- Verify that the IUT sends a new AUTHENTICATION REQUEST message to obtain the SUCI from the UE upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #26 - non-5G authentication unacceptable. (FF)
- Verify that the IUT sends a new IDENTITY REQUEST message to obtain the SUCI from the UE upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #26 - non-5G authentication unacceptable. (FF)
- This case is also valid in cases where the UE send Auth Response, but the response parameters do not match.
- Please check Note 2: "... the network may also terminate the 5G AKA based primary authentication ..." Depends on ID used in Initial NAS message
authentication_request_message_identity set to AUTHENTICATION_REQUEST,
ngKSI containing
nas_key_set_identifier set to "111"
;
;,
Authentication_parameter_RAND,
Authentication_parameter_AUTN
;
@@ -255,7 +255,7 @@ Package TP_AMF {
TP Id TP_5GNAS_AMF_AUT_ABN_01
Test objective "Verify that the IUT sends a new IDENTIFICATION REQUEST message to obtain the SUCI from the UE upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #26 - non-5G authentication unacceptable."
Test objective "Verify that the IUT sends a new IDENTITY REQUEST message to obtain the SUCI from the UE upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #26 - non-5G authentication unacceptable."
Reference
"ETSI TS 124 501 [1], Clauses 5.4.1.3.7 and 8.2.4"
@@ -285,7 +285,7 @@ Package TP_AMF {
from the UE entity
}
then {
event IDENTIFICATION_REQUEST occurs with {
event IDENTITY_REQUEST occurs with {
argument replaced by the AUTHENTICATION_REQUEST containing
5GS_identity_type_IEI set to "SUCI"
;
@@ -297,7 +297,6 @@ Package TP_AMF {
} // end TP_5GNAS_AMF_AUT_ABN_01
} // end Group Primary authentication and key agreement procedure
Group "5.4.2 Security mode control procedure"
@@ -371,10 +370,10 @@ Package TP_AMF {
PICS Selection NONE
Initial conditions with {
// TODO
}
the UE entity isNotRegisteredTo the AMF
}
Expected behaviour
ensure that {
when {
@@ -382,22 +381,43 @@ Package TP_AMF {
NAS_PDU containing
extended_protocol_discriminator set to 5GS_MOBILITY_MANAGEMENT_MESSAGE, //reference ts_124007v180200p: Table 11.2.3.1.1A.1: EPD values
security_header_type set to INTEGRITY_PROTECTED_WITH_NEW_5G_NAS_SECURITY_CONTEXT,
iMEISV, //9.11.3.4 5GS mobile identity // TODO
iMEISV //9.11.3.4 5GS mobile identity // TODO
;
;
from the UE entity
}
then {
// TODO: there is no responds message here, after receiving SECURITY_MODE_COMPLETE the AMF
// shall stop timer T3560. From this time onward the AMF shall integrity protect and encipher
// all signalling messages with the selected 5GS integrity and ciphering algorithms.
the IUT entity sends an DOWNLINK_NAS_TRANSPORT containing // TODO
the IUT entity sends a INITIAL_CONTEXT_SETUP_REQUEST containing
NAS_PDU containing
extended_protocol_discriminator set to 5G_MOBILITY_MANAGEMENT_MESSAGES,
security_header_type set to INTEGRITY_PROTECTED_AND_CIPHERED,
Registration_accept_message_identity set to REGISTRATION_ACCEPT,
5GS_registration_result containing
55GS_registration_result_value set to 3GPP_ACCESS;,
5G_GUTI containing
Type_of_identity set to 5G_GUTI,
MCC indicating value PX_MCC,
MNC indicating value PX_MNC,
AMF_Region_ID indicating value PX_AMF_REGION_ID,
AMF_Set_ID indicating value PX_AMF_SET_ID,
AMF_Pointer indicating value PX_AMF_POINTER,
5G_TMSI indicating value RV_5G_TMSI;,
TAI_list containing
Partial_tracking_area_list_1 containing
Type_of_list,
Number_of_elements,
MCC indicating value PX_MCC,
MNC indicating value PX_MNC,
TAC indicating value PX_TAC
;
to the UE entity
;,
T3512_value containing
Timer_value indicating value nonZeroValue;;;
to the GNB entity
}
// TODO
}
} // end TP_5GNAS_AMF_SEC_ACC_01
@@ -415,7 +435,7 @@ Package TP_AMF {
PICS Selection NONE
Initial conditions with {
// TODO
the UE entity isNotRegisteredTo the AMF // TODO
}
Expected behaviour
@@ -429,18 +449,24 @@ Package TP_AMF {
from the UE entity
}
then {
// TODO: there is no responds message here, after receiving SECURITY_MODE_REJECT the AMF
// shall shall stop timer T3560 and the AMF shall also abort
// the ongoing procedure that triggered the initiation of the NAS security mode control procedure.
the IUT entity sends an DOWNLINK_NAS_TRANSPORT containing // TODO
the IUT entity sends a DOWNLINK_NAS_TRANSPORT containing
NAS_PDU containing
extended_protocol_discriminator set to 5G_MOBILITY_MANAGEMENT_MESSAGES,
security_header_type set to INTEGRITY_PROTECTED_AND_CIPHERED,
Registration_reject_message_identity set to REGISTRATION_REJECT,
5GMM_cause set to "UE security capabilities mismatch (23)",
