The general approach in
TS 33.117, clause 4.2.2.1 related to SBA/SBI aspect apply to the UPF network product class.
TS 33.117, clause 4.2.2.2 related to SBA/SBI aspect apply to the UPF network product class.
Requirement Name:
Confidentiality protection of user data transported over N3 interface.
Requirement Reference:
Requirement Description:
"The transported user data between gNB and UPF shall be confidentiality protected." As specified in
TS 33.501, clause 9.3.
Threat Reference:
TEST CASE:
Test Name:
Purpose:
Verify that the transported user data between gNB and UPF are confidentiality protected over N3 interface.
Procedure and execution steps:
Pre-Condition:
-
UPF network product is connected in simulated/real network environment.
-
The tunnel mode IPsec ESP and IKE certificate authentication is implemented.
-
Tester shall have knowledge of the security parameters of tunnel for decrypting the ESP packets.
-
Tester shall have access to the N3 interface between gNB and UPF.
-
Tester shall have knowledge of the confidentiality algorithm and confidentiality protection keys used for encrypting the encapsulated payload.
Execution Steps:
Expected Results:
The user data transported between gNB and UPF is confidentiality protected.
Expected format of evidence:
Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture.
Requirement Name:
Integrity protection of user data transported over N3 interface.
Requirement Reference:
Requirement Description:
"The transported user data between gNB and UPF shall be integrity protected" as specified in
TS 33.501, clause 9.3.
Threat Reference:
TEST CASE:
Test Name:
Purpose:
Verify that the transported user data between gNB and UPF are integrity protected over N3 interface.
Procedure and execution steps:
Pre-Condition:
-
UPF network product is connected in simulated/real network environment.
-
The tunnel mode IPsec ESP and IKE certificate authentication is implemented.
-
Tester shall have knowledge of the security parameters of tunnel for decrypting the Encapsulated Security Payload (ESP) packets.
-
Tester shall have knowledge of the authentication algorithm (Hash Message Authentication Code) and the protection keys.
Execution Steps:
Expected Results:
The user data transported between gNB and UPF is integrity protected.
Expected format of evidence:
Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture.
Requirement Name:
Replay protection of user data transported over N3 interface
Requirement Reference:
Requirement Description:
"The transported user data between gNB and UPF shall be replay protected." As specified in
TS 33.501, clause 9.3.
Threat Reference:
TEST CASE:
Test Name:
Purpose:
Verify that the transported user data between gNB and UPF are replay protected.
Procedure and execution steps:
The following procedure is executed if UPF supports IPsec.
Pre-Condition:
-
UPF network product is connected in simulated/real network environment.
-
The tunnel mode IPsec ESP and IKE certificate authentication is implemented.
-
Tester shall have knowledge of the security parameters of tunnel for decrypting the ESP packets.
-
Tester shall have access to the original user data transported via N3 reference point between gNB and UPF.
Execution Steps:
Expected Results:
The user data transported between UE and UPF is replay protected.
Expected format of evidence:
Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture.
Requirement Name:
Protection of user data transported over N9 within a PLMN.
Requirement Reference:
Requirement Description:
As specified in
clause 9.9 in TS 33.501, "Interfaces internal to the 5G Core can be used to transport signalling data as well as privacy sensitive material, such as user and subscription data, or other parameters, such as security keys. Therefore, confidentiality and integrity protection is required.
For the protection of the non-SBA internal interfaces, such as N4 and N9, NDS/IP shall be used as specified in [3]."
Threat Reference:
TEST CASE:
Test Name:
Purpose:
Verify that the protection mechanism implemented for user data transport over N9 interface in a PLMN conforms to the selected security profile.
Procedure and execution steps:
Pre-Condition:
-
UPF network products are connected in simulated/real network environment.
-
The tunnel mode IPsec ESP and IKE certificate authentication is implemented.
-
Tester shall have knowledge of the security parameters of tunnel for decrypting the ESP packets.
-
Tester shall have access to the N9 interface between two UPFs within a PLMN.
-
Tester shall have knowledge of the confidentiality algorithm and confidentiality protection keys used for encrypting the encapsulated payload.
Execution Steps:
Expected Results:
The user data transported on N9 within a PLMN is protected.
Expected format of evidence:
Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture.
Requirement Name:
Protection of signalling data transported over N4 interface.
Requirement Reference:
Requirement Description:
As specified in
clause 9.9 in TS 33.501, "Interfaces internal to the 5G Core can be used to transport signalling data as well as privacy sensitive material, such as user and subscription data, or other parameters, such as security keys. Therefore, confidentiality and integrity protection is required.
For the protection of the non-SBA internal interfaces, such as N4 and N9, NDS/IP shall be used as specified in [3]."
Threat Reference:
TEST CASE:
Test Name:
Purpose:
Verify that the protection mechanism implemented for signalling data transmitted over N4 conforms to selected security profile.
Procedure and execution steps:
Pre-Condition:
-
UPF and SMF network products are connected in simulated/real network environment.
