6 gNB-CU-UP-specific security requirements and related test cases
33.5233GPP5G Security Assurance Specification (SCAS)Release 18Split gNB product classesTS
6.1 Introduction
gNB-CU-UP specific security requirements include both requirements derived from gNB-CU-UP-specific security functional requirements as well as security requirements derived from threats specific to gNB-CU-UP as described in TR 33.926 [4]. Generic security requirements and test cases common to other network product classes have been captured in TS 33.117 [2] and are not repeated in the present document.
6.2 Security functional adaptations of requirements and related test cases6.2.1 Introduction
The present clause contains gNB-CU-UP-specific security functional adaptations of requirements and related test cases. Many of the security functional requirements are directly inherited from the gNB product class.
6.2.2 Requirements and test cases deriving from 3GPP specifications
6.2.2.1 Security functional requirements on the gNB-CU-UP deriving from 3GPP specifications – TS 33.501 [3]
Editor’s Note: The ‘Y’ in the clauses for the references to threats will need to be aligned with the final Annex allocation in TR 33.926.
6.2.2.1.1 Security functional requirements inherited from gNB
The following security functional requirements from clause 4.2.2.1 of TS 33.511 [6] apply to the gNB-CU-UP by changing the gNB to gNB-CU-UP for the entity under test in the test cases and with the below changes of threat reference:
4.2.2.1.5 UP integrity check failure
Threat References: TR 33.926 [4], clause Y.2.2.4 – User plane data integrity protection.
4.2.2.1.8 Replay protection of user data between the UE and the gNB
Threat References: TR 33.926 [4], clause Y.2.2.4 – User plane data integrity protection.
6.2.2.1.2 Control plane data confidentiality protection over E1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.16 of TS 33.511 [6] but modified as the gNB-CU-UP only supports the E1 interface.
Requirement Name: Control plane data confidentiality protection over E1 interface
Requirement Reference: TS 33.501 [3], clauses 5.3.10.
Requirement Description: " The E1 interface between CU-CP and CU-UP shall be confidentiality, integrity and replay protected." as specified in TS 33.501 [3], clauses 5.3.10.
Threat References: TR 33.926 [4], clause Y.2.2.1 – Control plane data confidentiality protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [2].
6.2.2.1.3 Control plane data integrity protection over E1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.17 of TS 33.511 [6] but modified as the gNB-CU-UP only supports the E1 interface.
Requirement Name: Control plane data integrity protection over E1 interface
Requirement Reference: TS 33.501 [3], clauses 5.3.10.
Requirement Description: " The E1 interface between CU-CP and CU-UP shall be confidentiality, integrity and replay protected." as specified in TS 33.501 [3], clauses 5.3.10.
Threat References: TR 33.926 [4], clause Y.2.2.2 – Control plane data integrity protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [2].
6.2.2.1.4 User plane data confidentiality protection over N3/Xn/F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.R of TS 33.511 [6] but modified as the gNB-CU-UP supports the F1 interface.
Editor’s Note: The ‘R’ in the clause in the Note referring to TS 33.511 needs correction once the CR to include this test case in TS 33.511 is approved.
Requirement Name: User plane data confidentiality protection over N3/Xn/F1 interface.
Requirement Reference: TS 33.501 [2], clauses 5.3.9, 9.3 and 9.4.
Requirement Description: "The gNB shall support confidentiality, integrity and replay protection on the gNB DU-CU F1-U interface [33] for user plane", "The transport of user data over N3 shall be integrity, confidentiality and replay-protected.", and "The transport of control plane data and user data over Xn shall be integrity, confidentiality and replay-protected." as specified in TS 33.501 [2], clauses 5.3.9, 9.3 and 9.4.
Threat References: TR 33.926 [4], clause Y.2.2.3 – User plane data confidentiality protection at gNB.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [3].
6.2.2.1.5 User plane data integrity protection over N3/Xn/F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.S of TS 33.511 [6] but modified as the gNB-CU-UP supports the F1 interface.
Editor’s Note: The ‘S’ in the clause in the Note referring to TS 33.511 needs correction once the CR to include this test case in TS 33.511 is approved.
Requirement Name: User plane data integrity protection over N3/Xn/F1 interface.
Requirement Reference: TS 33.501[2], clauses 5.3.9, 9.3 and 9.4.
Requirement Description: "The gNB shall support confidentiality, integrity and replay protection on the gNB DU-CU F1-U interface [33] for user plane", "The transport of user data over N3 shall be integrity, confidentiality and replay-protected.", and "The transport of control plane data and user data over Xn shall be integrity, confidentiality and replay-protected." as specified in TS 33.501 [2], clauses 5.3.9, 9.3 and 9.4.
