← Book home
Part 3 · Core Network and SBA Security
11

Network Function Security

Hardening each NF for the job — and the blast radius — it owns

“Chapter 10 secured the conversations between NFs. This chapter secures the NFs themselves — because a perfectly authenticated UDM that exports its keys is still a catastrophe.” — THE COMPLEMENT TO SBA SECURITY

Chapter 10 protected the wires. This chapter protects the boxes. Each network function has a distinct security mission, a distinct blast radius, and a distinct hardening profile drawn from 3GPP’s per-NF Security Assurance Specifications (SCAS). We go NF by NF — AMF, SMF, UPF, AUSF, UDM, NRF, PCF, NEF, SCP — asking what it protects, what it must never leak, and how to harden it.

🎯 Learning objectives
📘 Standards reference box — Chapter 11
SpecificationTitleRelease / version verified
TS 33.5015G security — NF security requirementsRel-18, v18.11.0 (2026-04)
TS 33.117SCAS — generic NF security requirementsRel-18 edition
TS 33.512–33.521SCAS — AMF, UPF, UDM, AUSF, SMF, NRF, NEF, SEPP…Rel-18 edition

Checked June 2026 — verify against the latest 3GPP version.

11.1 The NF Security Responsibility Matrix

FIGURE 11.1NF Security Responsibility Matrix
NF protects must never leak blast radius UDM/ARPF 👑subscriptions, KK, SUCI private keyTOTAL NRF 👑discovery, tokenstoken-signing keywhole SBA AMF/SEAFNAS security, anchorK_SEAF, NAS keysits region AUSFhome auth verdictK_AUSF, XRES*per-UE keys SMFsessions, UP policypolicy integrityUP security posture UPFforwards traffic(no keys) — trafficinterception/DDoS PCFpolicy/QoSpolicy integritytraffic steering NEFexternal exposureinternal topology/datathe open door (Ch12) SCProuting/brokeringtokens (Model D)concentrated traffic RANK YOUR DEFENSES BY THIS TABLE hardening effort, monitoring depth, access restriction, and patch priority should descend from the crown jewels (UDM, NRF) downward — not be uniform
Purpose: the chapter on one page. Defense is not uniform — the UDM and NRF earn the most paranoia because their loss is unrecoverable or system-wide.

11.2 AMF, SMF, UPF — the Serving Trio

FIGURE 11.2AMF Security Functions and Interfaces
AMF / SEAF holds K_SEAF, K_AMF, NAS keys, NH terminates NAS, runs auth/mobility selects AS algorithms blast radius: every UE in region N2 ← RAN (exposed) N1 ← UE (NAS) SBI ↔ AUSF/SMF harden:region isolationkey protection in memN2 overload control
Purpose: the AMF is RAN-facing (N2) and key-rich — a high-value, exposed target. Region isolation limits how far one compromised AMF reaches.
FIGURE 11.3SMF and UPF — Session Control and the Traffic Plane
SMF authors UP security policy controls UPF · session integrity N4 (PFCP) protect! (Ch 14) UPF forwards all traffic no subscriber keys N6 → internet (DDoS/FW) N3 ← gNB · N9 ↔ UPF SMF risk = policy manipulation (silently weaken UP security) · UPF risk = interception & volumetric attack at the internet edge
Purpose: the session pair. The SMF’s power is the UP security policy (manipulate it and you weaken protection invisibly); the UPF’s exposure is the internet edge.

11.3 AUSF and UDM — the Home Crown Jewels

FIGURE 11.4AUSF — More Than Authentication
AUSF verifies RES* (the final verdict) derives + delivers K_SEAF holds K_AUSF → protects: Steering of Roaming · UE Parameter Update · AKMA why it mattersa compromised AUSF can forgeSoR (redirect roamers) & UPU hardenK_AUSF protection in memorystrict SBI authorization
Purpose: the AUSF is not just a login server — KAUSF protects roaming-steering and parameter-update messages, so its compromise has reach beyond authentication.
FIGURE 11.5UDM/ARPF/SIDF/UDR — Protecting the Subscriber Vault
UDM domain — the crown jewel 👑 ARPF — K vaultHSM-backed · no export SIDFSUCI private key UDR — subscription data at rest (encrypt!) THE FIVE NON-NEGOTIABLES FOR THE UDM ① HSM for K ② no key export ③ encrypt UDR at rest ④ strict admin path + MFA ⑤ full audit logging
Purpose: the single most important hardening target in the network. Everything about the UDM domain assumes that losing it loses everything — so defense in depth is mandatory, not optional.
FIGURE 11.6Protecting K — HSM Integration at the ARPF
HSM 🔑 K (all subscribers) 🔑 OP/OP_c, TOP/TOP_c runs f1–f5 INSIDE tamper → zeroize ARPF logicrequests vector generation only RESULTS leaveRAND/AUTN/XRES*/CK,IK — never K
Purpose: how K is protected in practice. The HSM executes the AKA functions internally, so K never appears in general-purpose memory — defeating memory-scraping malware on the core platform.

