TR 33.926 [4], clause X.2.2.6 -- Security Policy Enforcement.

Ciphering of user data based on the security policy sent by the SMF.

TS 33.501 [3], clause 5.3.2.

The gNB activates ciphering of user data based on the security policy sent by the SMF as specified in TS 33.501 [3], clause 5.3.2.

To verify that the user data packets are confidentiality protected based on the security policy sent by the SMF via AMF

• The gNB-CU-CP network product shall be connected in emulated/real network environments. The UE and the 5GC may be simulated.

• The tester shall have access to the NG RAN air interface.

• The tester shall have knowledge of the RRC and UP ciphering algorithm and protection keys and of the security keys, etc., needed to decrypt the messages on the E1 interface.

• RRC ciphering is already activated at the gNB.

1. The tester triggers PDU session establishment procedure by sending PDU session establishment request message.

2. Tester shall trigger the SMF to send the UP security policy with ciphering protection "required" or "not needed" to the gNB-CU-CP.

3. The tester shall capture the Bearer Context Setup Request message sent to the gNB-CU-UP over the E1 interface.

4. The tester shall decrypt the Bearer Context Setup Request message.

5. The tester shall capture the RRC connection reconfiguration procedure between gNB-CU-CP to UE over NG RAN air interface. And filter the RRC connection reconfiguration message sent by gNB-CU-CP to UE.

6. The tester shall decrypt the RRC connection Reconfiguration message and retrieve the UP ciphering protection indication presenting in the decrypted message.

7. The tester shall verify if the UP ciphering policy received at gNB-CU-CP is same as the UP ciphering protection indication notified by the gNB-CU-CP to the UE in the RRC connection Reconfiguration message and the gNB-CU-UP in the Bearer Context Setup Request message.

Both the messages indicate that ciphering is to be used inline with the received policy.

Evidence suitable for the interface, e.g. Screenshot containing the operational results.

TR 33.926 [4], clause X.2.2.6 -- Security Policy Enforcement.

Integrity of user data based on the security policy sent by the SMF.

TS 33.501 [3], clause 5.3.2.

The gNB activates integrity protection of user data based on the security policy sent by the SMF as specified in TS 33.501 [3], clause 5.3.2.

To verify that the user data packets are integrity protected based on the security policy sent by the SMF.

• The gNB-CU-CP network product shall be connected in emulated/real network environments. The UE and the 5GC may be simulated.

• The tester shall have access to the NG RAN air interface.

• The tester shall have knowledge of the integrity algorithm and protection keys and of the security keys, etc., needed to decrypt the messages on the E1 interface.

• RRC integrity and cipher are already activated at the gNB.

1. The tester triggers PDU session establishment procedure by sending PDU session establishment request message.

2. Tester shall trigger the SMF to send the UP security policy with integrity protection is "required" or "not needed" to the gNB.

3. The tester shall capture the Bearer Context Setup Request message sent to the gNB-CU-UP over the E1 interface.

4. The tester shall decrypt the Bearer Context Setup Request message.

5. The tester shall capture the RRC connection reconfiguration message sent by gNB to UE over NG RAN air interface.

6. The tester shall decrypt the RRC connection reconfiguration message and retrieve the UP integrity protection indication presenting in the decrypted message.

7. Tester shall check whether UP integrity policy received at gNB-CU-UP is same as the UP integrity protection indication notified by the gNB-CU-CP to the UE in the RRC connection reconfiguration message and the gNB-CU-UP in the Bearer Context Setup Request message.

Both the messages indicate that integrity is to be used inline with the received policy.

Evidence suitable for the interface, e.g. Screenshot containing the operational results.

TR 33.926 [4], clause Y.2.2.4 -- User plane data integrity protection.

Integrity protection of user data between the UE and the gNB-CU-UP.

TS 33.501 [2], clause 5.3.3

The gNB supports integrity protection and replay protection of user data between the UE and the gNB as specified in TS 33.501 [2], clause 5.3.3.

NOTE 2: This requirement does not apply to the gNB that is used as a secondary node connecting to the EPC.

To verify that the user data packets are integrity protected over the NG RAN air interface.

• The gNB-CU-UP network product shall be connected in emulated/real network environments. UE may be simulated.

• Tester shall enable the user plane integrity protection and ensure NIA0 is not used.

• Tester shall have knowledge of integrity algorithm and integrity protection keys.

• The tester can capture the message via the NG RAN air interface, or can capture the message at the UE.

1. The NIA0 is disabled at UE and gNB-CU-UP.

2. The gNB-CU-UP is sent by the gNB-CU-CP a Bearer Context Setup Request message with integrity protection indication "on".

3. Check any User data sent by gNB-CU-UP after receiving the Bearer Context Setup Request message and before UE enters CM-Idle state is integrity protected.

Any user plane packets sent between UE and gNB-CU-UP over the NG RAN air interface after gNB-CU-UP receives the Bearer Context Setup Request is integrity protected.

Evidence suitable for the interface e.g. Screenshot containing the operational results.

TR 33.926 [4], clause Y.2.2.3 -- User plane data confidentiality protection at gNB

Ciphering of user data between the UE and the gNB-CU-UP

TS 33.501 [2], clause 5.3.2

The gNB supports ciphering of user data between the UE and the gNB as specified in TS 33.501 [2], clause 5.3.2.

To verify that the user data packets are confidentiality protected over the NG RAN air interface.

• The gNB-CU-UP network product shall be connected in emulated/real network environments. The UE may be simulated.

• The tester shall have access to the NG RAN air interface or can capture the message at the UE.

1. The gNB-CU-UP is sent by the gNB-CU-CP a Bearer Context Setup Request message with ciphering protection indication "on".

2. Check any user data sent by the gNB-CU-UP after receiving the Bearer Context Setup Request message and before the UE enters into CM-Idle state.

The user plane packets sent to the UE after the gNB-CU-UP receives the Bearer Context Setup Request is confidentiality protected.

Evidence suitable for the interface e.g. Screenshot containing the operational results.