How to protect 5G from hacking: exploring the security architecture

Media and companies cheerfully report that “the 5G era has arrived or is about to come” and promise incredible changes in our life in connection with this. Changes will come in the form of the Internet of things, smart cities, Industry 4.0, associated with the massive introduction of cyberphysical systems and new technologies. Moreover, the number of relationships in the ecosystem is, in fact, equal to the number of possible attack vectors on it. So, we need to discuss 5G security. And no, we do not propose joining the cabal of clicks and propagandists who describe the horrors of "deadly radiation" - we will talk about protecting networks and 5G devices from hacking. Or, more precisely, about the security architecture of 5G networks.

5G technologies offer huge opportunities for the market and users.But along with this, you need to ask how the protection of 5G networks will be built, which hackers will certainly be interested in. The introduction of 5G networks will create completely different business models and introduce new participants to the field of mobile technology. Accordingly, when developing security systems, this will have to be taken into account and a clear distinction should be made between whom, to what extent, and which data / functions can be trusted. The application of new technologies, for example, virtualization of networks (that is, separation of logical networks from network equipment) and SDN (software-configured networks), will lead to a similar result, only in this case we are talking about the interaction of application owners and suppliers of computing resources and data storage and to tighten the requirements for the protection of information that is transmitted between the participants.

To address these issues, develop standards and ensure the security of new generation networks, the 5G-Ensure international project has been launchedin which scientists and experts from the largest European companies, including Nokia and Ericsson, participate. With the support of their respective governments, they are developing both a common roadmap for network security and specific tools and solutions in this area. As part of this project, in April 2018, 15 experts from various organizations from around the world, including Oxford University, French Orange Labs and the Royal Swedish Institute of Technology, analyzed the infrastructure of 5G networks and proposed their own vision of the security architecture for them, which will help to better understand what how and how to protect from intruders in the changing conditions compared to the 3G / 4G era. The full study of A Security Architecture for 5G Networks can be found here., and in this post the main ideas from the theoretical part of the study are given. More practical issues and examples of the application of such architecture will be devoted to a separate blog post.

What is security architecture?
One of the key points in creating secure systems, according to the authors of the study, is the use of a security architecture. The presence of such an architecture makes it possible to examine in detail all the objects associated with the system and their relationships. Such a comprehensive assessment allows us to analyze the level of security of the system as a whole and the security of its individual parts, to understand how these parts affect the system, identify possible threats and develop effective measures to counter them and manage security.

Moreover, in order to provide the most effective protection, the development of the architecture and tools should be carried out before the deployment of 5G networks or in parallel with them. Recently, the number of cybersecurity risks has been constantly increasing, and attack factors associated with the ecosystem itself, for example, IoT devices, have been added to the “human” factor. Therefore, the trend of “safe by definition” systems, the protection mechanisms into which are built in during development or deployment, as opposed to the classical method of external protection in the form of antiviruses or firewalls, is justly gaining popularity. And this is especially true for systems such as 5G networks, since it will be much more difficult to protect them “in fact” because of the scale and number of interconnections.

The main components of a security architecture are domains, layers, security areas, and security management classes.

A domain is a group of network objects selected in accordance with certain physical or logical parameters that are important for a particular 5G network.

A layer is the protocols, data, and functions associated with some aspect of the services provided by one or more domains.

Security Scope (SR) covers all the security needs of one or more layers / domains.

Security Management Classes (SCC)- a set of functions and mechanisms of system protection (including measures and countermeasures) that relate to any one aspect of security, for example, ensuring data integrity. SCCs help to avoid, detect, deter, counteract or minimize security risks in 5G networks, including threats to the physical and logical network infrastructure, user equipment and the security of transmitted data.

Domains- The cornerstone of 5G security architecture, as they make it easy to describe the various functions and participants in 5G networks. Figure 1 shows the main 5G domains and shows their network location. The horizontal lines H1, H2 and the vertical lines V1, V2 separate the top-level domains. Those domains located above H1 represent various components of the logical network and are called member domains; the domains between H1 and H2 are responsible for the physical components of the network and are called infrastructure domains; domains below H2 are composite domains that are responsible for several aspects of the network at once, such as affiliation or joint administration. V1 separates the user equipment from the network, and V2 separates the operator’s network from the external network, for example, from Internet services.

In 2G, 3G, and 4G networks, there was no difference between infrastructure domains and member domains. But this distinction is fundamental for 5G networks, since virtualization and SDN create the basis for software “softening” networks and introducing technologies such as network “slicing” and mobile peripheral computing.


Figure 1 - 5G network security architecture: SD - network slices, TA - trust anchor, IP - infrastructure provider. Dotted line indicates optional elements / relationships

. Figure 2 shows the layout of the layers., which the authors of the study highlight in their 5G network security architecture. They are combined according to the principle of general requirements for security and exposure to the same types of threats, for example, substitution of base stations or “jamming” of a radio signal — these are common threats to user equipment and access points with which it interacts. Using layers helps to better structure security management systems in 5G networks and determine where and for what purposes they are more efficiently used.


Figure 2 - Layers in 5G architecture

Layers Application (application), Home (house), Serving (service), Transport (transport) and Access (access) are similar to those described in the specifications 3GPP TS 23.101. They include protocols and functions related, for example, to serving end users; processing and storing subscription data and services for home networks; the provision of telecommunications services; transfer user data from other layers through the network.

