Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.855  Word version:  16.1.0

Top   Top   Up   Prev   Next
1…   4…   6…
4 Key Issues4.1 General SBA Key Issues4.2 SEPP-/N32-specific Key Issues

 

4  Key Issuesp. 13

4.1  General SBA Key Issuesp. 13

4.1.1  Key Issue #1: Confidentiality protection of signalling messagesp. 13

4.1.1.1  Issue descriptionp. 13

4.1.1.2  Threat descriptionp. 13

4.1.1.3  Potential security requirementsp. 14

4.1.2  Key Issue #2: Integrity protection of signalling messages while allowing for modificationsp. 14

4.1.2.1  Issue descriptionp. 14

4.1.2.2  Threat descriptionp. 14

4.1.2.3  Potential security requirementsp. 14

4.1.3  Key Issue #3: Replay protection of signalling messagesp. 14

4.1.3.1  Issue descriptionp. 14

4.1.3.2  Threat descriptionp. 15

4.1.3.3  Potential security requirementsp. 15

4.1.4  Key Issue #4: NF-NF Authenticationp. 15

4.1.4.1  Issue descriptionp. 15

4.1.4.2  Threat descriptionp. 15

4.1.4.3  Potential security requirementsp. 15

4.1.5  Key Issue #5: NF-NF Authorizationp. 15

4.1.5.1  Issue descriptionp. 15

4.1.5.2  Threat descriptionp. 15

4.1.5.3  Potential security requirementsp. 15

4.1.6  Key Issue #6: NF-NRF Authenticationp. 16

4.1.6.1  Issue descriptionp. 16

4.1.6.2  Threat descriptionp. 16

4.1.6.3  Potential security requirementsp. 16

4.1.7  Key Issue #7: NF-NRF Authorizationp. 16

4.1.7.1  Issue descriptionp. 16

4.1.7.2  Threat descriptionp. 16

4.1.7.3  Potential security requirementsp. 16

4.1.8  Key Issue #8: NRF-NRF Authenticationp. 17

4.1.8.1  Issue descriptionp. 17

4.1.8.2  Threat descriptionp. 17

4.1.8.3  Potential security requirementsp. 17

4.1.9  Key Issue #9: NRF-NRF Authorizationp. 17

4.1.9.1  Issue descriptionp. 17

4.1.9.2  Threat descriptionp. 17

4.1.9.3  Potential security requirementsp. 17

4.1.10  Key Issue #20: Protection of SeCoP interfacesp. 17

4.1.10.1  Issue descriptionp. 17

4.1.10.2  Threat descriptionp. 18

4.1.10.3  Potential security requirementsp. 18

4.1.11  Key Issue #21: Secure message transport via the SeCoPp. 19

4.1.11.1  Issue descriptionp. 19

4.1.11.2  Threat descriptionp. 19

4.1.11.3  Potential security requirementsp. 19

4.1.12  Key Issue #22: Authorization of NF service access in Indirect Communicationp. 19

4.1.12.1  Issue descriptionp. 19

4.1.12.2  Threat descriptionp. 19

4.1.12.3  Potential security requirementsp. 20

4.1.13  Key Issue #23: NF to NF authentication and authorization in Indirect communicationp. 20

4.1.13.1  Issue descriptionp. 20

4.1.13.2  Threat descriptionp. 20

4.1.13.3  Potential security requirementsp. 20

4.1.14  Key Issue #24: Service access authorization based on NF Setp. 20

4.1.14.1  Issue descriptionp. 20

4.1.14.2  Threat descriptionp. 20

4.1.14.3  Potential security requirementsp. 21

4.1.15  Key Issue #25: Indirect communication in roaming scenariosp. 21

4.1.15.2  Threat descriptionp. 21

4.1.15.3  Potential Architecture requirementsp. 21

4.1.16  Key Issue #26: Protection of N9 interfacep. 21

4.1.16.1  Issue descriptionp. 21

4.1.16.2  Threat descriptionp. 21

4.1.16.3  Potential security requirementsp. 21

4.1.17  Key Issue #27: Support of a UP gateway function on the N9 interfacep. 22

4.1.17.1  Issue descriptionp. 22

4.1.17.2  Threat descriptionp. 22

4.1.17.3  Potential security requirementsp. 23

4.1.18  Key Issue #28: Service access authorization in the delegated "Subscribe-Notify" scenariosp. 23

4.1.18.1  Issue descriptionp. 23

4.1.18.2  Threat descriptionp. 23

4.1.18.3  Potential security requirementsp. 23

4.1.19  Key Issue #29: Resource level authorization of NF consumersp. 23

4.1.19.1  Issue descriptionp. 23

4.1.19.2  Threat descriptionp. 23

4.1.19.3  Potential security requirementsp. 24

4.1.20  Key Issue #30: Service access authorization for non-delegated subscribe-notifyp. 24

4.1.20.1  Issue descriptionp. 24

4.1.20.2  Threat descriptionp. 24

4.1.20.3  Potential security requirementsp. 24

4.2  SEPP-/N32-specific Key Issuesp. 24

4.2.1  Key Issue #10: Termination points of N32 securityp. 24

4.2.1.1  Issue descriptionp. 24

4.2.1.2  Threat descriptionp. 24

4.2.1.3  Potential security requirementsp. 24

4.2.2  Key Issue #11: Local provisioning of SEPP protection policiesp. 25

4.2.2.1  Issue descriptionp. 25

4.2.2.2  Threat descriptionp. 25

4.2.2.3  Potential security requirementsp. 25

4.2.3  Key Issue #12: Provisioning of SEPP protection policies over N32p. 25

4.2.3.1  Issue descriptionp. 25

4.2.3.2  Threat descriptionp. 25

4.2.3.3  Potential security requirementsp. 25

4.2.4  Key Issue #13: SEPP session setupp. 26

4.2.4.1  Issue descriptionp. 26

4.2.4.2  Threat descriptionp. 26

4.2.4.3  Potential security requirementsp. 26

4.2.5  Key Issue #14: Application of ciphering and integrity protection to JSON object using JOSEp. 26

4.2.5.1  Issue descriptionp. 26

4.2.5.2  Threat descriptionp. 26

4.2.5.3  Potential security requirementsp. 27

4.2.6  Key Issue #15: Malicious messages received on the N32 interfacep. 27

4.2.6.1  Issue descriptionp. 27

4.2.6.2  Threat descriptionp. 29

4.2.6.3  Potential security requirementsp. 29

4.2.7  Key Issue #16: N32 error signallingp. 29

4.2.7.1  Issue descriptionp. 29

4.2.7.2  Threat descriptionp. 29

4.2.7.3  Potential security requirementsp. 29

4.2.8  Key Issue #17: Modifications by authorized intermediaries on N32p. 30

4.2.8.1  Issue descriptionp. 30

4.2.8.2  Threat descriptionp. 30

4.2.8.3  Potential security requirementsp. 30

4.2.9  Key Issue #18: Inter-PLMN routing and TLSp. 30

4.2.9.1  Key issue detailp. 30

4.2.9.2  Security threatsp. 31

4.2.9.3  Potential security requirementsp. 31

4.2.10  Key Issue #19: Configurational error handling by the SEPPp. 31

4.2.10.1  Issue descriptionp. 31

4.2.10.2  Threat descriptionp. 32

4.2.10.3  Potential security requirementsp. 32

5Void

Up   Top   ToC