Overview of 5G Security in 3GPP

Xiaowei Zhang1, Andreas Kunz2*, Stefan Schröder3

Detecon International GmbH, Cologne, Germany1

Lenovo, Oberursel, Germany 2
T-Systems International GmbH, Bonn, Germany3

Email: xiaowei.zhang@detecon.com, akunz@lenovo.com, stefan.schroeder06@telekom.de

Abstract — The Third Generation Partnership Project
(3GPP) is currently specifying the next (fifth) generation
“5G” of the mobile network including a new radio interface.
This work is performed in most of the 3GPP working groups
on all layers and just passed the study phase with the
beginning of documenting normative specifications. The
new 5G system is designed to be the enabler platform for
different services of new stakeholders like Mission Critical
Communications (MCC), Internet of Things (IoT)
Automotive and Railways as well as Energy Providers and
Broadcast agencies etc. This paper is describing the basic
new concepts in the 5G core network architecture and its
security implications including an overview of the two
services Vehicle to Everything (V2X) and Internet of Things
(IoT) that are considered as important vertical services for
the new 5G system.
Index Terms – 5G, NextGen, Security, MTC, M2M, IoT, V2X,
3GPP, Standards.
I. INTRODUCTION
The new 5G system will be part of 3GPP latest Release 15
and will provide the main features in the 1st phase of 5G in
normative specifications. The 2nd phase of 5G will cover all
the functionality, which was dropped in priority for the first
phase due to the time constraints in all groups and will begin
with stage 1 (requirements) for Release 16 in 2018. There is
always a time shift between the working groups, e.g. the
requirements group agrees at first the normative
requirements, then the architecture and radio access are
defined and at last the protocol details are specified. Besides
the 5G system, 3GPP is of course also working on other
features and enhancements related to the “legacy”
technology in parallel.
Due to the new stakeholders of the 5G system, new
requirements for a flexible enabler platform have to be
fulfilled such as capability exposure of the core network, on-
demand resource allocation, a service based architecture and
low latency communications. This paper will focus on the
findings of the System Architecture group 3GPP SA2 and
the Security group 3GPP SA3 who are currently in the
process of the normative work of their specifications.
Further, this paper will introduce two services, which are
considered important for 5G, the Vehicle to Everything
(V2X) and the Internet of Things (IoT). Both are not part of
the basic set of 5G for phase 1 at the moment, but
* The work was carried out while being at
NEC Laboratories Europe, Germany
discussions take place in several groups and this may
change. What is not covered in this paper is the security for
3rd party virtual network functions (VNF) that are run
outside the 3GPP network and may provide a service to the
subscriber “over the top” of the operator. The security of
VNFs of the 3GPP network is based on Network Domain
Security (NDS).
II. ARCHITECTURE ENHANCEMENTS FOR 5G
The next generation mobile core network introduces new
features and concepts compared to the Evolved Packet Core
(EPC). Even there are some features for EPC that enable
some of the new concepts of 5G as well, those were
introduced with quite some impacts to the system since they
were not considered from the beginning when EPC was
designed and thus have some limitations due to this. 3GPP
TS 23.501 [1] specifies the system architecture for the 5G
System, while all procedures are captured in 3GPP TS
23.502 [2]. The most obvious changes are the following
features:
- Network slicing
- Control Plane – User Plane separation, for flexible
placement of User Plane Functions (central, closer
to the RAN, etc.)
- Service based Architecture (SBA)
- Flexible Non-3GPP access interworking
Figure 1: Non-roaming architecture
The system architecture for the non-roaming case and in
reference point representation is shown in Figure 1. A
detailed explanation of each entity can be found in [1] and
their interactions in the procedures in [2]. While for the user
1

181
plane path (User Equipment, UE – Radio Access
Network ,RAN – User Plane Function, UPF – Data
Network), the changes compared to EPC are not much
visible, the control plane changed in the way that mobility
management and session management are handled in two
different entities Core Access and Mobility Management
Function (AMF) and Session Management Function (SMF).
