5G Security Overview (3GPP)

Preface

In December 2017, the Non-Standalone (NSA) specifications for 5G new radio (NR) were approved, followed in June 2018, by the Standalone specifications – completing the radio part of 5G Phase 1 (3GPP Release 15). The 3GPP Security Working Group (SA - Service & System Aspects) has been involved from the outset (start) of the work. In this article we briefly introduce security for both Non-Standalone and the Standalone NR 5G system.

What is 5G New Radio (5G NR)?

5G New Radio (NR) development is part of continuous mobile broadband evolution process to meet the requirements of 5G as outlined by IMT-2020 (5G), similar to earlier evolution of 3G & 4G wireless networks.

5G NR aims to make wireless broadband same as of wireline with the fiber-like (smooth) performance at a significantly lower cost-per-bit (memory footprint). With new levels of latency, reliability, and security, 5G NR will scale to efficiently connect the massive Internet of Things (IoT), and will offer new types of mission-critical services.

The ITU-R (Radiocommunications Sector for International Telecommunications Union) is in process of developing the specifications for IMT-2020, in close collaboration with the whole gamut of 5G stakeholders along with the associated spectrum management and spectrum identification aspects.

3GPP submission to IMT 2020 will include 5G New Radio (aka 5G NR) and LTE.

According to 3GPP 5G New Radio (NR) features will be phased as it will be not possible to standardize all in time for Rel-15 completion and early deployments.

Release 15 will aim at the first phase of expected deployments in 2020. It will address a more urgent subset of the commercial needs and is planned to be completed by Sep 2018.

Phase 2 is planned to be completed by Mar 2020. Rel-16 is targeted for the IMT 2020 submission and will address all identified use cases & requirements.

5G System

The 5G system is an evolution of the 4G mobile communication systems. Accordingly, the 5G security architecture is designed to integrate 4G equivalent security. In addition, the reassessment of other security threats such as attacks on radio interfaces, signalling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken into account for 5G and will lead to further security enhancements. This article gives an overview of 5G Phase 1 security as described in Release 15 specifications.

Note:
Signalling -> The information exchange concerning the establishment and control of a telecommunication circuit and the management of the network.

Outline

1. Non-Standalone security
2. Layout of the underlying trust models in the 5G system

• roaming case -> Non-Standalone System
• non-roaming cases -> Standalone System

3. Key 5G Phase 1 security enhancements (compared to 4G)

Non-Standalone NR Security

The first step standardized by 3GPP towards complete 5G coverage was Non-Standalone NR, also known as E-UTRA-NR(Evolved-Universal Terrestrial Radio Access-New Radio) Dual Connectivity -> EN-DC or Architecture Option 3. The key feature of Non-Standalone is the ability to utilize existing Long Term Evolution (LTE) and Evolved Packet Core (EPC) infrastructure, thus making new 5G-based radio technology available without network replacement.

EN-DC uses LTE as the master radio access technology, while the new radio access technology (i.e. NR) serves as secondary radio access technology with User Equipments (UEs) connected to both radios (LTE & NR). Except for capability negotiation, security procedures for EN-DC basically follow the specifications for dual connectivity security for 4G.

Node B: A logical node responsible for radio transmission / reception in one or more cells to/from the User Equipment. Terminates the Iub interface towards the RNC (Radio Network Controller).

A Master eNB (MeNB - Master Evolved Node B) checks whether the UE has 5G NR capabilities to access the Secondary gNB (SgNB - Secondary Next Generation Node B), i.e. 5G base station, and the access rights to SgNB. The capability and access rights check ensures that the standard is forward compatible since UEs with different capabilities, including security capabilities, can join the network.

The MeNB derives and sends the key to be used by the SgNB for secure communication over NR; the UE also derives the same key. Unlike dual connectivity in 4G networks, Radio Resource Control (RRC) messages can be exchanged between the UE and SgNB, thus keys used for integrity and confidentiality protection of RRC messages as well as User Plane (UP) data are derived.

Although integrity protection for UP data is supported in 5G network, it will NOT be used in EN-DC case. Use of confidentiality protection is OPTIONAL for both UP and RRC.

Evolution of the trust model

Moving on from the Non-Standalone deployment, in a Standalone 5G system, the trust model has evolved. Trust within the network is considered as DECREASING the further one moves from the core. This has impact on decisions taken in 5G security design, thus we present the trust model in this section.

The trust model in the UE is reasonably simple. There are two trust domains: the tamper proof universal integrated circuit card (UICC) on which the Universal Subscriber Identity Module (USIM) resides as trust anchor and the Mobile Equipment (ME).
-> The ME and the USIM together form the UE.

The Radio Access Network (RAN) is separated into distributed units (DU) and central units (CU)
-> DU and CU together form gNB (the 5G base-station).

The DU does not have any access to customer communications as it may be deployed in unsupervised sites. The CU and Non-3GPP Inter Working Function (N3IWF), which terminates the Access Stratum (AS) security, will be deployed in sites with more restricted access.

In the core network the Access and Mobility Management Function (AMF) serves as termination point for Non-Access Stratum (NAS) security. Currently, i.e. in the 3GPP 5G Phase 1 specification, the AMF is collocated with the SEcurity Anchor Function (SEAF) that holds the root key (aka anchor key) for the visited network. The security architecture is defined in a future proof fashion, as it allows separation of the security anchor from the mobility function that could be possible in a future evolution of the system architecture.

