Product Class Description of the present document.
SMF Software: binary code or executable code

NOTE 2:
SMF files may be any file owned by a user (root user as well as non-root uses), including User account data and credentials, Log data, configuration data, OS files, SMF application, Mobility Management data or SMF Software.

J.2.2 Threats related to SMF assets p. 57

J.2.2.1 Priority of UP security policy p. 57

Threat name: Non-compliant UP security policy handling
Threat Category: Tampering data, Information Disclosure,
Threat Description: It is required that user Plane Security Policy from UDM takes precedence over locally configured User Plane Security Policy in SMF. If SMF fails to comply with the requirement, user plane security may be degraded. For example, if the UP security policy from the UDM mandates the ciphering and integrity protection of the user plane data, but no protection is indicated in the local UP security policy at the SMF, and the local UP security policy takes the priority, then the user plane data will be sent over the air without any protection.
Threatened Asset: User plane data

J.2.2.2 TEID uniqueness failure p. 57

Threat name: Failure to assign unique TEID for a session
Threat Category: Tampering data, Denial of Service, Information disclosure, Spoofing Identity
Threat Description: TEID, as part of the CN Tunnel information, is used by the UPF and gNB/ng-eNB for user plane routing. The failure to guarantee the uniqueness of the TEID for a PDU session result in interruption of the routing of the user traffic. It also create charging errors. If multiple PDU sessions were to share the same TEID at the same time, the counts for the network usage of a single PDU session will be in fact the counts for the network usage of multiple sessions, creating charging errors.
Threatened Asset: Session related data

J.2.2.3 Charging ID Uniqueness failure p. 57

Threat name: Failure to assign unique Charging ID for a session.
Threat Category: Tampering data, Information disclosure
Threat Description: At the SMF if more than one PDU session were to share the same charging ID, the charging information for a PDU session would be wrongly correlated, creating charging errors.
Threatened Asset: Session related data

J.2.2.4 UP security policy check p. 57

Threat name: Unchecked UP security policy
Threat Category: Tampering data, Information disclosure
Threat Description: It is required that the SMF verifies that the UP security policy received from the ng-eNB/gNB is the same as that stored locally at the SMF. If the SMF fails to check, security degradation of UP traffic may occur. For example, if the UP security policy received from the ng-eNB/gNB indicates no security protection, while the local policy mandates the opposite, and SMF uses the received UP security policy without validation, then the user plane data will be unprotected.
Threatened Asset: User plane data