5G Security

System-wide security for 5G. Source: Ericsson 2021, fig. 8.
System-wide security for 5G. Source: Ericsson 2021, fig. 8.

The 5G System (5GS) includes subscribers, the Radio Access Network (RAN) and the Core Network (CN). Subscribers access 5G services via the home network or another visited network. Beyond 5GS, there are external data networks and non-3GPP access networks such as Wi-Fi to which 5GS interfaces. 5G procedures involving UE mobility, UE handover, Dual Connectivity (DC) and network slices further complicate security.

When talking about security, all parts have to be secured. Security means many things: authentication, access control, non-repudiation, data confidentiality, data integrity, availability, and privacy. User privacy implies protection of data, identity and location.

This article gives a high-level overview of 5G security in terms of security domains, threats, procedures, contexts, keys and algorithms. This article doesn't cover specific security aspects of NEF, SDN, NFV, O-RAN, and MEC.

Discussion

  • What's the 5G security architecture?
    5G security architecture. Source: ETSI 2024a, fig. 4-1.
    5G security architecture. Source: ETSI 2024a, fig. 4-1.

    5G security architecture can be understood through the following security domains:

    • Network Access (I): Provides authentication and secure access to the User Equipment (UE) over the air interface, be it 3GPP access or non-3GPP access. This includes security context delivery from Serving Network (SN) to Access Network (AN).
    • Network Domain (II): Concerns the security of signalling data and user plane data among network nodes, including Serving Network (SN) and Home Environment (HE). When roaming, SN and HE will belong to different PLMNs/operators.
    • User Domain (III): Concerns secure user access to Mobile Equipment (ME). UE consists of USIM and ME.
    • Application Domain (IV): Applications in the user domain and in the provider domain exchange messages securely.
    • SBA Domain (V): 5G adopts Service-Based Architecture (SBA) composed of many Network Functions (NFs). NFs may be in SN or HE. Service-Based Interfaces (SBIs) must be secured. This domain is new to 5G.
    • Visibility and Configurability (VI): Enable the user to be informed whether a security feature is in operation or not.
  • What's the 5G security threat landscape?
    5G security threat landscape. Source: Liyanage et al. 2018, fig. 3.5.
    5G security threat landscape. Source: Liyanage et al. 2018, fig. 3.5.

    Every 5G security domain can be targeted, from mobile devices to the core network, from the radio access network to the IP network. Attacks could involve spyware, malware, viruses, insecure OS or apps, and unauthorized apps. Bots or malware could attempt DDoS attack on the IP network. A fake gNB could attempt to steal secrets and identities from subscribers. IoT botnets could steal telemetry data or worse still remotely control critical infrastructure. Stealing data or bypassing billing are other goals of attackers.

    Apart from implementing the standards correctly, securing a 5G system requires sound OAM including deployment and operations. This includes consistent security policies, regular device management, OS/app patch management, and security monitoring. Devices go through provisioning, configuration, management and monitoring. All stages of this lifecycle must follow security best practices. OAM should include regular health checks, flow-based network visibility, vulnerability testing, and security alerts.

  • Which network entities participate in 5G security?
    5G non-roaming security architecture. Source: Zhang et al. 2019, fig. 6.
    5G non-roaming security architecture. Source: Zhang et al. 2019, fig. 6.

    We mention the main network entities that participate in 5G security:

    • AMF: Performs NAS Security Mode Command procedure. Secures NAS signalling between UE and AMF.
    • ARPF: Stores long-term secret key shared with the USIM. Computes keys and responses similar to what the USIM does. Co-located with UDM.
    • AUSF: Authenticates UE by comparing UE's response to expected response generated by and received from the ARPF. Informs SEAF and UDM of UE authentication result.
    • gNB: Performs AS Security Mode Command procedure. Secures traffic between UE and access network.
    • SEAF: Security anchor in the Serving Network. Manages security contexts as UE moves across access/serving networks, thus avoiding fresh authentication and reducing signalling. Co-located with AMF. Constructs the Serving Network Name (SNN).
    • SEPP: Acts as a gateway between serving and home networks. Secures inter-PLMN traffic.
    • SMF: Informs gNB/ng-eNB the UP security policy per PDU session.
    • SIDF: De-conceals SUCI to obtain SUPI. Co-located with UDM.
    • UDM: Given SUPI, it selects the authentication method.
  • Could you give an overview of 5G security procedures?
    AKA, NAS SMC and AS SMC procedures. Source: Zhang et al. 2021, fig. 2.
    AKA, NAS SMC and AS SMC procedures. Source: Zhang et al. 2021, fig. 2.

