Summary of the 5G Security Architecture
Markedly, the security structure of cellular networks is stratified and categorized by domain in layout (Arfaoui et al., 2018). It is structured in the following format;
Figure I: Security Architecture for 5G Network
Network access security is a collection of defense aspects that allow a UE to safely validate and gain entry into network services, including 3GPP and non-3GPP entry, to secure against intrusion on the (radio) terminals (Arfaoui et al., 2018). Similarly, the connectivity sphere security is a collection of safety services that enable network buds to interchange communication and data plane in a secure manner. It specifies safety protocols for connections between entrance and backbone networks and the home and the visited networks.
The user domain security is a series of security features that ensures that users have safe access to mobile devices. Internal authentication protocols, such as a PIN code, are used by mobile equipment to maintain security between the mobile equipment and the universal SIM (Gupta et al., 2018). Conversely, appdomain surveillance is a safety feature that makes it possible for software in the consumer and service domains to safely interchange messages. The application domain’s security measures are open to the whole cellular network and are supported by ASPs.
Notably, the SBA domain protection is a collection of safety features that facilitate the SBA layout’s network functions to steadily communicate within the serving interconnections sphere and other network realms (Ji et al., 2018). Network service enrollment, exploration and approval security features, and safety for service-centered terminals, are among these features. Finally, the noticeability and configurability of protection are aspects that facilitate the user to be enlightened if a safety aspect is not operational.
5G protection layout, similar to 4G protection design, comprises the home, transport, application, and serving stratum, safely separate from one another. The transport layer is at the basement of the design and has a low safety responsiveness (Yao et al., 2019). Some UE parameters, all gNodeB parameters, and select key network components like the UPF are included. Except for the UE functions, none of these functions use sensitive data like permanent subscription identifiers (SUPIs) or user root keys.
Notably, the Access and Mobility Management Feature (AMF), Network Repository Function (NRF), Security Edge Protection Proxy (SEPP), and Network Exposure Function (NEF) are all part of the serving stratum, which has reasonably high protection responsiveness (Gupta et al., 2018). The Authentication Server Function (AUSF) and Unified Data Management (UDM) of the provider’s home interconnectivity, and the USIM in the UE, are both parts of the home stratum, which encompasses delicate information such as SUPIs, user login credentials, and high-end keys.
Application layout is closely linked to access providers but scarcely connected with operator interconnectivity. It involves 5G software that, identical to 4G counterparts, require an E2E protection guarantee for services that demand high safety besides transport protection (Ji et al., 2018). Regulators must track all four strata in terms of cybersecurity risks. Simultaneously, service providers must examine the application layout, operant must supervise the home, transport, and serving structure, and accessories dealers must concentrate on the basic network accessories.
Research Problem
Users’ private information and communication data, wireless and core network hardware and software properties, system resource valuables, as well as usernames, login credentials, logs, settings, and charging data records (CDRs) managed and preserved by operators are all key assets of 5G networks (Gupta et al., 2018). Hackers target wireless interconnectivity to infiltrate users’ private information or jeopardize network or computing resource availability.
5G security threats and risks entail verification, safety framework, and code handling, radio access network (RAN) protection, and safety inside NG-UE. Additional risks include security architecture, validation, signature privacy, and network segmentation safety, relay protection, and interconnectivity domain safety. Similarly, security noticeability and arrangement, password protections, interconnection and transfer, individual-based data, broadcast safety, and administration security, security visibility, and cryptographic techniques are also 5G security threats.
5G Network Security Solutions
According to Yao et al. (2019), a safety architecture is a technique for implementing a protected structure that includes a tool case for modeling secure networks, safety design concepts, and a collection of protection parameters and processes for implementing the protection controls required to meet the system’s safety goals.
Enhanced Cryptographic Algorithm and Radio Network Protection
Future 5G specifications can support 256-bit cryptographic algorithms, ensuring that 5G network algorithms are sufficiently resistant to quantum computer attacks (Yao et al., 2019). Notably, the data handling segment and the radio unit are architecturally divided into 5G base stations. A stable interface connects the CU and the DU. Even if the intruder gains access to the radio module, this isolation hinders the hacker from accessing the administrator’s network.
Enhanced User Privacy Protection
Stable IDs (global telephone benefactor identities) are transferred in unencrypted text via a wireless interface in second, third, and fourth-generation networks. Hackers may use man-in-the-middle attacks to monitor users by exploiting this vulnerability (Ji et al., 2018). Users’ stable IDs (SUPIs) are disseminated in cipher text in 5G networks to protect against such attacks. Additionally, cross-operator protection in 5G will be offered by protection intermediary servers, a progression of the 4G communication firewall. 5G networks have adopted the home interconnection cryptography for irregular encoding to avoid the disclosure of subscriber identifiers.
