9.1.2 Security mode control

38.523-13GPP5GSPart 1: ProtocolRelease 17TSUser Equipment (UE) conformance specification

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

9.1.2.1 NAS security mode command

9.1.2.1.1 Test Purpose (TP)

(1)

with { the UE is in 5GMM-REGISTERED-INITIATED state and the SS initiates the NAS security mode control procedure by sending a SECURITY MODE COMMAND message during initial registration procedure }

ensure that {

when { the UE receives an integrity protected SECURITY MODE COMMAND message including not matching replayed security capabilities }

then { the UE send a SECURITY MODE REJECT message and does not start applying the NAS security in both UL and DL }

}

(2)

with { the UE is in 5GMM-REGISTERED-INITIATED state and the SS initiates the NAS security mode control procedure by sending a SECURITY MODE COMMAND message during initial registration procedure }

ensure that {

when { the UE receives an integrity protected SECURITY MODE COMMAND message including IMEISV request }

then { the UE send an integrity protected and ciphered SECURITY MODE COMPLETE message including IMEISV and starts applying the NAS Security in both UL and DL }

}

9.1.2.1.2 Conformance requirements

References: The conformance requirements covered in the present test case are specified in: TS 24.501, clauses 5.4.2.1, 5.4.2.3 and 5.4.2.5. Unless otherwise stated these are Rel-15 requirements.

[TS 24.501, clause 5.4.2.1]

The purpose of the NAS security mode control procedure is to take a 5G NAS security context into use, and initialise and start NAS signalling security between the UE and the AMF with the corresponding 5G NAS keys and 5G NAS security algorithms.

Furthermore, the network may also initiate the security mode control procedure in the following cases:

a) in order to change the 5G NAS security algorithms for a current 5G NAS security context already in use;

b) in order to change the value of uplink NAS COUNT used in the latest SECURITY MODE COMPLETE message as described in 3GPP TS 33.501 [24], subclause 6.9.4.4.

c) in order to provide the Selected EPS NAS security algorithms to the UE.

For restrictions concerning the concurrent running of a security mode control procedure with other security related procedures in the AS or inside the core network see 3GPP TS 33.501 [24], subclause 6.9.5.

[TS 24.501, clause 5.4.2.3]

Upon receipt of the SECURITY MODE COMMAND message, the UE shall check whether the security mode command can be accepted or not. This is done by performing the integrity check of the message, and by checking that the received Replayed UE security capabilities IE has not been altered compared to the latest values that the UE sent to the network.

When the SECURITY MODE COMMAND message includes an EAP-success message the UE handles the EAP-success message and the ABBA as described in subclause 5.4.1.2.2.8 and 5.4.1.2.3.1.

If:

a) the UE is registered for emergency services, performing initial registration for emergency services or establishing an emergency PDU session; or

b) the W-AGF acts on behalf of the FN-RG;

and the SECURITY MODE COMMAND message is received with ngKSI value "000" and 5G-IA0 and 5G-EA0 as selected 5G NAS security algorithms, the UE shall locally derive and take in use 5G NAS security context. The UE shall delete existing current 5G NAS security context.

The UE shall accept a SECURITY MODE COMMAND message indicating the "null integrity protection algorithm" 5G-IA0 as the selected 5G NAS integrity algorithm only if the message is received when the UE is registered for emergency services, performing initial registration for emergency services or establishing an emergency PDU session or when the W-AGF acts on behalf of the FN-RG.

If the type of security context flag included in the SECURITY MODE COMMAND message is set to "native security context" and if the ngKSI matches a valid non-current native 5G NAS security context held in the UE while the UE has a mapped 5G NAS security context as the current 5G NAS security context, the UE shall take the non-current native 5G NAS security context into use which then becomes the current native 5G NAS security context and delete the mapped 5G NAS security context.

The UE shall ignore the Replayed S1 UE security capabilities IE if this IE is included in the SECURITY MODE COMMAND message.

If the SECURITY MODE COMMAND message can be accepted, the UE shall take the 5G NAS security context indicated in the message into use. The UE shall in addition reset the uplink NAS COUNT counter if:

a) the SECURITY MODE COMMAND message is received in order to take a 5G NAS security context into use created after a successful execution of the 5G AKA based primary authentication and key agreement procedure or the EAP based primary authentication and key agreement procedure; or

b) the SECURITY MODE COMMAND message received includes the type of security context flag set to "mapped security context" in the NAS key set identifier IE the ngKSI does not match the current 5G NAS security context, if it is a mapped 5G NAS security context.