    Authentication and Key Agreement (AKA) is an essential security procedure. AKA allows the UE and the network to mutually authenticate each another. Cryptographic keys are generated during this procedure. USIM at the UE is involved during AKA.

    AKA is followed by NAS Security Mode Command (SMC) and AS Security Mode Command (SMC) procedures, in that order. These procedures allow the UE and the network to synchronize the activation of data protection. Cryptographic algorithms are selected during the SMC procedures. Ciphering and integrity protection are two main ways of protecting data. Over the N1 interface, NAS signalling between UE and AMF is protected. RRC signalling and User Plane (UP) data between UE and gNB are protected at the PDCP layer.

    As a result of AKA and SMC, both UE and network agree on security data or state called security context. Standards define procedures relating to how the security contexts are to be stored, distributed, established, and deleted. State transitions, UE mobility, Dual Connectivity, EPS-5GC interworking, and network slicing have procedures that include details of managing security contexts.

  • Could you describe the Security Mode Command (SMC) procedure?
    NAS and AS Security Mode Command procedures. Source: Adapted from ETSI 2024a, sec. 6.7.
    NAS and AS Security Mode Command procedures. Source: Adapted from ETSI 2024a, sec. 6.7.

    NAS security context is initiated by the AMF towards the UE via the NAS Security Mode Command message. The message contains the algorithms chosen by AMF. Message is integrity protected but not ciphered. UE's reply NAS Security Mode Complete is both integrity protected and ciphered. If UE fails to verify the command, it sends NAS Security Mode Reject.

    NAS SMC procedure is mandatory after primary authentication. A successful NAS SMC at AMF implies that SUPI used by UE matches with what AMF received from the home network. Only after NAS SMC, the UE stores \(K_{AUSF}\), which it subsequently uses to derive the keys for AS security context.

    For AS security context, gNB/ng-eNB sends the AS Security Mode Command message with the algorithms chosen by gNB/ng-eNB. This is triggered during UE registration or PDU session establishment. UE responds with AS Security Mode Complete message. While the command is only integrity protected, the response is both integrity protected and ciphered. If command verification fails, UE responds with unprotected AS Security Mode Failure message.

  • What's the difference between 5G NAS and AS security contexts?

    5G security procedures establish what's called a security context (SC), represented by security data stored in the UE and the serving network domain. A 5G Security Context includes 5G NAS and AS security contexts.

    5G NAS SC includes \(K_{AMF}\), ngKSI, UE security capabilities, and uplink/downlink NAS COUNT values. This context is "full" if it includes integrity and encryption keys and selected algorithms. ngKSI is the 5G Key Set Identifier (KSI). It's stored in UE and AMF along with \(K_{AMF}\).

    5G AS SC can be for 3GPP access or non-3GPP access. For 3GPP access, the context includes cryptographic keys and algorithms at the AS level, Next Hop (NH) parameters, Next Hop Chaining Counter (NCC) parameter, UE security capabilities, UP Security Policy at the network side, UP security activation status and the counters used for replay protection. For non-3GPP access, the context includes \(K_{N3IWF}\), the cryptographic keys/algorithms and IPSec tunnel security association parameters.

    A UE registered via 3GPP access, may initiate another registration via non-3GPP access. In the same PLMN, AMF may decide to skip primary AKA and reuse available NAS SC. In different PLMNs, UE maintains two independent NAS SC.

  • Which are the different states and types of 5G security contexts?

    5G security contexts can be in current or non-current state. Context types are mapped, full native or partial native. We note the following:

    • Current 5G SC: Most recently activated context. Can be mapped or native. Can coexist with a native non-current context. A full native context is either current or non-current.
    • Non-Current 5G SC: A full or partial native context but not currently used. Doesn't include 5G AS security context.
    • Native 5G SC: \(K_{AMF}\) is created via primary authentication. Identified by a native ngKSI allocated by SEAF. ngKSI allows subsequent reuse of native security context without invoking fresh authentication procedure. If NAS SMC hasn't been executed, it's called "partial native", which is always non-current. NAS COUNT values are zero. Otherwise, it's called "full native", that is, NAS SC is full.
    • Mapped 5G SC: \(K_{AMF}\) is derived by UE and AMF from EPS keys during EPS-to-5GS interworking. This is subsequently reused for interworking procedures.
  • Could you summarize the various 5G security keys and algorithms?
    5G key hierarchy. Source: Tabbane 2019, slide 67.
    5G key hierarchy. Source: Tabbane 2019, slide 67.