The AUthentication Server Function (AUSF) keeps a key for reuse, derived after authentication, in case of simultaneous registration of a UE in different access network technologies, i.e. 3GPP access networks and non-3GPP access networks such as IEEE 802.11 Wireless Local Area Network (WLAN).

The Authentication credential Repository and Processing Function (ARPF) keeps the authentication credentials. This is mirrored by the USIM on the side of the client, i.e. the UE side. The subscriber information is stored in the Unified Data Repository (UDR).

The Unified Data Management (UDM) uses the subscription data stored in UDR and implements the application logic to perform various functionalities such as authentication credential generation, user identification, service and session continuity etc.

Over the air interface, both active and passive attacks are considered on both control plane and user plane. Privacy has become increasingly important leading to permanent identifiers being kept secret over the air interface.

In the roaming architecture, the home and the visited network are connected through SEcurity Protection Proxy (SEPP) for the control plane of the internetwork interconnect. This enhancement is done in 5G because of the number of attacks coming to light (become known) recently such as key theft and re-routing attacks in SS7 and network node impersonation and source address spoofing in signalling messages in DIAMETER that exploited the trusted nature of the internetwork interconnect.

5G Phase 1 Security (Rel 15) vs 4G LTE

5G Phase 1 brings several enhancements to 4G LTE security, some of the key points are presented in this section.

Primary authentication

Network and device mutual authentication in 5G is based on primary authentication.

This is similar to 4G but there are a few differences:

The authentication mechanism has in-built home control allowing the home operator to know whether the device is authenticated in a given network and to take final call of authentication.

In 5G Phase 1 there are two mandatory authentication options:

• 5G Authentication and Key Agreement (5G-AKA)
• Extensible Authentication Protocol (EAP)-AKA', i.e. EAP-AKA'.

Optionally, other EAP based authentication mechanisms are also allowed in 5G - for specific cases such as private networks. Also, primary authentication is radio access technology independent.
-> thus it can run over non-3GPP technology such as IEEE 802.11 WLANs.

Secondary authentication

Secondary authentication in 5G is meant for authentication with data networks outside the mobile operator domain. For this purpose, different EAP based authentication methods and associated credentials can be used. A similar service was possible in 4G as well, but now it is integrated in the 5G architecture.

Inter-operator security

Several security issues exist in the inter-operator interface arising from SS7 or Diameter in the earlier generations of mobile communication systems. To counter these issues, 5G Phase 1 provides inter-operator security from the very beginning.

Privacy

Subscriber identity related issues have been known since 4G and earlier generations of mobile systems. In 5G a privacy solution is developed that protects the user's subscription permanent identifier against active attacks. A home network public key is used to provide subscriber identity privacy.

Service based architecture (SBA)

The 5G core network is based on a service based architecture, which did not exist in 4G and earlier generations. Thus 5G also provides adequate security for SBA.

Central Unit (CU) & Distributed Unit (DU)

In 5G the base-station is logically split in CU and DU with a interface between them. Security is provided for the CU-DU interface. This split was also possible in 4G, but in 5G it is part of the architecture that can support a number of deployment options (e.g. co-located CU-DU deployment is also possible).

The DUs, which are deployed at the very edge of the network, don't have access to any user data when confidentiality protection is enabled.

Even with the CU-DU split, the air interface security point in 5G remains the SAME as in 4G, namely in the radio access network.

Key hierarchy

The 5G hierarchy reflects the changes in the overall architecture and the trust model using the security principle of key separation. One main difference in 5G compared to 4G is the possibility for integrity protection of the user plane.

Mobility

Although mobility in 5G is similar to 4G, the difference in 5G is the assumption that the mobility anchor in the core network can be separated from the security anchor.

Mobility Anchor, also referred to as Guest tunneling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunneled to a predefined WLC (Wireless LAN Controller) or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic.

The Next Step

Non-Standalone and 5G Phase 1 Standalone architecture gave us a taste of the new generation of the mobile communication system. The main use case for 5G Phase 1 was mobile broadband.

5G Phase 2 will bring solutions for the Internet of Things (IoT), covering several scenarios in the form of massive Machine Type Communication (mMTC) and Ultra-Reliable and Low Latency Communications (URLLC).

1. mMTC relates to

• very large number of devices
• transmitting relatively low volume data
• data is nondelay-sensitive

2. URLLC relates to services with stringent requirements for capabilities such as

• throughput
• latency
• availability

For mMTC, very low data-rates going down to few bits per day, we will have to consider the extent of security (be it authentication, confidentiality, integrity or otherwise) that can be provided. Several IoT or Machine-to-Machine (M2M) services and devices fall under this category, examples are

• temperature sensors giving hourly updates.
• sensors on farm animals giving vital status couple of times a day.

Such devices will also be resource constrained in terms of battery, computation and memory.

For security the requirement will be to reduce the overhead of security related bits, e.g. for integrity, for every communication.

At the other end of the scale, URLLC devices will call for

• high data-rates
• potentially higher battery and computational resources

examples are

• cars
• Industrial IoT (IIoT) devices like factory machinery
• virtual or augmented reality (VR or AR) devices - used for gaming or real-time services.

Providing higher data rates also means that throughput of security functions need to be considered to avoid processing delay.