If the SECURITY MODE COMMAND message can be accepted and a new 5G NAS security context is taken into use and SECURITY MODE COMMAND message does not indicate the "null integrity protection algorithm" 5G-IA0 as the selected NAS integrity algorithm, the UE shall:

– if the SECURITY MODE COMMAND message has been successfully integrity checked using an estimated downlink NAS COUNT equal to 0, then the UE shall set the downlink NAS COUNT of this new 5G NAS security context to 0;

– otherwise the UE shall set the downlink NAS COUNT of this new 5G NAS security context to the downlink NAS COUNT that has been used for the successful integrity checking of the SECURITY MODE COMMAND message.

If the SECURITY MODE COMMAND message includes the horizontal derivation parameter indicating "K_AMF derivation is required", the UE shall derive a new K’_AMF, as specified in 3GPP TS 33.501 [24] for K_AMF to K’_AMF derivation in mobility, and set both uplink and downlink NAS COUNTs to zero. When the new 5G NAS security context is taken into use for current access and the UE is registered with the same PLMN over the 3GPP access and the non-3GPP access:

a) the UE is in 5GMM-IDLE mode over the non-current access, the AMF and the UE shall activate the new 5G NAS security context over the non-current access as described in 3GPP TS 33.501 [24]. The AMF and the UE shall set the downlink NAS COUNT and uplink NAS COUNT to zero for the non-current access; or

b) the UE is in 5GMM-CONNECTED mode over the non-current access, the AMF shall send the SECURITY MODE COMMAND message over the non-current access to activate the new 5G NAS security context that was activated over the current access as described in 3GPP TS 33.501 [24]. The AMF shall include the same ngKSI in the SECURITY MODE COMMAND message to identify the new 5G NAS security context.

If the SECURITY MODE COMMAND message includes the horizontal derivation parameter indicating "K_AMF derivation is not required" or the Additional 5G security parameters IE is not included in the message, the UE is registered with the same PLMN over the 3GPP access and non-3GPP access, then after the completion of a security mode control procedure over the current access:

a) the UE is in 5GMM-IDLE mode over the non-current access, the AMF and the UE shall activate the new 5G NAS security context for the non-current access. If a primary authentication and key agreement procedure was completed before the security mode control procedure, the AMF and the UE shall set the downlink NAS COUNT and uplink NAS COUNT to zero for the non-current access, otherwise the downlink NAS COUNT and uplink NAS COUNT for the non-3GPP access are not changed; or

If the SECURITY MODE COMMAND message can be accepted, the UE shall send a SECURITY MODE COMPLETE message integrity protected with the selected 5GS integrity algorithm and the 5G NAS integrity key based on the K_AMF or mapped K’_AMF if the type of security context flag is set to "mapped security context" indicated by the ngKSI. When the SECURITY MODE COMMAND message includes the type of security context flag set to "mapped security context" in the NAS key set identifier IE, then the UE shall check whether the SECURITY MODE COMMAND message indicates the ngKSI of the current 5GS security context, if it is a mapped 5G NAS security context, in order not to re-generate the K’_AMF.

Furthermore, if the SECURITY MODE COMMAND message can be accepted, the UE shall cipher the SECURITY MODE COMPLETE message with the selected 5GS ciphering algorithm and the 5GS NAS ciphering key based on the K_AMF or mapped K’_AMF indicated by the ngKSI. The UE shall set the security header type of the message to "integrity protected and ciphered with new 5G NAS security context".

From this time onward the UE shall cipher and integrity protect all NAS signalling messages with the selected 5GS integrity and ciphering algorithms.

If the AMF indicated in the SECURITY MODE COMMAND message that the IMEISV is requested:

1) if the UE has an IMEISV, the UE shall include its IMEISV in the SECURITY MODE COMPLETE message; or

2) if the 5G-CRG or the W-AGF acting on behalf of the FN-CRG do not have an IMEISV, the 5G-CRG or the W-AGF acting on behalf of the FN-CRG shall include the 5G-CRG’s cable modem MAC address or the FN-CRG’s cable modem MAC address in the SECURITY MODE COMPLETE message.

If, during an ongoing registration procedure or service request procedure, the SECURITY MODE COMMAND message includes the Additional 5G security information IE with the RINMR bit set to "Retransmission of the initial NAS message requested", the UE shall include the entire uncyphered REGISTRATION REQUEST message or SERVICE REQUEST message, which the UE had previously included in the NAS message container IE of the initial NAS message (i.e. REGISTRATION REQUEST message or SERVICE REQUEST message, respectively), in the NAS message container IE of the SECURITY MODE COMPLETE message.

