The SUCI-AKA Authentication Protocol for 5G Systems

Security is a fundamental requirement for all digital systems. In this paper we propose a new entity authentication protocol, which we call the SUCI-AKA protocol. In contrast to the existing 5G-AKA protocol, it will provide online mutual entity authentication. A central design criteria has been to provide a solution which minimizes the system impact and avoids hard breaks with existing schemes. The SUCI-AKA protocol is largely based on the new 5G scheme for subscriber privacy, and integrates it with the existing 5G-AKA entity authentication protocol in a novel way. This provides scope for accommodating both credible subscriber privacy and online mutual entity authentication

On Threats to the 5G Service Based Architecture

The 3GPP-based 5G System marks a clear departure form the previous generations. There is a new radio system and a complete overhaul of the core network design. The core network is redesigned both on the control plane parts and the transport plane. The control plane signalling within the core network is now largely based on the service based architecture (SBA) design, featuring Web-based technologies and the associated security solutions. In this paper we conduct a preliminary generic survey of threats to the SBA

Zero-Trust Principles for Legacy Components: 12 Rules for Legacy Devices: An Antidote to Chaos

In this paper we briefly outline as set of rules for integration of legacy devices into a modern industrial control system. These rules are fairly simple, and are mostly derived from “Zero Trust” principles. These rules aim to be pragmatic, and cost-effectiveness trumps completeness

Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context

The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mobile devices will be attractive targets for malicious software, and this threat will in some cases change with location. Mobile devices will store more sensitive information and will also be used to a larger extent for sensitive transactions than they typically do today. In addition, a distributed execution environment in itself gives raise to some new security challenges. In order to handle these security challenges, we have proposed the location-aware mIPS architecture, which benefits from a distributed execution environment where processor intensive services can be outsourced to Cloud hosting providers. The mIPS supports querying location threat profiles in a privacy-preserving way, and ensures that mIPS alerts sent to the the first-line MSS are anonymised. We finally perform an analysis of potential strengths and weaknesses of the proposed approac