TR 33.926 [4], clause S.2.2.6 -- Security Policy Enforcement.

Ciphering of user data based on the security policy sent by the SMF.

TS 33.501 [3], clause 5.3.2.

The gNB activates ciphering of user data based on the security policy sent by the SMF as specified in TS 33.501 [3], clause 5.3.2.

To verify that activation of confidentiality protectionfor user data at the gNB is based on the security policy sent by the SMF via AMF.

• The gNB-CU-CP network product shall be connected in emulated/real network environments. The UE and the 5GC may be simulated.

• The tester shall have access to the NG RAN air interface.

• The tester shall have knowledge of the RRC and UP ciphering algorithm and protection keys and of the security keys, etc., needed to decrypt the messages on the E1 interface.

• RRC ciphering is already activated at the gNB-CU-CP.

All execution steps are to be performed two times. Once with the UP security policies' ciphering protection in step 2 set to "required" and the second time set to "not needed".

1. The tester triggers PDU session establishment procedure by sending PDU session establishment request message.

2. Tester shall trigger the SMF to send the UP security policy with ciphering protection "required" or "not needed" to the gNB-CU-CP.

3. The tester shall capture the Bearer Context Setup Request message sent to the gNB-CU-UP over the E1 interface.

4. The tester shall capture the RRC Reconfiguration message sent by gNB-CU-CP to UE over NG RAN air interface.

5. The tester shall retrieve the UP ciphering protection indication present in the captured messages.

6. The tester shall verify if the UP ciphering policy received at gNB-CU-CP is same as the UP ciphering protection indication notified by the gNB-CU-CP to the UE in the RRC Reconfiguration message and the gNB-CU-UP in the Bearer Context Setup Request message.

Both the RRC connection Reconfiguration message and Bearer Context Setup Request message indicate that ciphering is to be used in line with the policy received from the SMF.

Evidence suitable for the interface, e.g. Screenshot containing the operational results.

TR 33.926 [4], clause S.2.2.6 -- Security Policy Enforcement.

Integrity of user data based on the security policy sent by the SMF.

TS 33.501 [3], clause 5.3.2.

The gNB activates integrity protection of user data based on the security policy sent by the SMF as specified in TS 33.501 [3], clause 5.3.2.

To verify that activation of integrity protection for user data packets is based on the security policy sent by the SMF.

• The gNB-CU-CP network product shall be connected in emulated/real network environments. The UE and the 5GC may be simulated.

• The tester shall have access to the NG RAN air interface.

• The tester shall have knowledge of the integrity algorithm and protection keys and of the security keys, etc., needed to decrypt the messages on the E1 interface.

• RRC integrity is activated at the gNB-CU-CP.

All execution steps are to be performed two times. Once with the UP security policies' ciphering protection in step 2 set to "required" and the second time set to "not needed".

1. The tester triggers PDU session establishment procedure by sending PDU session establishment request message.

2. Tester shall trigger the SMF to send the UP security policy with integrity protection is "required" or "not needed" to the gNB.

3. The tester shall capture the Bearer Context Setup Request message sent to the gNB-CU-UP over the E1 interface.

4. The tester shall capture the RRC Reconfiguration message sent by gNB-CU-CP to UE over NG RAN air interface.

5. The tester shall retrieve the UP integrity protection indication present in the captured messages.

6. Tester shall check whether UP integrity policy received at gNB-CU-CP is same as the UP integrity protection indication notified by the gNB-CU-CP to the UE in the RRC Reconfiguration message and the gNB-CU-UP in the Bearer Context Setup Request message.

Both the the RRC Reconfiguration message and Bearer Context Setup Request message indicate that integrity is to be used inline with the policy received from the SMF.

Evidence suitable for the interface, e.g. Screenshot containing the operational results.

TR 33.926 [4], clause T.2.2.4 -- User plane data integrity protection.

Integrity protection of user data between the UE and the gNB-CU-UP.

TS 33.501 [3], clause 5.3.3

The gNB supports integrity protection and replay protection of user data between the UE and the gNB as specified in TS 33.501 [3], clause 5.3.3.

NOTE 2: This requirement does not apply to the gNB that is used as a secondary node connecting to the EPC.

To verify that the user data packets are integrity protected over the NG RAN air interface.

• The gNB-CU-UP network product shall be connected in emulated/real network environments. UE may be simulated.

• The tester shall enable user plane integrity protection and ensure NIA0 is not used at the gNB-CU-UP network product.

• The tester shall have knowledge of integrity algorithm and integrity protection keys.

• The tester can capture the message via the NG RAN air interface, or can capture the message at the UE.

1. The tester triggers the gNB-CU-CP to send a Bearer Context Setup Request message with integrity protection indication "on" to the gNB-CU-UP.

2. The tester checks that any user data sent by gNB-CU-UP after receiving the Bearer Context Setup Request message and before UE enters CM-Idle state is integrity protected.

Any user plane packets sent between UE and gNB-CU-UP over the NG RAN air interface after gNB-CU-UP receives the Bearer Context Setup Request is integrity protected.

Evidence suitable for the interface e.g. Screenshot containing the operational results.

TR 33.926 [4], clause T.2.2.3 -- User plane data confidentiality protection at gNB

Ciphering of user data between the UE and the gNB-CU-UP

TS 33.501 [3], clause 5.3.2

The gNB supports ciphering of user data between the UE and the gNB as specified in TS 33.501 [3], clause 5.3.2.

To verify that the user data packets are confidentiality protected over the NG RAN air interface.

• The gNB-CU-UP network product shall be connected in emulated/real network environments. The UE may be simulated.

• The tester shall have access to the NG RAN air interface or can capture the message at the UE.

• The tester shall enable user plane confidentiality protection and ensure NEA0 is not used at the gNB-CU-UP network product.

1. The tester triggers the gNB-CU-CP to send a Bearer Context Setup Request message with ciphering protection indication "on" to the gNB-CU-UP.

2. The tester checks that any user data sent by the gNB-CU-UP after receiving the Bearer Context Setup Request message and before the UE enters into CM-Idle state is confidentiality protected.

The user plane packets sent to the UE after the gNB-CU-UP receives the Bearer Context Setup Request is confidentiality protected.

Evidence suitable for the interface e.g. Screenshot containing the operational results.