    During the AKA procedure, UDM/ARPF and USIM execute f1-f5, f1* and f5* algorithms. These algorithms could be based on MILENAGE or TUAK algorithm sets. However, an operator can choose to use proprietary algorithms. From the long-term secret K (stored in USIM and ARPF), keys CK and IK are derived.

    Ciphering and integrity algorithms are based on SNOW 3G, AES in CTR mode, or ZUC. These are 128-bit algorithms. 5G Advanced (Release 18 onwards) is expected to introduce 256-bit algorithms.

    NAS signalling is protected with keys \(K_{NASint}\) and \(K_{NASenc}\). RRC signalling is protected with keys \(K_{RRCint}\) and \(K_{RRCenc}\). UP traffic is protected with \(K_{UPint}\) and \(K_{UPint}\). These keys are derived from K via a hierarchy of intermediate keys. When a key is derived from another, a Key Derivation Function (KDF) applied. 5G uses HMAC-SHA-256 as the KDF.

    For concealing SUPI, Elliptic Curve Integrated Encryption Scheme (ECIES) is used. USIM has the public key of the home network. This is used to transform SUPI into SUCI.

  • Which standards specify 5G security?

    Security is overseen by 3GPP TSG SA WG3 (SA3). Sub-group SA3-LI looks into the specifications for lawful interception. Security specifications are mainly in the 33-series and 35-series.

    High-level security service requirements are specified in section 8 of TS 22.261. This is a good starting point for beginners. TS 33.501 details the security architecture and procedures. This is an essential read.

    TS 33.5xx documents specify requirements and test cases of network entities including gNB, SEPP, AMF, NRF, PCF and other Network Functions (NFs). General security assurance requirements are in TS 33.117. These documents are part of Security Assurance Specification (SCAS).

    ETSI Security Algorithms Group of Experts (SAGE) recommends cryptographic algorithms. 3GPP then approves them. These are specified in TS 35.2xx documents.

    The Internet Engineering Task Force (IETF) standardizes many algorithms and protocols. 3GPP has defined profiles for TLS, DTLS, IPsec and X.509 in TS 33.210 and TS 33.310 as part of Network Domain Security (NDS).

Milestones

May
2016

The NGMN Alliance makes a number of security recommendations towards a more secure 5GS. The Alliance identifies two categories of improvements: improving the access network and hardening network infrastructure against DoS attacks. Inter-PLMN signalling must be protected. User plane data integrity could be considered for resource-constrained IoT devices but otherwise be left to transport or application layer. Active network monitoring and automated countermeasures must be implemented.

2018
Business opportunities in driving 5G security at different levels. Source: Liyanage et al. 2018, fig. 5.7.
Business opportunities in driving 5G security at different levels. Source: Liyanage et al. 2018, fig. 5.7.

Gomes et al. note that 5G security could be classified into four scenarios: infrastructure-driven, platform-driven, location-driven, device-driven. They map this against business opportunities. Dark boxes in the figure show key opportunities.

Mar
2018

3GPP publishes TS 33.501 as part of Release 15. It's the main specification covering 5G security architecture and procedures. It's an evolution from earlier documents TS 33.401 (4G) and TS 33.102 (3G).

Oct
2019

GSMA publishes version 1.0 of Network Equipment Security Assurance Scheme (NESAS) documents. GSMA NESAS assesses vendor processes and accredits test labs. Accredited test labs conduct audits on vendor equipment in conformance with Security Assurance Specification (SCAS) defined by 3GPP. In April 2024, there are four accredited test labs.

