5G Security Test Suite

Security Test Suites for 5G
4G-LTE
Core
IMS
SIGTRAN
M3UA
SS7
SCTP
CAMEL
ISUP
5G Security Test Suite

Security Test Suites for 5G

Overview

The Valid8 Security Test Suites are suitable for auditing security of 5G network nodes including UE, gNodeB, AMF, SMF, UPF, according to standards including NESAS SCAS, 3GPP.

What we Can Do For You

The solution is capable of simulating network elements either running standard or invalid / unexpected call-flows in order to wrap-around a device under test (DUT). It can simulate & test the following:

  • UE
  • gNodeB
  • AMF
  • SMF
  • UPF
  • SEPP
  • NRF

By testing each node you can be confident your DUT can perform well under unusual or adverse conditions.

Why we’re Different

  • Scalable software-based architecture can run on a range of hardware from COTS and high-end customer provided hardware to Virtual Machines and the Cloud (e.g. Amazon AWS) for maximum versatility and performance
  • Web-based UI is easy to learn
  • HTTP API enable integration with automation test systems and other equipment
  • Stateful modeling provides accurate emulation of network elements

Features

  • Pre-made test scenarios and procedures
  • PASS / FAIL analysis, including plain English diagnostic reason
  • Valid / Invalid testing
  • Customizable source-code
  • User-configurable proprietary messages, IEs, headers
  • Animated test results action-replay
  • Easy to configure
  • Automatic execution of test batches
  • UDP, TCP, SCTP transport layer IPv4/IPv6 support
  • Suitable for Development and QA test lab environments, verifying protocol compliance, negative and robustness testing, Regression testing and Reproducing customer issues in the field

Related Video

Browser-based User Interface

Network Architecture

Additional Videos

Subsystems

Valid8 Security Test Suites are comprised of multiple subsystems that can be activated as needed to test the DUT. Traffic can be captured through the use of a remote capture tool such as Wireshark.

KPIs
  • Test Verdict - Pass, Fail or Inconclusive 
  • Detailed message field validation
Configurable Parameters
  • IP address and port
  • Network layer- IPv4 / IPv6
  • Transport layer- UDP / TCP / SCTP / TLS
  • Phone numbers
  • Authentication - username and password
  • Unexpected message handling - Stop / Continue

Automation API

User commands can be fully automated using an HTTP API. This includes all control functions as well as collection of results and metrics. It can be integrated into any CI system including Jenkins, CircleCI, Gitlab and others. Our Autom8 Python framework is included to ease integration.

Scripting

The application can be edited directly in the browser using VTDL using Composer, a powerful development environment that includes error checking and a graphical view easing the creation and modification of scenarios. Codec Studio can be used to quickly build message templates from raw PDUs, as captured by tcpdump for example, to use in the scenarios.
This is some text inside of a div block.

PRODUCT OPTIONS

5G Security Test Suite

Use Cases

No items found.
5G Security Test Suite
5G Security Test Suite

Summary of Specifications

Specifications

NESAS SCAS 3GPP TS 33.511 - gNodeB

  • 4.2.2.1.1 Integrity protection of RRC-signalling
  • 4.2.2.1.2 Integrity protection of user data between the UE and the gNB
  • 4.2.2.1.4 RRC integrity check failure
  • 4.2.2.1.5 UP integrity check failure
  • 4.2.2.1.6 Ciphering of RRC-signalling
  • 4.2.2.1.7 Ciphering of user data between the UE and the gNB
  • 4.2.2.1.8 Replay protection of user data between the UE and the gNB
  • 4.2.2.1.9 Replay protection of RRC-signalling
  • 4.2.2.1.10 Ciphering of user data based on the security policy sent by the SMF
  • 4.2.2.1.11 Integrity of user data based on the security policy sent by the SMF
  • 4.2.2.1.12 AS algorithms selection
  • 4.2.2.1.13 Key refresh at the gNB
  • 4.2.2.1.14 Bidding down prevention in Xn-handovers
  • 4.2.2.1.15 AS protection algorithm selection in gNB change
  • 4.2.2.1.16 Control plane data confidentiality protection over N2/Xn interface

NESAS SCAS 3GPP TS 33.512 - AMF

  • TC_NAS_REPLAY_A
  • TC_VALIDTATION_SNSSAI_IN_PDU_REQUEST
  • TC_NSSAA_REVOCATION
  • TC_AMF_REEST_CP_CIOT
  • TC_5G_GUTI_ALLOCATION _AMF
  • TC_NAS_ALG_AMF_CHANGE _AMF
  • TC_BIDDING_DOWN_XN_AMF
  • TC_NAS_INT_SELECTION_USE_AMF
  • TC_NAS_NULL_INT_AMF
  • TC_AMF_REDIRCTION_5GS_EPS
  • TC_RES*_VERIFICATION_FAILURE
  • TC_SYNC_FAIL_SEAF_AMF

