The present document studies the security aspects of enablers for network automation for the 5G system based on the outcome of
TR 23.700-91. More specifically, the present document identifies security issues, requirements and corresponding potential security solutions related to the following objectives:
-
UE data collection protection to fulfil the NWDAF functionalities including privacy consideration, data authenticity, data integrity, and accessibility aspects requirements.
-
Detection of cyber-attacks and anomaly events supported by NWDAF and its related functions, specifically to identify parameters provided by UE and NFs, which can help to detect attacks and abnormal behaviours;
-
Protection of data transferring (e.g. privacy consideration) in the inter-NWDAF/NWDAF instances.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
-
References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
-
For a specific reference, subsequent revisions do not apply.
-
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 23.700-91: "Study on enablers for network automation for the 5G System (5GS); Phase 2".
[2]
TS 33.867: "Study on user consent for 3GPP services".
[3]
TR 21.905: "Vocabulary for 3GPP Specifications".
[4]
TS 23.288: "Architecture enhancements for 5G System (5GS) to support network data analytics services ".
[5]
TS 23.501: "System Architecture for the 5G System; Stage 2".
[6]
[7]
ETSI GR SAI 001: "AI Threat Ontology"..
[8]
TS 33.501: "Security architecture and procedures for 5G system".
[9]
TR 28.809: "Study on enhancement of management data analytics".
For the purposes of the present document, the terms given in
TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in
TR 21.905.
Void.
For the purposes of the present document, the abbreviations given in
TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in
TR 21.905.
AF
Application Function
DDoS
Distributed Denial of Service
DoS
Denial of Service
eNA
enablers for Network Automation
MDAS
Management Data Analytics Service
MitM
Man in the Middle
ML
Machine Learning
NWDAF
Network Data Analytics Function
OAM
Operation, Administration and Maintenance
TS 23.288 provides the Stage 2 architecture enhancements for 5G System (5GS) to support network data analytics services in 5G Core network, which forms the baseline for the present study on security aspects of enablers for Network Automation (eNA) for the 5G system (5GS).
The Network Data Analytics Function (NWDAF) as specified in
TS 23.501 interacts with different entities within 5GS for data collection based on subscription to events, retrieval of information from data repositories, retrieval of information about NFs (e.g. from NRF for NF-related information) and on demand provision of analytics to consumers. The NWDAF provides analytics to 5GC NFs and OAM. Analytics information is either statistical information of the past events or predictive information.
TR 23.700-91 is an architectural study on enhancements for analytics and NWDAF, for which any security impact will be documented in the present document. There is a particular security impact for UE data collection protection, detection of cyber-attacks and anomaly events supported by NWDAF and its related functions, on the protection of data transfer in inter-NWDAF/NWDAF cases.