Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

5G Security Briefing

A detailed look at 5G security by experts from wenovator, Dr. Anand R. Prasad & Hans Christian Rudolph.

This webinar covers:
(1) 5G security
(2) Private networks security and
(3) Open vRAN security

To learn more about wenovator, visit their website:

All our #3G4G5G slides and videos are available at:
Security Page:
5G Page:
Security Blog Posts:
Free Training Videos:

  • Be the first to comment

5G Security Briefing

  1. 1. 5G Security Briefing 3G4G.CO.UK Webinar Dr. Anand R. Prasad & Hans Christian Rudolph wenovator LLC March 6, 2021 2021 © wenovator LLC 1
  2. 2. Contents 1. About wenovator 2. 5G Security • New Challenges • Standards Enhancements • Security Assurance 3. Related Topics • Non-Public Networks • Open vRAN 4. Key Takeaways March 6, 2021 2021 © wenovator LLC 2
  3. 3. About the Company • Private company, founded in 2019 • Built around the concept of holistic security • Specialization: Mobile Networks & related emerging technologies • Areas of practice • Security Strategy & Design • Solution Assessment & Enhancements • Advisory on Strategic Partnerships March 6, 2021 2021 © wenovator LLC 3
  4. 4. Global Engagement & Contribution 3GPP • Chairman 3GPP SA3 • Vice-Chairman 3GPP SA3 • Rapporteurs of several WIDs & SIDs • Key contributors of 4G & 5G security ETSI • Contributor & participant of ETSI NFV, ETSI TC Cyber • ETSI Security week committee member • Speaker at ETSI events IEEE • Senior Member • Keynote IEEE 5G Forum • IEEE 802.11 and 802.15 contributor GSMA • Speaker at GSMA events including MWC Barcelona • Contributors to GSMA FASG TSDSI/GISFI • Member of GISFI Governing Body • Member of TSDSI Governing Council • Founder & Chairman of Security and Green ICT working groups, GISFI March 6, 2021 2021 © wenovator LLC 4
  5. 5. What is 5G Security? That Depends on who you ask As per public perception: • Cloud & Edge computing, NFV, SDN • Intelligent, AI-enabled security controls • Network Slicing As per 3GPP: • TS 33.501 • TS 33.310 • TS 33.210 • Security Assurance Specifications (SCAS) March 6, 2021 2021 © wenovator LLC 5 As usual, the truth lies somewhere in between, but also includes aspects, such as Secure System Development and Integration, Security Monitoring, Incident Response, etc.
  6. 6. 5G – Increased Security Risk 5G mobile networks are subject to increased security risk compared to 4G, as attack impact, risk exposure, and the ease of exploitation all increase. Moreover, increased network complexity makes detection more difficult. Therefore, network operators' security strategy needs to be redesigned. March 6, 2021 2021 © wenovator LLC Increased Attack Impact Increased Network Exposure Ease of Exploitation Increased Security Risk 6
  7. 7. Added complexity and security risk due to high-degree of virtualization and cloud usage Diverse technology ecosystem renders compliance to industry standards and best practices more important than ever Customer's expectations require 5G to be more open and interconnected than any previous mobile generation Diversified service offerings complicates assurance of continuous level of security Greater functional disaggregation throughout the Radio Access and Core Network New and untested protocols (e.g. Protocol for Interconnect Security / PRINS) Heavy use of common web protocols lowers barrier for unexperienced vendors as well as attackers and fraudsters 5G – Security Challenges March 6, 2021 2021 © wenovator LLC 7
  8. 8. 3GPP 5G Security Framework Improvements Across The Board User Plane Integrity Protection Primary Authentication Secondary Authentication Increased Home Control Enhanced Subscriber Privacy Visibility and Configurability Service Based Architecture Initial NAS Message Protection 5GS – EPS Interworking Security Unified Access- agnostic Authentication PLMN Interconnect Security - SEPP RAN Security – DU-CU Split Architcture Enablers Advancing the Security Concept to allow both innovation and backwards compatibility. Feature Enhancements 5G improves several foundational security controls to maintain state-of-the-art protection. New Security Features Substancial improvements in terms of privacy protection and extensibility make 5G suitable for critical use cases. March 6, 2021 2021 © wenovator LLC 8
