Media and companies cheerfully report that "the era of 5G has arrived or is about to arrive" and promise incredible changes in our lives in this regard. Changes will come in the form of the Internet of Things, smart cities, Industry 4.0, associated with the mass introduction of cyber-physical systems and new technologies. At the same time, the number of relationships in the ecosystem is actually equal to the number of possible attack vectors on it. So we need to discuss 5G security. And no, we are not suggesting that you join the gang of clickers and propagandists describing the horrors of "deadly radiation" - we will talk about protecting 5G networks and devices from hacking. Or, to be more precise, about the security architecture of 5G networks.
5G technologies open up huge prospects for the market and users. But at the same time, you need to ask yourself how the protection of 5G networks will be built, which hackers will probably be interested in. The introduction of 5G networks will create completely different business models and introduce new participants to the field of mobile technologies. Accordingly, when developing security systems, this will have to be taken into account and clearly delineate who, to what extent, and what data/functions can be trusted. A similar result will be achieved by using new technologies, such as network virtualization (i.e. separation of logical networks from network equipment) and SDN (software-defined networks), only in this case we are already talking about the interaction of application owners and suppliers of computing resources and data warehouses, and about tightening requirements for protecting information that is transmitted between participants.
To address these issues, develop standards and ensure the security of new-generation networks, the international 5G-Ensure project was launched, which brings together scientists and specialists from major European companies, including Nokia and Ericsson. With the support of their respective Governments, they are developing both a common network security roadmap and specific tools and solutions in this area. As part of this project, in April 2018, 15 experts from various organizations from around the world, including the University of Oxford, the French Orange Labs and the Swedish Royal Institute of Technology, analyzed the infrastructure of 5G networks and offered their own vision of the security architecture for them, which will help to better understand what, how and how to protect against intruders in conditions that have changed compared to the 3G/4G era. The full text of the A Security Architecture for 5G Networks study can be found here, and this post provides the main ideas from the theoretical part of the study. A separate blog post will be devoted to more practical questions and examples of using such an architecture.
What is a security architecture?
According to the authors of the study, one of the key points in creating secure systems is the use of a security architecture. The presence of such an architecture makes it possible to examine in detail all the objects associated with the system and their relationships. Such a comprehensive assessment allows you to analyze the level of security of the system as a whole and the security of its individual parts, understand how these parts affect the system, identify possible threats and develop effective measures to counter them and manage security.
Moreover, to ensure the most effective protection, the development of the architecture and tools itself should be carried out before the deployment of 5G networks or in parallel with them. Recently, the number of cybersecurity risks is constantly increasing, and factors and attack vectors related to the ecosystem itself, such as IoT devices, are being added to the "human" factor. Therefore, the trend of "safe by definition" systems, which are built into protection mechanisms during development or deployment, as opposed to the classic method of external protection in the form of antivirus programs or firewalls, is quite deservedly gaining popularity. And this is especially true for systems such as 5G networks, since it will be much more difficult to protect them "after the fact" due to the scale and number of interconnections.
The main components of a security architecture are domains, layers, security scopes, and security management classes.
A domain is a group of network objects selected according to certain physical or logical parameters that are important for a particular 5G network.
A layer is the protocols, data, and functions associated with some aspect of the services provided by one or more domains.
A Security Scope (SR) covers all the security needs of one or more layers/domains.
Security management classes (SCCS) are a set of functions and mechanisms for protecting a system (including measures and countermeasures) that relate to a single security aspect, such as ensuring data integrity. SCCS help you avoid, detect, contain, counteract, or minimize security risks in 5G networks, including threats to the network's physical and logical infrastructure, user hardware, and transmitted data security.
Domains are the cornerstone of the 5G security architecture, as they allow you to easily describe the various functions and actors in 5G networks. Figure 1 shows the main 5G domains and shows their location on the network. Horizontal lines H1, H2 and vertical lines V1, V2 separate top-level domains. Those domains that are located above H1 represent different components of the logical network and are called participant domains; domains between H1 and H2 are responsible for the physical components of the network and are called infrastructure domains; domains that are below H2 are composite domains that are responsible for several aspects of the network at once, such as ownership or shared administration. V1 separates user equipment from network equipment, and V2 separates the operator's network from an external network, such as Internet services.
In 2G, 3G, and 4G networks, there was no distinction between infrastructure domains and member domains. But this difference is fundamental for 5G networks, as virtualization and SDN provide the foundation for the "softwarization" of networks and the introduction of technologies such as network slicing and mobile edge computing.
