Home NWDAF

4.2.1.2.6 Protecting data and information -- Data masking on integration analysis

 Home NWDAF20.0.0
33521-h00   33521-h10   33521-h20   33521-i00   33521-j00    33521-k00
Test Name TC_DATA_MASKING
Threat Reference

TR 33.926 [ 4], clause 5.3.6.7, Personal Identification Information Violation
Requirement Name

Data masking on integration analysis about personal data
Requirement Reference

In accordance with industry best practice..
Requirement Description

NWDAF can collect data from OAM, MDAF and/or 5GC NFs (e.g. AMF) etc. for analytics purposes. Since personal data of the users could be involved , there is a potential privacy impact. As the NWDAF can expose its service operations with a request for bulked data, anonymization of data fields shall be applied to avoid exposing undesired information, aggregation levels.
Test Purpose

Verify that no privacy-related information of the subscribers is disclosed to any entity who is not authorized to access such information.
Pre-Conditions

Privacy information list (contains e.g. PII, location data, network identifiers, session information; should be specified based on local policy, regulation and others).

NOTE: If user consent check is implemented, user consent for data collection is granted.

The following entities are operational, integrated and simulated:

  • NWDAF.

  • 'data producer' (NF- or OAM as source for data collection which generates user data containing privacy info, e.g. AMF).

  • 'analytics consumer' (NF- or OAM to which the NWDAF exposes analytics).

The data producer is configured to receive and accept subscription requests from the NWDAF for events according to TS 29.552 [6], clause 5.5.1.1.
Execution Steps

  1. Tester triggers behaviour so that the 'data producer' is required to handle privacy information (e.g. for AMF trigger registration request at UE).

  2. The tester sends an Nnwdaf_AnalyticsInfo_Request request message from the 'analytics consumer' to NWDAF according to TS 29.552 [6], clause 5.2.3.1. The request message shall be crafted to capture information from step 1.

  3. The tester retrieves the Nnwdaf_AnalyticsInfo_Request response message from the NWDAF.
Expected Results

The analytics results do not reveal subscriber permanent identifier nor any other data listed on the Privacy information list.
Expected Format of Evidence

Evidence suitable for the interface, e.g. screenshot, pcap trace, log files containing the results.
PDFs 910f575dd12365a62a614d0418ed112b