Content for  TR 33.926  Word version:  17.6.0

Top   Top   Up   Prev   Next
1…   4…   5…   6…   A…   B…   C…   D…   E…   F…   G…   H…   I…   J…   K…   L…   M…   O…   P…


M  Aspects specific to the network product class N3IWF |R17|p. 66

M.1  Threat to send EAP-Identity Request by N3IWFp. 66

  • Threat name: N3IWF sends EAP-Identity Request
  • Threat Category: Denial of service.
  • Threat Description: EAP-5G is used between UE and N3IWF. As specificed in TS 33.501, the N3IWF shall refrain from sending an EAP-Identity request. The UE may ignore an EAP Identity request or respond with the SUCI it sent in the Registration Request. This means if the N3IWF happens to send an EAP-Identity Request to the UE, the N3IWF shall not look forward an EAP-Identity Reply. This is different from normal EAP framework. If the N3IWF behaves the same as normal EAP framework, the N3IWF will wait for a reply till time expires. This may casue the UE cannot access to the network via an N3IWF.
  • Threatened Asset: GNP services.

N  Aspects specific to the network product class NWDAF |R17|p. 67

N.1  Network product class description for the NWDAFp. 67

N.1.1  Introductionp. 67

This Annex covers the aspects specific to the NWDAF network product class.

N.1.2  Minimum set of functions defining the NWDAF network product classp. 67

As part of the NWDAF network product, it is expected that the NWDAF to contain NWDAF application (for data analysis), a set of running processes (typically more than one) executing the software package for the NWDAF functions and OAM functions that is specific to the NWDAF network product model. Functionalities specific to the NWDAF network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.521.

N.2  Assets and threats specific to the NWDAFp. 67

N.2.1  Critical assetsp. 67

In addition to the critical assets of a GNP described in clause 5.2 of the present document, the critical assets specific to the NWDAF to be protected are:
  • NWDAF Application;
  • Collected Data from NFs: e.g. part of mobility management data as depicted in clause K.2.1 collected from AMF, part of Session related data, user plane data as depicted in clause J.2.1 collected from SMF, part of user subscription data as depicted in clause E.2.1 collected from UDM, part of NF and User Data as depicted in clause I.2.1 collected from NEF, data collectd from NRF, PCF, AF and OAM, etc.
  • The interfaces of NWDAF to be protected and which are within SECAM scope:
    • Service based interface, Nnwdaf, for providing services to AMF, SMF, NEF, PCF, NSSF, OAM and AF.
    • Service based interface for consuming services from AMF, SMF, UDM, PCF, NRF, NEF and AF.
    • Console interface, for local access: local interface on NWDAF
    • OAM interface, for remote access and data collection: interface between NWDAF and OAM system
  • NWDAF Software: binary code or executable code


Up   Top   ToC