TS 33.116
Security Assurance Specification (SCAS)
for the MME Network Product Class

3GPP‑Page ETSI‑search fToC_↓ Partial Content _→

V19.0.0 (PDF) 2025/03 17 p.

V18.0.0 2024/03 20 p.

V17.0.0 2022/03 20 p.

V16.1.0 2021/12 20 p.

V15.1.0 2021/12 20 p.

V14.2.0 2021/12 20 p.

Rapporteur:: Dr. Zugenmaier, Alf
NTT DOCOMO INC.

full Table of Contents for TS 33.116 Word version: 19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Scope p. 6

References p. 6

Definitions and abbreviations p. 6

3.1	Definitions p. 6
3.2	Abbreviations p. 7

MME-specific security requirements and related test cases p. 7

4.1

Introduction p. 7

4.2

MME-specific adaptations of security functional requirements and related test cases p. 7

4.2.1

Introduction p. 7

4.2.2

Security functional requirements on the MME deriving from 3GPP specifications and related test cases p. 7

4.2.2.1

Security functional requirements on the MME deriving from 3GPP specifications - general approach p. 7

4.2.2.2

Authentication and key agreement procedure p. 7

4.2.2.2.1	Access with GSM SIM forbidden p. 7
4.2.2.2.2	Re-synchronization p. 8
4.2.2.2.3	Integrity check of Attach message p. 9
4.2.2.2.4	Not forwarding EPS authentication data to SGSN p. 9
4.2.2.2.5	Not forwarding unused EPS authentication data between different security domains p. 10

4.2.2.3

Security mode command procedure p. 10

4.2.2.3.1	Bidding down prevention p. 10
4.2.2.3.2	NAS integrity algorithm selection and use p. 11
4.2.2.3.3	NAS NULL integrity protection p. 11
4.2.2.3.4	NAS confidentiality protection p. 12

4.2.2.4

Security in intra-RAT mobility p. 12

4.2.2.4.1	Bidding down prevention in X2-handovers p. 12
4.2.2.4.2	NAS integrity protection algorithm selection in MME change p. 13

4.2.2.5

Security in inter-RAT mobility p. 13

4.2.2.5.1	No access with GSM SIM via idle mode mobility p. 13
4.2.2.5.2	No access with GSM SIM via handover p. 14
4.2.2.5.3	No access with GSM SIM via SRVCC p. 14

4.2.2.6

Security Aspects of IMS Emergency Session Handling p. 15

4.2.2.6.1

Authentication failure for emergency bearers p. 15

4.2.3

Technical Baseline p. 15

4.2.3.1

Introduction p. 15

4.2.3.2

Protecting data and information p. 15

4.2.3.2.1	Protecting data and information - general p. 15
4.2.3.2.2	Protecting data and information - unauthorized viewing p. 16
4.2.3.2.3	Protecting data and information in storage p. 16
4.2.3.2.4	Protecting data and information in transfer p. 16
4.2.3.2.5	Logging access to personal data p. 16

4.2.3.3

Protecting availability and integrity p. 16

4.2.3.4

Authentication and authorization p. 16

4.2.3.5

Protecting sessions p. 16

4.2.3.6

Logging p. 16

4.2.4

Operating Systems p. 16

4.2.5

Web Servers p. 16

4.2.6

Network Devices p. 16

4.3

MME-specific adaptations of hardening requirements and related test cases p. 16

4.3.1	Introduction p. 16
4.3.2	Technical Baseline p. 16
4.3.3	Operating Systems p. 17
4.3.4	Web Servers p. 17
4.3.5	Network Devices p. 17

4.4

MME-specific adaptations of basic vulnerability testing requirements and related test cases p. 17

Change History p. 18

TS 33.116 Security Assurance Specification (SCAS) for the MME Network Product Class

full Table of Contents for TS 33.116 Word version: 19.0.0

TS 33.116
Security Assurance Specification (SCAS)
for the MME Network Product Class