If, prior to receiving the SECURITY MODE COMMAND message, the UE without a valid 5G NAS security context had sent a REGISTRATION REQUEST message the UE shall include the entire REGISTRATION REQUEST message in the NAS message container IE of the SECURITY MODE COMPLETE message as described in subclause 4.4.6.

If the UE operating in the single-registration mode receives the Selected EPS NAS security algorithms IE, the UE shall use the IE according to 3GPP TS 33.501 [24].

For a UE operating in single-registration mode with N26 interface supported in the network, after an inter-system change from S1 mode to N1 mode in 5GMM-CONNECTED mode, the UE shall set the value of the Selected EPS NAS security algorithms IE in the 5G NAS security context to the NAS security algorithms that were received from the source MME when the UE was in S1 mode.

[TS 24.501, clause 5.4.2.5]

If the security mode command cannot be accepted, the UE shall send a SECURITY MODE REJECT message. The SECURITY MODE REJECT message contains a 5GMM cause that typically indicates one of the following cause values:

#23 UE security capabilities mismatch.

#24 security mode rejected, unspecified.

If the UE detects that the received Replayed UE security capabilities IE has been altered compared to the latest values that the UE sent to the network, the UE shall set the cause value to #23 "UE security capabilities mismatch".

Upon receipt of the SECURITY MODE REJECT message, the AMF shall stop timer T3560. The AMF shall also abort the ongoing procedure that triggered the initiation of the NAS security mode control procedure.

Both the UE and the AMF shall apply the 5G NAS security context in use before the initiation of the security mode control procedure, if any, to protect the SECURITY MODE REJECT message and any other subsequent messages according to the rules in subclause 4.4.4 and 4.4.5.

9.1.2.1.3 Test description

9.1.2.1.3.1 Pre-test conditions

System Simulator:

– NGC Cell A.

UE:

– None.

Preamble:

– The procedure defined in subclause 4.9.8 in 38.508-1 [4] has been performed to ensure that the UE does not have a valid 5G NAS security context

– The UE is in state 0-A on NGC Cell A according to TS 38.508-1 [4].

9.1.2.1.3.2 Test procedure sequence

Table 9.1.2.1.3.2-1: Main behaviour

St	Procedure	Message Sequence		TP	Verdict
		U – S	Message
1	The UE is switched on.	–	–	–	–
2-2E	Steps 1-6 of the generic procedure for UE registration specified in TS 38.508-1 [4] table 4.5.2.2-2 are performed.	–	–	–	–
3	The SS transmits a SECURITY MODE COMMAND message to activate NAS security. It is integrity protected and includes unmatched replayed security capabilities.	<–	SECURITY MODE COMMAND	–	–
4	Check: Does the UE transmit a SECURITY MODE REJECT message with cause’#23: UE security capabilities mismatch’?	–>	SECURITY MODE REJECT	1	P
5	The SS transmits an IDENTITY REQUEST message (Security not applied).	<–	IDENTITY REQUEST	–	–
6	Check: Does the UE transmit a non security protected IDENTIY RESPONSE message?	–>	IDENTITY RESPONSE	1	P
7	The SS transmits a SECURITY MODE COMMAND message to activate NAS security. It is integrity protected and includes IMEISV.	<–	SECURITY MODE COMMAND	–	–
8	Check: Does the UE transmit a SECURITY MODE COMPLETE message and does it establish the initial security configuration?	–>	SECURITY MODE COMPLETE	2	P
9a1-9Ja1	Steps 9a1-19a1 of the generic procedure for UE registration specified in TS 38.508-1 [4] table 4.5.2.2-2 are performed.	–	–	–	–
10	The SS transmits an IDENTITY REQUEST message (Security protected as per the algorithms specified in step 7).	<-	IDENTITY REQUEST	–	–
11	Check: Does the UE transmit an IDENTIY RESPONSE message (Security Protected as per the algorithms specified in step 7)?	->	IDENTITY RESPONSE	2	P

9.1.2.1.3.3 Specific message contents

Table 9.1.2.1.3.3-1: SECURITY MODE COMMAND (Step 3, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Replayed UE security capabilities	Set to mismatch the security capability of UE under test