The reference points between AMF, SMF, Authentication
Server Function (AUSF), Unified Data Management (UDM)
and Policy Control Function (PCF) shown in Figure 1 can be
realized with a service based architecture (SBA), depicted in
Figure 2:
Figure 2: Service based architecture
This means a network function can provide a service to
another network function on request or by subscribing to the
particular service.
Network slices are supported in 5G, which are defined to be
logical networks comprising of control plane and user plane
functions that can have different capabilities and feature
support.
The 5G Core (5GC) is becoming access agnostic and allows
to run the N1 reference point also on non-3GPP accesses
like WiFi, i.e. the User Equipment (UE) - the mobile device,
can now also send Non Access Stratum (NAS) messages for
Session and Mobility Management to the 5GC via a non-
3GPP access, which was not possible in previous
technologies. NAS is the signaling protocol of the UE for
mobility and session related control messages. This requires
a new security procedure in order to authenticate the UE
over the non-3GPP access with the AMF in the 3GPP
network. This registration procedure is currently under
discussion for untrusted non-3GPP access and different
solutions are under consideration on how NAS messages are
encapsulated towards the Non-3GPP Interworking Function.
III. SECURITY ENHANCEMENTS IN 5G
5G is expected to bring changes not only to mobile
communication systems, but also in the service and business
model. Since 5G networks are no longer monolithic network
entities, there will not be a one-suits-all security solution
either. The basic security mechanism in 4G will be reused in
5G, however a new authentication framework is needed to
adapt to the change.
182
The evolution of 5G architecture and technology will bring
new type of threats, and current 3GPP standardization
activity is focusing on the following aspects:
• Termination point of user plane (UP) security
• Authentication and authorization (including identity
management)
• RAN security
• Security within UE / secure storage, and processing
of credentials, eSIM
• Network slicing security
• Enhanced International Mobile Subscriber Identity
(IMSI) Privacy
• Increased home control (Evolved Packet System
Authentication and Key Agreement, EPS AKA*,
and Extensible Authentication Protocol Method for
Authentication and Key Agreement, EAP AKA',
providing proof of UE presence in visited network)
In this paper, we will discuss the key challenges for each
topic.
The following Figure 3 shows the 5G architecture from a
security perspective including the new security entities
Security Anchor Function (SEAF), Authentication Server
Function (AUSF), Authentication Credential Repository and
Processing Function (ARPF), Security Context Management
Function (SCMF) and Security policy control function
((S)PCF) as described below:
Figure 3: Architecture with security associations
All network functions in the system are secured with
Network Domain Security based on operator configuration.
One new aspect in 5G is the introduction of a security
anchor in the SEAF, which is co-located with the AMF at
least for Phase 1. The SEAF will create for the primary
authentication a unified anchor key KSEAF (common for all
accesses) that can be used by the UE and the serving
network to protect the subsequent communication. It is
possible that there are two anchor keys for the scenario when
a UE is connected to 3GPP access (visited network) and to a
non-3GPP access (home network). For normal roaming
scenarios, the SEAF is located in the visited network.
2
The AUSF terminates requests from the SEAF and further
interacts with the ARPF. Depending on the final agreed split
of the authentication functionality, the AUSF and the ARPF
may be collocated (general EAP Server), but a SWx like
interface (see 3GPP TS 23.402, [5]) would be defined for
EAP-AKA and EAP-AKA’.
The ARPF is collocated with the UDM and stores the long-
term security credentials like the key K in EPS AKA or
EAP-AKA for authentication. It can run cryptographic
algorithms using the long-term security credentials as input
and can create the authentication vectors.
Another new functional entity is the SCMF, which may be
collocated with the SEAF in the AMF and retrieves a key
from the SEAF, which is used to derived further access-
network specific keys.
