5G Security Controls and Assurance

By Dr. David Soldani, 06/03/2021

This article focuses on the most important security specifications for 5G networks, i.e. 3GPP Technical Specification 33-Series [1].

The main active working group addressing 5G security and privacy issues is 3GPP System Architecture 3 (3GPP SA3). The group is responsible for identifying the security and privacy requirements and defining the security architectures and associated protocols to address these requirements. 3GPP SA3 also ensures that cryptographic algorithms which need to be part of the 5G security specifications are available.

3GPP Release 15 defines the 5G security infrastructure and further enhances 4G security. It also supports security assurance and test methods for 5G core network functions and base station (gNB).

3GPP Release 16 fortifies the security architecture for wireless-wireline convergence; and supports security for vertical functions and authentication and key management of vertical applications, such as network sliding, industrial IoT, cellular IoT, multi-access edge computing (MEC), terrestrial and aerial manned and unmanned vehicles. It also supports security assurance requirements and test cases for data analytics, interworking and service communication proxy functions.

3GPP Release 17 will further evolve the user plane integrity; authentication functions; security controls for rouge base stations, slice enhancement, private networks, drones, and broadcast channels. Also, it will support security assurance requirements and test cases for additional network equipment and related functions.

The following sections outline the most important technical specifications and provide some insights into the new security control mechanisms for confidentially and integrity protection [2]-[4], and schemes for network element security assurance [5] in 5G.

Figure 1. 3GPP Technical Specifications and Reports for Release 15 (R15), Release (R16) and Release (R17).

Security Architecture and Procedures

• TS 33.501 Security architecture and procedures for 5G System

Security Assurance Specifications

• TS 33.511 Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class
• TS 33.512 5G Security Assurance Specification (SCAS); Access and Mobility management Function (AMF)
• TS 33.513 5G Security Assurance Specification (SCAS); User Plane Function (UPF)
• TS 33.514 5G Security Assurance Specification (SCAS) for the Unified Data Management (UDM) network product class
• TS 33.515 5G Security Assurance Specification (SCAS) for the Session Management Function (SMF) network product class
• TS 33.516 5G Security Assurance Specification (SCAS) for the Authentication Server Function (AUSF) network product class
• TS 33.517 5G Security Assurance Specification (SCAS) for the Security Edge Protection Proxy (SEPP) network product class
• TS 33.518 5G Security Assurance Specification (SCAS) for the Network Repository Function (NRF) network product class
• TS 33.519 5G Security Assurance Specification (SCAS) for the Network Exposure Function (NEF) network product class
• TS 33.520 5G Security Assurance Specification (SCAS); Non-3GPP InterWorking Function (N3IWF)
• TS 33.521 5G Security Assurance Specification (SCAS); Network Data Analytics Function (NWDAF)
• TS 33.522 5G Security Assurance Specification (SCAS); Service Communication Proxy (SECOP)

Studies and Reports

• TR 33.807 Study on the security of the wireless and wireline convergence for the 5G system architecture
• TR 33.809 Study on 5G security enhancements against False Base Stations (FBS)
• TR 33.811 Study on security aspects of 5G network slicing management
• TR 33.813 Study on security aspects of network slicing enhancement
• TR 33.819 Study on security enhancements of 5G System (5GS) for vertical and Local Area Network (LAN) services
• TR 33.824 Study on security aspects of Integrated Access and Backhaul (IAB) for Next Radio (NR)
• TR 33.825 Study on the security of Ultra-Reliable Low-Latency Communication (URLLC) for the 5G System (5GS)
• TR 33.826 Study on Lawful Interception Service Evolution
• TR 33.836 Study on security aspects of 3GPP support for advanced Vehicle-to-Everything (V2X) services
• TR 33.839 Study on security aspects of enhancement of support for edge computing in 5G Core (5GC)
• TR 33.840 Study on security aspects of the disaggregated gNB architecture
• TR 33.841 Study on the support of 256-bit algorithms for 5G
• TR 33.848 Study on security impacts of virtualisation
• TR 33.850 Study on security aspects of enhancements for 5G Multicast-Broadcast Services (MBS)
• TR 33.851 Study on security for enhanced support of Industrial Internet of Things (IIoT)
• TR 33.852 Study on traffic characteristics and performance requirements for AI/ML model transfer in 5G Systems (5GS)
• TR 33.854 Study on security aspects of Unmanned Aerial Systems (UAS)
• TR 33.861 Study on evolution of Cellular Internet of Things (CIoT) security for the 5G System

Others Specifications

• TS 33.535 Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)
• TS 33.536 Security aspects of 3GPP support for advanced Vehicle-to-Everything (V2X) services

Primary Authentication

The Extensible Authentication Protocol (EAP) – 5G Authentication and Key Agreement (5G AKA) procedure makes it possible the mutual authentication between the UE and the network, based on a secret (shared) master key (K) in the USIM and Authentication Credential Repository and Processing Function (ARPF).

