Key Points of 5G Security

 

Jul 01, 2018 posted by Anand R. Prasad, NEC Corporation

DOI: 10.13052/popcas019 | Read[436]

5G Phase 1 brings several enhancements to 4G security, some of the key points are presented in this short article. Details of the 5G Phase 1 specification [1] from all aspects will be published in the Journal of ICT Standardization [2] this month. A summary of the 5G Phase 1 specification is available in NEC whitepaper [3] as well.


pop19

Key enhancements in 5G security compared to 4G:

  • Primary authentication: Network and device mutual authentication in 5G is based on primary authentication. The authentication mechanism has in-built home control allowing the home operator to know whether the device is in given network and to take final call of authentication. The mandatory authentication options are 5G Authentication and Key Agreement (AKA) and Extensible Authentication Protocol (EAP)-AKA', i.e. EAP-AKA'. Optionally other EAP based authentication mechanisms are also allowed in 5G for specific cases such as private networks. Also, primary authentication is radio access technology independent thus it can run over non-3GPP technology such as WiFi.
  • Credential storage: Security credentials can be stored not only in UICC but other specified secure hardware storage platform.
  • Secondary authentication: Secondary authentication in 5G is meant for authentication with data networks outside mobile operator domain. For this purpose different EAP based authentication methods and associated credentials can be used.
  • Inter-operator security: 5G Phase 1 provides Inter-operator security, this should prevent security issues present in SS7 or Diameter.
  • Privacy: Home network public key is used to provide subscriber identity privacy thus IMSI related issues is not possible in 5G.
  • Service based architecture (SBA): 5G core network is based on SBA for which adequate security is provided.
  • Central Unit (CU) - Distributed Unit (DU): In 5G the base station is split in CU and DU with a interface between them. Security is provisioned for the CU-DU interface.
  • Key hierarchy: It is obvious from security perspective to have a different key hierarchy, compared to 4G, due to the changes in system architecture.
  • Mobility: Although mobility in 5G is similar to 4G, the difference in 5G is the assumption that mobility anchor in the core network is not in secure location. Thus secure mobility between mobility anchor points is also provisioned in 5G.


pop19

References:

[1] 3GPP TS 33.501 Security architecture and procedures for 5G System
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169
[2] River Publishers, Journal of ICT Standardization
https://www.riverpublishers.com/journal.php?j=JICTS
[3] NEC Corporation, Making 5G a Reality
http://www.nec.com/en/global/solutions/nsp/5g_vision/doc/wp2018ar.pdf

Comments