The SPCF provides the security policy to the network
entities (e.g. SMF, AMF) and/or to the UE depending on the
application level input from the Application Function (AF)
and may be standalone or co-located with the PCF. The
security policy may include information about AUSF
selection, Confidentiality protection algorithm, Integrity
protection algorithm, Key length and Key lifecycle.
The key hierarchy for 5G is still under discussion in 3GPP
SA3. The following Figure 4 shows a merger of current
documented proposals in TR 33.899 [3], which do have
commonalities but also quite some variations.
Figure 4: Merged Key Hierarchy from different proposals
Common part of all proposals is that the new security anchor
key KSEAF is used to further derive the Access Network (AN)
key KAN and the NAS keys KNAS. Some proposals also
contain a key derivation of non-3GPP access network keys
as well a separation of Session Management (SM) NAS keys
and Mobility Management (MM) NAS keys. According to
current agreements, there is only one NAS security
termination entity, which is the AMF. Further, there is on the
radio access (gNB) only one Radio Resource Control (RRC)
connection to control all other user plane (UP) radio bearers.
183
The user plane data on the radio bearer can be secured on a
per session basis with the key KUP, a session could belong to
the same or different network slice. All keys sets for NAS,
RRC and UP consists of an integrity ley and a
confidentiality key for encryption.
A. TERMINATION POINT OF USER PLANE
The termination of user plane security is at evolved NodeB
(eNB) in 4G. However, the gateway location may vary in
order to provide different type of services, and 5G New
Radio NodeB (gNB) may locate at the edge i.e. exposed
environment. Thus the termination point of user plane
security should be reconsidered with the principle that
security termination is in the entity where the traffic
terminates.
Current agreement in 3GPP SA3 is that the UP security
terminates at Packet Data Convergence Protocol (PDCP)
layer of gNB. This is aligned with LTE security that radio
interface security is provided by the PDCP layer, both for
the control and user planes. This solution enables to place
the security termination point in a central unit of the gNB
that resides in a secure location.
B. AUTHENTICATION AND AUTHORIZATION
Flexible authentication methods for the devices will be
required for 5G since there are more use cases including IoT,
private factory networks, and different access technologies.
3GPP SA3 defined a primary authentication (mandatory-to-
use) and a secondary authentication (optional-to-use). The
secondary authentication is only enabled after a successful
primary authentication. Primary authentication gives access
to the 5G core. The secondary authentication is based on
Protocol Configuration Options (PCO), in which the user
provides the PAP/CHAP user credentials. It can be run
between an enterprise and the UE, e.g. in order to
authenticate access to a corporate APN. Both
authentications support EAP. In this way, authentication in
5G can meet different requirements from the various use
cases.
Another consideration is IMSI privacy, since IMSI is sent in
clear text during Initial Attach procedure in LTE, the
protection of the 5G IMSI-equivalent called SUPI
(Subscriber Permanent Identifier) over the air will be
achieved in 5G with a public key encryption..
C. RAN SECURITY
When a UE obtains services in RRC idle mode, it does not
validate the eNB that will result in UE camping on a false
base station, which can lead to denial of services (DoS)
attack. In current LTE system, security was focusing on
Radio Resource Control (RRC) connected state and the issue
needs to be solved in 5G.
3GPP SA3 is currently studying the solutions for prevention
and detection of false base stations. In a prevention type of
solution, it forces UE communicating with network in order
3
to not camp on a false station. The solutions can be identity also extend to providing specific security functions to
based authentication or new key management. This type of hosting applications.
solution is considered for phase 1. While with a detection
Some solutions have been discussed in 3GPP SA3, however
type of solution, the network collects measurements relevant
no agreement has been reached there.
to false base stations, which makes the attack more difficult.