NESAS SCAS 3GPP TS 33.513 - UPF

  • TC_UP_DATA_CONF_UPF
  • TC_UP_DATA_INT_UPF
  • TC_UP_DATA_REPLAY_UPF
  • TC_UP_DATA_CONF_UPF_N9
  • TC_CP_DATA_CONF _UPF_N4
  • TC_TEID_ID_UNIQUENESS_UPF
  • TC_IPUPS_PACKET_HANDLING
  • TC_IPUPS_MALFORMED_MESSAGES

NESAS SCAS 3GPP TS 33.514 - UDM

  • TC_DE-CONCEAL_SUPI_from_SUCI_UDM
  • TC_SYNC_FAILURE_HANDLING
  • TC_AUTH_STATUS_STORE_UDM

NESAS SCAS 3GPP TS 33.515 - SMF

  • TC_UP_POLICY_PRECEDENCE_SMF
  • TC_UP_SECURITY_POLICY _SMF
  • TC_CHARGING_ID_UNIQUENESS_SMF

NESAS SCAS 3GPP TS 33.516 - AUSF

  • None

NESAS SCAS 3GPP TS 33.517 - SEPP

  • TC_CONNECTION_SPECIFIC_SCOPE_CRYPT_MATERIAL
  • TC_PLMN_ID_MISMATCH
  • TC_CONFIDENTIAL_IES_REPLACEMENT_HANDLING_IN_ORIG_N32-F
  • TC_SEPP_POLICY_MISMATCH
  • TC_JWS_PROFILE_RESTRICTION
  • TC_NO_ENCRYPTED_IE_MISPLACEMENT

NESAS SCAS 3GPP TS 33.518 - NRF

  • TC_DISC_AUTHORIZATION_SLICE_NRF

NESAS SCAS 3GPP TS 33.519 - NEF

  • TC_CP_AUTH_AF_NEF
  • TC_CP_AUTHOR_AF_NEF

NESAS SCAS 3GPP TS 33.117 - General Security Assurance Requirements

  • 4.2.2.2.2   Protection at the transport layer    
  • 4.2.2.2.3.1  Authorization token verification failure handling wthin one PLMN    
  • 4.2.2.2.3.2  Authorization token verification failure handling in different PLMNs    
  • 4.2.2.2.4.1  Correct handling of client credentials assertion validation failure    
  • 4.2.3.2.1  Protecting data and information – general    
  • 4.2.3.2.2  Protecting data and information – Confidential System Internal Data    
  • 4.2.3.2.3  Protecting data and information in storage    
  • 4.2.3.2.4  Protecting data and information in transfer    
  • 4.2.3.2.5  Logging access to personal data    
  • 4.2.3.3.1  System handling during overload situations    
  • 4.2.3.3.2  Boot from intended memory devices only    
  • 4.2.3.3.3  System handling during excessive overload situations    
  • 4.2.3.3.4  System robustness against unexpected input.    
  • 4.2.3.3.5  Network Product software package integrity    
  • 4.2.3.4.1  Authentication policy    
  • 4.2.3.4.2.1  Account protection by at least one authentication attribute.    
  • 4.2.3.4.3  Password policy    
  • 4.2.3.4.4  Specific Authentication use cases    
  • 4.2.3.4.5  Policy regarding consecutive failed login attempts    
  • 4.2.3.4.6  Authorization and access control    
  • 4.2.3.5.1  Protecting sessions – logout function    
  • 4.2.3.5.2  Protecting sessions – Inactivity timeout    
  • 4.2.3.6.1  Security event logging    
  • 4.2.3.6.2  Log transfer to centralized storage    
  • 4.2.3.6.3  Protection of security event log files    
  • 4.2.4.1.1.1  Handling of growing content    
  • 4.2.4.1.1.2  Handling of ICMP    
  • 4.2.4.1.1.3  Handling of IP options and extensions    
  • 4.2.4.1.2.1  Authenticated Privilege Escalation only    
  • 4.2.4.2.2  System account identification    
  • 4.2.5.1  HTTPS    
  • 4.2.5.2.1  Webserver logging    
  • 4.2.5.3  HTTP User sessions    
  • 4.2.5.4  HTTP input validation    
  • 4.2.6.2.1  Packet filtering    
  • 4.2.6.2.2  Interface robustness requirements    
  • 4.2.6.2.3  GTP-C Filtering    
  • 4.2.6.2.4  GTP-U Filtering    
  • 4.3.2.1  No unnecessary or insecure services / protocols    
  • 4.3.2.2  Restricted reachability of services    
  • 4.3.2.3  No unused software    
  • 4.3.2.4  No unused functions    
  • 4.3.2.5  No unsupported components    
  • 4.3.2.6  Remote login restrictions for privileged users    
  • 4.3.2.7  Filesystem Authorization privileges    
  • 4.3.3.1.1  IP-Source address spoofing mitigation    
  • 4.3.3.1.2  Minimized kernel network functions    
  • 4.3.3.1.3  No automatic launch of removable media    
  • 4.3.3.1.4  SYN Flood Prevention    
  • 4.3.3.1.5  Protection from buffer overflows    
  • 4.3.3.1.6  External file system mount restrictions    
  • 4.3.4.2  No system privileges for web server    
  • 4.3.4.3  No unused HTTP methods    
  • 4.3.4.4  No unused add-ons    
  • 4.3.4.5  No compiler, interpreter, or shell via CGI or other server-side scripting    
  • 4.3.4.6  No CGI or other scripting for uploads    
  • 4.3.4.7  No execution of system commands with SSI    
  • 4.3.4.8  Access rights for web server configuration    
  • 4.3.4.9  No default content    
  • 4.3.4.10  No directory listings    
  • 4.3.4.11  Web server information in HTTP headers    
  • 4.3.4.12  Web server information in error pages    
  • 4.3.4.13  Minimized file type mappings    
  • 4.3.4.14  Restricted file access    
  • 4.3.5.1  Traffic Separation    
  • 4.3.6.2  No code execution or inclusion of external resources by JSON parsers    
  • 4.3.6.3  Unique key values in IEs    
  • 4.3.6.4  The valid format and range of values for IEs    
  • 4.4.2  Port Scanning    
  • 4.4.3  Vulnerability scanning    
  • 4.4.4  Robustness and fuzz testing

