Home | Reports | Technical Documents | Tech-Blog | One-Shot Gallery | Korea ICT News | Korea Communication Market Data | List of Contributors | Become a Contributor |    
 
 
Section 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/Video Streaming IoT SDN/NFV Wi-Fi KT SK Telecom LG U+ Network Protocol Samsung   Korean Vendors
 
Real World Private 5G Cases   4 Deployment Models On-Premise Cases 5G Core Control Plane Sharing Cases

5G Core Sharing Cases

   
 
Private 5G Deployment   • Private 5G Frequency Allocation Status in Korea  South Korean government's regulations on private 5G and KT's strategy for entering the market
Cases in Korea   Private 5G Operators |   SK Networks Service (SI) Sejong Telecom (Wire-line Carrier) KT MOS (Affiliate of KT) • Newgens (SI) • NAVER Cloud more >>  
    Enterprise DIY |   Korea Hydro & Nuclear Power (Power Plant) Korea Electric Power Corporation (Energy) • Republic of Korea Navy more >>
 
CHANNELS     HFR Private 5G Solution (my5G)       my5G Solution Components       my5G Key Features        my5G Resources        my5G News          
 
banner
banner
5G IOT Security
September 05, 2016 | By Anand R. Prasad @ 3GPP/NEC
Online viewer:
Comments (0)
17

We are pleased to share with you all an interesting article contributed by Anand R. Prasad who is information security leader experienced in developing successful businesses with over 20 years of proven professional track record. 

 

 

Anand R. Prasad 

Chairman of 3GPP security working group (SA3) and Chief Advanced Technologist at NEC

 

All Articles by Anand R. Prasad 

 
     
  How to contribute your article to Netmanias.com !  
     
  List of Contributors  

 

 

     
 

This is second part of the article based on talks I have given on 5G security since last year. The first part on my thoughts regarding 5G is available here. In this part I present my views on considerations regarding 5G security for core network and radio access technology/network; rest of the security topics will be in the following part of the article. Once again, on purpose I do not discuss about global activities on 5G IOT and security.

 

Note that the discussion is about security considerations for 5G and not about security solutions or attacks.

 

(Core) Network

 

The core network will see increased use of SDN, NFV and cloud. Also, the core network will cater for multiple radio access technologies. With that let us look at security considerations.

 

Virtualization: A mobile network has to cater for several security credentials; security credential related to subscribers that are active or have been active recently and those related to secure communication between network functions. If we virtualize the network functions without appropriate considerations, these security credentials will potentially be accessible to attackers. Further to that, attack from one virtual machine could flow to other virtual machine or tenants. 

 

Based on the discussion it is clear that secure boot, secure storage of security credentials and isolation are some of the minimum requirements. There are several other virtualization related security aspects covered elsewhere thus we will no discuss the topic further.

 

The network perimeter will not be the same as today, i.e. it will not be possible to deter attacks at network borders or probably the definition of border will have to be reconsidered, where the network border will go deeper in the network that in turn means that attackers will be able to reach much deeper than before.

 

It goes without saying that baseline security considerations will become paramount. Where baseline security includes hardening, TCP/IP stack security, OS security, hypervisor security, password management etc. Security orchestration, besides secure orchestration, and security monitoring will be required.

 

Cloud: To me cloud is more than virtualization. In-case of cloud, virtual machines can migrate from one place to other. Now consider the security issues of migrating a mobile network function with associated security and networking related credentials as well as various configuration parameters; the network will become vulnerable. All credentials or configuration parameters associated to a network function that is being migrated must be removed from the source location else these could become targets of attack and, if not, misconfiguration. Similarly credentials and configuration parameters must be secured during the migration as well.

 

Slicing: Slicing will be brought about with the help of virtualization and cloud, although one could argue that slicing is doable without these technologies as well. As slicing is meant to provision network for specific service, it is also possible that various radio technologies will be connected to a given slice. This leads to several security considerations:

  • What identities will come in play, will it be the same as today – for subscriptions, slices and network functions? How will security be provisioned?
  • Will authentication remain the same? Will there be necessity for separate authentication or different method depending on slice and associated radio access technology?
  • Similar reasoning as for authentication will apply for authorization.
  • How will the control and user plane look like, where will be their end-point, what kind of security will be required? In any case, confidentiality, integrity and replay-protection will have to be considered.
  • How will security for mobility happen for all cases – within slice, between slice and same for radio access technologies? Here mobility is for all states a device and/or service might be in.
  • How will the forward and backward security happen?
  • The above will also have implications on key hierarchy as well as key management.
  • How to provision security between network functions?
  • With all these, how to still achieve backward compatibility?