Table 9.1.2.1.3.3-2: SECURITY MODE REJECT (Step 4, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-27
Information Element	Value/Remark	Comment	Condition
5GMM cause	#23

Table 9.1.2.1.3.3-3: IDENTITY REQUEST (Step 5, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-21
Information Element	Value/Remark	Comment	Condition
Identity type	‘0001’B	SUCI

Table 9.1.2.1.3.3-4: IDENTITY RESPONSE (Step 6, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-22
Information Element	Value/Remark	Comment	Condition
Mobile identity
Type of identity	‘001’B	SUCI

Table 9.1.2.1.3.3-5: SECURITY MODE COMMAND (Step 7, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4], table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Selected NAS security algorithms
Type of ciphering algorithm	Set according to PIXIT parameter for default ciphering algorithm if it is set to a value different to 5G-EA0, or, set to any value different to 5G-EA0 otherwise	Non-zero ciphering algorithm
IMEISV request	Present

Table 9.1.2.1.3.3-6: SECURITY MODE COMPLETE (Step 8, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4], table 4.7.1-26
Information Element	Value/Remark	Comment	Condition
IMEISV	Present

Table 9.1.2.1.3.3-7: IDENTITY REQUEST (Step 10, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-21
Information Element	Value/Remark	Comment	Condition
Identity type	‘0011’B	IMEI

Table 9.1.2.1.3.3-8: IDENTITY RESPONSE (Step 11, Table 9.1.2.1.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-22
Information Element	Value/Remark	Comment	Condition
Mobile identity
Type of identity	‘011’B	IMEI

9.1.2.2 Protection of initial NAS signalling messages

9.1.2.2.1 Test Purpose (TP)

(1)

with { the UE is switched-off with no valid 5G NAS security context }

ensure that {

when { the UE is switched on }

then {the UE sends a REGISTRATION REQUEST message including cleartext IEs only }

}

(2)

with { the UE is in 5GMM-REGISTERED-INITIATED state }

ensure that {

when { the UE is activating a 5G NAS security context resulting from a security mode control procedure }

then {the UE sends SECURITY MODE COMPLETE message with the entire REGISTRATION REQUEST message }

}

9.1.2.2.2 Conformance requirements

References: The conformance requirements covered in the present test case are specified in: TS 24.501, clauses 4.4.6 and 5.5.1. Unless otherwise stated these are Rel-15 requirements.

[TS 24.501, clause 4.4.6]

The 5GS supports protection of initial NAS messages as specified in 3GPP TS 33.501 [24]. The protection of initial NAS messages applies to the REGISTRATION REQUEST and SERVICE REQUEST message, and is achieved as follows:

a) If the UE does not have a valid 5G NAS security context, the UE sends a REGISTRATION REQUEST message including cleartext IEs only. After activating a 5G NAS security context resulting from a security mode control procedure:

1) if the UE needs to send non-cleartext IEs, the UE shall include the entire REGISTRATION REQUEST message (i.e. containing both cleartext IEs and non-cleartext IEs) in the NAS message container IE and shall include the NAS message container IE in the SECURITY MODE COMPLETE message;

2) if the UE does not need to send non-cleartext IEs, the UE shall include the entire REGISTRATION REQUEST message (i.e. containing cleartext IEs only) in the NAS message container IE and shall include the NAS message container IE in the SECURITY MODE COMPLETE message.

b) If the UE has a valid 5G NAS security context and the UE needs to send non-cleartext IEs in a REGISTRATION REQUEST or SERVICE REQUEST message, the UE includes the entire REGISTRATION REQUEST or SERVICE REQUEST message (i.e. containing both cleartext IEs and non-cleartext IEs) in the NAS message container IE and shall cipher the value part of the NAS message container IE. The UE shall then send a REGISTRATION REQUEST or SERVICE REQUEST message containing the cleartext IEs and the NAS message container IE.

When the initial NAS message is a REGISTRATION REQUEST message, the cleartext IEs are:

– Extended protocol discriminator;

– Security header type;

– Spare half octet;

– Registration request message identity;

– 5GS registration type;

– ngKSI;

– 5GS mobile identity;

– UE security capability;

– Additional GUTI;

– UE status; and

– EPS NAS message container.

…

When the UE sends a REGISTRATION REQUEST or SERVICE REQUEST message that includes a NAS message container IE, the UE shall set the security header type of the initial NAS message to "integrity protected".

If the UE does not need to send non-cleartext IEs in the initial NAS message, the UE shall send the initial NAS message i.e. REGISTRATION REQUEST or SERVICE REQUEST message with cleartext IEs only i.e. without including the NAS message container IE in the initial NAS message.