-
The tunnel mode IPsec ESP and IKE certificate authentication is implemented.
-
Tester shall have knowledge of the security parameters of tunnel for decrypting the ESP packets.
-
Tester shall have access to the N4 interface between SMF and UPF.
-
Tester shall have knowledge of the confidentiality algorithm and confidentiality protection keys used for encrypting the encapsulated payload.
Execution Steps:
Expected Results:
The signalling data transported over N4 interface is protected.
Expected format of evidence:
Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture.
Requirement Name:
Requirement Reference:
Requirement Description:
"Allocation and release of CN Tunnel Info is performed when a new PDU Session is established or released. This functionality is supported either by SMF or UPF, based on operator's configuration on the SMF" as specified in
TS 23.501, clause 5.8.2.3.1.
"Tunnel Endpoint Identifier (TEID): This field unambiguously identifies a tunnel endpoint in the receiving GTP U protocol entity. The receiving end side of a GTP tunnel locally assigns the TEID value the transmitting side has to use" as specified in
TS 29.281, clause 5.1.
"The TEID is a unique identifier within one IP address of a logical node." As specified in
TS 23.060, clause 14.6.
Threat Reference:
TEST CASE:
Test Name:
TC_TEID_ID_UNIQUENESS_UPF
Purpose:
Verify that the TEID generated by UPF under test for each new GTP tunnel is unique.
Pre-Conditions:
Test environment is set up with SMF, which may be real or simulated, and UPF under test. The tester is able to trace traffic between the UPF under test and the SMF (real or simulated). SMF configures UPF under test to generate the TEIDs.
Execution Steps:
-
The tester intercepts the traffic between the UPF under test and the SMF.
-
The tester triggers the maximum number of concurrent N4 session establishment requests.
-
The tester captures the N4 session establishment responses sent from UPF to SMF and verifies that the F-TEID created for each generated response is unique.
Expected Results:
The F-TEID set in each different N4 session establishment response is unique.
Expected format of evidence:
Files containing the triggered GTP messages (e.g. pcap trace).
Requirement Name:
Requirement Reference:
Requirement Description:
"The IPUPS shall only forward GTP-U packets that contain an F-TEID that belongs to an active PDU session and discard all others." as specified in
TS 33.501, clause 5.9.3.4.
Threat Reference:
TEST CASE:
Test Name:
Purpose:
Verify that the packets not belonging to an active PDU session is discarded.
Pre-Conditions:
Test environment is set up with a V-SMF, an H-SMF, an H-UPF and a gNB which may be simulated.
Execution Steps:
-
The V-SMF requests the UPF with IPUPS functionality under test to establish an N4 session for a PDU session in home-routing roaming. The UPF with IPUPS functionality under test responds to the SMF with the F-TEID for the N9 tunnel towards the H-UPF, and the F-TEID for the N3 tunnel towards the gNB.
-
The V-SMF requests the H-SMF to establish a PDU session providing the received F-TEID for the N9 tunnel.
-
The H-SMF requests the H-UPF to establish an N4 session providing the received F-TEID for the N9 tunnel. H-UPF in the response provides its F-TEID for the N9 tunnel. The H-SMF provides the received F-TEID from the H-UPF to the V-SMF.
-
The V-SMF requests the gNB to allocate resource for the PDU session providing the F-TEID for the N3 tunnel received at step 1. The gNB replies with its F-TEID for the N3 tunnel to the V-SMF.
-
The V-SMF provides the UPF with IPUPS functionality under test with the received F-TEID assigned by the gNB for the N3 tunnel and the received F-TEID assigned by the H-UPF for the N9 tunnel.
-
The H-UPF is triggered to send GTP-U packets using the F-TEID assigned by the V-UPF for the N9 tunnel.
-
The H-UPF is triggered to send GTP-U packets using an F-TEID different than the one assigned by V-UPF for N9 tunnel.
Expected Results:
When the H-UPF is triggered to send GTP-U packets using the F-TEID assigned by the V-UPF for the N9 tunnel (step 6 in the execution steps), GTP-U packets are witnessed over the N3 tunnel.
When the H-UPF is triggered to send GTP-U packets using an F-TEID different than the one assigned by the V-UPF (step 7 in the execution steps), no GTP-U packets are witnessed over the N3 tunnel.
Expected format of evidence:
Files recording the GTP packets captured (e.g. pcap trace).
Requirement Name:
Protection against malformed GTP-U messages
Requirement Reference:
Requirement Description:
Threat Reference:
TEST CASE:
Test Name:
TC_IPUPS_MALFORED_MESSAGES
Purpose:
Verify that malformed messages are discarded by UPF.
Pre-Conditions:
Execution Steps:
The execution steps follow those in
clause 4.4.4 of TS 33.117, except that the protocol the fuzzing tool is executed against is GTP-U and the interface is N9.
Expected Results:
The expected results in
clause 4.4.4 of TS 33.117 apply except that the protocol and the interface contained in the testing documentation are GTP-U and N9 respectively.
Expected format of evidence: