4 gNB-CU-specific security requirements and related test cases
33.5233GPP5G Security Assurance Specification (SCAS)Release 18Split gNB product classesTS
4.1 Introduction
gNB-CU specific security requirements include both requirements derived from gNB-CU-specific security functional requirements as well as security requirements derived from threats specific to gNB-CU as described in TR 33.926 [4]. Generic security requirements and test cases common to other network product classes have been captured in TS 33.117 [2] and are not repeated in the present document.
4.2 Security functional adaptations of requirements and related test cases
4.2.1 Introduction
The present clause contains gNB-CU-specific security functional adaptations of requirements and related test cases. Many of the security functional requirements are directly inherited from the gNB product class.
4.2.2 Requirements and test cases deriving from 3GPP specifications
4.2.2.1 Security functional requirements on the gNB-CU deriving from 3GPP specifications – TS 33.501 [3]
Editor’s Note: The ‘W’ in the clauses for the references to threats will need to be aligned with the final Annex allocation in TR 33.926.
4.2.2.1.1 Security functional requirements inherited from gNB
The following security functional requirements in clause 4.2.2.1 of TS 33.511 [6] apply to the gNB-CU by changing the gNB to gNB-CU for the entity under test in the test cases and with the below change to threat references:
4.2.2.1.1 Integrity protection of RRC-signalling
Threat References: TR 33.926 [4], clause W.2.2.2 – Control plane data integrity protection.
4.2.2.1.2 Integrity protection of user data between the UE and the gNB
Threat References: TR 33.926 [4], clause W.2.2.4 – User plane data integrity protection.
4.2.2.1.4 RRC integrity check failure
Threat References: TR 33.926 [4], clause W.2.2.2 – Control plane data integrity protection.
4.2.2.1.5 UP integrity check failure
Threat References: TR 33.926 [4], clause W.2.2.4 – User plane data integrity protection.
4.2.2.1.6 Ciphering of RRC-signalling
Threat References: TR 33.926 [4], clause W.2.2.1 – Control plane data confidentiality protection.
4.2.2.1.7 Ciphering of user data between the UE and the gNB
Threat References: TR 33.926 [4], clause W.2.2.3 – User plane data confidentiality protection at gNB.
4.2.2.1.8 Replay protection of user data between the UE and the gNB
Threat References: TR 33.926 [4], clause W.2.2.4 – User plane data integrity protection.
4.2.2.1.9 Replay protection of RRC-signalling
Threat References: TR 33.926 [4], clause W.2.2.2 – Control plane data integrity protection.
4.2.2.1.10 Ciphering of user data based on the security policy sent by the SMF
Threat References: TR 33.926 [4], clause W.2.2.8 – Security Policy Enforcement.
4.2.2.1.11 Integrity of user data based on the security policy sent by the SMF
Threat References: TR 33.926 [4], clause W.2.2.8 – Security Policy Enforcement.
4.2.2.1.12 AS algorithms selection
Threat References: TR 33.926 [4], clause W.2.2.5 – AS algorithm selection and use.
4.2.2.1.13 Key refresh at the gNB
Threat References: TR 33.926 [4], clause W.2.2.7 – Key Reuse.
4.2.2.1.14 Bidding down prevention in Xn-handovers
Threat References: TR 33.926 [4], clause W.2.2.6 – Bidding Down on Xn-Handover.
4.2.2.1.15 AS protection algorithm selection in gNB change
Threat References: TR 33.926 [4], clause W.2.2.5 – AS algorithm selection and use.
4.2.2.1.18 Key update at the gNB on dual connectivity
Threat References: TR 33.926 [4], clause W.2.2.7 – Key Reuse.
4.2.2.1.19 UP security activation in Inactive scenario
Threat Reference: TR 33.926 [4], clause W.2.2.9 – State transition from inactive state to connected state.
4.2.2.1.2 Control plane data confidentiality protection over N2/Xn/F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.16 of TS 33.511 [6] but modified as the gNB-CU supports the F1 interface.
Requirement Name: Control plane data confidentiality protection over N2/Xn/F1 interface
Requirement Reference: TS 33.501 [3], clauses 5.3.9, 9.2 and 9.4.