Better Roaming Security.
In most cases, operators must establish relations with third-party operators. By exploiting intermediary operators’ computers, hackers can falsify authentic backbone network buds to launch SS7 attacks and other attacks (Yao et al., 2019). Security Edge Protection Proxy (SEPP) is a 5G SBA specification that implements E2E safety protection for cross-operant communication at the transport and device layers. It prohibits intermediary operators’ equipment from interfering with delicate information (such as keys, user IDs, and SMS) sent between baseline networks.
Key Hierarchy and Secondary Authentication
5G uses key segregation to enforce the revised trust model. It preserves the confidentiality of data transmitted by the user and reduces the damage if a part of the system is breached (Arfaoui et al., 2018). Similarly, secondary authentication is used for data transfer networks exterior of the network provider’s jurisdiction, such as Wi-Fi. It is important to note that the network and gadgets in 5G are jointly verified.
Critique
A 5G protection layout fundamentally does not offer answers to the network’s safety risks or which perils require complex countermeasures. Such examination should be based on a cross-sector risk, exposure, and hazard analysis, which takes the network’s safety goals into account (Arfaoui et al., 2018). The analysis should culminate in an exposure intervention plan that specifies whether to minimize the threats by enforcing specific protection measures, recognizing the risk by hoping it will not occur or cause significant damage, or passing responsibility for risk management to other stakeholders directly or implicitly.
Figure II: Schedule for 5G Standardization
Markedly, network slicing helps mobile operator split their core and radio networks into several virtual blocks with different amounts of capital and priority for different types of traffic (Olimid & Nencioni, 2020). When a network has these hybrid network functions that serve multiple slices, there is a lack of mapping between the application and transport layers identities, according to a study of 5G core networks that include both shared and dedicated network functions.
Suppose an attacker has access to the 5G service-based infrastructure. In that case, they will be able to access data and conduct denial-of-service attacks through several slices due to this loophole in industry standards (Olimid & Nencioni, 2020). It is because of the combined use of 5G NR and an LTE network hub, allowing the networks to inherit all vulnerabilities of the LTE networks.
Similarly, software-defined networking (SDN) and interconnectivity parameter virtualization are at the heart of the 5G network core (NFV). HTTP and REST API protocols are heavily used in SDN and NFV. On the Internet, these protocols are well-known and commonly used. Therefore, any adversary can access tools for detecting and exploiting vulnerabilities making hacking 5G to become simpler (Yao et al., 2019). Additionally, with most user equipment on the 5G network being IoT devices, millions of such interconnected devices offer an opportunity for botnets due to poor device protection and scalable malware distribution.
Not every operator is effective in securing the network hub and safeguarding it from all sides. The administration has become much more complicated as SDN and NFV are introduced for interconnectivity slicing in 5G (Arfaoui et al., 2018). In 5G connectivity, flexibility is possible at the expense of heightened intricacy and settings to control. Because of this adaptability, there’s an increased chance of protection-breaking configuration errors. It is especially true with network slicing.
Rather than configuring only a single network, network providers would be required to develop extensive slices, each with its own set of challenges and service specifications. It has serious consequences for security. When the number of parameters and configuration burden grows, so does the risk of a security breach (Olimid & Nencioni, 2020). This is particularly true when multiple operators build 5G network infrastructure together or when multiple virtual network providers use a single 5G connectivity.
Conclusion
The majority of risks and problems that 5G network safety faces are identical to those of 4G. Concerning new offerings, attention must be focused on entry validation for intermediary apportionment access administrators. 3GPP safety guidelines are factoring the safety threats and remedies to the 5G structures, such as connectivity partitioning and service-based architecture (SBA). Similarly, given the widespread adoption of cloud architecture in 5G, the safe use of computing resource assets must be considered. With telecom networks being slow to change, mobile operators need to safeguard security for both 5G and the evolution and interworking with preceding network generations.
References
Arfaoui, G., Bisson, P., Blom, R., Borgaonkar, R., Englund, H., Félix, E., & Zahariev, A. (2018). A security architecture for 5G networks. IEEE Access, 6, 22466-22479.
Gupta, A., Jha, R. K., & Devi, R. (2018). The security architecture of a 5g wireless communication network. International Journal of Sensors Wireless Communications and Control, 8(2), 92-99.
Ji, X., Huang, K., Jin, L., Tang, H., Liu, C., Zhong, Z., & Yi, M. (2018). Overview of 5G security technology. Science China Information Sciences, 61(8), 1-25.
Olimid, R. F., & Nencioni, G. (2020). 5G network slicing: a security overview. IEEE Access, 8, 99999-100009.
Yao, J., Han, Z., Sohail, M., & Wang, L. (2019). A robust security architecture for SDN-based 5G networks. Future Internet, 11(4), 85.