[TS 24.501, clause 5.5.1]

…

If the UE does not have a valid 5G NAS security context, the UE shall send the REGISTRATION REQUEST message without including the NAS message container IE. The UE shall include the entire REGISTRATION REQUEST message (i.e. containing cleartext IEs and non-cleartext IEs) in the NAS message container IE that is sent as part of the SECURITY MODE COMPLETE message as described in subclauses 4.4.6 and 5.2.4.

9.1.2.2.3 Test description

9.1.2.2.3.1 Pre-test conditions

System Simulator:

– NGC Cell A.

UE:

– None.

Preamble:

– The UE is in state 0-A on NGC Cell A according to TS 38.508-1 [4].

– The procedure defined in subclause 4.9.8 in TS 38.508-1 [4] has been performed to ensure that the UE does not have a valid 5G NAS security context.

9.1.2.2.3.2 Test procedure sequence

Table 9.1.2.2.3.2-1: Main behaviour

St	Procedure	Message Sequence		TP	Verdict
		U – S	Message
1	The UE is switched on.	–	–	–	–
2-4	Steps 1-3 of the generic procedure for UE registration specified in TS 38.508-1 [4] table 4.5.2.2-2 are performed.	–	–	–	–
5	Check: Does he UE transmit an RRCSetupComplete message and a REGISTRATION REQUEST message?	–>	REGISTRATION REQUEST	1	P
6	The SS transmits a DLInformationTransfer message and an AUTHENTICATION REQUEST message.	<–	AUTHENTICATION REQUEST
7	The UE transmits an ULInformationTransfer message and an AUTHENTICATION RESPONSE message.	–>	AUTHENTICATION RESPONSE
8	The SS transmits a DLInformationTransfer message and a SECURITY MODE COMMAND message.	<–	SECURITY MODE COMMAND
9	Check: Does the UE transmit an ULInformationTransfer message and a SECURITY MODE COMPLETE message?	–>	SECURITY MODE COMPLETE	2	P
10-20	Steps 10-20a1 of the generic procedure for UE registration specified in TS 38.508-1 [4] table 4.5.2.2-2 are performed.	–	–	–	–

9.1.2.2.3.3 Specific message contents

Table 9.1.2.2.3.3-1: REGISTRATION REQUEST (Step 5, Table 9.1.2.2.3.2-1)

Derivation path: TS 38.508-1 [4], table 4.7.1-6 using condition NON_CLEARTEXT_IE = FALSE

Table 9.1.2.2.3.3-2: REGISTRATION REQUEST (Step 9, Table 9.1.2.2.3.2-1)

Derivation path: TS 38.508-1 [4], table 4.7.1-6 using condition CIPHERED_MESSAGE

Table 9.1.2.2.3.3-3: SECURITY MODE COMPLETE (Step 9, Table 9.1.2.2.3.2-1)

Derivation path: TS 38.508-1 [4], table 4.7.1-26
Information Element	Value/Remark	Comment	Condition
NAS message container	Contents of Table 9.1.2.2.3.3-2	The entire REGISTRATION REQUEST message.

9.1.2.3 Integrity protection / Correct functionality of 5G NAS integrity algorithm / SNOW3G

9.1.2.3.1 Test Purpose (TP)

(1)

with { successful completion of 5G authentication and key agreement (AKA) procedure }

ensure that {

when { UE receives a an integrity protected SECURITY MODE COMMAND message instructing to start integrity protection using algorithm SNOW3G }

then { UE transmits an integrity protected SECURITY MODE COMPLETE using SNOW3G and starts applying the NAS Integrity protection in both UL and DL }

}

(2)

with { Integrity protection successful started by executing Security Mode Procedure }

ensure that {

when { UE receives an IDENTITY REQUEST message (requested identification parameter is not SUCI), without integrity protected }

then { UE does not transmit IDENTITY Response }

}

9.1.2.3.2 Conformance requirements

References: The conformance requirements covered in the current TC are specified in: TS 24.501 clause 4.4.4.1, 4.4.4.2, 5.4.2.1, 5.4.2.2 and 5.4.2.3. Unless otherwise stated these are Rel-15 requirements.