Requirement Description: "F1-C interface shall support confidentiality, integrity and replay protection.", "The transport of control plane data over N2 shall be integrity, confidentiality and replay-protected." "The transport of control plane data and user data over Xn shall be integrity, confidentiality and replay-protected." as specified in TS 33.501 [3], clauses 5.3.9, 9.2 and 9.4.
Threat References: TR 33.926 [4], clause W.2.2.1 – Control plane data confidentiality protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [2]
4.2.2.1.3 Control plane data integrity protection over N2/Xn/F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.17 of TS 33.511 [6] but modified as the gNB-CU supports the F1 interface.
Requirement Name: Control plane data integrity protection over N2/Xn/F1 interface
Requirement Reference: TS 33.501 [3], clauses 5.3.9, 9.2 and 9.4.
Requirement Description: "F1-C interface shall support confidentiality, integrity and replay protection.", "The transport of control plane data over N2 shall be integrity, confidentiality and replay-protected." "The transport of control plane data and user data over Xn shall be integrity, confidentiality and replay-protected." as specified in TS 33.501 [3], clauses 5.3.9, 9.2 and 9.4.
Threat References: TR 33.926 [4], clause W.2.2.2 – Control plane data integrity protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [2].
4.2.2.1.4 User plane data confidentiality protection over N3/Xn/F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.R of TS 33.511 [6] but modified as the gNB-CU supports the F1 interface.
Editor’s Note: The ‘R’ in the clause in the Note referring to TS 33.511 needs correction once the CR to include this test case in TS 33.511 is approved.
Requirement Name: User plane data confidentiality protection over N3/Xn/F1 interface.
Requirement Reference: TS 33.501 [2], clauses 5.3.9, 9.3 and 9.4.
Requirement Description: "The gNB shall support confidentiality, integrity and replay protection on the gNB DU-CU F1-U interface [33] for user plane", "The transport of user data over N3 shall be integrity, confidentiality and replay-protected.", and "The transport of control plane data and user data over Xn shall be integrity, confidentiality and replay-protected." as specified in TS 33.501 [2], clauses 5.3.9, 9.3 and 9.4.
Threat References: TR 33.926 [4], clause W.2.2.3 – User plane data confidentiality protection at gNB.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [3].
4.2.2.1.5 User plane data integrity protection over N3/Xn/F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.S of TS 33.511 [6] but modified as the gNB-CU supports the F1 interface.
Editor’s Note: The ‘S’ in the clause in the Note referring to TS 33.511 needs correction once the CR to include this test case in TS 33.511 is approved.
Requirement Name: User plane data integrity protection over N3/Xn/F1 interface.
Requirement Reference: TS 33.501[2], clauses 5.3.9, 9.3 and 9.4.
Requirement Description: "The gNB shall support confidentiality, integrity and replay protection on the gNB DU-CU F1-U interface [33] for user plane", "The transport of user data over N3 shall be integrity, confidentiality and replay-protected.", and "The transport of control plane data and user data over Xn shall be integrity, confidentiality and replay-protected." as specified in TS 33.501 [2], clauses 5.3.9, 9.3 and 9.4.
Threat References: TR 33.926 [4], clause W.2.2.4 – User plane data integrity protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [3].
4.2.3 Technical Baseline
The baseline technical requirements are identical to the ones for the gNB product class given in clause 4.2.3 of TS 33.511 [6].
4.2.4 Operating systems
There are no gNB-CU-specific additions to clause 4.2.4 of TS 33.117 [2].
NOTE: The ICMP changes applied for a gNB only apply for a DU. In a split deployment where the CU(-CP/UP) is deployed in a data center, the CU(-CP/UP) should be treated as any other IP nodes (e.g., UPF) as the data center nodes are assumed to have connectivity to IP networks whereas DU can be considered like a gNB from ICMP threat perspective.
4.2.5 Web servers
There are no gNB-CU-specific additions to clause 4.2.5 of TS 33.117 [2].
4.2.6 Network devices
These requirements are identical to the ones for the gNB product class given in clause 4.2.6 of TS 33.511 [6].
4.3 Adaptations of hardening requirements and related test cases
These requirements are identical to the ones for the gNB product class given in clause 4.3 of TS 33.511 [6].
4.4 Adaptations of basic vulnerability testing requirements and related test cases
There are no gNB-CU-specific additions to clause 4.4 of TS 33.117 [2].