Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.866  Word version:  17.0.0

Top   Top   Up   Prev   None
1…   5…
5 Key issues6 Solutions7 Conclusions$ Change history

 

5  Key issuesp. 9

5.1  Key issues related to securing the data provided to any type of analytics functionp. 9

5.1.1  Key Issue #1.1:Integrity protection of data transferred between AF and NWDAFp. 9

5.1.1.1  Key issue detailsp. 9

5.1.1.2  Security Threatsp. 10

5.1.1.3  Potential Requirementsp. 10

5.1.2  Key Issue #1.2: Processing of tampered datap. 10

5.1.2.1  Key issue detailsp. 10

5.1.2.2  Security threatsp. 10

5.1.2.3  Potential security requirementsp. 11

5.1.3  Key Issue #1.3: Authorization of NF Service Consumers for data access via DCCFp. 11

5.1.3.1  Key issue detailsp. 11

5.1.3.2  Security threatsp. 11

5.1.3.3  Potential security requirementsp. 11

5.1.4  Key Issue #1.4: Security protection of data via Messaging Frameworkp. 12

5.1.4.1  Key issue detailsp. 12

5.1.4.2  Threatsp. 12

5.1.4.3  Potential security requirementsp. 13

5.1.5  Key Issue #1.5: UE data collection protection at NF/NWDAFp. 13

5.1.5.1  Key issue detailsp. 13

5.1.5.2  Security threatsp. 13

5.1.5.3  Potential security requirementsp. 13

5.2  Key issues related to the detection of cyber-attacks and anomaly events by analytics functionp. 14

5.2.1  Key Issue #2.1: Cyber-attacks detection supported by NWDAFp. 14

5.2.1.1  Key issue detailsp. 14

5.2.1.2  Security threatsp. 14

5.2.1.3  Potential security requirementsp. 14

5.2.2  Key Issue #2.2: Anomalous NF behaviour detection by NWDAFp. 14

5.2.2.1  Key issue detailsp. 14

5.2.2.2  Security threatsp. 15

5.2.2.3  Potential security requirementsp. 15

5.3  Key issues related to data transfer protectionp. 15

5.3.1  Key Issue #3.1: Privacy preservation for transmitted data between multiple NWDAF instancesp. 15

5.3.1.1  Key issue detailsp. 15

5.3.1.2  Security threatsp. 15

5.3.1.3  Potential security requirementsp. 16

5.3.2  Key Issue #3.2: Protection of UE data in transitp. 16

5.3.2.1  Key issue detailsp. 16

5.3.2.2  Security Threatsp. 16

5.3.2.3  Potential security requirementsp. 16

5.3.3  Key Issue #3.3: Ensuring restrictive transfer of ML models between authorized NWDAF instancesp. 16

5.3.3.1  Key issue detailsp. 16

5.3.3.2  Security Threatsp. 16

5.3.3.3  Potential security requirementsp. 16

6  Solutionsp. 17

6.0  Mapping of solutions to key issuesp. 17

6.1  Solution #1: UE data collection protectionp. 17

6.1.1  Introductionp. 17

6.1.2  Solution detailsp. 18

6.1.3  Evaluationp. 18

6.2  Solution #2: Network Analysis Framework for DDoS Attackp. 18

6.2.1  Introductionp. 18

6.2.2  Solution detailsp. 18

6.2.2.1  Introductionp. 18

6.2.2.2  Network Analysis Framework for DDoS attackp. 19

6.2.2.3  The Rational of Each Input Datap. 19

6.2.3  Evaluationp. 20

6.3  Solution #3: Usage of current SBA mechanisms to protect data in transitp. 20

6.3.1  Introductionp. 20

6.3.2  Solution detailsp. 20

6.3.3  Evaluationp. 20

6.4  Solution #4: DCCF determining if NF Service consumer is authorized to invoke a service to a Data Producer NF for data collectionp. 20

6.4.1  Introductionp. 20

6.4.2  Solution detailsp. 20

6.4.2.1  Detailed Procedurep. 22

6.4.3  Evaluationp. 23

6.5  Solution #5: Providing the Security protection of data via Messaging Frameworkp. 24

6.5.1  Introductionp. 24

6.5.2  Solution detailsp. 24

6.5.2.1  DCCF initiated key refresh procedurep. 26

6.5.3  Evaluationp. 27

6.6  Solution #6: Integrity protection of data transferred between AF and NWDAFp. 27

6.6.1  Introductionp. 27

6.6.2  Solution detailsp. 27

6.6.3  Evaluationp. 27

6.7  Solution#7: Detection of anomalous NF behaviour by NWDAFp. 28

6.7.1  Introductionp. 28

6.7.2  Solution detailsp. 28

6.7.2.1  Generalp. 28

6.7.2.2  Collection of security related log data of NFs via NFs EventExposure APIsp. 28

6.7.2.3  Collection of security related log data of NFs via OAMp. 29

6.7.3  Evaluationp. 32

6.8  Solution#8: Privacy preservation of transmitted datap. 32

6.8.1  Introductionp. 32

6.8.2  Solution detailsp. 33

6.8.3  Evaluationp. 34

6.9  Solution#9: Processing of tampered datap. 34

6.9.1  Introductionp. 34

6.9.2  Solution detailsp. 34

6.9.3  Evaluationp. 35

6.10  Solution #10: Authorization of NF Service Consumers for data access via DCCFp. 36

6.10.1  Introductionp. 36

6.10.2  Solution detailsp. 36

6.10.2.1  Authorization of NF Service Consumer (i.e. Data consumer) when notification sent via DCCFp. 36

6.10.2.2  Authorization of NF Service Consumer (i.e. Data consumer) when notification sent via MFAFp. 38

6.10.3  Evaluationp. 40

6.11  Solution #11: Authorization of NF Service Consumers to access data from ADRF via DCCFp. 41

6.11.1  Introductionp. 41

6.11.2  Solution detailsp. 41

6.11.3  Evaluationp. 44

6.12  Solution #12: Solution on Authorization of Data Consumers for data access via DCCFp. 44

6.12.1  Introductionp. 44

6.12.2  Solution detailsp. 45

6.12.3  Evaluationp. 47

6.13  Solution #13: Solution for UE data collection protection at NF/NWDAFp. 47

6.13.1  Introductionp. 47

6.13.2  Solution detailsp. 48

6.13.3  System impactp. 48

6.13.4  Evaluationp. 48

6.14  Solution #14: Solution to ML restrictive transferp. 48

6.14.1  Introductionp. 48

6.14.2  Solution detailsp. 48

6.14.3  System impactp. 49

6.14.4  Evaluationp. 49

6.15  Solution #15: Protection of data sent via MFAF using existing SBA mechanismsp. 49

6.15.1  Introductionp. 49

6.15.2  Solution detailsp. 49

6.15.3  Evaluationp. 49

7  Conclusionsp. 49

7.1  Conclusions on Key Issue #1.1p. 49

7.2  Conclusions on Key Issue #1.2p. 50

7.3  Conclusions on Key Issue #1.3p. 50

7.4  Conclusions on Key Issue #1.4p. 50

7.5  Conclusions on Key Issue #1.5p. 50

7.6  Conclusions on Key Issue #2.1p. 50

7.7  Conclusions on Key Issue #2.2p. 50

7.8  Conclusions on Key Issue #3.1p. 50

7.9  Conclusions on Key Issue #3.2p. 50

7.10  Conclusions on Key Issue #3.3p. 50

$  Change historyp. 51

Up   Top