Documente Academic
Documente Profesional
Documente Cultură
5G Security 2 A. Zugenmaier
Agenda
5G Standardization Process
5G Architecture
5G Key Enhancements
Summary
5G Security 3 A. Zugenmaier
Agenda
5G Standardization Process
5G Architecture
5G Key Enhancements
Summary
5G Security 4 A. Zugenmaier
5G Standardization Process - Actors
ITU-T
High level requirements (IMT2020)
IETF
RFCs – protocols
IPsec
TLS
EAP
3GPP
System specification
Interoperability
Standards bodies
ETSI, etc.
5G Security 5 A. Zugenmaier
5G Standardization Process – 3GPP
Industry Association
Organizational Partners
ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC
Members can attend meetings
Companies, Ministries, etc.
Output
Technical reports
Feasibility study
Technical specifications
System specification of procedures (API like view)
5G Security 6 A. Zugenmaier
3GPP Process
Structure
Technical Specification Groups (SA, CT, RAN)
Working Groups (e.g. WG SA3: security)
Project planning
Study items (e.g. Study on Next Generation Security Architecture)
Output: none
Work items (e.g. 5G Phase 1 security)
Output: TS 33.501
Releases
5G phase 1 – R15
Stages
Requirements, architecture, protocols
5G Security 7 A. Zugenmaier
3GPP process
Input
Contribution driven
Textual modifications to specifications
Member company contributions
Consensus
Lack of sustained objection
Voting: more than 71% in favour
5G Security 8 A. Zugenmaier
Agenda
5G Standardization Process
5G Architecture
5G Key Enhancements
Summary
5G Security 9 A. Zugenmaier
Mobile Network Architecture in a Nutshell
Security
Gateway
Gateway
Other
Network(s)
5G Security 10 A. Zugenmaier
Mobile Network Architecture in a Nutshell
Security
Gateway
Gateway
Other
Network(s)
5G Security 11 A. Zugenmaier
Mobile Network Architecture in a Nutshell
Security
Gateway
Gateway
Other
Network(s)
5G Security 12 A. Zugenmaier
5G Mobile Network Architecture in a Nutshell
Other
Network(s)
5G Security 13 A. Zugenmaier
5G Mobile Network Architecture
external AAA
Visited / home network AMF SEAF SMF for secondary
authentication
DU CU UPF
gNB
gNB: 5G base station
AMF: Access Management Function
Non-3GPP SEAF: Security Anchor Function
SMF: Session Management Function
access N3IWF UPF: User Plane Function
(e.g. WLAN) UDM: Unified Data Management
ARPF: Authentication credential Repository
and Processing Function
N3IWF: Non-3GPP InterWorking Function
5G Security 14 A. Zugenmaier
RAN architecture option
Dual Connectivity
5G NR to increase capacity
Security as in 4G
5G Security 15 A. Zugenmaier
Agenda
5G Standardization Process
5G Architecture
5G Key Enhancements
Summary
5G Security 16 A. Zugenmaier
5G Security Goals
At least as good as 4G
Subscriber authentication
Encryption on radio interface
Protection of subscriber identity
Network authentication
Key separation
Make it better
Evolution instead of revolution
5G Security 17 A. Zugenmaier
5G Security Goals
5G Security 18 A. Zugenmaier
Agenda
5G Standardization Process
5G Architecture
5G Key Enhancements
Summary
5G Security 19 A. Zugenmaier
SUPI (IMSI) Privacy
4G
Initial attach with permanent identity
Response to identity request in clear
5G
Encryption of SUPI with public key of home operator (SUCI)
Routing information (home network ID) in clear
SUPI revealed to VPLMN only after authentication
Binding of SUPI into key
UE and HPLMN have to use the same SUPI: requested for lawful
intercept purposes
Respond to identifier request with SUCI
No SUPI based paging
5G Security 20 A. Zugenmaier
More Privacy
5G Security 21 A. Zugenmaier
Unified Security Framework
Authentication
EAP AKA' for 3GPP and non 3GPP
Native AKA for 5G access
5G Security 22 A. Zugenmaier
Radio Network Security
Integrity protection
Finally!
Visibility
Requirement to enable applications to check security being applied to
the connection
5G Security 23 A. Zugenmaier
Increased home network control
Proof of presence
UE is in visited network
5G AKA
Challenge Response with UE
Visited network receives hash of response
Response has to be forwarded to home network
UDM
USIM ME ME DU CU AMF SEAF AUSF
ARPF
5G Security 25 A. Zugenmaier
Key hierarchy
AUSF ME
bid down protection KAUSF
VPLMN
KNASint KNASenc
KN3IWF KgNB, NH
N3IWF ME gNB ME
5G Security 26 A. Zugenmaier
Trust model - roaming
UDM
USIM ME ME DU CU AMF SEAF SEPP SEPP AUSF
ARPF
5G Security 27 A. Zugenmaier
Requirements for Interoperator Interconnect
5G Security 28 A. Zugenmaier
Security for Interoperator Interconnect
N32-c
N32-f
NF cSEPP pSEPP NF
Symmetric
cIPX pIPX Symmetric
key A key A
Private key Private key
cIPX pIPX Clear text IEs
Meta data
5G Security 29 A. Zugenmaier
Steering of Roaming
5G Security 30 A. Zugenmaier
Agenda
5G Standardization Process
5G Architecture
5G Key Enhancements
Summary
5G Security 31 A. Zugenmaier
5G Security Architecture
User plane security
AS (Radio) control plane security
Home network UDM ARPF
NAS security
Interconnect security
SEPP NDS/IP (IPsec)
TLS
SEPP
5G Security 32 A. Zugenmaier
Summary
Evolution of 4G security
More privacy
Unified security framework
RAN security
Integrity
Security termination point
Future proofing
Interconnect Security
5G Security 33 A. Zugenmaier
Thank you for your attention
5G Security 34 A. Zugenmaier