Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.926  Word version:  19.1.0

Top   Top   Up   Prev   Next
1…   4…   5…   6…   A…   B…   C…   D…   E…   F…   G…   H…   I…   J…   K…   L…   M…   N…   O…   P…   Q…   R…   S…   T…   U…   V…   W…   X…   Y…
6 Generic assets and threats for network functions supporting SBA interfaces6.1 Introduction6.2 Generic critical assets6.3 Generic threats6.3.1 Introduction6.3.2 Threats related to Service Based Interfaces6.3.3 Threats related to service access6.3.4 Threats related to authentication for indirect communication
...

 

6  Generic assets and threats for network functions supporting SBA interfaces |R16|p. 30

6.1  Introductionp. 30

In addition to the assets and threats described in clause 5 for GNP, the present clause contains assets and threats that are believed to apply to all network functions supporting service based interfaces.

6.2  Generic critical assetsp. 30

The generic critical assets of NF to be protected are:
  • NF Application.
  • NF API data (e.g. API message IEs, access tokens, client credentials assertions).
  • A formulation for indicating the applicable release for the critical assets is needed.
  • The interfaces of NF to be protected and which are within SECAM scope:
    • Service Based Interfaces.

6.3  Generic threatsp. 31

6.3.1  Introductionp. 31

The threats described in this subclause follow the template in clause 5. Related security requirements and test cases have been captured in TS 33.117.

6.3.2  Threats related to Service Based Interfacesp. 31

6.3.2.1  JSON Parser Exploitsp. 31

  • Threat Name: JSON Parser Exploits
  • Threat Category: Tampering, Information Disclosure, Denial of Service
  • Threat Description: one of the JSON parser exploits is that the parsers used by a generic NF may execute JavaScript or any other code contained in JSON objects received on SBIs, which are considered untrusted. Further, these parsers may include resources external to the received JSON object itself, such as files from the NF's filesystem or other resources loaded externally. With such exploit, malicious code can be executed by an attacker to conduct several attacks e.g. tampering, information disclosure/stealing, DoS.
  • Threatened Asset: all critical assets as listed in clauses 5.2 and X.2, except hardware assets
Up

6.3.2.2  JSON Parser not Robustp. 31

  • Threat Name: JSON Parser not Robust.
  • Threat Category: Denial of Service.
  • Threat Description: there are following threats if JSON parsers are not robust:
    • For data structures where values are accessible using names (sometimes referred to as keys), e.g. a JSON object, if the names/keys are not unique and duplicated names/keys occur within such a structure, it can result in inconsistent values for that names (or keys), which leads to Denial of Service.
    • If the format and range of values for the IEs in API messages are not implemented as required (e.g. when the number of leaf IEs exceeds the maximum number or when the size of the JSON body of any HTTP request exceed the maximum size), security vulnerabilities may be introduced such as buffer overflow flow, which may lead to Denial of Service.
  • Threatened Asset: NF API data, NF Application, Sufficient Processing Capability.
Up

6.3.3  Threats related to service accessp. 31

6.3.3.1  Elevation of privilege via incorrect verification of access tokensp. 31

  • Threat name: Incorrect Verification of Access Tokens.
  • Threat category: Elevation of Privilege, Information Disclosure, Denial of Service.
  • Threat Description: there are following threats if the generic NF cannot correctly verify the access tokens:
    • An access token may be tampered so that an attacker can arbitrarily access any services from any NF service providers within the same PLMN or in different PLMNs or SNPNs, which leads to elevation of privilege and consequently information disclosure.
    • An access token may be tampered so that an attacker can arbitrarily access the services of any slices provided by the NF producer instances (excluded from the list of NSSAIs or the list NSI IDs) within the same PLMN or in different PLMNs or SNPNs, which leads to elevation of privilege and consequently information disclosure.
    • An access token may be tampered so that an attacker can arbitrarily access the services provided by the NF producer instances outside the NF Set which it is allowed to access within the same PLMN or in different PLMNs or SNPNs, which leads to elevation of privilege and consequently information disclosure.
    • An access token may be tampered so that an attacker can arbitrarily access the disallowed resources or conduct disallowed actions on the resources for the services provided by a NF service provider within the same PLMN or in different PLMNs or SNPNs, which leads to elevation of privilege and consequently information disclosure.
    • An access token may be tampered so that an attacker can block service access by replacing the granted services/NF service providers with unavailable services/NF service providers, which leads to denial of service.
    • An expired access token can be replayed so that an attack can access the services which may no longer be allowed by the NF service provider, which leads to elevation of privilege and consequently information disclosure.
  • Threatened Asset: NF API data, NF Application, Sufficient processing capacity.
Up

6.3.4  Threats related to authentication for indirect communication |R17|p. 32

6.3.4.1  Incorrect validation of client credentials assertionp. 32

  • Threat name: Incorrect Validation of Client Credentials Assertion.
  • Threat category: Spoofing Identity, Information Disclosure, Denial of Service, Elevation of Privilege.
  • Threat Description: for indirect communication where NF service consumer and NRF/NF service producer cannot mutually authenticate each other, the authentication of NF service consumer towards NRF/NF service producer can only implicitly rely on authentication between NF service consumer and SCP and between SCP and NRF/NF service producer with hop-by-hop security protection. An additional authentication for indirect communication is using client credentials assertions signed by NF service consumer and validated by NRF/NF service producer, as defined in clause 13.3.8 of TS 33.501. Client credentials assertions are sent end-to-end from NF service consumer to NRF/NF service producer via one or several SCPs. There are following threats if the generic NF (including all typers of NF service producer, NRF) receiving the assertion cannot correctly validate it:
    • If the NF could not verify the integrity of the assertion, an attacker can deceive the NF by tampering the instance ID of the consumer NF, audience claim, timestamp and expiration time in the client credentials assertion. This can lead to spoofing identity, information disclosure, denial of service, elevation of privilege.
    • If the NF could successfully verify the integrity of the client credentials assertion but could not verify the audience claim in the assertion, an attacker can deceive the NF with an assertion detined for another NF type intercepted from the consumer NF. This can lead to spoofing identity, information disclosure, elevation of privilege.
    • If the NF could successfully verify the integrity and audience claim of the client credentials assertion but could not verify the expiration time (exp) in the assertion, it can be replayed by an attack, who can abuse the use of assertion for authentication out of its lifetime. This can lead to spoofing identity, information disclosure.
  • Threatened Asset: NF API data, NF Application, Sufficient processing capacity.
Up

Up   Top   ToC