Figure 1 - 5G Network Security Architecture: SD-network slices, TA-trust anchor, IP-infrastructure provider. Optional elements/links are dotted
Figure 2 shows a diagram of the layers that the authors of the study identify in their 5G network security architecture. They are combined according to the principle of common security requirements and exposure to the same types of threats, for example, spoofing of base stations or" jamming " of the radio signal-these are common threats to user equipment and access points with which it interacts. Using layers helps you better structure security management systems in 5G networks and determine where and for what purposes they can be used more effectively.
Figure 2 - Layers in the 5G architecture
The Application, Home, Serving, Transport, and Access layers are similar to those described in the 3GPP TS 23.101 specifications. They include protocols and functions related, for example, to serving end users; processing and storing subscription data and services for home networks; providing telecommunications services; and transmitting user data from other layers through the network.
When users are roaming, some of the protocols and functions of the "home" layer are taken over by the "service" layer, which is considered its sublayer. Similarly, the "access" layer is a sublayer for "transport", since the radio interface is part of the overall data transmission system. The Management layer was added by the authors of the study to display the threats that management systems in 5G networks are exposed to, for example, unauthorized configuration changes, compromising network keys and certificates, and adding malicious network functions. It is located "behind" the other layers in the diagram, as it is responsible for managing the network functions of all layers of the system.
Security areas are used in the architecture to describe security needs and requirements in certain areas, so their composition differs depending on the specific site and network functionality. For example, in the area of network access security, it is important to protect data storage systems at base stations, protect against unauthorized data injection "over the air", protect against redirects and connecting subscribers to fake base stations. At the same time, for the field of basic network security, the main factors are protecting the confidentiality of identifiers, secure authentication and authorization, security of key distribution and algorithm exchange.
The main classes of security management are identity and access management, authentication, fault tolerance, confidentiality, integrity, availability and privacy of information (these classes are taken from ITU-T X. 805), as well as audit, trust and guarantees, and compliance (these classes were added by the authors of the study). Security mechanisms based on security management classes are, for example, providing long-term (IMSI in 3GPP) and short-term (TMSI or GUTI in 3GPP) identifiers for identity and access management; AKA in 3GPP and HTTP Digest for user authentication, or using asymmetric cryptography and digital signatures for fault tolerance.
System analysis and implementation of the security architecture
The authors of the study propose their own methodology for step-by-step analysis of the system and implementation of the security architecture.
Step 1: Create a 5G network model, starting with physical and logical top-level domains. Their main characteristics will be ownership, management, and purpose. Then you need to select the types of network slices (slice domains) that will be supported by the system. This top-level domain model should be based on the functional architecture of the network itself.
Step 2. Next, you need to enter control points (interfaces) that connect certain domains. These checkpoints will determine dependencies and the type of interaction between domains. The data that is transmitted through these points must be identified and described according to the selected layers and protocols, and then appropriate security areas must be assigned to them.
Step 3. For each checkpoint, you need to determine the type of relationship and the degree of "trust" between the linked domains.
Step 4. The next step is to conduct a TVRA assessment of threats and risks, and draw up a plan to deal with them using security management classes. One of the intermediate steps in TVRA must be to determine where and by whom security measures will be taken, and the analysis must take into account the domains, layers and areas of security used in the system.
Step 5. The choice of security management classes should be based on the principles of security-by-design and use the most effective and proven security methods.
Step 6. Finally, you need to implement the selected security measures and check whether the set goals were achieved as a result.
Performance indicators
The authors of the study analyzed the security architecture of previous generations of networks and the most popular scenarios for using 5G technologies and proposed a number of qualitative indicators that will help determine the effectiveness of the created 5G network security architecture. Among them::
Backward compatibility: The ability to use the 5G network security architecture to describe and analyze the security of 3G and 4G networks, as they will become an integral part of the next generation of networks.
Flexibility and adaptability: the ability to adapt the security architecture to network solutions that will appear on the market later. We are also talking about the possibility of developing and improving the security architecture in order to effectively counteract new threats and ensure compatibility with new security systems that did not exist at the time of its development.
The question of trust: Current-generation mobile networks assume a three-way model of trust involving the mobile operator, service provider, and end user, where the mobile operator is responsible for the state and security of the network. This model is not suitable for 5G networks, where there will be many more participants with different roles, such as virtualized infrastructure providers or VNF (Virtualized Network Functions) providers, and each of them needs to have a clear role in the new multi-party trust model.
Virtualization and slicing or" slicing " networks: 5G networks are expected to be suitable for absolutely any use case. Since different use cases put forward completely different requirements for these networks, which may even contradict each other, 5G networks should be universal. Virtualization and Network Slicing technologies will help them do this. Therefore, virtualization and slicing should also be a mandatory part of the 5G security architecture.
