Tech-invite3GPPspaceIETF RFCsSIP
index21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 33.515
5G Security Assurance Specification (SCAS) –
Session Management Function (SMF)

3GPP‑Page   ETSI‑search   CONTENT
V17.0.0 (PDF)  2022/03  14 p.
V16.4.0 (PDF)  2021/09  14 p.
Rapporteur:
Mr. Wong, Marcus
Huawei Tech.(UK) Co.. Ltd

Content for  TS 33.515  Word version:  17.0.0

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 SMF-specific security requirements and related test cases4.1 Introduction4.2 SMF-specific adaptations of security functional requirements and related test cases4.3 SMF-specific adaptations of hardening requirements and related test cases4.4 Network functions in service-based architecture$ Change history

 

1  Scopep. 6

The present document contains requirements and test cases that are specific to the SMF network product class. It refers to the Catalogue of General Security Assurance Requirements and formulates specific adaptions of the requirements and test cases given there, as well as specifying requirements and test cases unique to the SMF network product class.

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TS 23.501: "System Architecture for the 5G System".
[2]
TS 33.117: "Catalogue of general security assurance requirements".
[3]
TS 23.060: "General Packet Radio Service".
[4]
TR 33.926: "Security Assurance Specification (SCAS) threats and critical assets in 3GPP network product classes".
[5]
TS 29.281: "General Packet Radio System (GPRS) Tunnelling Protocol User Plane (GTPv1-U)".
[6]
TS 32.255: "Charging Management; 5G Data Connectivity Domain Charging".
[7]
TR 21.905: "Vocabulary for 3GPP Specifications".
[8]
TS 33.501: (Release 15) "Security architecture and procedures for 5G system".
Up

3  Definitions of terms, symbols and abbreviationsp. 6

3.1  Termsp. 6

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

3.2  Symbolsp. 6

Void.

3.3  Abbreviationsp. 6

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
CHF
Charging Function
SCAS
Security Assurance Specification
SMF
Session Management Function
TEID
Tunnel Endpoint Identifier
UDM
Unified Data Management Function
UPF
User Plane Function
Up

4  SMF-specific security requirements and related test casesp. 7

4.1  Introductionp. 7

SMF specific security requirements include both SMF-specific security functional requirements in relevant specifications as well as security requirements introduced in the present document derived from the threats specific to SMF as described in TR 33.926.

4.2  SMF-specific adaptations of security functional requirements and related test casesp. 7

4.2.1  Introductionp. 7

Present clause contains SMF-specific security functional adaptations of requirements and related test cases.

4.2.2  Security functional requirements on the SMF deriving from 3GPP specifications and related test casesp. 7

4.2.2.1  Security functional requirements on the SMF deriving from 3GPP specificationsp. 7

4.2.2.1.0  Generalp. 7
The general approach in TS 33.117, clause 4.2.2.1 and all the requirements and test cases in TS 33.117, clause 4.2.2.2 related to SBA/SBI aspect apply to the SMF network product class.
4.2.2.1.1  Priority of UP security policyp. 7
Requirement Name:
Priority of UP security policy
Requirement Reference:
TS 23.501, clause 5.10.3
Requirement Description:
"User Plane Security Policy from UDM takes precedence over locally configured User Plane Security Policy." as specified in TS 23.501, clause 5.10.3
Threat References:
TR 33.926, clause J.2.2.1 Non-compliant UP security policy handling
Test Case:
Test Name:
TC_UP_POLICY_PRECEDENCE_SMF
Purpose:
Verify that the user plane security policy from the UDM takes precedence at the SMF under test over locally configured user plane security policy.
Pre-Conditions:
Test environment with AMF and UDM may be simulated.
Both UDM and SMF under test are configured with UP security policy, and the UP security policies are different.
There is no Session Management Subscription data in SMF.
Execution Steps
  1. The tester triggers PDU session establishment procedure by sending Nsmf_PDUSession_CreateSMContext Request message to the SMF.
  2. The SMF under test retrieves the Session Management Subscription data using Nudm_SDM_Get service from UDM, where the Session Management Subscription data includes the user plane security policy stored in UDM.
  3. The tester captures the Namf_Communication_N1N2MessageTransfer message sent from the SMF under test to the AMF.
Expected Results:
There is a Security Indication IE in the N2 SM information contained in the Namf_Communication_N1N2MessageTransfer message, which is the same with the UP security policy configured in the UDM.
Expected format of evidence:
Evidence suitable for the interface, e.g., Screenshot containing the operational results.
Up
4.2.2.1.2Void
4.2.2.1.3  Security functional requirements on the SMF checking UP security policyp. 8
Requirement Name:
UP security policy check.
Requirement Reference:
TS 33.501, clause 6.6.1
Requirement Description:
"The SMF shall verify that the UE's UP security policy received from the target ng-eNB/gNB is the same as the UE's UP security policy that the SMF has locally stored. If there is a mismatch, the SMF shall send its locally stored UE's UP security policy of the corresponding PDU sessions to the target gNB. This UP security policy information, if included by the SMF, is delivered to the target ng-eNB/gNB in the Path-Switch Acknowledge message. The SMF shall log capabilities for this event and may take additional measures, such as raising an alarm."
Threat References:
TR 33.926, clause J.2.2.4, Unchecked UP security policy.
TEST CASE:
Test Name:
TC_UP_SECURITY_POLICY _SMF
Purpose:
Verify that the SMF checks the UP security policy that is sent by the ng-eNB/gNB during handover.
Pre-Conditions:
The SMF under test is preconfigured with a UE UP security policy.
Execution
  1. The tester sends the Nsmf_PDUSession_UpdateSMContext Request message to the SMF under test. A UE UP security policy different than the one preconfigured at the SMF under test is included in the Request message.
  2. The tester captures the Nsmf_PDUSession_UpdateSMContext Response message sent from the SMF under test.
Expected Results:
The preconfigured UE security policy is contained in the 'n2SmInf' IE in the captured Response message.
Expected format of evidence:
Files containing the triggered GTP messages (e.g. pcap trace).
Up
4.2.2.1.4  Charging ID Uniquenessp. 9
Requirement Name:
Charing ID uniqueness.
Requirement Reference:
TS 32.255, clause 5.1.2
Requirement Description:
"
  • The SMF shall support PDU session charging using service based interface.
  • The SMF shall collect charging information per PDU session for UEs served under 3GPP access and non-3GPP access.
  • Every PDU session shall be assigned a unique identity number for billing purposes per PLMN. (i.e. the Charging Id). "
Threat Reference:
TR 33.926, clause J.2.2.3, "Failure to assign unique Charging ID for a session"
TEST CASE:
Test Name:
TC_CHARGING_ID_UNIQUENESS_SMF
Purpose:
Verify that the charging ID generated by the SMF for each PDU session is unique.
Pre-Conditions:
Test environment is set up with a Charging Function (CHF), which may be real or simulated, and the SMF under test. The tester is able to capture the traffic between the SMF under test and the CHF.
Execution Step
  1. The tester intercepts the traffic between the SMF under test and the CHF.
  2. The tester triggers the establishment of the maximum number of concurrent PDU sessions that the SMF under test can handle.
  3. The tester captures each Charging Data Request [initial] sent from the SMF under test to the CHF, and verifies the charging ID contained in the 'PDU Session Charging Information' IE in each Charging Data Request [initial] is unique.
Expected Results:
The charging ID in each Charging Data Request [initial] is unique.
Expected format of evidence:
Files containing the Charging Data Request [initial] messages (e.g. pcap trace).
Up