[TS 24.501, clause 4.4.4.1]

For the UE, integrity protected signalling is mandatory for the 5GMM NAS messages once a valid 5G NAS security context exists and has been taken into use. For the network, integrity protected signalling is mandatory for the 5GMM NAS messages once a secure exchange of 5GS NAS messages has been established for the NAS signalling connection. Integrity protection of all NAS signalling messages is the responsibility of the NAS. It is the network which activates integrity protection.

[TS 24.501, clause 4.4.4.2]

Once the secure exchange of NAS messages has been established, the receiving 5GMM entity in the UE shall not process any NAS signalling messages unless they have been successfully integrity checked by the NAS. If NAS signalling messages, having not successfully passed the integrity check, are received, then the NAS in the UE shall discard that message. The processing of the SECURITY MODE COMMAND message that has not successfully passed the integrity check is specified in subclause 5.4.2.5. If any NAS signalling message is received as not integrity protected even though the secure exchange of NAS messages has been established by the network, then the NAS shall discard this message.

[TS 24.501, clause 5.4.2.1]

[TS 24.501, clause 5.4.2.2]

The AMF initiates the NAS security mode control procedure by sending a SECURITY MODE COMMAND message to the UE and starting timer T3560 (see example in figure 5.4.2.2).

The AMF shall reset the downlink NAS COUNT counter and use it to integrity protect the initial SECURITY MODE COMMAND message if the security mode control procedure is initiated:

a) to take into use the security context created after a successful execution of the 5G AKA based primary authentication and key agreement procedure or the EAP based primary authentication and key agreement procedure; or

…

The AMF shall send the SECURITY MODE COMMAND message uncyphered, but shall integrity protect the message with the 5G NAS integrity key based on K_AMF or mapped K’_AMF indicated by the ngKSI included in the message. The AMF shall set the security header type of the message to "integrity protected with new 5G NAS security context".

…

The AMF shall include the replayed security capabilities of the UE (including the security capabilities with regard to NAS, RRC and UP (user plane) ciphering as well as NAS and RRC integrity, and other possible target network security capabilities, i.e. E-UTRAN if the UE included them in the message to network), the selected 5GS ciphering and integrity algorithms and the ngKSI.

[TS 24.501, clause 5.4.2.3]

…

If the SECURITY MODE COMMAND message can be accepted, the UE shall take the 5G NAS security context indicated in the message into use. The UE shall in addition reset the uplink NAS COUNT counter if:

…

From this time onward the UE shall cipher and integrity protect all NAS signalling messages with the selected 5GS integrity and ciphering algorithms.

9.1.2.3.3 Test description

9.1.2.3.3.1 Pre-test conditions

System Simulator:

– NGC Cell A.

UE:

– None.

Preamble:

– The UE is in state Switched OFF (state 0N-B) according to TS 38.508-1 [4].

9.1.2.3.3.2 Test procedure sequence

Table 9.1.2.3.3.2-1: Main behaviour

St	Procedure	Message Sequence		TP	Verdict
		U – S	Message
1	The UE is switched on.	–	–	–	–
2-6	Steps 2-6 of the generic procedure for UE registration specified in TS 38.508-1 [4] table 4.5.2.2-2 are performed.	–	–	–	–
7	The SS transmits a SECURITY MODE COMMAND message to activate NAS security. It is integrity protected.	<–	SECURITY MODE COMMAND	–	–
8	Check: Does the UE transmit a SECURITY MODE COMPLETE message and starts applying the NAS Integrity protection in both UL and DL?	–>	SECURITY MODE COMPLETE	1	P
9-18a1	Steps 10-19a1 of the generic procedure for UE registration specified in TS 38.508-1 [4] table 4.5.2.2-2 are performed.	–	–	–	–
19	The SS transmits an IDENTITY REQUEST message with Integrity protected and with default ciphering	<–	IDENTITY REQUEST	–	–
20	Check: Does the UE transmit an IDENTIY RESPONSE message with Integrity Protected and with default ciphering?	–>	IDENTITY RESPONSE	1	P
21	The SS transmits an IDENTITY REQUEST message (not Integrity protected)	<–	IDENTITY REQUEST	–	–
22	Check: Does the UE transmit an IDENTIY RESPONSE message within the next 5 seconds?	–>	IDENTITY RESPONSE	2	F

9.1.2.3.3.3 Specific message contents

Table 9.1.2.3.3.3-1: SECURITY MODE COMMAND (Step 7, Table 9.1.2.3.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Selected NAS security algorithms
Type of integrity protection algorithm	‘0001’B	5G integrity algorithm 128-5G-IA1 [SNOW3G]