When users are roaming, some of the protocols and functions of the “home” layer take on the “service” layer, which is considered its sublayer. Similarly, the “access” layer is a sublayer for “transport”, since the radio interface is part of the overall data transmission system. The Management layer was added by the authors of the study to display threats to management systems in 5G networks, for example, unauthorized configuration changes, compromised network keys and certificates, and the addition of malicious network functions. He is “behind” the rest of the layers in the diagram, as he is responsible for managing the network functions of all layers of the system.

Security Areasthey are used in architecture to describe security needs and requirements in certain areas, therefore their composition differs depending on a specific site and network functionality. For example, for the security of network access, it is important to protect data storage systems at base stations, protect against unauthorized introduction of data “over the air”, protect against forwarding and connecting subscribers to fake base stations. At the same time, for the sphere of basic network security, the main factors are protection of identifier confidentiality, secure authentication and authorization, security of key distribution and exchange of algorithms.

Core Security Management Classes- this is identity and access management, authentication, fault tolerance, confidentiality, integrity, availability and privacy of information (these classes are taken from ITU-T X.805), as well as audit, trust and guarantees, and compliance with requirements (these classes were added by the authors of the study) . Security mechanisms based on security management classes are, for example, the provision of long-term (IMSI in 3GPP) and short-term (TMSI or GUTI in 3GPP) identifiers for identity and access control; AKA in 3GPP and HTTP Digest to authenticate users or use asymmetric cryptography and digital signatures to provide fault tolerance.

System analysis and implementation of security architecture
The authors of the study offer their own methodology for step-by-step analysis of the system and implementation of the security architecture.

Step 1. You need to create a 5G network model, starting with the physical and logical top-level domains. Their main characteristics will be affiliation, management and purpose. Then you need to select the types of network slices (slice domains) that will be supported by the system. This top-level domain model should be based on the functional architecture of the network itself.

Step 2Next, you need to enter the control points (interfaces) that connect certain domains. These breakpoints will determine the dependencies and type of interaction between domains. Data transmitted through these points must be identified and described according to the selected layers and protocols, then appropriate security areas should be assigned to them.

Step 3. For each control point, it is necessary to determine the type of relationship and the degree of “trust” between the related domains.

Step 4The next item will be the conduct of TVRA - assessment of threats and risks, and the preparation of a plan to deal with them using security management classes. One of the intermediate steps in TVRA must be to determine where and by whom the security measures will be taken, and when analyzing it is necessary to take into account the domains, layers and security areas used in the system.

Step 5. The choice of security management classes should be based on the principles of security-by-design and use the most effective and proven security methods.

Step 6. Finally, it is necessary to implement the selected security measures and check whether the goals were achieved as a result.

Performance indicators
The authors of the study analyzed the security architecture of previous generation networks and the most popular scenarios for applying 5G technologies and proposed a number of qualitative indicators that will help determine the effectiveness of the created 5G network security architecture. Among them:

Backward compatibility: the ability to use the 5G network security architecture to describe and analyze the security of 3G and 4G networks, as they will become an integral part of the new generation networks.

Flexibility and adaptability:the ability to adapt the security architecture to network solutions that will appear on the market later. We are also talking about the possibility of developing and improving the security architecture in order to effectively counter new threats and ensure compatibility with new security systems that did not exist at the time of its development.

Trust Question:current generation mobile networks involve a tripartite model of trust involving a mobile operator, service provider and end user, where the mobile operator is responsible for the state and security of the network. This model is not suitable for 5G networks, in which there will be many more participants with different roles, for example, providers of virtualized infrastructure or providers of VNF (virtualized network functions, and for each of them it is necessary to clearly define the role in the new multilateral trust model.

Virtualization and slicing or "Cutting" networks:5G networks are expected to be suitable for absolutely any use case. Since different options for their use put forward completely different requirements to these networks, which may even contradict each other, 5G networks should be universal. And virtualization technologies and Network Slicing will help them in this. Therefore, virtualization and slicing should also be a mandatory part of the 5G security architecture.

Protocols and network functions:as it was with the current generation mobile networks, along with the introduction of 5G, a number of new (both protected and insecure) protocols and network functions will appear. Moreover, for the normal operation of 5G networks, a huge number of them will be used, including solutions inherited from previous generations. Therefore, the security architecture must be able to identify all applicable protocols and network functions in order to develop the most effective security system.

Security Management Points:5G networks will be much more complex than 4G networks and earlier generations. They will have much more participants, more different levels and means of access to the network. In addition, 5G networks will be more “dynamic” in the sense that new (virtualized) network nodes can be automatically added and removed from the network or part of it at almost any time. A clear definition of network boundaries and interfaces is crucial for identifying and modeling attack vectors.

Security Management:Along with new usage scenarios, new trust models and new technologies that 5G networks will bring with them, new security features and new problems will appear. Therefore, the security architecture should take this into account and allow simulating mobile networks with a different set of functions and various weak points.

Network management: the specifications of the current generation of mobile networks do not formalize aspects of network management in any way, since it is believed that this depends on the implementation and application scenarios of specific networks. New roles and new participants will appear in 5G networks, therefore network management issues are important for ensuring its effective and safe functioning, and this should be reflected in the security architecture.

Stay tuned
So, with the opinion of experts on how timely development of a security architecture helps to better assess possible risks and correctly select the mechanisms to ensure the security of 5G networks and related systems, we figured out. In the next post, we will move from theory to practice and talk about how the authors of the study propose to approach the development of a security architecture for one of the largest and most complex objects of the 5G ecosystem - a “smart” city.