TS 33.511
Security Assurance Specification (SCAS)
for the Next Generation
Node B (gNodeB) Network Product Class
V19.3.0 (PDF)
2025/09 … p.
V18.3.0
2024/03 26 p.
V17.6.0
2024/03 25 p.
V16.12.0
2024/03 24 p.
- Rapporteur:
- Mr. Wong, Marcus
Huawei Tech.(UK) Co.. Ltd
full Table of Contents for TS 33.511 Word version: 19.2.0
1 Scope
2 References
3 Definitions of terms and abbreviations
4 gNodeB-specific security requirements and related test cases
$ Change history
1 Scope p. 6
The present document contains objectives, requirements and test cases that are specific to the gNB network product class. It refers to the Catalogue of General Security Assurance Requirements and formulates specific adaptions of the requirements and test cases given there, as well as specifying requirements and test cases unique to the gNB network product class.
2 References p. 6
3 Definitions of terms and abbreviations p. 6
3.1 Terms p. 6
3.2 Abbreviations p. 7
4 gNodeB-specific security requirements and related test cases p. 7
4.1 Introduction p. 7
4.2 gNodeB-specific security functional adaptations of requirements and related test cases p. 7
4.2.1 Introduction p. 7
4.2.2 Security functional requirements on the gNodeB deriving from 3GPP specifications and related test cases p. 7
4.2.2.1 Security functional requirements on the gNodeB deriving from 3GPP specifications - TS 33.501 [2] p. 7
4.2.2.1.1 Integrity protection of RRC-signalling p. 7
4.2.2.1.2 Integrity protection of user data between the UE and the gNB p. 8
4.2.2.1.3 Void
4.2.2.1.4 RRC integrity check failure p. 9
4.2.2.1.5 UP integrity check failure p. 9
4.2.2.1.6 Ciphering of RRC-signalling p. 10
4.2.2.1.7 Ciphering of user data between the UE and the gNB p. 10
4.2.2.1.8 Replay protection of user data between the UE and the gNB p. 11
4.2.2.1.9 Replay protection of RRC-signalling p. 12
4.2.2.1.10 Ciphering of user data based on the security policy sent by the SMF p. 13
4.2.2.1.11 Integrity of user data based on the security policy sent by the SMF p. 14
4.2.2.1.12 AS algorithms selection p. 15
4.2.2.1.13 Key refresh at the gNB p. 15
4.2.2.1.14 Bidding down prevention in Xn-handovers p. 16
4.2.2.1.15 AS protection algorithm selection in gNB change p. 17
4.2.2.1.16 Control plane data confidentiality protection over N2/Xn interface p. 18
4.2.2.1.17 Control plane data integrity protection over N2/Xn interface p. 18
4.2.2.1.18 Key update at the gNB on dual connectivity p. 18
4.2.2.1.19 UP security activation in Inactive scenario p. 19
4.2.2.1.20 User plane data confidentiality protection over N3/Xn interface p. 20
4.2.2.1.21 User plane data integrity protection over N3/Xn interface p. 20
4.2.2.1.22 Checking expiry certificate p. 21
4.2.2.1.23 Peer certificate checking p. 21
4.2.3 Technical Baseline p. 22
4.2.3.1 Introduction p. 22
4.2.3.2 Protecting data and information p. 22
4.2.3.2.1 Protecting data and information - general p. 22
4.2.3.2.2 Protecting data and information - unauthorized viewing p. 23
4.2.3.2.3 Protecting data and information in storage p. 23
4.2.3.2.4 Protecting data and information in transfer p. 23
4.2.3.2.5 Logging access to personal data p. 23
4.2.3.3 Protecting availability and integrity p. 23
4.2.3.4 Authentication and authorization p. 23
4.2.3.5 Protecting sessions p. 23
4.2.3.6 Logging p. 23
4.2.4 Operating systems p. 23
4.2.5 Web servers p. 23
4.2.6 Network devices p. 23
4.2.6.1 Protection of data and information p. 23
4.2.6.2 Protecting availability and integrity p. 24
4.2.7 Void
4.3 gNodeB-specific adaptations of hardening requirements and related test cases. p. 24
4.3.1 Introduction p. 24
4.3.2 Technical Baseline p. 24
4.3.3 Operating Systems p. 24
4.3.4 Web Servers p. 24
4.3.5 Network Devices p. 24
4.3.6 Network Functions in service-based architecture p. 24
4.4 gNodeB-specific adaptations of basic vulnerability testing requirements and related test cases p. 24
4.4.1 Introduction p. 24
4.4.2 Port Scanning p. 25
4.4.3 Vulnerability scanning p. 25
4.4.4 Robustness and fuzz testing p. 25
$ Change history p. 26
