| 리포트 | 기술문서 | 테크-블로그 | 원샷 갤러리 | 링크드인 | 스폰서 컨텐츠 | 네트워크/통신 뉴스 | 인터넷자료실 | 자유게시판    한국 ICT 기업 총람 |

제품 검색

|

통신 방송 통계

 
 
 
섹션 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/UHD IoT SDN/NFV Wi-Fi Video Streaming KT SK Telecom LG U+ OTT Network Protocol CDN YouTube Data Center
 

2024

5G 특화망

포탈

Private 5G/이음 5G

 포탈홈

  넷매니아즈 5G 특화망 분석글 (136)   5G 특화망 4가지 구축모델   산업계 5G 응용   산업분야별 5G 특화망 활용사례  [5G 특화망 벤더Samsung | HFR | Nokia | more
 

해외

  국가별 사설5G 주파수 [국가별 구축현황] 일본 | 독일 | 미국 | 프랑스 | 영국  [사설5G 사업자] Verizon | AT&T | DT | Telefonica | AWS | Microsoft | NTT동일본 | NTT Com    
 

국내

  5G 특화망 뉴스 | 국내 5G 특화망 구축 현황 | 국내 5G 특화망사업자 현황 (19개사) | 국내 자가구축사례 일람 | 국내 특화망 실증사업사례 일람 | 5G 특화망 정책
 
 

[5G 특화망 구축 사례] 한국식품산업클러스터 | 반월시화산단 삼성서울병원 | 롯데월드 | 한국수력원자력 | 해군본부 | 한국전력공사 | more  [이통사] KT

 
 
스폰서채널 |

 HFR Mobile의 5G 특화망 솔루션 (my5G)  Updated   |   뉴젠스의 5G 특화망 구축 및 운영 서비스  NEW  

  스폰서채널 서비스란?
banner
banner
5G IOT Security
5G IOT Security
September 13, 2016 | By Anand R. Prasad @ 3GPP/NEC
코멘트 (0)
4
 

3GPP security working group (SA3) 의장이며 NEC에 Chief Advanced Technologist인 Anand R. Prasad님이 보내온 기고글입니다.

Anand R. Prasad 

Chairman of 3GPP security working group (SA3) and Chief Advanced Technologist at NEC

 

This is second part of the article based on talks I have given on 5G security since last year. The first part on my thoughts regarding 5G is available here. In this part I present my views on considerations regarding 5G security for core network and radio access technology/network; rest of the security topics will be in the following part of the article. Once again, on purpose I do not discuss about global activities on 5G IOT and security.

 

Note that the discussion is about security considerations for 5G and not about security solutions or attacks.

 

(Core) Network

 

The core network will see increased use of SDN, NFV and cloud. Also, the core network will cater for multiple radio access technologies. With that let us look at security considerations.

 

Virtualization: A mobile network has to cater for several security credentials; security credential related to subscribers that are active or have been active recently and those related to secure communication between network functions. If we virtualize the network functions without appropriate considerations, these security credentials will potentially be accessible to attackers. Further to that, attack from one virtual machine could flow to other virtual machine or tenants. 

 

Based on the discussion it is clear that secure boot, secure storage of security credentials and isolation are some of the minimum requirements. There are several other virtualization related security aspects covered elsewhere thus we will no discuss the topic further.

 

The network perimeter will not be the same as today, i.e. it will not be possible to deter attacks at network borders or probably the definition of border will have to be reconsidered, where the network border will go deeper in the network that in turn means that attackers will be able to reach much deeper than before.

 

It goes without saying that baseline security considerations will become paramount. Where baseline security includes hardening, TCP/IP stack security, OS security, hypervisor security, password management etc. Security orchestration, besides secure orchestration, and security monitoring will be required.

 

Cloud: To me cloud is more than virtualization. In-case of cloud, virtual machines can migrate from one place to other. Now consider the security issues of migrating a mobile network function with associated security and networking related credentials as well as various configuration parameters; the network will become vulnerable. All credentials or configuration parameters associated to a network function that is being migrated must be removed from the source location else these could become targets of attack and, if not, misconfiguration. Similarly credentials and configuration parameters must be secured during the migration as well.

 

Slicing: Slicing will be brought about with the help of virtualization and cloud, although one could argue that slicing is doable without these technologies as well. As slicing is meant to provision network for specific service, it is also possible that various radio technologies will be connected to a given slice. This leads to several security considerations:

  • What identities will come in play, will it be the same as today – for subscriptions, slices and network functions? How will security be provisioned?
  • Will authentication remain the same? Will there be necessity for separate authentication or different method depending on slice and associated radio access technology?
  • Similar reasoning as for authentication will apply for authorization.
  • How will the control and user plane look like, where will be their end-point, what kind of security will be required? In any case, confidentiality, integrity and replay-protection will have to be considered.
  • How will security for mobility happen for all cases – within slice, between slice and same for radio access technologies? Here mobility is for all states a device and/or service might be in.
  • How will the forward and backward security happen?
  • The above will also have implications on key hierarchy as well as key management.
  • How to provision security between network functions?
  • With all these, how to still achieve backward compatibility?