References

  1. 3GPP. 2001. "TS 35.206: 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2: Algorithm specification." V3.0.0, April. Accessed 2024-04-13.
  2. 3GPP. 2013. "TS 35.231: Specification of the TUAK algorithm set: A second example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: Algorithm specification." V12.0.0, December. Accessed 2024-04-13.
  3. 3GPP. 2018. "TS 33.501: Security architecture and procedures for 5G System." V15.0.0, March. Accessed 2024-04-11.
  4. 3GPP. 2019. "TR 33.841: 3rd Generation Partnership Project; Technical Specification Group Services and Systems Aspects; Security aspects; Study on the support of 256-bit algorithms for 5G." V16.1.0, March. Accessed 2024-03-28.
  5. 3GPP. 2024a. "SA WG3 - Security and Privacy." 3GPP. Accessed 2024-04-11.
  6. 3GPP. 2024b. "3GPP Specification series: 33 series." 3GPP. Accessed 2024-04-11.
  7. 3GPP. 2024c. "3GPP Specification series: 35 series." 3GPP. Accessed 2024-04-11.
  8. ENISA. 2021. "Security in 5G Specifications: Controls in 3GPP Security Specifications (5G SA)." ENISA, February. Accessed 2024-03-03.
  9. ETSI. 2022. "TS 135 205: Universal Mobile Telecommunications System (UMTS); LTE; 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: General." V17.0.0, April. Accessed 2024-04-13.
  10. ETSI. 2023. "TS 133 220: Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 5G; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)." V17.4.0, January. Accessed 2024-03-28.
  11. ETSI. 2024a. "TS 133 501: 5G; Security architecture and procedures for 5G System." V17.12.0, January. Accessed 2024-04-03.
  12. ETSI. 2024b. "TS 122 261: 5G; Service requirements for the 5G system." V17.12.0, January. Accessed 2024-04-13.
  13. ETSI. 2024c. "Algorithms." ETSI. Accessed 2024-04-13.
  14. Ericsson. 2021. "A guide to 5G network security 2.0." Ericsson, September. Accessed 2024-04-14.
  15. GSMA. 2024. "GSMA Network Equipment Security Assurance Scheme Test Laboratories." GSMA. Accessed 2024-04-14.
  16. Huawei. 2021. "Huawei 5G Security White Paper." White paper, Huawei, November. Accessed 2024-04-14.
  17. Liyanage, M., I. Ahmad, A. B. Abro, A. Gurtov, and M. Ylianttila (eds). 2018. "A Comprehensive Guide to 5G Security." doi: 10.1002/9781119293071. John Wiley & Sons Ltd. Accessed 2024-03-03.
  18. Mattsson, J. P., P. Comak, and F. Karakoç. 2021. "The evolution of cryptography in mobile networks and how to secure them in the future." Blog, Ericsson, June 29. Accessed 2024-04-13.
  19. Moran, J. 2021. "A year (and a bit) in the life of NESAS." Slides, GSMA, October. Accessed 2024-04-14.
  20. Munilla, J., A. Hassan, and M. Burmester. 2020. "5G-Compliant Authentication Protocol for RFID." Electronics, MDPI, vol. 9, no. 11, article no. 1951. Accessed 2024-04-10.
  21. NGMN Alliance. 2016. "5G security recommendations: Package #1." v1.0, NGMN Alliance, May 6. Accessed 2024-04-11.
  22. Tabbane, S. 2019. "4G and 5G networks security techniques and algorithms." Slides, ITU PITA Workshop on Mobile network planning and security, October 23-25. Accessed 2024-04-13.
  23. Zhang, S., Y. Wang, and W. Zhou. 2019. "Towards Secure 5G Networks: A Survey." Computer Networks, Elsevier B.V., vol. 162, article 106871, October. Accessed 2024-04-10.
  24. Zhang, R., W. Zhou, and H. Hu. 2021. "Towards 5G Security Analysis against Null Security Algorithms Used in Normal Communication." Security and Communication Networks, Hindawi, vol. 2021, article no. 4498324. Accessed 2024-04-10.

Further Reading

  1. ETSI. 2024a. "TS 133 501: 5G; Security architecture and procedures for 5G System." V17.12.0, January. Accessed 2024-04-03.
  2. Basin, D., J. Dreier, L. Hirschi, S. Radomirovic, R. Sasse, and V. Stettler. 2018. "A Formal Analysis of 5G Authentication." CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1383–1396, October 15-19. doi: 10.1145/3243734.3243846. Accessed 2024-04-04.
  3. ENISA. 2021. "Security in 5G Specifications: Controls in 3GPP Security Specifications (5G SA)." ENISA, February. Accessed 2024-03-03.
  4. Zhang, S., Y. Wang, and W. Zhou. 2019. "Towards Secure 5G Networks: A Survey." Computer Networks, Elsevier B.V., vol. 162, article 106871, October. Accessed 2024-04-10.

Article Stats

Author-wise Stats for Article Edits

Author
No. of Edits
No. of Chats
DevCoins
4
0
1351
1954
Words
0
Likes
16
Hits

Cite As

Devopedia. 2024. "5G Security." Version 4, April 14. Accessed 2024-04-14. https://devopedia.org/5g-security
Contributed by
1 author


Last updated on
2024-04-14 05:34:04