Security Challenges in 5G Networks Network Slice Isolation

Authentication and Access Control in 5G Virtualized Infrastructure Security

Encryption in 5G Network Function Verification
Privacy-Preserving Techniques in 5G Secure Over-the-Air (OTA) Updates
Threats Detection and Mitigation in 5G
Networks

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 1

 Security Challenges in 5G Networks

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 2

 DOI: 10.1109/MCOMSTD.2018.1700063

Security Challenges in 5G Networks

• According to the 3GPP, 5G will connect about 7 trillion wireless devices
or things, shrink the average service creation time from 90 hours to 90
minutes, and enable advanced user-controlled privacy.
• By connecting all aspects of life, 5G aims at a digital society that requires
high service availability and security using a diverse set of technologies.
• Therefore, the concepts of cloud computing, software-defined networking
(SDN), and network functions virtualization (NFV) are sought out to meet
the growing user and service demands within the constraints of capital
expenditures (CapEx) and operational expenses (OpEx) through flexible
network operation and management.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 3

 DOI: 10.1109/MCOMSTD.2018.1700063

Security Challenges in 5G Networks

• However, recent research in these technologies reveals potential security
challenges that must be addressed in order to ensure the security of new
5G services and infrastructures, and users.
• For example, multi-tenant shared cloud infrastructures among multiple
virtual network operators require strict isolation at multiple levels to avoid
illegal resource consumption and maintain the integrity of users’
information of different operators.
• According to the 3GPP, the security landscape, network slicing has several
open security challenges such as security isolation of network slices and
security of inter-slice communications.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 4

 DOI: 10.1109/MCOMSTD.2018.1700063

Security Challenges in 5G Networks

• Moreover, programmable network architectures like SDN require strong
authentication and authorization for applications to avoid misuse of the
network resources exposed to applications through the control plane.
• Similarly, misconfigurations of virtual network functions (VNFs) can lead
to inter-federated conflicts creating jeopardy in the whole network.
• Since 5G will connect every aspect of life to the network, having most
users’ information stored and shared online, maintaining user privacy, will
be highly challenging.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 5

 DOI: 10.1109/MCOMSTD.2018.1700063

Security Challenges in 5G Networks

• 1G
• Wireless communication systems have been prone to security
vulnerabilities from the very inception.
• In 1G wireless networks, mobile phones, and wireless channels were
targeted for illegal cloning and masquerading.

• 2G
• Wireless networks, message spamming became common for not only
pervasive attacks but injecting false information or broadcasting unwanted
marketing information.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 6

 DOI: 10.1109/MCOMSTD.2018.1700063

Security Challenges in 5G Networks

• 3G
• Wireless networks, and IP-based communication enabled the migration of
Internet security vulnerabilities and challenges in the wireless domains.
• 4G
• With the increased necessity of IP-based communication, 4G mobile
networks enabled the proliferation of smart devices, multimedia traffic,
and new services in the mobile domain.
• 5G
• This development led to a more complicated and dynamic threat
landscape.
• With the advent of 5G wireless networks, the security threat vectors will
be bigger than even before with greater concern for privacy.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 7

 DOI: 10.1109/MCOMSTD.2018.1700063

Security Challenges in 5G Networks

• 5G
• Therefore, it is crucial to highlight the security challenges that not only are
threatening due to the wireless nature of mobile networks, but also exist in
the potential technologies that are highly important for 5G.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 8

 DOI: 10.1109/MCOMSTD.2018.1700063

Key Security Challenges in 5G

• 5G needs robust security
architectures and solutions
since it will connect every
aspect of life to
communication networks.
• Therefore, we investigate
and highlight the
important security and
privacy challenges in 5G
networks (depicted in Fig)
and overview the potential
solutions that could lead
to secure 5G systems
5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 9
 DOI: 10.1109/MCOMSTD.2018.1700063

Key Security Challenges in 5G

• The basic challenges in 5G highlighted by Next Generation Mobile
Networks (NGMN) are as follows:

1. • Flash network traffic: There will be a high number of end-user

devices and new things (IoT).
2. • Security of radio interfaces: Radio interface encryption keys are sent
over insecure channels
3. • User plane integrity: There is no cryptographic integrity protection
for the user data plane
4. • Mandated security in the network: Service-driven constraints on the
security architecture lead to the optional use of security measures.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 10