Radio Access Technology (and Network)

 

Radio access technology will see several improvements with data-rates available from few bits going up to several gigabits, delays going down to micro- if not nano-seconds (compare it with millisecond range in today’s system). Radio access network will also become partially virtualized and cloud based. Let us now look at security considerations:

 

Virtualization and cloud related security issues will be the same as that for the (core) network discussed earlier. Additional implications due to radio access technology and radio access network characteristics will appear.

 

Interfaces: Additional security consideration will be required for introduction of new interfaces to the core network and within the radio access network including interface between the cloud part and non-cloud part. 

 

Data-rates and delays: For very low data-rates, going down to few bits per day, we will have to consider the extent of security (be it authentication, confidentiality, integrity or otherwise) that can be provisioned. Several Internet of Things (IOT) or Machine-to-Machine (M2M) services and devices fall under this category, examples are temperature sensors giving hourly updates, sensors on farm animals giving vital signature couple of times a day etc. Such devices will also be resource constrained in terms of battery, computation and memory. This brings us to several requirements on security like complete security related message sequence, e.g. authentication, should not run for every communication and even when run, they should be performed with minimum round-trip. Other requirement will be to reduce security related bits, e.g. integrity, over-the-air interface. Security and cryptographic algorithms must be energy efficient and optimized to work for resource constrained devices.

 

On the other end are high data-rate devices with higher battery and computational resources; examples include the smartphones or tablets, IOT devices like cars, Industrial IOT (IIOT) devices like machineries in factories and virtual or augmented reality (VR or AR) devices used for gaming or real-time services. Provisioning of higher data rates also means that complexity of security functions should be considered to avoid processing delay. At the same time, higher data rates are provisioned by decreasing the overhead bits in radio interface that in turn has implications on bits that can be budgeted for security. 

 

General aspects: Security considerations mentioned under slicing (authentication, key management etc.) part of previous section on (core) network are also valid for radio access network and radio access technology. Enhancements like beamforming, mass usage of software defined radio and their security implications should also be considered.

 
 
Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.
View All (1211)
5G (131) 5G 특화망 (44) AI (16) ALTO (1) AR (2) ARP (6) AT&T (1) Akamai (5) Authentication (5) BT (1) Backhaul (2) Big Data (2) Bridging (5) C-RAN/Fronthaul (19) CDN (20) CIoT (2) CPRI (6) Carrier Aggregation (5) Charging (2) China Mobile (2) Cisco (6) CoMP (3) Comcast (1) DHCP (6) DNS (15) Data Center (15) EDGE (14) EMM (1) EPS Bearer (7) Ethernet (3) FTTH (8) GSLB (5) Gigabit Internet (17) Google (17) Google Global Cache (8) Google TV (1) HLS (5) HTTP (5) HTTP Adaptive Streaming (7) HTTP Progressive Download (2) Handover (5) Huawei (1) IGMP (3) IP (6) IP Allocation (8) IP Routing (20) IPSec (4) IPTV (25) IoST (2) IoT (63) KT (46) Korea (8) Korea ICT Vendor (1) L3 Switch (5) LG U+ (24) LTE (99) LTE-A (10) LTE-A Pro (1) LTE-M (1) LTE-U (3) LoRa (5) MEC (15) MPLS (3) MWC 2013 (1) MWC 2015 (3) MWC 2016 (2) MWC 2017 (1) Mobile IPTV (1) Multi-Screen (1) Multicast (2) NAT (9) NB-IoT (6) NTT Docomo (1) Netflix (5) Network Protocol (49) Network Slicing (3) O-RAN (2) OSPF (3) OTT (20) Operator CDN (1) P2P (3) PS-LTE (3) Pooq (2) Private 5G (55) QoS (5) RCS (1) RRH (1) Request Routing (3) SD-WAN (8) SDN/NFV (42) SK Broadband (1) SK Telecom (38) Samsung (2) Security (8) Self-Driving (3) Shortest Path Tree (2) Small Cell (3) Spectrum Sharing (1) TAU (2) Transparent Caching (9) UHD (7) VLAN (2) VPN (3) VR (3) Video Streaming (22) VoLTE (1) VoWiFi (1) WAN Optimization (1) Wi-Fi (30) WiBro(WiMAX) (2) YouTube (16) eICIC (1) eMBMS (1) ePDG (6) u+ tv G (4) 로컬 5G (3) 이음 5G (25)

 

 

     
         
     

 

     
     

넷매니아즈 회원 가입 하기

2023년 6월 현재 넷매니아즈 회원은 55,000+분입니다.

 

넷매니아즈 회원 가입을 하시면,

► 넷매니아즈 신규 컨텐츠 발행 소식 등의 정보를

   이메일 뉴스레터로 발송해드립니다.

► 넷매니아즈의 모든 컨텐츠를 pdf 파일로 다운로드

   받으실 수 있습니다. 

     
     

 

     
         
     

 

 

비밀번호 확인
코멘트 작성시 등록하신 비밀번호를 입력하여주세요.
비밀번호