V8 - UE

  • TC_003_Network_Initiated_Detach
  • TC_004_Battery_Test
  • TC_005_Fuzzing_S1AP_Bad_PLMN_Bad_Network_Name
  • TC_006_Force_IPv6
  • TC_007_Fail_Auth_and_Security
  • TC_008_SMS_Fuzzing
  • TC_010_Brute_Force_Authentication_Attack
  • TC_011_Reuse_Authentication_Credentials
  • TC_012_Access Without_Authentication
  • TC_014_Date_Time_Error_From_Network
  • TC_018_GTP_U_Security_Attack
  • TC_019_Rogue_Base_Station
  • TC_020_Security_Downgrade

V8 - AMF

  • TC_UE_Attach_Registration flood
  • TC_UE_Detach_Deregister_with_invalid_UE_ID

Product Details

Operating System 

  • ‍Protocol Engine (Linux-based) 

User Interface 

  • ‍Browser-based, touch-optimized graphical user interface 

Automation 

  • ‍HTTP API 

Note:

Actual throughput levels over radio may vary based on the 3rd party device manufacturer and software versions. Valid8 product specifications are subject to change at any time without notice.

Valid8 exports its products strictly in accordance with all US Export Control laws and regulations which shall apply to any purchase or order. Specifications are subject to change without notice.

500 West Cummings Park, Suite 6550 Woburn, MA 01801
p: +1-855-482-5438
f: +1-781-996-3708
welcome@valid8.com
VALID8.COM

Ordering Information

Product Code:
sw-testsuite-security-5g

sw-testsuite-security-sip

sw-testsuite-functional-5g

Test Suites:
gnb-3gpp-33-511

amf-3gpp-33-512

upf-3gpp-33-513

udm-3gpp-33-514

smf-3gpp-33-515

ausf-3gpp-33-516

sepp-3gpp-33-517

nrf-3gpp-33-518

nef-3gpp-33-519

3gpp-33-117


(others on request)

Related Video

Related Solutions

M5 Mobile UE Emulator

M5 Hardware

m5-ue-emulator-064-lite
m5-ue-emulator-064-base
m5-ue-emulator-064-plus
m5-ue-emulator-e-256-pro
m5-ue-emulator-mbs-256-ultra

sw-emulator-mobile-gtp / includes: enodeB, SGW, PGW

sw-emulator-mobile-pfcp / includes: gnodeB, SMF, UPF

Note

  • Actual throughput levels over radio may vary based on the 3rd party device manufacturer and software versions. Valid8 product specifications are subject to change at any time without notice.

Datasheet Page
4G Security Test Suite

Product Code:
sw-testsuite-security-4g

Test Suites:
mme-3gpp-33-116

enb-3gpp-33-126

pgw-3gpp-33-250


(others on request)

Datasheet Page