5G security standards improve on their predecessorsBy Industry Contributor 14 June 2022 | Categories: sponsored content
By Syed Jawad Imam Jafri, Cyber Security and Privacy Officer (CSPO), Huawei South Africa
The 5G security architecture is based on previous 3G and 4G security architecture but expands and enhances them into a new environment. It also includes new enhancements such as encryption, authentication, user privacy, and a set of security measures and procedures to implement the security controls.
5G Security Architecture Inherits 4G Security Architecture
3GPP SA3, the body responsible for 5G security, has developed 5G R16 security standards and is developing 5G R17 security standards. To ensure that 5G standards move ahead consistently at all technical levels, the 3GPP is developing security standards at the same pace as that of architecture and wireless standards. 5G R15 standards have defined security architectures and security standards for eMBB scenarios, covering Standalone (SA) and Non-Standalone (NSA) architectures. Based on the 5G R15 security architecture, 5G R16 and R17 standards will cover security optimization for mMTC and URLLC scenarios, and provide further enhancements to the security infrastructure.
The security architecture of mobile networks is hierarchical and classified by domain in design. The 5G security architecture contains the following security domains: network access security, network domain security, user domain security, application domain security, SBA security, and visibility and configurability of security, where SBA security is a new security domain in 5G. SBA security is the set of security features that enable network functions of the SBA architecture to securely communicate within the serving network domain and with other network domains. These features include network function registration, discovery, and authorization security aspects, as well as protection for service-based interfaces. An SBA forms the basis of the 5G core network. To ensure security between UEs in the SBA, security mechanisms such as Transport Layer Security (TLS) and Open Authorization (OAuth) are needed.
The 5G network inherits the 4G network security framework, but provides enhanced security features. The 5G access and core networks have clear boundaries. Even though some 5G core network functions (such as the User Plane Function [UPF]) are moving closer to applications, they are still part of the 5G core network and therefore comply with its traffic distribution policy. The access and core networks interconnect through standard protocols, support inter-vendor interoperability, and have standards-based security protection mechanisms.
Security Hardening of 5G Standards over 4G Standards
The 5G SA network supports more security features to tackle potential security challenges in the future 5G lifecycle. 5G NSA and 4G networks share the same security mechanisms and work in standard and practice consistently to keep improving their security levels.
R15 defined the following 5G security hardening features:
- Stronger air interface security: In addition to user data encryption on 2G, 3G, and 4G networks, the 5G SA architecture provides user data integrity protection to prevent user data from being tampered with.
- Enhanced user privacy protection: In 2G, 3G, and 4G networks, users' permanent IDs (international mobile subscriber identities - IMSIs), are transmitted in plain text over the air interface. Attackers can exploit this vulnerability using IMSI catcher attacks to track users. In 5G networks, users' permanent IDs (in this case, subscription permanent identiﬁers [SUPIs]) are transmitted in cipher text to defend against such attacks.
- Better roaming security: Operators usually need to set up connections via third-party operators. Attackers can forge legitimate core network nodes to initiate Signaling System 7 and other attacks by manipulating third-party operators' devices. 5G SBA deﬁnes Security Edge Protection Proxy (SEPP) to implement security protection for inter-operator signaling at the transport and application strata. This prevents third- party operators' devices from tampering with sensitive data (e.g. key, user ID, and SMS) exchanged between core networks.
- Enhanced cryptographic algorithms: 5G R15 standards currently deﬁne security mechanisms such as 256-bit key transmission. Future 5G standards will support 256-bit cryptographic algorithms to ensure that such algorithms used on 5G networks are sufficiently resistant to attacks by quantum computers.
In R16 and R17, the existing security infrastructure was further optimized by enhancing SBA security, providing user-plane integrity protection for 5G NSA and 4G networks, and other means.
- Enhanced SBA security: The new SBA architecture of the 5G core network provides network functions as services. The relevant standard defines service security mechanisms for the architecture, including finger-grained authorization between network functions (NFs) and stronger protection for user-plane data transmission between operators, which ensures the security of data transmission on the signaling and user planes of the core network.
- User-plane integrity protection for 5G NSA and 4G networks: The user-plane integrity protection mechanism of 5G SA networks is introduced to 5G NSA and 4G networks to enhance air interface security.
As standards evolve, 5G cyber security features continue to be expanded and enhanced to tackle potential security challenges and enhance security throughout the 5G lifecycle.
Vertical Industries Empowered by 5G Standards Security
Based on R15's basic security architecture, R16 and R17 provided diversified and customized security features for vertical industries, for example, security of small data transmission on IoT devices, security of redundant session transmission in URLLC, authentication and authorization for slices, and flexible authentication for multiple forms of private networks, to meet diversified security requirements of different industries and open up 3GPP security capabilities to third parties.
- Cellular Internet of Things (CIoT) data transmission security: Defined secure transmission and simplified mobility protection mechanisms for small data transmission to meet requirements for user data protection on IoT devices in unique small-scale data transmission scenarios.
- Redundant session transmission security: Defined equivalent user-plane security policies of the redundant session transmission mechanism to implement the same level of security protection for two user sessions during redundant transmission in high-reliability and low-latency scenarios.
- Slice access security: Deﬁned the authentication and authorization process for slice access from UEs to meet vertical industries' requirements for controllable user access and authorization when using 5G networks.
- Private network authentication security: Deﬁned authentication modes in different enterprise private network forms to flexibly meet different industries' authentication requirements. In the public network integrated non-public network (PNI-NPN), for example, in scenarios where a slice provided by the operator is used to access a private network, slice authentication can be used to authenticate and authorize access from vertical industry users. When the data network provided by the operator is used to access a private network, enterprises authenticate and authorize vertical industry users. For independent private networks, initial authentication modes (EAP framework) other than symmetric authentication are introduced for UEs.
- Security capability openness: Used the basic key provided on operators' networks to protect the data transmission of third-party applications, and provided a security capability openness framework for third-party services to use operators' networks.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?