 DOI: 10.1109/MCOMSTD.2018.1700063

Key Security Challenges in 5G

• The basic challenges in 5G highlighted by Next Generation Mobile Networks (NGMN) are
as follows: (Cont..)
5. • Roaming security: User-security parameters are not updated with roaming
from one operator network to another, leading to security compromises with
roaming.
6. • Denial of service (DoS) attacks on the infrastructure: There are visible
Network control elements and unencrypted control channels.
7. • Signaling storms: Distributed control systems require coordination, for
example, non-access stratum (NAS) layer of Third Generation Partnership
Project (3GPP) protocols.
8. • DoS attacks on end-user devices: There are no security measures for
operating systems, applications, and configuration data on user devices..

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 11

 DOI: 10.1109/MCOMSTD.2018.1700063

Key Security Challenges in 5G

• The 5G design principles outlined by NGMN beyond radio efficiency
include creating a common composable core and simplified operations and
management by embracing new computing and networking technologies.
• Therefore, we focused on the security of those technologies that will fulfill
the design principles outlined by NGMN
(i.e., mobile clouds, SDN, and NFV).

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 12

 Today we learned about

Security Challenges in 5G Networks

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 13

 Authentication and Access Control in 5G

Encryption in 5G

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 14

 https://doi.org/10.1016/j.future.2020.02.014.

Authentication and Access Control in 5G

• The fifth generation of mobile networks, 5G, is expected to support a set
of many requirements and use cases such as handling connectivity for a
massive number of IoT (Internet of Things) devices.
• Authenticating IoT devices and controlling their access to the network
plays a vital role in the security of these devices and of the whole cellular
system.
• In current cellular networks, as well as in 3GPP specifications release 16
on 5G, the AAC (Authentication and Access Control) of IoT devices is
done in the same manner as the AAC of MBB (Mobile Broadband) UE
(User Equipment).
• Considering the expected growth of IoT devices, this will likely induce a
very high load on the connectivity provider’s CN (Core Network) and
cause network failures.
5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 15
 https://doi.org/10.1016/j.future.2020.02.014.

Authentication and Access Control in 5G

• Along with mobility, security is one of the most important aspects of
cellular systems.
• AAC (Authentication and access control) plays a vital role in ensuring the
expected security level.
• In 3G and 4G, authentication and access control of subscribers are done
through AKA (authentication and key agreement) protocols.
• These protocols (UMTS-AKA protocol in 3G and EPS-AKA in 4G) are
based on the unique identities of subscribers and symmetric cryptographic
algorithms

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 by 16

 https://doi.org/10.1016/j.future.2020.02.014.

Authentication and Access Control in 5G

• The system subscribers’ identities and the secret keys (that are used in
symmetric cryptographic algorithms) are provisioned in secured elements
(e.g., SIM cards or embedded SIM) and stored in cellular system’s
database as well.
• Executing these AKA protocols to establish a secure connection with the
cellular system is mandatory for each UE (composed of a mobile device
and a secured element) to obtain its cellular connectivity.
• However, these well-established principles may prevent cellular systems
from supporting the connectivity of a massive number of devices, in
particular when considering the context of the IoT — where a high growth
rate of connected devices is anticipated.
• On one hand, most devices are constrained in terms of energy supply and
computational capacities preventing them from running complex security
protocols like EPS-AKA.
5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 17
 https://doi.org/10.1016/j.future.2020.02.014.

Authentication and Access Control in 5G

• On the other hand, the tremendous number of attachment requests from
these devices may induce signaling congestion by increasing the
connectivity provider’s CN (Core Network) load.
• The “Attach” procedure, that includes AAC, is indeed one of the most
expensive procedures in terms of load on the CN (Core Network) .
• 5G defines three authentication methods:
1. 5G-AKA, (5G-Authentication and Key Management Agreement)
2. EAP-AKA’,
(Extensible Authentication Protocol-Authentication and Key Agreement )

3. EAP-TLS.
(Extensible Authentication Protocol – Transport Layer Security)
5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 18
 https://doi.org/10.1016/j.future.2020.02.014.

Authentication and Access Control in 5G

• Extensible Authentication Protocol, abbreviated as EAP, is an
authentication framework that supports multiple authentication methods.

