Security for 5G Mobile Wireless Networks

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding security services including authentication, availability, data confidentiality, key management and privacy. The paper further discusses the new security features involving different technologies applied to 5G such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software defined networks and Internet of Things. Motivated by these security research and development activities, we propose a new 5G wireless security architecture, based on which the analysis of identity management and flexible authentication is provided. As a case study, we explore a handover procedure as well as a signaling load scheme to show the advantage of the proposed security architecture. The challenges and future directions of 5G wireless security are finally summarized

A Public Key Infrastructure for 5G Service-Based Architecture

The 3GPP 5G Service-based Architecture (SBA) security specifications leave several details on how to setup an appropriate Public Key Infrastructure (PKI) for 5G SBA, unspecified. In this work, we propose 5G-SBA-PKI, a public key infrastructure for secure inter-NF communication in 5G SBA core networks, where NF refers to Network Functions. 5G-SBA-PKI is designed to include multiple certificate authorities (with different scopes of operation and capabilities) at different PLMN levels for certification operations and key exchange between communicating NFs, where PLMN refers to a Public Land Mobile Network. We conduct a formal analysis of 5G-SBA-PKI with respect to the desired security properties using TAMARIN prover. Finally, we evaluate 5G-SBA-PKI's performance with "pre-quantum" as well as quantum-safe cryptographic algorithms.Comment: Accepted for publication in ITCCN Symposium, TrustCom 202

Security Aware Virtual Base Station Placement in 5G Cloud Radio Access Networks

© 2018, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. In fifth generation (5G) cloud radio access networks (C-RAN), baseband processing of base stations (BS’s) will be processed on virtual machines called virtual BSs (VBS) in the centralized cloud architecture. The existing researches mostly focus on how to maximize resource utilization and reduce energy consumption in 5G C-RAN using VBS placement. However, security issues in the context of VBS placement within 5G C-RAN have been rarely addressed. In this paper, a security aware VBS placement (SAV) scheme within 5G C-RAN is proposed where the placement of VBSs to physical machines (PMs) considers the security levels of both the VBS and the PM. A rigorous simulation study is conducted for validating the proposed scheme, which shows a significant security improvement of 16% compared to the heuristic simulated annealing scheme (HSA).Published versio

Забезпечення заданих показників безпеки в 5G мережах

Обсяг роботи: робота містить 69 сторінок, 15 рисунків, 1 таблицю, використано 22 джерела. Актуальність: на відміну від мереж попередніх поколінь, 5G підтримує більше видів послуг та має більш широкий спектр задач, з’являються нові види загроз. Тому виникає питання в забезпеченні безпеки в цих мережах. Тому тема дипломної роботи є актуальною. Мета роботи: представлення вдосконалених методів, а також рекомендацій та пропозицій із забезпечення безпеки в 5G мережах. В ході роботи розглянуто загальні поняття 5G та безпеки в цих мережах, проаналізовано архітектуру безпеки 5G мереж, вразливі місця 5G мереж та можливі атаки; проаналізовано існуючі методи забезпечення безпеки, та наведено власні рекомендації та пропозиції по забезпеченню безпеки в 5G мережах.The amount of work: the work contains 69 pages, 15 figures, 1 table and 22 sources have been used. Topicality: unlike previous generations of networks, 5G supports more types of services and has a wider range of tasks, new types of threats appear. Therefore, there is a question in ensuring security in these networks. Therefore, the topic of the thesis is relevant. Goal: presentation of improved methods, as well as recommendations and suggestions for security in 5G networks. During this work the general concepts of 5G and security in these networks are considered, the security architecture of 5G networks, vulnerabilities of 5G networks and possible attacks are analyzed; analyzed the existing methods of security, and mentioned own recommendations and suggestions for security in 5G networks

SCC5G: A PQC-based Architecture for Highly Secure Critical Communication over Cellular Network in Zero-Trust Environment

5G made a significant jump in cellular network security by offering enhanced subscriber identity protection and a user-network mutual authentication implementation. However, it still does not fully follow the zero-trust (ZT) requirements, as users need to trust the network, 5G network is not necessarily authenticated in each communication instance, and there is no mutual authentication between end users. When critical communications need to use commercial networks, but the environment is ZT, specific security architecture is needed to provide security services that do not rely on any 5G network trusted authority. In this paper, we propose SCC5G Secure Critical-mission Communication over a 5G network in ZT setting. SCC5G is a post-quantum cryptography (PQC) security solution that loads an embedded hardware root of authentication (HRA), such as physically unclonable functions (PUF), into the users' devices, to achieve tamper-resistant and unclonability features for authentication and key agreement. We evaluate the performance of the proposed architecture through an exhaustive simulation of a 5G network in an ns-3 network simulator. Results verify the scalability and efficiency of SCC5G by showing that it poses only a few kilobytes of traffic overhead and adds only an order of $O(0.1)$ second of latency under the normal traffic load

Mobility Support 5G Architecture with Real-Time Routing for Sustainable Smart Cities

[EN] The Internet of Things (IoT) is an emerging technology and provides connectivity among physical objects with the support of 5G communication. In recent decades, there have been a lot of applications based on IoT technology for the sustainability of smart cities, such as farming, e-healthcare, education, smart homes, weather monitoring, etc. These applications communicate in a collaborative manner between embedded IoT devices and systematize daily routine tasks. In the literature, many solutions facilitate remote users to gather the observed data by accessing the stored information on the cloud network and lead to smart systems. However, most of the solutions raise significant research challenges regarding information sharing in mobile IoT networks and must be able to stabilize the performance of smart operations in terms of security and intelligence. Many solutions are based on 5G communication to support high user mobility and increase the connectivity among a huge number of IoT devices. However, such approaches lack user and data privacy against anonymous threats and incur resource costs. In this paper, we present a mobility support 5G architecture with real-time routing for sustainable smart cities that aims to decrease the loss of data against network disconnectivity and increase the reliability for 5G-based public healthcare networks. The proposed architecture firstly establishes a mutual relationship among the nodes and mobile sink with shared secret information and lightweight processing. Secondly, multi-secured levels are proposed to protect the interaction with smart transmission systems by increasing the trust threshold over the insecure channels. The conducted experiments are analyzed, and it is concluded that their performance significantly increases the information sustainability for mobile networks in terms of security and routing.Rehman, A.; Haseeb, K.; Saba, T.; Lloret, J.; Ahmed, Z. (2021). Mobility Support 5G Architecture with Real-Time Routing for Sustainable Smart Cities. Sustainability. 13(16):1-16. https://doi.org/10.3390/su13169092S116131

The case for federated identity management in 5G communications

The heterogeneous nature of fifth generation mobile network (5G) makes the access and provision of network services very difficult and raises security concerns. With multi-users and multi-operators, Service-Oriented Authentication (SOA) and authorization mechanisms are required to provide quick access and interaction between network services. The users require seamless access to services regardless of the domain, type of connectivity or security mechanism used. Hence a need for Identity and Access Management (IAM) mechanism to complement the improved user experience promised in 5G. Federated Identity Management (FIdM) a feature of IAM, can provide a user with use Single Sign On (SSO) to access services from multiple Service Providers (SP). This addresses security requirements such as authentication, authorization and user’s privacy from the end user perspectives, however 5G networks access lacks such solution. We propose a Network Service Federated Identity (NS-FId) model that address these security requirements and complements the 5G Service- Based Architecture (SBA). We present different scenarios and applications of the proposed model. We also discuss the benefits of identity management in 5G