IV. MIGRATION SCENARIOS (OPTION 3)
D. UE SECURITY
Inside the same PLMN may be different deployment options
In next generation system, the storage of credentials and
of EPC and 5GC as well of UEs supporting 5G NAS
identities for both human and machine type devices is
signaling and/or EPC NAS signaling as shown in Figure 5.
required in the UE. The credentials and identities may be
stolen from attacks to software or hardware. Such security
threats can impact the subscriber or operator network.
3GPP SA3 has currently agreed that a secure element for
credential storage in UEs must provide:
1) integrity protection of the subscription credential(s)
2) confidentiality protection of the long-term key(s) of
the subscription credential(s) (e.g., K in EPS AKA)
3) execution of the authentication algorithm(s) that make
use of the subscription credentials
The above requirements should be achieved within the UE,
with using a tamper resistant secure hardware component.
Implementations of these requirements shall allow security Figure 5: Migration architecture
evaluation / assessment.
The so called “option 3” architecture variants foresee to use
The Subscriber Identity Module (SIM) functions for 5G i.e. the 5G New Radio (NR) in a Dual Connectivity (DC)
NextGen USIM will inherit from previous standards. In manner as it is done for small cells in LTE. The variations
similar manner to LTE system, the NextGen USIM will be are mostly about the bearer split of eNB and gNB (5G New
able to generate symmetric keys. It may also be able to Radio NodeB) towards the SGW/PGW.
generate new asymmetric key-pairs and even new trusted
public keys. 3GPP CT6 is in charge of specifying the
NextGen USIM and relevant requirements hardware
component that provides tamper resistance.
E. NETWORK SLICING SECURITY
Network slicing not only requires the basic security from UE
accessing the slide to security protocol procedure, but also
there are new security challenges. Basically, isolation should
be ensured for network slices, without which attackers who
have access to one slice and may launch an attack to other
slices. Proper isolation will enable integrity and
confidentiality protection. Additionally, it should be ensured Figure 6: CP and UP connectivity for Option 3
that resources of the network infrastructure or a network
Following the mechanism in LTE system, the control plane
slice instance is not impacted from another slice instance, to
signalling between eNB and gNB shall be confidentiality
minimize attacks and provide availability.
and integrity protected using control plane security
5G UE can simultaneously access to different network slices protection. Any user plane data between eNB and gNB
for multiple services. Such access can be via various type of reference point shall be confidentiality and integrity
radio access networks including both 3GPP and non-3GPP. protected using user plane security protection. The
When the network slice selection data is tampered or forged, communication established between the gNB and the UE is
unauthorized UEs may use such information to establish protected at the PDCP layer. The UE and eNB can derive the
connection with the network slice and consume resources security key of the gNB for UP data protection.

On the other hand, the advantage from network slicing is

V. 5G KEY SERVICES
that operators is able to provided tailored security for each
slice. Different access authentication and authorization can The 5G technology concepts such as low latency and
be provided within different network slice tenants. This can network slicing enables mobile operators to provide various

184
services. We introduce two services as examples in this
paper.
A. VEHICLE TO EVERYTHING (V2X)
V2X is being specified with different technologies in
different standard organizations and 3GPP produced the first
normative specification for V2X [6] covering the scenarios
of vehicle to vehicle (V2V) communication and vehicle to
road side unit (RSU) communication, also called vehicle to
infrastructure (V2I). The corresponding security
specification is captured in 3GPP TS 33.185 [7]. The nature
of the V2V communication can be mapped to the device to
device (D2D) feature work for proximity services in 3GPP
TS 23.303 [8] using the PC5 reference point and the nature
of the V2I communication to a normal UE to eNB
communication using LTE-Uu reference point, where the
RSU acts as a eNB. The RSU could also act as a device, thus
then the UE would connect via the PC5 reference point as
well. The LTE-Uu reference point can be used to unicast or
multicast messages to the UEs using the MBMS feature.
