Content for TR 33.926 Word version: 19.1.0

1… 4… 5… 6… A… B… C… D… E… F… G… H… I… J… K… L… M… N… O… P… Q… R… S… T… U… V… W… X… Y…

P.2 Network product class description for the NSSAAF P.3 Assets and threats specific to the NSSAAF
...

P Aspects specific to the network product class NSSAAF |R17| p. 84

P.2 Network product class description for the NSSAAF p. 84

P.2.1 Introduction p. 84

This Annex captures the aspects specific to network product class NSSAAF.

P.2.2 Minimum set of functions defining the NSSAAF network product class p. 84

As part of the NSSAAF network product, it is expected that the NSSAAF to contain NSSAAF application, a set of running processes (typically more than one) executing the software package for the NSSAAF functions and OAM functions that is specific to the NSSAAF network product model. Functionalities specific to the NSSAAF network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.326.

P.3 Assets and threats specific to the NSSAAF p. 84

P.3.1 Critical assets p. 84

In addition to the critical assets of a GNP described in clause 5.2 of the present document, the critical assets specific to the NSSAAF to be protected are:

NSSAAF Application;
User Data: e.g. subscriber's identities (e.g. GPSI), S-NSSAIs, EAP authentication parameters (e.g. EAP ID), etc.
Slice information: e.g. the the (S-NSSAI, ENSI) mappings
The interfaces of NSSAAF to be protected and which are within SECAM scope:
- Service based interface, NNSSAAF, for providing services to AMF
- Service based interface for consuming services from UDM, and AMF
Console interface, for local access: local interface on NSSAAF
OAM interface, for remote access: interface between NSSAAF and OAM system
AAA interface: interface betweeen NSSAAF and AAA-P or AAA-S

NOTE 1:
The detailed interfaces of the NSSAAF class are described in clause 4, Network Product Class Description of the present document.
NSSAAF Software: binary code or executable code

P.3.2 Threats related to NSSAAF p. 85

P.3.2.1 Threats related to impersonating attack by AAA-S p. 85

Threat name: Threats related to impersonating attack by AAA-S.
Threat Category: Denial of service, spoofing identity.
Threat Description: Network slice specific authentication and authorization (NSSAA) is performed between UE and AAA server (AAA-S). AAA-S may also trigger network slice-specific authorization revocation by sending a request to NSSAAF. After receiving the request to revoke the slice-specific authorization for a slice for a UE from an AAA-S, if NSSAAF does not check whether the AAA-S is legitimate in the sense that it had performed the NSSAA for the slice for the UE, a malicious AAA-S may masquerade as the legitimate AAA-S to invoke the slice-specific authorization for the slice for the UE. Then UE is denied access to the slice. Similarly a malicious AAA-S may also trick NSSAAF to perform slice specific re-authentication and re-authorization just to incur extra signalling load.
Threatened Asset: user data related to NSSAA, processing capacity.

P.3.2.2 Threat to select AAA-P and AAA-S p. 85

Threat name: AAA-P and AAA-S wrong selection.
Threat Category: Denial of service.
Threat Description: AAA-S in NSSAA procedure may be hosted by the HPLMN or third party which has a business relationship. When AAA-S belongs to a third party, the AAA-P in the HPLMN may be involved. Different S-NSSAI may go to different AAA-S. If the NSSAAF does not have the ability to select the right receiver, the authentication will always fail.
Threatened Asset: GNP Application.