9.1.2.4 Integrity protection / Correct functionality of 5G NAS integrity algorithm / AES

9.1.2.4.1 Test Purpose (TP)

(1)

with { successful completion of 5G authentication and key agreement (AKA) procedure }

ensure that {

when { UE receives a an integrity protected SECURITY MODE COMMAND message instructing to start integrity protection using algorithm AES }

then { UE transmits an integrity protected SECURITY MODE COMPLETE using AES and starts applying the NAS Integrity protection in both UL and DL }

}

(2)

with { Integrity protection successful started by executing Security Mode Procedure }

ensure that {

when { UE receives an IDENTITY REQUEST message (requested identification parameter is not SUCI), without integrity protected }

then { UE does not transmit IDENTITY Response }

}

9.1.2.4.2 Conformance requirements

Same Conformance requirements as in clause 9.1.2.3.2.

9.1.2.4.3 Test description

9.1.2.4.3.1 Pre-test conditions

Same Pre-test conditions as in clause 9.1.2.3.3.1.

9.1.2.4.3.2 Test procedure sequence

Same Test procedure sequence as in table 9.1.2.3.3.2-1, except the integrity protection algorithm is AES.

9.1.2.4.3.3 Specific message contents

Table 9.1.2.4.3.3-1: SECURITY MODE COMMAND (Step 7)

Derivation path: TS 38.508-1 [4],table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Selected NAS security algorithms
Type of integrity protection algorithm	‘0010’B	5G integrity algorithm 128-5G-IA2 [AES]

9.1.2.5 Integrity protection / Correct functionality of 5G NAS integrity algorithm / ZUC

9.1.2.5.1 Test Purpose (TP)

(1)

with { successful completion of 5G authentication and key agreement (AKA) procedure }

ensure that {

when { UE receives a an integrity protected SECURITY MODE COMMAND message instructing to start integrity protection using algorithm ZUC }

then { UE transmits an integrity protected SECURITY MODE COMPLETE using ZUC and starts applying the NAS Integrity protection in both UL and DL }

}

(2)

with { Integrity protection successful started by executing Security Mode Procedure }

ensure that {

when { UE receives an IDENTITY REQUEST message (requested identification parameter is not SUCI), without integrity protected }

then { UE does not transmit IDENTITY Response }

}

9.1.2.5.2 Conformance requirements

Same Conformance requirements as in clause 9.1.2.3.2.

9.1.2.5.3 Test description

9.1.2.5.3.1 Pre-test conditions

Same Pre-test conditions as in clause 9.1.2.3.3.1.

9.1.2.5.3.2 Test procedure sequence

Same Test procedure sequence as in table 9.1.2.3.3.2-1, except the integrity protection algorithm is ZUC.

9.1.2.5.3.3 Specific message contents

Table 9.1.2.5.3.3-1: SECURITY MODE COMMAND (Step 7)

Derivation path: TS 38.508-1 [4],table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Selected NAS security algorithms
Type of integrity protection algorithm	‘0011’B	5G integrity algorithm 128-5G-IA3 [ZUC]

9.1.2.6 Ciphering and deciphering / Correct functionality of 5G NAS encryption algorithm / SNOW3G

9.1.2.6.1 Test Purpose (TP)

(1)

with { successful completion of 5G authentication and key agreement (AKA) procedure }

ensure that {

when { UE receives a SECURITY MODE COMMAND instructing to start ciphering using algorithm SNOW3G }

then { UE sends a SECURITY MODE COMPLETE message ciphered with SNOW3G and starts applying the NAS ciphering in both UL and DL }

}

9.1.2.6.2 Conformance requirements

References: The conformance requirements covered in the current TC are specified in: TS 24.501 clause 5.4.2.1, 5.4.2.2 and 5.4.2.3. Unless otherwise stated these are Rel-15 requirements.

[TS 24.501, clause 5.4.2.1]

[TS 24.501, clause 5.4.2.2]

The AMF initiates the NAS security mode control procedure by sending a SECURITY MODE COMMAND message to the UE and starting timer T3560 (see example in figure 5.4.2.2).

The AMF shall reset the downlink NAS COUNT counter and use it to integrity protect the initial SECURITY MODE COMMAND message if the security mode control procedure is initiated:

…

[TS 24.501, clause 5.4.2.3]

…

If the SECURITY MODE COMMAND message can be accepted, the UE shall take the 5G NAS security context indicated in the message into use. The UE shall in addition reset the uplink NAS COUNT counter if:

…

From this time onward the UE shall cipher and integrity protect all NAS signalling messages with the selected 5GS integrity and ciphering algorithms

9.1.2.6.3 Test description

9.1.2.6.3.1 Pre-test conditions

System Simulator:

– NGC Cell A.