4.2.3  Technical Baselinep. 9

4.2.3.1  Introductionp. 9

The present clause provides baseline technical requirements.

4.2.3.2  Protecting data and informationp. 9

4.2.3.2.1  Protecting data and information - generalp. 10
There are no SMF-specific additions to clause 4.2.3.2.1 of TS 33.117.
4.2.3.2.2  Protecting data and information - unauthorized viewingp. 10
There are no SMF-specific additions to clause 4.2.3.2.2 of TS 33.117.
4.2.3.2.3  Protecting data and information in storagep. 10
There are no SMF-specific additions to clause 4.2.3.2.3 of TS 33.117.
4.2.3.2.4  Protecting data and information in transferp. 10
There are no SMF-specific additions to clause 4.2.3.2.4 of TS 33.117.
4.2.3.2.5  Logging access to personal datap. 10
There are no SMF-specific additions to clause 4.2.3.2.5 of TS 33.117.

4.2.3.3  Protecting availability and integrityp. 10

There are no SMF-specific additions to clause 4.2.3.3 of TS 33.117.

4.2.3.4  Authentication and authorizationp. 10

There are no SMF-specific additions to clause 4.2.3.4 of TS 33.117.

4.2.3.5  Protecting sessionsp. 10

There are no SMF-specific additions to clause 4.2.3.5 of TS 33.117.

4.2.3.6  Loggingp. 10

There are no SMF-specific additions to clause 4.2.3.6 of TS 33.117.

4.2.4  Operating Systemsp. 10

There are no SMF-specific additions to clause 4.2.4 of TS 33.117.

4.2.5  Web Serversp. 10

There are no SMF-specific additions to clause 4.2.5 of TS 33.117

4.2.6  Network Devicesp. 10

There are no SMF-specific additions to clause 4.2.6 of TS 33.117.

4.2.7Void

4.3  SMF-specific adaptations of hardening requirements and related test casesp. 10

4.3.1  Introductionp. 11

The present clause contains SMF-specific adaptations of hardening requirements and related test cases.

4.3.2  Technical baselinep. 11

There are no SMF-specific additions to clause 4.3.2 of TS 33.117.

4.3.3  Operating systemsp. 11

There are no SMF-specific additions to clause 4.3.3 of TS 33.117.

4.3.4  Web serversp. 11

There are no SMF-specific additions to clause 4.3.4 of TS 33.117.

4.3.5  Network devicesp. 11

There are no SMF-specific additions to clause 4.3.5 of TS 33.117.

4.3.6  Network functions in service-based architecturep. 11

There are no SMF-specific additions to clause 4.3.6 of TS 33.117.

4.4  Network functions in service-based architecturep. 11

There are no SMF-specific additions to clause 4.4 of TS 33.117.

$  Change historyp. 12

Up   Top