On the side of the 5G core network (5GC), the key element that effectively performs authentication with the UE is Authentication Server Function (AUSF). It uses services of Unified Data Management (UDM) and ARPF, which are responsible for hosting the functions related to data management and for selecting authentication methods and computing data and keying material that AUSF needs. At the same time, the Subscriber Identifier De-concealing Function (SIDF) comes into play to derive the SUPI from SUCI. All this is happening in the home network core.

On the side of the serving network, the key function is Security Anchor Function (SEAF), that stores the anchor key (K_SEAF) provided by the AUSF of the home network. Keys for more than one security context can then be derived from the K_SEAF without the need of a new authentication run, regardless of the access network technology used by the UE. (In 5G, the home network is in charge of authentication instead of the visiting/roaming network.)

Another authentication framework is the Authentication and Key management for Applications (AKMA), where subscriber credentials can be used for authentication and key management at the application layer, for 3rd party applications. This may be particularly relevant for IoT applications.

Figure 2. Key generation hierarchy in 5G [4].

Secondary Authentication

The EAP supports both primary (typically implemented during initial registration for example when a device is turned on for the first time) and secondary (executed for authorisation during the set-up of user plane connections, for example, to surf the web or to establish a call) authentication.

The secondary authentication allows the operator to delegate the authorisation to a third party. It is meant for authentication between UE and external data networks (EDN), residing outside the operator’s domain. (A similar service was also possible in 4G, but it is now integrated in 5G architecture.) This mechanism allows an independent authentication and authorization, e.g. using network slicing, before the UE may connect to that external network using EAP to request secondary authentication by the external network.

Protection of Network Interfaces

In 5G, the implementation of the Radio Access Network (RAN) may be split or disintegrated, where RAN is separated into: Distributed Units (DU) and Central Units (CU). The CU performs security functions (cryptography), it terminates the Access Stratum (AS) security protocols and is typically deployed in sites with restricted access to maintenance personnel. (Together DU and CU form the gNB.)

Since the traffic transmitted through F1 and E1 interfaces may carry sensitive data, the 3GPP TS 33.501 requires mandatory confidentiality, integrity and replay protection for the F1 signalling plane (F1-C) and for the E1 interface (E1-C and E1-U), while leaving it optional for the F1 user plane interface (F1-U). For both F1 and E1 interfaces the support of “IPSec ESP protocol (IETF RFC 4303) and IKEv2 certificate-based authentication (TS 33.310)” is mandatory. The F1-U may be protected differently, including turning integrity and/or encryption off or on for F1-U.

Figure 3. Protection of network interfaces and communication between network functions in 5G [2].

Interfaces N2 and N3 (also shown in Figure 3) are interfaces that connect 5G-RAN with Access and Mobility Function (AMF) and with the UPF (User Plane Function), respectively. In both cases, the support of the “IPsec ESP and IKEv2 certificate-based authentication” are required. In addition, 3GPP TS 33.501 demands the support of DTLS (RFC 6083), clarifying also that the use of DTLS for transport layer security does not rule out usage of other network layer protection, emphasizing the advantage of IPSec in terms of providing topology hiding. (A Security Gateway (SEG) may be used to terminate the IPSec tunnel between the gNB side and that on the 5GC side.)

The 5GC Service Based Architecture (SBA) is based on network entity functionalities which are refactored into services exposed and offered to other network entities. These network functions expose their functionality through Service Based Interfaces (SBI) through an SBI message bus that implements RESTful APIs over HTTP/2. Essentially, all NFs can communicate with each other using either a request/response or subscribe/notify interactions between NF service consumers and producers.

From the security point of view, NFs must support client and server certificates and TLS, which is envisaged to be used for transport protection, whilst NDS/IP can still be used for network layer protection.

The Network Repository Function (NRF) can be seen as the authorization server that issues access tokens to other NFs that want to communicate to each other.

The mutual authentication between these functions is mandatory, and for NF-NRF communication it is done during discovery, registration and access token request. (The actual authentication mechanism would depend on the protection mechanism used. If that was the TLS, then the authentication provided by TLS would be used.)

