Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 33.521
5G Security Assurance Specification (SCAS) –
Network Data Analytics Function (NWDAF)

3GPP‑Page   ETSI‑search   CONTENT
V18.0.0 (PDF)  2023/06  … p.
V17.2.0  2022/06  12 p.
Rapporteur:
Mr. Qi, Minpeng
China Mobile Com. Corporation

Content for  TS 33.521  Word version:  17.2.0

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 NWDAF-specific security requirements and related test cases4.1 Introduction4.2 NWDAF-specific security functional requirements and related test cases4.3 NWDAF-specific adaptations of hardening requirements and related test cases4.4 NWDAF-specific adaptations of basic vulnerability testing requirements and related test cases$ Change history

 

1  Scopep. 6

The present document contains requirements and test cases that are specific to the NWDAF network product class. It refers to the Catalogue of General Security Assurance Requirements and formulates specific adaptions of the requirements and test cases, as well as specifying requirements and test cases unique to the NWDAF network product class.

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 23.288: "Architecture enhancements for 5G System (5GS) to support network data analytics services".
[3]
TS 33.117: "Catalogue of general security assurance requirements".
[4]
TR 33.926: "Security Assurance Specification (SCAS) threats and critical assets in 3GPP network product classes".
Up

3  Definitions of terms, symbols and abbreviationsp. 6

3.1  Termsp. 6

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

3.2  Symbolsp. 6

Void

3.3  Abbreviationsp. 6

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.

4  NWDAF-specific security requirements and related test casesp. 7

4.1  Introductionp. 7

NWDAF specific security requirements include both requirements derived from NWDAF-specific security functional requirements in relevant specifications as well as security requirements introduced in the present document derived from the threats specific to NWDAF as described in TR 33.926.

4.2  NWDAF-specific security functional requirements and related test casesp. 7

4.2.1  Technical baselinep. 7

4.2.1.1  Generalp. 7

The present clause provides baseline technical requirements.

4.2.1.2  Protecting data and informationp. 7

4.2.1.2.1  Protecting data and information - generalp. 7
There are no NWDAF-specific additions to clause 4.2.3.2.1 of TS 33.117.
4.2.1.2.2  Protecting data and information - Confidential System Internal Datap. 7
There are no NWDAF-specific additions to clause 4.2.3.2.2 of TS 33.117.
4.2.1.2.3  Protecting data and information in storagep. 7
There are no NWDAF-specific additions to clause 4.2.3.2.3 of TS 33.117.
4.2.1.2.4  Protecting data and information in transferp. 7
There are no NWDAF-specific additions to clause 4.2.3.2.4 of TS 33.117.
4.2.1.2.5  Logging access to personal datap. 7
There are no NWDAF-specific additions to clause 4.2.3.2.5 of TS 33.117.
4.2.1.2.6  Protecting data and information - Data masking on integration analysisp. 7
Requirement Name:
Data masking on integration analysis about personal data
Requirement Reference:
TBA.
Requirement Description:
NWDAF can collect data from UE, NF, OAM, etc. used for analytics. Personal data of the UE's user are involved also. When NWDAF uses such personal data in analytics with other information together, such data correlation operation could bind more personal information with the user's identity. Thus, privacy information about that specific user could be revealed to the person who is allowed to operate data correlation for analytics but not allowed to know the privacy information as the result of data correlation. Therefore, applicable measures (e.g. data masking) shall be applied to mitigate such privacy violation risk.
Threat References:
TR 33.926, clause 5.3.6.7, Personal Identification Information Violation
Test case:
Test Name:
TC_DATA_MASKING
Purpose:
Verify that no privacy information of operators' users is revealed to the party who is not allowed to have.
Pre-Condition:
The vendor shall provide the documentation describing how to create an account for accessing the analytics results.
Privacy information list (should be specified based on local policy, regulation and others).
Execution Steps:
  1. Review the documentation provided by the vendor describing how to create the account for accessing the analytics results provided by the NWDAF.
  2. The tester creates the account, and retrieves the analytics results from the NWDAF using the account.
Expected Results:
The tester can create the account, and the account does not reveal subscriber permanent identifier.
Expected format of evidence:
Evidence suitable for the interface, e.g. screenshot containing the results.
Up

4.2.2Void

4.3  NWDAF-specific adaptations of hardening requirements and related test casesp. 8

4.3.1  Introductionp. 8

The present clause contains NWDAF-specific adaptations of hardening requirements and related test cases.

4.3.2  Technical baselinep. 8

There are no NWDAF-specific additions to clause 4.3.2 of TS 33.117.

4.3.3  Operating systemsp. 8

There are no NWDAF-specific additions to clause 4.3.3 of TS 33.117.

4.3.4  Web serversp. 8

There are no NWDAF-specific additions to clause 4.3.4 of TS 33.117.

4.3.5  Network devicesp. 8

There are no NWDAF-specific additions to clause 4.3.5 of TS 33.117.

4.3.6  Network functions in service-based architecturep. 8

There are no NWDAF-specific additions to clause 4.3.6 in TS 33.117.

4.4  NWDAF-specific adaptations of basic vulnerability testing requirements and related test casesp. 9

There are no NWDAF-specific additions to clause 4.4 of TS 33.117.

$  Change historyp. 49

Up   Top