Threat References: TR 33.926 [4], clause Y.2.2.4 – User plane data integrity protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [3].
6.2.2.1.6 Integrity protection of user data between the UE and the gNB-CU-UP
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.2 of TS 33.511 [6] but modified as the gNB-CU-CP informs the gNB-CU-UP to use a non-NULL integrity algorithm.
Requirement Name: Integrity protection of user data between the UE and the gNB-CU-UP.
Requirement Reference: TS 33.501 [2], clause 5.3.3
Requirement Description: "The gNB shall support integrity protection of user data packets over the NG RAN air interface" as specified in TS 33.501 [2], clause 5.3.3.
NOTE 2: This requirement does not apply to the gNB that is used as a secondary node connecting to the EPC.
Threat References: TR 33.926 [4], clause Y.2.2.4 – User plane data integrity protection.
Test Case:
Test Name: TC-UP-DATA-INT_gNB-CU-UP
Purpose: To verify that the user data packets are integrity protected over the NG RAN air interface.
Pre-Condition:
– The gNB-CU-UP network product shall be connected in emulated/real network environments. UE may be simulated.
– Tester shall enable the user plane integrity protection and ensure NIA0 is not used.
– Tester shall have knowledge of integrity algorithm and integrity protection keys.
– The tester can capture the message via the NG RAN air interface, or can capture the message at the UE.
Execution Steps:
1. The NIA0 is disabled at UE and gNB-CU-UP.
2. The gNB-CU-UP is sent by the gNB-CU-CP a Bearer Context Setup Request message with integrity protection indication "on".
3. Check any User data sent by gNB-CU-UP after receiving the Bearer Context Setup Request message and before UE enters CM-Idle state is integrity protected.
Expected Results:
Any user plane packets sent between UE and gNB-CU-UP over the NG RAN air interface after gNB-CU-UP receives the Bearer Context Setup Request is integrity protected.
Expected format of evidence:
Evidence suitable for the interface e.g. Screenshot containing the operational results.
6.2.2.1.7 Ciphering of user data between the UE and the gNB-CU-UP
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.7 of TS 33.511 [6] but modified as the gNB-CU-CP informs the gNB-CU-UP to use a non-NULL confidentiality algorithm.
Requirement Name: Ciphering of user data between the UE and the gNB-CU-UP
Requirement Reference: TS 33.501 [2], clause 5.3.2
Requirement Description: "The gNB shall provide ciphering of user data packets between the UE and the gNB on NG RAN air interface" as specified in TS 33.501 [2], clause 5.3.2.
Threat References: TR 33.926 [4], clause Y.2.2.3 – User plane data confidentiality protection at gNB
Test Case:
Test Name: TC-UP-DATA-CIP_gNB
Purpose: To verify that the user data packets are confidentiality protected over the NG RAN air interface.
Pre-Condition:
– The gNB-CU-UP network product shall be connected in emulated/real network environments. The UE may be simulated.
– The tester shall have access to the NG RAN air interface or can capture the message at the UE.
Execution Steps:
1. The gNB-CU-UP is sent by the gNB-CU-CP a Bearer Context Setup Request message with ciphering protection indication "on".
2. Check any user data sent by the gNB-CU-UP after receiving the Bearer Context Setup Request message and before the UE enters into CM-Idle state.
Expected Results:
The user plane packets sent to the UE after the gNB-CU-UP receives the Bearer Context Setup Request is confidentiality protected.
Expected format of evidence:
Evidence suitable for the interface e.g. Screenshot containing the operational results.
6.2.3 Technical Baseline
The baseline technical requirements are identical to the ones for the gNB product class given in clause 4.2.3 of TS 33.511 [6].
6.2.4 Operating systems
There are no gNB-CU specific additions to clause 4.2.4 of TS 33.117 [2].
6.2.5 Web servers
There are no gNB-CU-UP specific additions to clause 4.2.5 of TS 33.117 [2].
6.2.6 Network devices
These requirements are identical to the ones for the gNB product class given in clause 4.2.6 of TS 33.511 [6].
6.3 Adaptations of hardening requirements and related test cases
These requirements are identical to the ones for the gNB product class given in clause 4.3 of TS 33.511 [6].
6.4 Adaptations of basic vulnerability testing requirements and related test cases
There are no gNB-CU-UP specific additions to clause 4.4 of TS 33.117 [2].