• The EAP-AKA is an EAP method for authentication and session key

distribution that uses AKA mechanism.
• Authentication and Key Agreement (AKA) is based on challenge-response
mechanisms and symmetric cryptography.
• AKA typically runs in a UMTS Subscriber Identity Module (USIM) or a
CDMA2000 (Removable) User Identity Module ((R)UIM).
• Based on EAP-AKA, EAP-AKA' is a new EAP method that binds the
derived keys to the name of the access network.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 19

 https://doi.org/10.1016/j.future.2020.02.014.

Authentication and Access Control in 5G

• A Basic, Successful Full EAP-AKA' Authentication Procedure
1. The UE (or the identity module in it) and the test set (as an authentication
server) have agreed on a shared authentication key beforehand.
2. The test set sends an EAP-Request /Identity message to the UE.
The UE replies with an EAP-Response /Identity message which includes
the UE's NAI (Network Access Identifier).
The NAI will be used in the following step as an input parameter to
generate the authentication vector.
3. The actual authentication process starts.
The test set produces an authentication vector based on the authentication
key, the sequence number and the network name etc.
The authentication vector contains a random part RAND, an authenticator
part AUTN used for authenticating the network to the UE, and other keys
including IK' for integrity check, CK' for encryption etc.
5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 20
 https://doi.org/10.1016/j.future.2020.02.014.

Authentication and Access Control in 5G

• A Basic, Successful Full EAP-AKA' Authentication Procedure (Cont.)
4. The RAND, AUTN and the network name are delivered to the UE via
EAP-Request/AKA'-Challenge message.
5. The UE verifies the AUTN, again based on the authentication key and the
sequence number.
If the AUTN is valid and the sequence number used to generate AUTN is
within the correct range, the UE produces an authentication result RES
and sends it to the test set via EAP-Response/AKA'-Channelled message.
6. The test set verifies the RES and MAC values received from the UE.
If the results are correct, the test set sends an EAP success message to the
UE. IK', CK' together with other key materials can be used to protect
further communications between the UE and the test set.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 21

 Encryption in 5G
• The security of the radio interface keys is still a challenge, as it needs secure
exchange of keys encrypted like the Host Identity Protocol (HIP)-based
schemes.
• The same end-to-end encryption protocol can be used for user plane integrity.
• Roaming security and network-wide mandated security policies can be achieved
using centralized systems that have a global visibility of the users’ activities and
network traffic behavior (e.g., SDN).
• Signaling storms will be more challenging due to the excessive connectivity of
UEs, small base stations, and high user mobility.
• The cloud radio access network (C-RAN) and edge computing are the potential
problem solvers for these challenges, but the design of these technologies must
consider the increase in signaling traffic as an important aspect of the future
networks as described by NGMN.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 22

 Encryption in 5G
• What is end-to-end encryption?
• End-to-end encryption (E2EE) is a method of secure communication that
prevents third parties from accessing data while it's transferred from one
end system or device to another.
• In E2EE, the data is encrypted on the sender's system or device, and only
the intended recipient can decrypt it.
As it travels to its destination, the message cannot be read or tampered
with by an internet service provider (ISP), application service provider,
hacker or any other entity or service.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 23

 Encryption in 5G
• How does end-to-end encryption work?
• The cryptographic keys used to encrypt and decrypt the messages are
stored on the endpoints. This approach uses public key encryption.
• Public key, or asymmetric, encryption uses a public key that can be shared
with others and a private key.
• Once shared, others can use the public key to encrypt a message and send
it to the owner of the public key.
• The message can only be decrypted using the corresponding private key,
also called the decryption key.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 24

 Encryption in 5G
• How does end-to-end encryption work?

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 25

 Encryption in 5G
• How does end-to-end encryption work?
• In online communications, there is almost always an intermediary handing
off messages between two parties involved in an exchange.
• That intermediary is usually a server belonging to an ISP, a
telecommunications company or a variety of other organizations.
• The public key infrastructure E2EE uses ensures the intermediaries cannot
eavesdrop on the messages that are being sent.

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 26

 Today we learned about

Authentication and Access Control in 5G

Encryption in 5G

5/8/2024 18ECO127T :: 5G Technology – An Overview :: Unit-2 27