11.4 NRF — Owning It Owns the Core

FIGURE 11.7NRF as Crown Jewel — Compromise Scenarios
NRF ① forge access tokensauthorize any operation anywhere ② register rogue NFsa fake UDM enters the trusted set ③ poison discoveryredirect consumers to attacker NF result SBA-wide compromise harden like the UDM
Purpose: the three ways NRF compromise cascades. Because it both authorizes (tokens) and directs (discovery), owning it lets an attacker rewrite the core’s trust map.
FIGURE 11.8PCF and SCP — Quieter but Sharp
PCF — policy is power decides QoS, charging, access & mobility policy manipulated PCF → silent traffic degradation, re-routing, or charging fraud harden: policy integrity, change auditing SCP — concentrated fabric routes most/all SBI traffic; Model D = token broker single point of observation AND failure compromise → mass interception / impersonation harden + audit like the NRF
Purpose: two NFs whose risk is easy to underestimate. The PCF quietly controls traffic; the SCP quietly sees all of it.
FIGURE 11.9NEF — the Deliberate Hole in the Wall
external AFsapps, enterprises NEFauthN · authZthrottle · minimizetopology hide internal NFsUDM, SMF, PCF… untrusted trusted SBI the NEF is the ONLY sanctioned path from outside to inside — full treatment in Chapter 12
Purpose: the NEF is exposure-by-design, so it is also defense-by-design. It is the one NF whose job is to mediate the untrusted world (Chapter 12).

11.5 SCAS — Standardized Per-NF Hardening

FIGURE 11.10SCAS Requirements Coverage per NF
TS 33.117 — genericapplies to EVERY NF 33.512 AMF+ NAS-specific tests 33.513 UPF+ traffic-plane tests 33.514 UDM+ credential protection 33.515 SMF 33.516 AUSF 33.517 SEPP NRF NEF, NSSF… use SCAS twice: as a PROCUREMENT gate (demand NESAS evidence) and as an AUDIT checklist seed (Chapter 28) — don’t re-invent hardening lists
Purpose: you don’t have to write NF hardening from scratch — 3GPP did. Generic requirements (33.117) plus per-NF specs give you ready-made audit and procurement criteria.
FIGURE 11.11The Per-NF Hardening Stack
key/credential protection (HSM, no export) SBI security (mTLS + OAuth, Ch 10) secure configuration (no default creds, min services) platform/OS/container hardening (Ch 29) logging + monitoring (Ch 26) applies to every NF crown jewels (UDM/NRF) get the FULL stack with maximum rigor; supporting NFs get it proportionate to blast radius
Purpose: the layered recipe applied per NF. The same stack everywhere, dialed to the blast radius — maximum for the crown jewels, proportionate elsewhere.
FIGURE 11.12NF Lifecycle Security — Onboarding to Decommission
onboardcert enroll · register · authZ setup runtimemTLS · OAuth · logging · patching decommissionrevoke cert · deregister · destroy keys the forgotten ends: an un-revoked cert on a decommissioned NF, or a registration left in the NRF, is an open door
Purpose: security spans the whole NF lifecycle. Decommissioning is the chronically forgotten phase — a retired NF’s certificate and NRF registration must be revoked, or they become attack surface.

11.6 The Practical Operator View

Common misconfiguration risks

11.7 Threats and Mitigations

NFTop threatPrimary mitigation
UDM/ARPFK theftHSM, no export, encrypt UDR, MFA admin
NRFtoken forgery / discovery poisoninghardening, mTLS, signed tokens, monitoring
AMFNAS-key harvesting / N2 overloadregion isolation, overload control
AUSFSoR/UPU forgeryK_AUSF protection, SBI authorization
SMFUP-policy manipulationpolicy integrity, change audit
UPFinterception / DDoSN4/N6 protection, anti-DDoS (Ch 14, 27)
SCPmass interception / impersonationNRF-grade hardening + audit

11.8 Terminology, Example, Checklist

TermMeaning
SCAS / NESASPer-NF security assurance specs / GSMA audit scheme using them
HSMHardware Security Module — protects K and runs AKA internally
blast radiusScope of damage if a given NF is compromised
SoR / UPUSteering of Roaming / UE Parameter Update — protected by K_AUSF

Real network example. During a cloud-core migration, an operator’s old UDM VMs were spun down but their certificates were never revoked and their NRF registrations were never removed. Months later, a security review found the decommissioned instances still listed as valid UDMs in the NRF. Had any of those VM images or their key material been recovered from the (un-wiped) cloud storage, an attacker could have presented a still-trusted certificate. Fix: a decommissioning runbook mandating cert revocation, NRF deregistration, and cryptographic erasure — and a periodic reconciliation between live NFs and NRF registrations. The crown jewels were protected in production; the forgotten lifecycle end was the gap.

Chapter Summary

? Review Questions

  1. Rank UDM, AMF, UPF, NRF by blast radius and justify each from what it holds.
  2. Beyond authentication, what does a compromised AUSF enable, and which key makes that possible?
  3. List the five non-negotiable hardening measures for the UDM domain.
  4. Explain the three ways NRF compromise spreads through the SBA.
  5. How does an HSM protect K even against malware running on the core platform?
  6. Why is the SCP a crown-jewel-class target in Model D deployments?
  7. Which lifecycle phase is most often neglected, and what specific artifacts must be cleaned up?
  8. How would you use SCAS in a procurement RFP and in an audit?
🧪 Mini lab — reconcile the NRF

In Open5GS: (1) Query the NRF for all registered NF profiles. (2) Compare against the NFs actually running. (3) Stop one NF without graceful deregistration and re-query — observe the stale registration (until heartbeat timeout). (4) Reflect: in a large cloud core with hundreds of CNF instances scaling up and down, how would you automate this reconciliation, and why is a stale registration (with a still-valid certificate) a security risk, not just an inventory error? Write the three steps of a decommissioning runbook: revoke cert, deregister, destroy keys.

← Chapter 10 Chapter 11 Chapter 12 →