TR 33.926 [3], Annex W.2.2.3, AKMA key storage and update

AKMA key storage update

TS 33.535 [4], clause 6.1

The AAnF stores the latest information sent by the AUSF. After receiving the new generated A-KID and K~AKMA~, the AAnF deletes the old A-KID and K~AKMA~ and stores the new generated A-KID and K~AKMA~ as specified in TS 33.535 [4], clause 6.1.

Verify that the AAnF stores only the latest AKMA context received by the AUSF.

• Test environment with AUSF and AF. The AUSF and the AF may be simulated.

• AAnF network product is connected in emulated/real network environment.

Test A:

1. Primary authentication is simulated for a specific UE, leading to the simulated AUSF pushing SUPI, A-KID1, K~AKMA~1 to the AAnF.

2. The AF requests a K~AF~ from the AAnF by proving A-KID1 and AF_ID.

3. Another primary authentication is simulated for the same UE, leading to the simulated AUSF pushing SUPI, A-KID2, K~AKMA~2 to the AAnF.

4. The AF requests a K~AF~ by providing A-KID1 to the AAnF.

5. The AF requests a K~AF~ by providing A-KID2 to the AAnF.

The AF received an error message indicating the AKMA context related to A-KID 1 is not found after step 4). After step 5), the AF received a K~AF~ which is different from the K~AF~ that received after step 2).

Evidence suitable for the interface, e.g., Screenshot containing the operational results.

TR 33.926 [3], Annex W.2.2.3, AKMA key storage and update

AKMA key storage update

TS 33.535 [4], clause 6.1

The AAnF stores the latest information sent by the AUSF. After receiving the new generated A-KID and K~AKMA~, the AAnF deletes the old A-KID and K~AKMA~ and stores the new generated A-KID and K~AKMA~ as specified in TS 33.535 [4], clause 6.1.

Verify that the AAnF stores only the latest AKMA context received by the AUSF.

• Test environment with AUSF and AF. The AUSF and the AF may be simulated.

• AAnF network product is connected in emulated/real network environment.

Test A:

1. Primary authentication is simulated for a specific UE, leading to the simulated AUSF pushing SUPI, A-KID1, K~AKMA~1 to the AAnF.

2. The AF requests a K~AF~ from the AAnF by proving A-KID1 and AF_ID.

3. Another primary authentication is simulated for the same UE, leading to the simulated AUSF pushing SUPI, A-KID2, K~AKMA~2 to the AAnF.

4. The AF requests a K~AF~ by providing A-KID1 to the AAnF.

5. The AF requests a K~AF~ by providing A-KID2 to the AAnF.

The AF received an error message indicating the AKMA context related to A-KID 1 is not found after step 4). After step 5), the AF received a K~AF~ which is different from the K~AF~ that received after step 2).

TR 33.926 [3], Annex W.2.2.1, Control plane data protection with AUSF

Confidentiality, integrity and replay protections over SBA interface

TS 33.535 [4], clause 4.4.0

The SBA interface between the AAnF and the AUSF is confidentiality, integrity and replay protected as specified in TS 33.535 [4], clause 4.4.0

Verify that the transported data between AAnF and AUSF are confidentiality, integrity and replay protected over SBA interface.

• AAnF and AUSF network products are connected in simulated/real network environment.

• Network product documentation containing information about supported TLS protocol and certificates is provided by the vendor.

• Tester shall have access to the SBA interface between AAnF and AUSF.

The requirement mentioned in this clause is tested in accordance with the procedure mentioned in clause 4.2.2.2.2 of TS 33.117 [2].

The user data transported between AAnF and AUSF is confidentiality, integrity and replay protected.

Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture or pcap traces.

TR 33.926 [3], Annex W.2.2.1, Control plane data protection with AUSF

Confidentiality, integrity and replay protections over SBA interface

TS 33.535 [4], clause 4.4.0

The SBA interface between the AAnF and the AUSF is confidentiality, integrity and replay protected as specified in TS 33.535 [4], clause 4.4.0

Verify that the transported data between AAnF and AUSF are confidentiality, integrity and replay protected over SBA interface.

• AAnF and AUSF network products are connected in simulated/real network environment.

• Network product documentation containing information about supported TLS protocol and certificates is provided by the vendor.

• Tester shall have access to the SBA interface between AAnF and AUSF.

The requirement mentioned in this clause is tested in accordance with the procedure mentioned in clause 4.2.2.2.2 of TS 33.117 [2].

The user data transported between AAnF and AUSF is confidentiality, integrity and replay protected.

Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture or pcap traces.

TR 33.926 [3], Annex W.2.2.2, Control plane data protection with AF/NEF

Confidentiality, integrity and replay protections over SBA interface

TS 33.535 [4], clause 4.4.0

The SBA interface between AAnF and AF/NEF is confidentiality, integrity and replay protected as specified in TS 33.535 [4], clause 4.4.0

Verify that the transported data between AAnF and AF/NEF are confidentiality, integrity and replay protected over SBA interface.

• AAnF and AF/NEF network products are connected in simulated/real network environment.

• Network product documentation containing information about supported TLS protocol and certificates is provided by the vendor.

• Tester shall have access to the SBA interface between AAnF and AF/NEF.

The requirement mentioned in this clause is tested in accordance with the procedure mentioned in clause 4.2.2.2.2 of TS 33.117 [2].

The user data transported between AAnF and AF/NEF is confidentiality, integrity and replay protected.

Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture or pcap traces.

TR 33.926 [3], Annex W.2.2.2, Control plane data protection with AF/NEF

Confidentiality, integrity and replay protections over SBA interface

TS 33.535 [4], clause 4.4.0

The SBA interface between AAnF and AF/NEF is confidentiality, integrity and replay protected as specified in TS 33.535 [4], clause 4.4.0

Verify that the transported data between AAnF and AF/NEF are confidentiality, integrity and replay protected over SBA interface.

• AAnF and AF/NEF network products are connected in simulated/real network environment.

• Network product documentation containing information about supported TLS protocol and certificates is provided by the vendor.

• Tester shall have access to the SBA interface between AAnF and AF/NEF.

The requirement mentioned in this clause is tested in accordance with the procedure mentioned in clause 4.2.2.2.2 of TS 33.117 [2].

The user data transported between AAnF and AF/NEF is confidentiality, integrity and replay protected.

Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture or pcap traces.