UE:

– None.

Preamble:

– The UE is in state Switched OFF (state 0N-B) according to TS 38.508-1 [4].

9.1.2.6.3.2 Test procedure sequence

Table 9.1.2.6.3.2-1: Main behaviour

St	Procedure	Message Sequence		TP	Verdict
		U – S	Message
1	The UE is switched on.	–	–	–	–
2-6	Steps 2-6 of the generic procedure for UE registration specified in TS 38.508-1 [4] subclause 4.5.2.3 are performed.	–	–	–	–
7	The SS transmits a SECURITY MODE COMMAND message to activate NAS security.	<–	SECURITY MODE COMMAND	–	–
8	Check: Does the UE transmit a SECURITY MODE COMPLETE message ciphered and starts applying the NAS ciphering in both UL and DL?	–>	SECURITY MODE COMPLETE	1	P
9-18a1	Steps 10-19a1 of the generic procedure for UE registration specified in TS 38.508-1 [4] table 4.5.2.2-2 are performed.	–	–	–	–
19	The SS transmits an IDENTITY REQUEST message Ciphered	<–	IDENTITY REQUEST	–	–
20	Check: Does the UE transmit an IDENTIY RESPONSE message Ciphered?	–>	IDENTITY RESPONSE	1	P

9.1.2.6.3.3 Specific message contents

Table 9.1.2.6.3.3-1: SECURITY MODE COMMAND (Step 7, Table 9.1.2.6.3.2-1)

Derivation path: TS 38.508-1 [4],table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Selected NAS security algorithms
Type of ciphering algorithm	‘0001’B	5G encryption algorithm 128-5G-EA1 [SNOW3G]

9.1.2.7 Ciphering and deciphering / Correct functionality of 5G NAS encryption algorithm / AES

9.1.2.7.1 Test Purpose (TP)

(1)

with { successful completion of 5G authentication and key agreement (AKA) procedure }

ensure that {

when { UE receives a SECURITY MODE COMMAND instructing to start ciphering using algorithm AES }

then { UE sends a SECURITY MODE COMPLETE message ciphered with AES and starts applying the NAS ciphering in both UL and DL }

}

9.1.2.7.2 Conformance requirements

Same conformance requirement as in clause 9.1.2.6.2.

9.1.2.7.3 Test description

9.1.2.7.3.1 Pre-test conditions

Same Pre-test conditions as in clause 9.1.2.6.3.1.

9.1.2.7.3.2 Test procedure sequence

Same Test procedure sequence as in Table 9.1.2.6.3.2-1, except the ciphering algorithm is AES.

9.1.2.7.3.3 Specific message contents

Table 9.1.2.7.3.3-1: SECURITY MODE COMMAND (Step 7)

Derivation path: TS 38.508-1 [4],table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Selected NAS security algorithms
Type of ciphering algorithm	‘0010’B	5G encryption algorithm 128-5G-EA2 [AES]

9.1.2.8 Ciphering and deciphering / Correct functionality of 5G NAS encryption algorithm / ZUC

9.1.2.8.1 Test Purpose (TP)

(1)

with { successful completion of 5G authentication and key agreement (AKA) procedure }

ensure that {

when { UE receives a SECURITY MODE COMMAND instructing to start ciphering using algorithm ZUC }

then { UE sends a SECURITY MODE COMPLETE message ciphered with ZUC and starts applying the NAS ciphering in both UL and DL }

}

9.1.2.8.2 Conformance requirements

Same conformance requirement as in clause 9.1.2.6.2.

9.1.2.8.3 Test description

9.1.2.8.3.1 Pre-test conditions

Same Pre-test conditions as in clause 9.1.2.6.3.1.

9.1.2.8.3.2 Test procedure sequence

Same Test procedure sequence as in Table 9.1.2.6.3.2-1, except the ciphering algorithm is ZUC.

9.1.2.8.3.3 Specific message contents

Table 9.1.2.8.3.3-1: SECURITY MODE COMMAND (Step 7)

Derivation path: TS 38.508-1 [4],table 4.7.1-25
Information Element	Value/Remark	Comment	Condition
Selected NAS security algorithms
Type of ciphering algorithm	‘0011’B	5G encryption algorithm 128-5G-EA3 [ZUC]