Home | Reports | Technical Documents | Tech-Blog | One-Shot Gallery | Korea ICT News | Korea Communication Market Data | List of Contributors | Become a Contributor |    
 
 
Section 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/Video Streaming IoT SDN/NFV Wi-Fi KT SK Telecom LG U+ Network Protocol Samsung   Korean Vendors
 
CHANNELS HFRFRONTHAUL NetvisionMPTCP Springwave1588 PTP        
Migration to 5G: Security?
February 22, 2018 | By Anand R. Prasad @ 3GPP/NEC
Online viewer:
Comments (0)
10

We are pleased to share with you all an interesting article contributed by Anand R. Prasad who is information security leader experienced in developing successful businesses with over 20 years of proven professional track record. 

 

 

Anand R. Prasad 

Chairman of 3GPP security working group (SA3) and Chief Advanced Technologist at NEC

 

All Articles by Anand R. Prasad 

 
     
  How to contribute your article to Netmanias.com !  
     
  List of Contributors  

 

 

     
 

In this brief article I will touch on 3GPP recent achievements regarding 5G followed by high level discussion on migration associated security aspects and finally details of 3GPP specifications on Non-Stand-Alone or 4G-5G Dual Connectivity.

 

3GPP Recent Achievements
 

5G architecture and radio specifications were approved in December 2017! Click here to check 3GPP news. This is as planned, see my earlier article 5G Security - Tomorrow and day after? Among others, one of the achievements of 3GPP was the completion of 5G-4G dual connectivity specifications where a device can connect to 5G and 4G base-stations simultaneously while the 5G base-station is connected to the 4G core network. Such dual connectivity solution allows early availability of 5G to the market and serves as a migration path from 4G to 5G. Certainly, there are other options for migration to 5G - more details can be found in clause 7.2 of technical report 38.801"Study on new radio access technology: Radio access architecture and interfaces".

 


Migration Security


Here I present high level thoughts on security for migration to 5G and 3GPP security specification on Non-Stand-Alone / 4G-5G Dual Connectivity.

 

General Aspect

 

Looking at the global mobile communications market, operators might migrate to 5G not only from 4G but also from 3G and even some from 2G. Thus migration will be happening from very different types of system. At a high level, some of the aspects requiring security consideration from migration perspective are: (1) Deploying a secure 5G network; this includes secure network design, security assurance of network function and provisioning of security monitoring as well as security operations center - see figure on Network Guardian. Network design security should include interactions with legacy system. This gives us a clean 5G only environment. (2) Several existing databases will require migration to new system, adequate security consideration should be given to these. Special attention should be paid to those databases associated with user authentication, charging etc. (3) Adequate security consideration will also be required for security associated with OSS/BSS and O&M. (4) Migration towards 5G will also lead to increased deployment of virtualization. Depending on strategy and national regulations, shared or private virtualization infrastructure might be used thus calling for security considerations for cloud and virtualization. (5) Security should also be provisioned for new services that 5G will bring and for open APIs. This security must be provisioned with legacy networks in mind.

 


Non-Stand-Alone / 4G-5G Dual Connectivity Security

 

Now let us look at security for 4G-5G dual connectivity (non-stand-alone) specification as discussed earlier in the article. The mobile device first connects to 4G network thus from security perspective mobile device capability for 5G and authorization of subscriber to access 5G network should be verified. Followed by that keys should be derived for secure communication over 5G. Let us look at this in further details: The Master eNodeB (MeNB), i.e. the 4G base-station to which the mobile device is connected to, verifies whether the device is authorized to access 5G services. Once that is done, the MeNB derives and sends the key to be used by the Secondary gNB (SgNB), i.e. the 5G base-station; the mobile device also derives the same key. Both user-data communication and signaling takes place between the mobile device and SgNB. Thus further keys are derived from key sent to SgNB, these are (a) confidentiality key for user-data and (b) both confidentiality and integrity keys for signaling. Note that integrity key will be derived and integrity will be provisioned for user-data for complete 5G system, i.e., non-dual connectivity case.

 

 

 
     
Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.
Related Contents
11/15/2017
Netmanias Blog
10/04/2017
Netmanias Blog
07/24/2017
Netmanias Blog
05/15/2017
Netmanias Blog
09/26/2016
Netmanias Blog
09/22/2016
Netmanias Blog
View All (791)
4.5G (1) 5G (80) AI (6) AR (1) ARP (3) AT&T (1) Akamai (1) Authentication (5) Big Data (2) Blockchain (3) C-RAN/Fronthaul (17) CDN (4) CPRI (4) Carrier Ethernet (3) China (1) China Mobile (2) Cisco (1) Cloud (5) CoMP (6) Connected Car (4) DHCP (5) Edge Computing (1) Ericsson (2) FTTH (6) GSLB (1) GiGAtopia (2) Gigabit Internet (19) Google (7) Google Global Cache (3) HLS (5) HSDPA (2) HTTP Adaptive Streaming (5) Handover (1) Huawei (1) IEEE 802.1 (1) IP Routing (7) IPTV (21) IoST (3) IoT (54) KT (41) Korea (19) Korea ICT Market (1) Korea ICT Service (13) Korea ICT Vendor (1) LG U+ (18) LSC (1) LTE (78) LTE-A (16) LTE-B (1) LTE-H (2) LTE-M (3) LTE-U (4) LoRa (7) MPLS (1) MPTCP (3) MWC 2015 (8) NB-IoT (6) Netflix (2) Network Protocol (20) Network Slicing (4) New Radio (9) Nokia (1) OSPF (2) OTT (3) PCRF (1) Platform (2) QoS (3) RCS (3) SD-WAN (15) SDN/NFV (66) SK Broadband (2) SK Telecom (33) Samsung (5) Security (16) Self-Driving (1) Small Cell (2) Spectrum Sharing (2) Switching (6) TAU (2) UHD (5) VR (2) Video Streaming (12) VoLTE (8) VoWiFi (2) Wi-Fi (29) YouTube (6) blockchain (1) eICIC (1) eMBMS (1) iBeacon (1) security (1) telecoin (1) uCPE (2)
Password confirmation
Please enter your registered comment password.
Password