The following security requirements have been defined in
3GPP SA3:
• Mutual authentication and Authorization
• Confidentiality and Integrity protection
• Replay protection
• Secure provisioning and storage
• Privacy for e.g. ID, personal data, tracking
SAE/LTE (3GPP TS 33.401 [9] and TS 33.402 [10])
security will apply in V2X. Security for broadcast between
UEs uses identity-based or certificate-based security
solution. Authorization and accountability should use public
key cryptography and long term certificates as supplement to
IEEE 1609.2 [11] using independent Trusted Traffic
Authority (TTA). UE provisioning adopts UICC OTA
mechanism (ETSI TS 102 225 [12] and TS 102 226 [13]).
The data transfer between UE and V2X control function is
based on Generic Authentication Architecture (GAA) access
to network application function using HTTP (3GPP TS
33.222 [14]). For privacy, using Pseudonymous Mobile
Subscriber ID (PMSI) or encrypted International Mobile
Subscriber Identity (IMSI) can be considered.
B. INTERNET OF THINGS
Optimizations for Machine Type Communication (MTC)
were introduced already in Release 10 (see [15], [16]) and
further specified over the years also under the name Cellular
IoT in 3GPP. MTC features like Power Saving Mode (PSM),
Service Exposure, Monitoring of Devices, Group
Communication and related congestion handling are
documented in 3GPP TS 23.682 [17]. A new radio interface
for Narrow Band Cellular IoT was developed to enable also
effective low bitrate communication including non-IP user
data. Current phase 1 of 5G discussions are about to which
extend these features defined for the legacy core network
will be enhanced to be applicable for 5GC. One new feature
185
only available in 5GC [1], the Mobile Initiated Connection
only (MICO) mode, allows the UE not to listen to any
paging message to save power. MTC introduced one new
key functional entity, the Service Capability Exposure
Function (SCEF), which allows the MTC Service Provider
to influence specific 3GPP network services, further detailed
in 3GPP TS 23.682 [17]. The SCEF could be part of the
3GPP network operator or can belong to the Service
provider. A current ongoing work item NAPS (Northbound
APIs for SCEF – SCS/AS Interworking) in 3GPP specifies
the reference point between SCEF and Service Capability
Server (SCS) that belongs to the MTC Service Provider [17].
Therefor the security procedures [18] for MTC mainly
focusses on the different deployment aspects of the SCEF
and the 3GPP network entity and on a secure connection
between SCEF and SCS/AS. If the SCEF is considered to
belong to the 3GPP network, then the Network Domain
Security (NDS) with IP network layer security of 3GPP TS
33.210 [19] applies. If the SCEF is not considered to belong
to the 3GPP network then the same security procedure
applies as already defined for the predecessor of the SCEF,
the MTC Interworking Function (MTC-IWF). The MTC-
IWF is communicating with the SCS/AS via the Tsp
reference point, specified in 3GPP TS 29.368 [20], using
TLS or IPsec as documented in IETF RFC 6733 [21].
Further the application data between UE and a SCS (indirect
model) or between UE and a MTC Application Server
(direct model) can be secured using the Generic
Bootstrapping Architecture (GBA). GBA is using the 3GPP
AKA mechanism in order to bootstrap authentication and
key agreement for application security and is defined in
3GPP TS 33.220 [22]. GBA is limited to UE initiated secure
connection for UEs that support HTTP. For network initiated
secure connection, GBAPush shall be used, which is an
extension to GBA (3GPP TS 33.223 [23]). The SCS/AS can
send the keys for the application layer already in the device
trigger to the UE without having any connection before.
VII. CONCLUSIONS
This paper presented the new concepts of the 5G core
network and its security features with respect to the key
areas UP security termination, authentication and
authorization, RAN security, security within UE and
network slicing security. Furthermore, we introduced two
services that are under discussion to be integrated into the
5G system on V2X and IoT. The normative work on the
system architecture is progressing well but it still needs to
start for the security agreements made in the study phase.