The authorization is based on the OAuth 2.0 framework (RFC 6749).

Network Element Security Assurance Scheme

The Global System for Mobile Communications Association (GSMA) network element security assurance scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry.

Figure 4. GSMA NESAS and 3GPP SCAS methodologies and milestones [5].

The NESAS defines security requirements based on 3GPP technical specifications and an assessment framework for secure product development and product lifecycle processes; and security evaluation scheme for network equipment, using the 3GPP defined security specifications and test cases, i.e., 3GPP security assurance specifications (SCAS).

• NESAS Development and Lifecycle Assessment Methodology - defines audit and assessment process for vendor development and product lifecycle process under the GSMA Network Equipment Security Assurance Scheme (NESAS).
• NESAS Development and Lifecycle Security Requirements - defines security requirements for vendor development and product lifecycle process under the GSMA Network Equipment Security Assurance Scheme (NESAS).

The NESAS is focused on the vendor aspects of the supply chain, and thus provides a security assurance framework to improve security levels across the all mobile industry, because it has been developed following established practices and schemes that provide trustworthy security assurance.

The NESAS is widely supported by security authorities (such as ENISA in EU, ANSSI in France and BSI in Germany) and industry organizations, globally.

The NESAS 1.0 release was finalized in October 2019. Ericsson, Nokia and Huawei openly support NESAS as a unified cyber security certification framework for mobile network equipment, and more than ten operators have requested NESAS compliance, before deploying 5G equipment in their countries. 

On 24 August 2020, the GSMA announced that the world’s leading mobile network equipment vendors, Ericsson, Huawei, Nokia and ZTE, had successfully completed an assessment of their product development and life cycle management processes using the GSMA’s NESAS. In particular, Huawei has passed the auditing process for LTE eNodeB and 5G gNodeB product lines, and 5G Core product line. In January 2021, the Huawei 5G gNodeB and LTE eNodeB passed the 3GPP’s security assurance specifications testing.

Figure 5. Examples of how the NESAS is widely supported globally [5].

The NESAS 1.0 framework was approved in October 2019 and comprises a number of technical specifications that meet the basic requirements of the EU Cyber Security Act. The NESAS specifications will be further improved by the end of this year to meet higher security assurance levels in compliance with the EU Cyber Security Act. This will take into account the best industry standards and security practices.

Trustworthy products and resilient networks cannot be achieved without the full participation of all the elements in the trust chain for a network. We need a layered defense, where controls of various types and kinds overlap each other in coverage, and that’s how a defense-in-depth 5G security strategy should be implemented.

An example of defense-in-depth approach for 5G security deployment requires the support of:

• All 3GPP SCAS requirements, and fundamental security control enhancements, such as: user plane (UP) integrity protection, UP security policy, roaming security, user privacy preservation (encryption of international mobile subscriber identity), unified authentication and enhanced encryption algorithms.
• Equipment security, for example: 3-plane isolation, data security, host intrusion detection and Trusted Execution Environment (TEE).
• Sub-solutions to Radio Access Network (RAN) security (e.g. rouge base station detection, secure transmission), MEC security (MEC platform hardening, MEC security operations, e2e encrypted local network), Core Network security (multi-layer isolation and hardening, disaster and elastic recovery), Network Slicing security (slice isolation, encryption and protection, differentiated slice security) and Massive Connectivity security (signaling domain anti-DDoS and date domain anti-DDoS).
• Security management, which includes an Element Management System (EMS) layer, for situational awareness, anomaly detection, trusted integrity measurements, certificate management, log auditing, and Network Element (NE) vulnerability management; and an end-to-end Security Operation Centre (SOC), for security situational awareness, AI-based threat analysis and detection, security orchestration and Network Element (NE) vulnerability management.

5G security requires collaboration in terms of standards, devices, and deployment. All parties in the industry chain need to take their own security responsibilities. In order to mitigate the related cyber security risks:

• Suppliers must prioritized cyber security sufficiently (e.g. respect laws, regulations, standards, certify their products, and ensure quality in their supply chains).
• Telecoms operators are responsible for assessing risks and taking appropriate measures to ensure compliance, security and resilience of their networks.
• Service providers and customers are responsible for the implementation, deployment, support and activation of all appropriate security mechanisms of service applications and information (data).
• Regulators are responsible for guaranteeing that Telco providers take appropriate measures to safeguard the general security and resilience of their networks and services.
• Governments have the responsibility of taking the necessary measures to ensure the protection of the national security interests and the enforcement of conformance programs and independent product testing and certification.
• Standardization development organizations must ensure that there are proper specifications and standards for security assurance and best practices in place, such as the GSMA NESAS.

