Content for TR 33.926 Word version: 19.1.0

1… 4… 5… 6… A… B… C… D… E… F… G… H… I… J… K… L… M… N… O… P… Q… R… S… T… U… V… W… X… Y…

W.1 Network product class description for the AAnF W.2 Assets and threats specific to the AAnF
...

W Aspects specific to the network product class AAnF |R18| p. 102

W.1 Network product class description for the AAnF p. 102

W.1.1 Introduction p. 102

This Annex captures the aspects specific to network product class AAnF.

W.1.2 Minimum set of functions defining the AAnF network product class p. 102

As part of the AAnF network product, it is expected that the AAnF to contain AAnF application, a set of running processes (typically more than one) executing the software package for the AAnF functions and OAM functions that is specific to the AAnF network product model. Functionalities specific to the AAnF network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.537.

W.2 Assets and threats specific to the AAnF p. 102

W.2.1 Critical assets p. 102

In addition to the critical assets of a GNP described in clause 5.2 of the present document, the critical assets specific to the AAnF to be protected are:

AAnF Application;
AKMA context Data: i.e. subscriber's identities (SUPI), AKMA Anchor Key (KAKMA) and AKMA Key IDentifier (A-KID).
The interfaces of AAnF to be protected and which are within SECAM scope:
- Service based interface, Naanf, for providing services for AUSF, NEF, AF
- Service based interface for consuming services from AUSF, NEF, AF, and NRF
- Console interface, for local access: local interface on AAnF
- OAM interface, for remote access: interface between AAnF and OAM system
NOTE 1:
The detailed interfaces of the AAnF class are described in clause 4, Network Product Class Description of the present document.
AAnF Software: binary code or executable code

NOTE 2:
AAnF files may be any file owned by a user (root user as well as non-root uses), including User account data and credentials, Log data, configuration data, OS files, AAnF application, AKMA context data or AAnF Software.

W.2.2 Threats related to AAnF assets p. 103

W.2.2.1 Control plane data protection with AUSF p. 103

Threat name: Control plane data protection with AUSF.
Threat Category: Tampering, Information Disclosure, Denial of Service.
Threat Description: Control plane traffic is transported between the AAnF and the AUSF via SBA interface. If the control plane data transported over the interface is not confidentiality protected, it can be subject to eavesdropping. Information is leaked to unauthorized parties. If the control plane traffic is not integrity protected, attackers can tamper with user traffic at will. If the control plane traffic is not replay protected, attackers can insert historical legitimate values into the AAnF or to the AUSF. This can lead to denial of service to legitimate users. If the protection implemented for the control plane transported over the SBA interface uses the wrong security profile, which may contain weak security algorithms or protocol versions known to be vulnerable, the level of the security of the user plane data may be degraded and fail to fulfil the required security.
Threatened Asset: AKMA key material, SUPI.

W.2.2.2 Control plane data protection with AF/NEF p. 103

Threat name: Control plane data protection with AF/NEF.
Threat Category: Tampering, Information Disclosure, Denial of Service.
Threat Description: Control plane traffic is transported between the AAnF and the AF/NEF via SBA interface. If the control plane data transported over the interface is not confidentiality protected, it can be subject to eavesdropping. Information is leaked to unauthorized parties. If the control plane traffic is not integrity protected, attackers can tamper with user traffic at will. If the control plane traffic is not replay protected, attackers can insert historical legitimate values into the AAnF or to the AF/NEF. This can lead to denial of service to legitimate users. If the protection implemented for the control plane transported over the SBA interface uses the wrong security profile, which may contain weak security algorithms or protocol versions known to be vulnerable, the level of the security of the user plane data may be degraded and fail to fulfil the required security.
Threatened Asset: SUPI.

W.2.2.3 AKMA key storage and update p. 103

Threat name: AKMA key storage and update
Threat Category: Elevation of Privilege
Threat Description: If the AAnF does not maintain only the latest AKMA Context but also past ones, there is a possibility of an AKMA service failure.
Threatened Asset: Sufficient Processing Capacity.