Content for  TR 33.926  Word version:  17.6.0

Top   Top   Up   Prev   Next
1…   4…   5…   6…   A…   B…   C…   D…   E…   F…   G…   H…   I…   J…   K…   L…   M…   O…   P…


B  Aspects specific to the network product class PGW |R15|p. 34

B.1  Network product class description for the PGWp. 34

B.1.1  Introductionp. 34

The present document captures the network product class descriptions, threats and critical assets that have been identified in the course of the work on 3GPP security assurance specifications. The main body of the present document contains generic aspects that are believed to apply to more than one network product class, while Annexes cover the aspects specific to one network product class.

B.1.2  Minimum set of functions defining the PGW network product classp. 34

As part of the PGW network product, it is expected that the PGW to contain PGW application, a set of running processes (typically more than one) executing the software package for the PGW functions and OAM functions that are specific to the PGW network product model. Functionalities specific to the PGW network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.250.

B.2  Assets and threats specific to the PGWp. 34

B.2.1  Critical assetsp. 34

In addition to the critical assets of a GNP described in clause 5.2 of the present document, the critical assets specific to the eNB to be protected are:
  • PGW Application;
  • Session related data: UE network usage and charging data e.g. subscriber's identities (e.g. IMSI), TEID, Charging ID, packet count, etc.
  • User plane data;
  • The interfaces of PGW to be protected and which are within SCAS scope: for example
    • SGi interface
    • S5/S8 interfaces
    • Console interface, for local access: local interface on PGW
    • OAM interface, for remote access: interface between PGW and OAM system
  • PGW Software: binary code or executable code

B.2.2  Threats related to IP Address Allocationp. 35

B.2.2.1  IP Address Reallocation Continuouslyp. 35

  • Threat name: IP Address Reallocation Continuously
  • Threat Category: Tampering
  • Threat Description: If an IP address is reallocated to a UE immediately after released from another UE, then the network side might be mistaken that the same UE keeps using the IP address continuously. Consequently, some network functions (e.g. PCRF) will execute policies on the wrong target UE. And some mis-operations (e.g. mischarging) will be executed on UEs.
  • Threatened Asset: Session related data

B.2.3  Packet Forwardingp. 35

B.2.3.1  Sending unauthorized packets to other UEsp. 35

  • Threat name: Sending unauthorized packets to other UEs
  • Threat Category: Tampering, DoS
  • Threat Description: If the destination address of uplink packets sent by a UE is another UE in the same PGW, the packets will not pass through the PGW and will be forwarded directly to the target UE. In this case, mutual access between two UEs within the same PGW might be requested. If such access is enabled, an attacker can gain control of a UE to send malicious packets (e.g. fraudulent information, malicious trojans, virus packs, etc.) directly to other UEs without security measures (e.g. firewall) at network side.
  • Threatened Asset: User plane data

B.2.4  Emergency PDN Connectionp. 35

B.2.4.1  Inactive Emergency PDN Connection Releasep. 35

  • Threat Name: Prolonged inactive emergency PDN connections
  • Threat Category: Denial of Service
  • Threat Description: The PGW is expected to release all bearers corresponding to emergency inactive PDN connections after the configured timeout. If emergency bearers of inactive PDN connections are not released, it may lead to system resource exhaustion.
  • Threatened Asset: Sufficient Processing Capacity

B.2.5  Threats related to charging relevant data |R16|p. 36

B.2.5.1  Failure to assign unique TEID or Charging ID for a sessionp. 36

  • Threat name: Failure to assign unique TEID or Charging ID for a session
  • Threat Category: Spoofing Identity, Tampering
  • Threat Description: Both Charging ID and TEID are the identities used for linking the network usage data per UE. If the Charging ID is not unique per IP-CAN session, or the TEID is not unique per GTP tunnel, the charging information for a PDU session would be wrongly correlated, creating charging errors.
  • Threatened Asset: Session related data

Up   Top   ToC