Protocols and network functions: As with the current generation of mobile networks, the introduction of 5G will bring a number of new protocols and network functions (both secure and unsecured). At the same time, a huge number of 5G networks will be used for normal operation, including solutions inherited from previous generations. Therefore, the security architecture must be able to identify all applicable protocols and network functions in order to develop the most effective security system.
Security management points: 5G networks will be much more complex than 4G networks and earlier generations. They will have much more participants, more different levels and means of accessing the network. In addition, 5G networks will be more "dynamic" in the sense that new (virtualized) network nodes can be automatically added and removed from the network or part of it at almost any time. Clearly defining network boundaries and interfaces is essential for identifying and modeling attack vectors.
Security management: Along with new use cases, new models of trust, and new technologies that 5G networks will bring with them, new security features and new challenges will emerge. Therefore, the security architecture should take this into account and allow you to model mobile networks with a different set of features and different weaknesses.
Network management: the specifications of the current generation of mobile networks do not formalize aspects of network management in any way, as it is considered that this depends on the implementation and application scenarios of specific networks. There will be new roles and new participants in 5G networks, so network management issues are important to ensure its efficient and secure operation, and this should be reflected in the security architecture.
Stay tuned
So, with the opinion of experts on how timely development of a security architecture helps to better assess possible risks and choose the right mechanisms for ensuring the security of 5G networks and related systems, we figured out. In the next post, we will move from theory to practice and talk about how the authors of the study propose to approach the development of a security architecture for one of the largest and most complex objects in the 5G ecosystem a "smart" city.
5G technologies open up huge prospects for the market and users. But at the same time, you need to ask yourself how the protection of 5G networks will be built, which hackers will probably be interested in. The introduction of 5G networks will create completely different business models and introduce new participants to the field of mobile technologies. Accordingly, when developing security systems, this will have to be taken into account and clearly delineate who, to what extent, and what data/functions can be trusted. A similar result will be achieved by using new technologies, such as network virtualization (i.e. separation of logical networks from network equipment) and SDN (software-defined networks), only in this case we are already talking about the interaction of application owners and suppliers of computing resources and data warehouses, and about tightening requirements for protecting information that is transmitted between participants.
To address these issues, develop standards and ensure the security of new-generation networks, the international 5G-Ensure project was launched, which brings together scientists and specialists from major European companies, including Nokia and Ericsson. With the support of their respective Governments, they are developing both a common network security roadmap and specific tools and solutions in this area. As part of this project, in April 2018, 15 experts from various organizations from around the world, including the University of Oxford, the French Orange Labs and the Swedish Royal Institute of Technology, analyzed the infrastructure of 5G networks and offered their own vision of the security architecture for them, which will help to better understand what, how and how to protect against intruders in conditions that have changed compared to the 3G/4G era. The full text of the A Security Architecture for 5G Networks study can be found here, and this post provides the main ideas from the theoretical part of the study. A separate blog post will be devoted to more practical questions and examples of using such an architecture.
What is a security architecture?
According to the authors of the study, one of the key points in creating secure systems is the use of a security architecture. The presence of such an architecture makes it possible to examine in detail all the objects associated with the system and their relationships. Such a comprehensive assessment allows you to analyze the level of security of the system as a whole and the security of its individual parts, understand how these parts affect the system, identify possible threats and develop effective measures to counter them and manage security.
Moreover, to ensure the most effective protection, the development of the architecture and tools itself should be carried out before the deployment of 5G networks or in parallel with them. Recently, the number of cybersecurity risks is constantly increasing, and factors and attack vectors related to the ecosystem itself, such as IoT devices, are being added to the "human" factor. Therefore, the trend of "safe by definition" systems, which are built into protection mechanisms during development or deployment, as opposed to the classic method of external protection in the form of antivirus programs or firewalls, is quite deservedly gaining popularity. And this is especially true for systems such as 5G networks, since it will be much more difficult to protect them "after the fact" due to the scale and number of interconnections.
The main components of a security architecture are domains, layers, security scopes, and security management classes.
A domain is a group of network objects selected according to certain physical or logical parameters that are important for a particular 5G network.
A layer is the protocols, data, and functions associated with some aspect of the services provided by one or more domains.
A Security Scope (SR) covers all the security needs of one or more layers/domains.
Security management classes (SCCS) are a set of functions and mechanisms for protecting a system (including measures and countermeasures) that relate to a single security aspect, such as ensuring data integrity. SCCS help you avoid, detect, contain, counteract, or minimize security risks in 5G networks, including threats to the network's physical and logical infrastructure, user hardware, and transmitted data security.