  9. 9. Authentication Framework • Access agnostic • 3GPP RAN • Non-3GPP networks (e.g., Wi-Fi) • Wireline networks • Algorithm flexibility • 5G AKA, EAP-AKA' • Other key generating algorithms of the EAP framework (e.g., EAP-TLS) • Improved key hierarchy • Unified 3GPP/non-3GPP hierarchy • Decoupled mobility and security anchors in the serving network March 6, 2021 2021 © wenovator LLC 9 Home Network Serving Network
  10. 10. Subscriber Privacy • Concealment of Subscription Permanent Identifiers (SUPI) • SUPI ciphering into a Subscription Concealed Identifer (SUCI) may be performed in either ME or USIM • SUCI deciphering on network side performed by the Subscriber Identity De-concealing Function (SIDF), part of the UDM • 5G further prohibits subscriber paging by SUPI SUCI SUPI Type Home Network Identifier Routing Indicator Protection Scheme Home Network Public Key ID Protection Scheme Output March 6, 2021 2021 © wenovator LLC 10
  11. 11. Interconnect Security Control Plane • Interconnect signaling has long been a source for security and fraud risks for network operators • 5G introduces Security Edge Protection Proxy (SEPP) for: • signaling peer authentication • message validation (plausibility checks, configured policies, etc.) • filtering and rate limiting • Builds on PRINS or TLS security User Plane • Less well-known are GTP attacks, which too are known to have been abused in real-world deployments • For this purpose, 5G includes Inter PLMN UP Security (IPUPS) as part of UPF, responsible for: • filtering malformed messages • correlating messages to active PDU sessions based on Tunnel Endpoint Identifier (TEID) March 6, 2021 2021 © wenovator LLC 11
  12. 12. User Plane Integrity Protection • Lack of UP IP is one of the few serious 4G/LTE security flaws • Practical attacks have been demonstrated (see alter- • 5G introduces PDCP protection policies enabling UP IP • Optional feature, under control of the Serving Network operator • May not be supported by all 5G UE March 6, 2021 2021 © wenovator LLC 12 U P I P
  13. 13. Service-Based Interface Security • Service Communiction Proxy (SCP) supports key 5G Core functions: • Discovery, routing, load-balancing, etc. • Building Security on the assumption of Zero Trust is no longer optional • Enforcing network security best practices remains essential • Same goes for protecting REST APIs: • Restrict data exposure to a minimum • Explicitly define access token scope → see OWASP API Security Top 10 March 6, 2021 2021 © wenovator LLC 13
  14. 14. Secure Session Establishment NAS/RRC Protection Non-Access Stratum • Integrity protection for messages setting up a NAS security context • Preventing exposure of unsecured information over the air Access Stratum • Ensuring UE security capabilities are not tampered with over the air Bid Down Protection • Anti Bid-Down Between Architectures (ABBA) parameter prevents potential for bid down as new features are introduced March 6, 2021 2021 © wenovator LLC 14
  15. 15. Security Assurance Specifications • Combined effort of GSMA & 3GPP: • GSMA specifies Network Equipment Security Assurance Scheme (NESAS) • 3GPP compiles technical security assurance specifications (SCAS) • Given the geopolitical climate, increased interest in NESAS/SCAS • Already covers key 4G/5G NF, incl: • General security requirements • gNB, AMF, UPF, UDM, SMF, AUSF, NRF, NEF, SEPP March 6, 2021 2021 © wenovator LLC 15
  16. 16. Private Mobile Network Security March 6, 2021 2021 © wenovator LLC 16
  17. 17. Standards Perspective Non-Public Networks (NPN) in 3GPP Public Network Integrated • Provisioned by a public mobile network (PLMN) to some degree • Primary authentication always performed between UE and PLMN • Only AKA-based authentication algorithms may be used • PLMN Operator controls mobile identities, RAN and core network security controls Standalone • Completely isolated from PLMNs • Primary authentication may use alternative EAP-based algorithms • Full control of security controls March 6, 2021 2021 © wenovator LLC 17