Radio Access Technology (and Network)

 

Radio access technology will see several improvements with data-rates available from few bits going up to several gigabits, delays going down to micro- if not nano-seconds (compare it with millisecond range in today’s system). Radio access network will also become partially virtualized and cloud based. Let us now look at security considerations:

 

Virtualization and cloud related security issues will be the same as that for the (core) network discussed earlier. Additional implications due to radio access technology and radio access network characteristics will appear.

 

Interfaces: Additional security consideration will be required for introduction of new interfaces to the core network and within the radio access network including interface between the cloud part and non-cloud part. 

 

Data-rates and delays: For very low data-rates, going down to few bits per day, we will have to consider the extent of security (be it authentication, confidentiality, integrity or otherwise) that can be provisioned. Several Internet of Things (IOT) or Machine-to-Machine (M2M) services and devices fall under this category, examples are temperature sensors giving hourly updates, sensors on farm animals giving vital signature couple of times a day etc. Such devices will also be resource constrained in terms of battery, computation and memory. This brings us to several requirements on security like complete security related message sequence, e.g. authentication, should not run for every communication and even when run, they should be performed with minimum round-trip. Other requirement will be to reduce security related bits, e.g. integrity, over-the-air interface. Security and cryptographic algorithms must be energy efficient and optimized to work for resource constrained devices.

 

On the other end are high data-rate devices with higher battery and computational resources; examples include the smartphones or tablets, IOT devices like cars, Industrial IOT (IIOT) devices like machineries in factories and virtual or augmented reality (VR or AR) devices used for gaming or real-time services. Provisioning of higher data rates also means that complexity of security functions should be considered to avoid processing delay. At the same time, higher data rates are provisioned by decreasing the overhead bits in radio interface that in turn has implications on bits that can be budgeted for security. 

 

General aspects: Security considerations mentioned under slicing (authentication, key management etc.) part of previous section on (core) network are also valid for radio access network and radio access technology. Enhancements like beamforming, mass usage of software defined radio and their security implications should also be considered.

 
     

 

 
 
Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.
Related Contents
06/21/2018
Netmanias Blog
02/22/2018
Netmanias Blog
01/22/2018
Netmanias Blog
11/15/2017
Netmanias Blog
10/23/2017
Netmanias Blog
10/04/2017
Netmanias Blog
07/24/2017
Netmanias Blog
07/10/2017
Netmanias Blog
05/15/2017
Netmanias Blog
 
 
 
 

[HFR Private 5G: my5G]

 

Details >>

 

 

 

     
         
     

 

     
     

Subscribe FREE >>

Currently, 55,000+ subscribed to Netmanias.

  • You can get Netmanias Newsletter

  • You can view all netmanias' contents

  • You can download all netmanias'

    contents in pdf file

     
     

 

     
         
     

 

 

 

View All (858)
4.5G (1) 5G (102) AI (8) AR (1) ARP (3) AT&T (1) Akamai (1) Authentication (5) BSS (1) Big Data (2) Billing (1) Blockchain (3) C-RAN/Fronthaul (18) CDN (4) CPRI (4) Carrier Ethernet (3) Charging (1) China (1) China Mobile (2) Cisco (1) Cloud (5) CoMP (6) Connected Car (4) DHCP (5) EDGE (1) Edge Computing (1) Ericsson (2) FTTH (6) GSLB (1) GiGAtopia (2) Gigabit Internet (19) Google (7) Google Global Cache (3) HLS (5) HSDPA (2) HTTP Adaptive Streaming (5) Handover (1) Huawei (1) IEEE 802.1 (1) IP Routing (7) IPTV (21) IoST (3) IoT (56) KT (43) Korea (20) Korea ICT Market (1) Korea ICT Service (13) Korea ICT Vendor (1) LG U+ (18) LSC (1) LTE (78) LTE-A (16) LTE-B (1) LTE-H (2) LTE-M (3) LTE-U (4) LoRa (7) MEC (4) MPLS (2) MPTCP (3) MWC 2015 (8) NB-IoT (6) Netflix (2) Network Protocol (21) Network Slice (1) Network Slicing (4) New Radio (9) Nokia (1) OSPF (2) OTT (3) PCRF (1) Platform (2) Private 5G (11) QoS (3) RCS (4) Railway (1) Roaming (1) SD-WAN (17) SDN/NFV (71) SIM (1) SK Broadband (2) SK Telecom (35) Samsung (5) Security (16) Self-Driving (1) Small Cell (2) Spectrum Sharing (2) Switching (6) TAU (2) UHD (5) VR (2) Video Streaming (12) VoLTE (8) VoWiFi (2) Wi-Fi (31) YouTube (6) blockchain (1) eICIC (1) eMBMS (1) iBeacon (1) security (1) telecoin (1) uCPE (2)
Password confirmation
Please enter your registered comment password.
Password