Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 33.512
5G Security Assurance Specification (SCAS) –
Access and Mobility management Function (AMF)

3GPP‑Page   ETSI‑search  
V18.2.0 (PDF)  2024/06  31 p.
V17.3.0  2022/03  26 p.
V16.6.0  2021/12  22 p.
Rapporteur:
Ms. Deng, Juan
HuaWei Technologies Co., Ltd

Content for  TS 33.512  Word version:  18.2.0

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 AMF-specific security requirements and related test cases$ Change history

 

1  Scopep. 7

The present document contains objectives, requirements and test cases that are specific to the AMF network product class. It refers to the Catalogue of General Security Assurance Requirements and formulates specific adaptions of the requirements and test cases given there, as well as specifying requirements and test cases unique to the AMF network product class.

2  Referencesp. 7

3  Definitions of terms, symbols and abbreviationsp. 7

3.1  Termsp. 7

3.2  Symbolsp. 7

3.3  Abbreviationsp. 8

4  AMF-specific security requirements and related test casesp. 8

4.1  Introductionp. 8

4.2  AMF-specific adaptations of security functional requirements and related test cases.p. 8

4.2.1  Introductionp. 8

4.2.2  Security functional requirements on the AMF deriving from 3GPP specifications and related test casesp. 8

4.2.2.0  Generalp. 8

4.2.2.1  Authentication and key agreement procedurep. 8

4.2.2.1.1  Synchronization failure handlingp. 8
4.2.2.1.2  RES* verification failure handlingp. 10
4.2.2.1.3  NAS based redirection from 5GS to EPSp. 13
4.2.2.1.4  NAS integrity failurep. 13

4.2.2.2Void

4.2.2.3  Security mode command procedurep. 14

4.2.2.3.1  Replay protection of NAS signalling messagesp. 14
4.2.2.3.2  NAS NULL integrity protectionp. 15
4.2.2.3.3  NAS integrity algorithm selection and usep. 16

4.2.2.4  Security in intra-RAT mobilityp. 17

4.2.2.4.1  Bidding down prevention in Xn-handoverp. 17
4.2.2.4.2  NAS protection algorithm selection in AMF changep. 18

4.2.2.5  5G-GUTI allocationp. 19

4.2.2.5.1  5G-GUTI allocationp. 19

4.2.2.6  Security in registration procedurep. 20

4.2.2.6.1  Invalid or unacceptable UE security capabilities handlingp. 20
4.2.2.6.2  Correct transfer of UE security capabilities in AS security establishmentp. 21

4.2.2.7  RRCRestablishment in Control Plane CIoT 5GS Optimizationp. 22

4.2.2.8  Security in PDU session establishment procedurep. 23

4.2.2.8.1  Validation of S-NSSAIs in PDU session establishment requestp. 23

4.2.2.9  Network Slice Specific Authentication and Authorizationp. 24

4.2.2.9.1  NSSAA revocationp. 24

4.2.3  Technical Baselinep. 25

4.2.3.1  Introductionp. 25

4.2.3.2  Protecting data and informationp. 25

4.2.3.2.1  Protecting data and information - generalp. 25
4.2.3.2.2  Protecting data and information - unauthorized viewingp. 25
4.2.3.2.3  Protecting data and information in storagep. 25
4.2.3.2.4  Protecting data and information in transferp. 25
4.2.3.2.5  Logging access to personal datap. 25

4.2.3.3  Protecting availability and integrityp. 25

4.2.3.4  Authentication and authorizationp. 25

4.2.3.5  Protecting sessionsp. 25

4.2.3.6  Loggingp. 25

4.2.4  Operating Systemsp. 25

4.2.5  Web Serversp. 25

4.2.6  Network Devicesp. 25

4.3  AMF-specific adaptations of hardening requirements and related test casesp. 26

4.3.1  Introductionp. 26

4.3.2  Technical baselinep. 26

4.3.3  Operating systemsp. 26

4.3.4  Web serversp. 26

4.3.5  Network devicesp. 26

4.3.6  Network functions in service-based architecturep. 26

4.4  AMF-specific adaptations of basic vulnerability testing requirements and related test casesp. 26

4.4.1  Introductionp. 26

4.4.2  Port Scanningp. 26

4.4.3  Vulnerability scanningp. 26

4.4.4  Robustness and fuzz testingp. 26

$  Change historyp. 28

Up   Top