7 gNB-DU-specific security requirements and related test cases
33.5233GPP5G Security Assurance Specification (SCAS)Release 18Split gNB product classesTS
7.1 Introduction
gNB-DU specific security requirements include both requirements derived from gNB-DU-specific security functional requirements as well as security requirements derived from threats specific to gNB-DU as described in TR 33.926 [4]. Generic security requirements and test cases common to other network product classes have been captured in TS 33.117 [2] and are not repeated in the present document.
7.2 Security functional adaptations of requirements and related test cases
7.2.1 Introduction
The present clause contains gNB-DU-specific security functional adaptations of requirements and related test cases.
7.2.2 Requirements and test cases deriving from 3GPP specifications
7.2.2.1 Security functional requirements on the gNB-DU deriving from 3GPP specifications – TS 33.501 [3]
Editor’s Note: The ‘Z’ in the clauses for the references to threats will need to be aligned with the final Annex allocation in TR 33.926.
7.2.2.1.1 Control plane data confidentiality protection over F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.16 of TS 33.511 [6] but modified as the gNB-DU only supports the F1 interface.
Requirement Name: Control plane data confidentiality protection over F1 interface
Requirement Reference: TS 33.501 [3], clauses 5.3.9.
Requirement Description: "F1-C interface shall support confidentiality, integrity and replay protection." as specified in TS 33.501 [3], clauses 5.3.9.
Threat References: TR 33.926 [4], clause Z.2.2.1 – Control plane data confidentiality protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [2]
7.2.2.1.2 Control plane data integrity protection over F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.17 of TS 33.511 [6] but modified as the gNB-DU only supports the F1 interface.
Requirement Name: Control plane data integrity protection over F1 interface
Requirement Reference: TS 33.501 [3], clauses 5.3.9.
Requirement Description: "F1-C interface shall support confidentiality, integrity and replay protection." as specified in TS 33.501 [3], clauses 5.3.9.
Threat References: TR 33.926 [4], clause Z.2.2.2 – Control plane data integrity protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [2].
7.2.2.1.3 User plane data confidentiality protection over F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.R of TS 33.511 [6] but modified as the gNB-DU only supports the F1 interface.
Editor’s Note: The ‘R’ in the clause in the Note referring to TS 33.511 needs correction once the CR to include this test case in TS 33.511 is approved.
Requirement Name: User plane data confidentiality protection over F1 interface.
Requirement Reference: TS 33.501 [2], clauses 5.3.9.
Requirement Description: "The gNB shall support confidentiality, integrity and replay protection on the gNB DU-CU F1-U interface [33] for user plane" as specified in TS 33.501 [2], clauses 5.3.9.
Threat References: TR 33.926 [4], clause Z.2.2.3 – User plane data confidentiality protection at gNB.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [3].
7.2.2.1.4 User plane data integrity protection over F1 interface
NOTE 1: This is based on the security functional requirement on the gNB given in 4.2.2.1.S of TS 33.511 [6] but modified as the gNB-DU only supports the F1 interface.
Editor’s Note: The ‘S’ in the clause in the Note referring to TS 33.511 needs correction once the CR to include this test case in TS 33.511 is approved.
Requirement Name: User plane data integrity protection over F1 interface.
Requirement Reference: TS 33.501[2], clauses 5.3.9.
Requirement Description: "The gNB shall support confidentiality, integrity and replay protection on the gNB DU-CU F1-U interface [33] for user plane" as specified in TS 33.501 [2], clauses 5.3.9.
Threat References: TR 33.926 [4], clause Z.2.2.4 – User plane data integrity protection.
Test Case: the test case in subclause 4.2.3.2.4 of TS 33.117 [3].
7.2.3 Technical Baseline
The baseline technical requirements are identical to the ones for the gNB product class given in clause 4.2.3 of TS 33.511 [6].
7.2.4 Operating systems
These requirements are identical to the ones for the gNB product class given in clause 4.2.4 of TS 33.511 [6].
7.2.5 Web servers
There are no gNB-DU specific additions to clause 4.2.5 of TS 33.117 [2].
7.2.6 Network devices
These requirements are identical to the ones for the gNB product class given in clause 4.2.6 of TS 33.511 [6].
7.3 Adaptations of hardening requirements and related test cases
These requirements are identical to the ones for the gNB product class given in clause 4.3 of TS 33.511 [6].
7.4 Adaptations of basic vulnerability testing requirements and related test cases
There are no gNB-DU specific additions to clause 4.4 of TS 33.117 [2].
Annex <X> (informative):
Change history
|
Change history |
|||||||
|
Date |
Meeting |
TDoc |
CR |
Rev |
Cat |
Subject/Comment |
New version |
|
2022-05 |
SA3#107-e |
S3-221201 |
Skeleton (S3-221196) plus S3-220989. |
0.1.0 |
|||
|
2022-09 |
SA3#108-e |
S3-222321 |
Incorporating S3-221824, S3-222309, S3-221310, S3-222312 and S3-222313. |
0.2.0 |
|||
|
2022-11 |
SA3#109 |
S3-224103 |
Incorporating S3-223346, S3-223348, S3-223349, S3-223350, S3-223352, S3-223353 and S3-223354. |
0.3.0 |
|||
|
2023-02 |
SA3#110 |
S3-230786 |
Changing the TS number from TS 33.742 to TS 33.523 due to mis- allocated specification number |
0.4.0 |
|||
|
2023-02 |
SA3#110 |
S3-231498 |
Incorporating S3-230789, S3-230790, S3-230794, S3-231470, S3-231471 and S3-231472. |
0.5.0 |
|||