  18. 18. 5G NPNs For Industry 4.0 Distinct Priorities Stricter Thresholds Higher Impact Availability > Integrity > Confidentiality • More than anything else, industrial settings demand reliability and timeliness • Safety = Availability + Integrity + Latency Deterministic Communication • 5G is the first wireless standard supporting Time Sensitive Networking (TSN), enabling real-time operation & maintenance Security Flaws turn into Safety Incidents • For deployment in which machines work alongside humans or handle hazardous materials, holistic security is not an option March 6, 2021 2021 © wenovator LLC 18
  19. 19. Private Mobile Networks Our Perspective & Recommendations March 6, 2021 2021 © wenovator LLC • Industrial verticals first need to determine requirements on their connectivity & security • Based on chosen deployment model, utilized standard contols and advance from there • Operators need to design security frameworks capable of different integration models & tech stacks 19
  20. 20. Open vRAN March 6, 2021 2021 © wenovator LLC 20
  21. 21. Standards Perspective Open RAN Enablers in 3GPP • Functional disaggregation in 5G NR: • Centralized Unit (CU) • Distributed Unit (DU) • Clear separation of User Plane and Control Plane • Standard security controls on distributed RAN interfaces: • IPsec and/or DTLS on F1-C connecting DU and CU, E1 connecting CU-CP and CU-UP, and Xn-C between distinct gNBs • IPsec on F1-U between CU and DU and Xn-U between distinct gNBs March 6, 2021 2021 © wenovator LLC 21 CU-UP CU-CP DU RU gNB F 1-C F 1-U Xn-C Xn-U E 1
  22. 22. Shift to an Open Technology Stack Opportunity for Security Improvements Mix & Match Best- in-Class Security More Attention to OAM Traffic Greater Control for MNOs Increased Network Visibility Greater Automation Potential March 6, 2021 2021 © wenovator LLC 22
  23. 23. Open vRAN Security Our Perspective & Recommendations March 6, 2021 2021 © wenovator LLC • Operators should prepare to take on increased responsibility for security design & implementation • Advocate for clear separation of duties to ensure interoperability • Vendors need to rethink design and packaging of their solutions, allowing them to be integrated into more diverse ecosystems 23
  24. 24. Key Takeaways March 6, 2021 2021 © wenovator LLC 24
  25. 25. Technology Focus Areas March 6, 2021 2021 © wenovator LLC Open vRAN Technology Liberation for the Radio Access Connectivity (5G,4G,Wi-Fi) The Next Generation of Mobile & Fixed Communication Internet Of Things Creating Intelligent Distributed Systems Cloud & Edge Computing Distributed Compute and Storage at the Network Edge Private Mobile Networks Reliable Wireless Networking in most demanding Scenarios S e c u r i t y S e r v i c e s S p e c t r u m 25
  26. 26. Vicious Cycle of Patchwork Security Pointwise Fix Leading to Continued Spend Security Gap Technology Solution Resource Shortage • Companies are faced with increased technology complexity • Security market full with products addressing a specific issues • Lack of comprehensive security strategy, quickly renders operating & maintaining solutions infeasible March 6, 2021 2021 © wenovator LLC 26
  27. 27. How To Do Better Holistic Approach to Technology Changes March 6, 2021 2021 © wenovator LLC • Business needs, security requirements, and risk appetite must be well understood • Implementing a successful security concept requires five key activities • The wenovator proposition is to help its clients execute technology transitions correctly from the start 1. Understand 2. Assess 3. Architect 4. Act 5. Protect 27
  28. 28. Takeaways • With 5G comes increased footprint, complexity & exposure • Holistic security considerations are a must for provisioning adequate security • Consistently applying security best practices is indispensable • Optimization & automation becomes quint-essential March 6, 2021 2021 © wenovator LLC 28
  29. 29. Blogs Books Specifications Magazine Journals References wenovator blog posts Journal of ICT Standardization, River Publishers • 5G non-standard aspects, vol 5 issue 3 • 3GPP 5G specifications, vol 6 issue 1 • 3GPP 5G Phase 2 security, vol 8 issue 1 RSA 2019 Talk: 4G to 5G Evolution: In-Depth Security Perspective Cybersecurity Magazine • Several articles on 5G security and related aspects 3GPP SA3 specifications March 6, 2021 2021 © wenovator LLC 29
  30. 30. Contact 107-0062 Tokyo, Minatoku Minamiaoyama 2-2-15 Win Aoyama 942 March 6, 2021 2021 © wenovator LLC 30