Many items were shifted to the 2nd phase of 5G, including
trusted non-3GPP access, authentication of the user, security
aspects for small data mode, user plane DoS attacks, security
mechanism differentiation for network slices, relay security
and Broadcast/Multicast Security. There will not be a one-
suits-all solution for each type of access technology or
service and security design should be from the beginning of
5G design and deployment.
5
 REFERENCES
[1] 3GPP TS 23.501, “System Architecture for the 5G System”,
v.0.4.0, 20.04.2017
[2] 3GPP TS 23.502, “Procedures for the 5G System”, v.0.3.0,
20.04.2017
[3] 3GPP TR 33.899, “Study on the security aspects of the next
generation system”, v.1.1.0, 13.04.2017
[4] 3GPP TS 33.501, “Security architecture and procedures for
5G System”, v.0.1.0, March 2017
[5] 3GPP TS 23.402, “Architecture enhancements for non-3GPP
accesses”, v14.3.0, 13.03.2017
[6] 3GPP TS 23.285, “Architecture enhancements for V2X
services”, v.14.2.0, , 13.03.2017
[7] 3GPP TS 33.185, “Security aspect for LTE support of
Vehicle-to-Everything (V2X) services”, v.1.0.0, 09.03.2017
[8] 3GPP TS 23.303, “Proximity-based services (ProSe); Stage 2”,
16.12.2016
[9] 3GPP TS 33.401, "3GPP System Architecture Evolution
(SAE): Security Architecture", v.14.2.0, 17.03.2017
[10] 3GPP TS 33.402, “3GPP System Architecture Evolution
(SAE); Security aspects of non-3GPP accesses”,
v.14.1.0, 17.03.2017
[11] IEEE Std 1609.2-2016: "IEEE Standard for Wireless
Access in Vehicular Environments (WAVE)—Security
Services for Applications and Management Messages"
[12] ETSI TS 102 225 “Smart Cards; Secured packet structure for
UICC based applications”.
[13] ETSI TS 102 226, "Smart cards; Remote APDU structure for
UICC based applications”
[14] 3GPP TS 33.222, “Generic Authentication Architecture
(GAA); Access to network application functions using
Hypertext Transfer Protocol over Transport Layer Security
(HTTPS)”, v.14.0.0, 27.03.2017
[15] T. Taleb and A. Kunz, “Machine type communications in
3gpp networks: potential, challenges, and solutions,” Commun.
Mag., IEEE, vol. 50, no. 3, pp. 178–184, 2012.
[16] S. Husain, A. Prasad, A. Kunz, A. Papageorgiou, and J. Song,
“Recent Trends in Standards Related to The Internet of Things
and Machine-to-Machine Communications,” Journal of
Information and Communication Convergence Engineering,
vol. 12, no. 4, pp. 228–236, 2014.
[17] 3GPP TS 23.682, “Architecture enhancements to facilitate
communications with packet data networks and applications”,
v.15.0.0, 13.03.2017
[18] 3GPP TS 33.187, “Security aspects of Machine-Type
Communications (MTC) and other mobile data applications
communications enhancements”, v.14.0.0, 27.03.2017
[19] 3GPP TS 33.210, “3G security; Network Domain Security
(NDS); IP network layer security”, v.14.0.0, 17,12,2016
[20] 3GPP TS 29.368, "Tsp interface protocol between the
MTC Interworking Function (MTC-IWF) and Service
Capability Server (SCS)", v.14.1.0, 17.03.2017
[21] IETF RFC 6733, “Diameter Base Protocol”, Oct. 2012
[22] 3GPP TS 33.220, "Generic Authentication Architecture
(GAA); Generic Bootstrapping Architecture (GBA)",
v.14.0.0, 17,12,2016
[23] 3GPP TS 33.223, "Generic Authentication Architecture
(GAA); Generic Bootstrapping Architecture (GBA)
Push function", v.14.0.0, 27.03.2017

186