The mobile industry needs a globally trusted and mutually recognized security assurance scheme. All stakeholders are invited to adopt and contribute to the GSMA NESAS, which is a security assurance scheme with shared and tailored specifications. Industry players, governments, security agencies and regulators are recommended to adopt the GSMA NESAS for testing and evaluating telecoms equipment.

The NESAS is a customized, authoritative, unified, efficient and constantly evolving security assurance scheme for the mobile industry, and could be a part of certification and accreditation processes against a predetermined set of security standards and policies for security authorization in any country.

References

[1]   3GPP TS 33.501, “Security architecture and procedures for 5G System,” February 2021. Retrieved from:

https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169

[2]   ENISA, “Security in 5G Specifications - Controls in 3GPP Security Specifications (5G SA),” February 2021. Retrieved from:

https://www.enisa.europa.eu/news/enisa-news/cybersecurity-for-5g-enisa-releases-report-on-security-controls-in-3gpp

[3]   ENISA, “5G Supplement - To the Guideline on Security Measures under the EECC,” December 2020. Retrieved from:

https://www.enisa.europa.eu/publications/5g-supplement-security-measures-under-eecc

[4]   Reiner Stuhlfauth, “5G Security Aspects,” Rohde & Swartz webinar, May 2020. Retrieved from:

https://www.rohde-schwarz.com/us/knowledge-center/videos/5g-security-aspects-video-detailpage_251220-638752.html

[5]   D. Soldani, “5G Security,” Cyber Defense eMagazine, February 2021. Retrieved from:

https://cyberdefensemagazine.tradepub.com/free/w_cyba111/prgm.cgi

Biography

David Soldani received a Master of Science (M.Sc.) degree in Engineering with full marks and magna cum laude approbatur from the University of Florence, Italy, in 1994; and a Doctor of Science (D.Sc.) degree in Technology with distinction from Helsinki University of Technology, Finland, in 2006. In 2014, 2016 and 2018 he was appointed Visiting Professor, Industry Professor, and Adjunct Professor at University of Surrey, UK, University of Technology Sydney (UTS), Australia, and University of New South Wales (UNSW), respectively. D. Soldani is currently at Huawei Technologies and, since 2018, he has been serving as Chief Technology (CTO) and Cyber Security Officer (CSO) within the ASIA Pacific Region, and, since 2020, as Chairman of the IMDA 5G task force, in Singapore. Prior to that he was Head of 5G Technology, e2e, Global, at Nokia; and Head of Central Research Institute (CRI) and VP Strategic Research and Innovation in Europe, at Huawei European Research Centre (ERC). David can be reached online at https://www.dhirubhai.net/in/dr-david-soldani/

Appendix – Cryptography

This section summarizes all the cryptography key concepts so that anyone can understand the application of cryptography, and all the beneficiary effects those technologies have in achieving a secure communication between peer entities, in terms of confidentiality (encryption) and integrity (hashing), authenticity (proof of origin), non-repudiation, and access control, e.g. across a wireless channel (with public access). (N.B. Availability is not guaranteed.)

Ways to do cryptography, stream and block ciphers:

• Algorithm → High degree of confusion and diffusion.
• Symmetric key → Very fast (+), key distribution (-) and scalability (-).
• Asymmetric key → Very slow (-), key distribution (+) and scalability (+).
• Hashing → One way operation for data at rest and data in motion (transit) integrity.
• Message digest → Representation of message that ensures the authentication and integrity of information, but not confidentiality.
• Digital signatures → Authentication, integrity of message and non- repudiation (inability to deny) services (origin and delivery) → Private Key + Digest.
• Digital certificate → Binds individuals and entities to their public keys.
• Secure cryptography ? Proper Key Management.
• Key digest → Symmetric Key + Digest.

Figure 6 illustrates an example of encryption using asymmetric key and integrity (hashing), e.g. across a wireless channel (with public access), Figure 7 depicts an example of Public Key Infrastructure (PKI), and Figure 8 shows how Secure Sockets Layer (SSL) and its successor, i.e. Transport Layer Security (TLS), between networked computers, work.

Figure 6. Example of encryption using asymmetric key and integrity (hashing) across a wireless channel (with public access).

Figure 7. Example of Public Key Infrastructure (PKI).

Figure 8. Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), between networked computers.