Domains are the cornerstone of the 5G security architecture, as they allow you to easily describe the various functions and actors in 5G networks. Figure 1 shows the main 5G domains and shows their location on the network. Horizontal lines H1, H2 and vertical lines V1, V2 separate top-level domains. Those domains that are located above H1 represent different components of the logical network and are called participant domains; domains between H1 and H2 are responsible for the physical components of the network and are called infrastructure domains; domains that are below H2 are composite domains that are responsible for several aspects of the network at once, such as ownership or shared administration. V1 separates user equipment from network equipment, and V2 separates the operator's network from an external network, such as Internet services.
In 2G, 3G, and 4G networks, there was no distinction between infrastructure domains and member domains. But this difference is fundamental for 5G networks, as virtualization and SDN provide the foundation for the "softwarization" of networks and the introduction of technologies such as network slicing and mobile edge computing.
Figure 1 - 5G Network Security Architecture: SD-network slices, TA-trust anchor, IP-infrastructure provider. Optional elements/links are dotted
Figure 2 shows a diagram of the layers that the authors of the study identify in their 5G network security architecture. They are combined according to the principle of common security requirements and exposure to the same types of threats, for example, spoofing of base stations or" jamming " of the radio signal-these are common threats to user equipment and access points with which it interacts. Using layers helps you better structure security management systems in 5G networks and determine where and for what purposes they can be used more effectively.
Figure 2 - Layers in the 5G architecture
The Application, Home, Serving, Transport, and Access layers are similar to those described in the 3GPP TS 23.101 specifications. They include protocols and functions related, for example, to serving end users; processing and storing subscription data and services for home networks; providing telecommunications services; and transmitting user data from other layers through the network.
When users are roaming, some of the protocols and functions of the "home" layer are taken over by the "service" layer, which is considered its sublayer. Similarly, the "access" layer is a sublayer for "transport", since the radio interface is part of the overall data transmission system. The Management layer was added by the authors of the study to display the threats that management systems in 5G networks are exposed to, for example, unauthorized configuration changes, compromising network keys and certificates, and adding malicious network functions. It is located "behind" the other layers in the diagram, as it is responsible for managing the network functions of all layers of the system.
Security areas are used in the architecture to describe security needs and requirements in certain areas, so their composition differs depending on the specific site and network functionality. For example, in the area of network access security, it is important to protect data storage systems at base stations, protect against unauthorized data injection "over the air", protect against redirects and connecting subscribers to fake base stations. At the same time, for the field of basic network security, the main factors are protecting the confidentiality of identifiers, secure authentication and authorization, security of key distribution and algorithm exchange.
The main classes of security management are identity and access management, authentication, fault tolerance, confidentiality, integrity, availability and privacy of information (these classes are taken from ITU-T X. 805), as well as audit, trust and guarantees, and compliance (these classes were added by the authors of the study). Security mechanisms based on security management classes are, for example, providing long-term (IMSI in 3GPP) and short-term (TMSI or GUTI in 3GPP) identifiers for identity and access management; AKA in 3GPP and HTTP Digest for user authentication, or using asymmetric cryptography and digital signatures for fault tolerance.
System analysis and implementation of the security architecture
The authors of the study propose their own methodology for step-by-step analysis of the system and implementation of the security architecture.
Step 1: Create a 5G network model, starting with physical and logical top-level domains. Their main characteristics will be ownership, management, and purpose. Then you need to select the types of network slices (slice domains) that will be supported by the system. This top-level domain model should be based on the functional architecture of the network itself.
Step 2. Next, you need to enter control points (interfaces) that connect certain domains. These checkpoints will determine dependencies and the type of interaction between domains. The data that is transmitted through these points must be identified and described according to the selected layers and protocols, and then appropriate security areas must be assigned to them.
Step 3. For each checkpoint, you need to determine the type of relationship and the degree of "trust" between the linked domains.
Step 4. The next step is to conduct a TVRA assessment of threats and risks, and draw up a plan to deal with them using security management classes. One of the intermediate steps in TVRA must be to determine where and by whom security measures will be taken, and the analysis must take into account the domains, layers and areas of security used in the system.
Step 5. The choice of security management classes should be based on the principles of security-by-design and use the most effective and proven security methods.
Step 6. Finally, you need to implement the selected security measures and check whether the set goals were achieved as a result.
Performance indicators
The authors of the study analyzed the security architecture of previous generations of networks and the most popular scenarios for using 5G technologies and proposed a number of qualitative indicators that will help determine the effectiveness of the created 5G network security architecture. Among them::
Backward compatibility: The ability to use the 5G network security architecture to describe and analyze the security of 3G and 4G networks, as they will become an integral part of the next generation of networks.
Flexibility and adaptability: the ability to adapt the security architecture to network solutions that will appear on the market later. We are also talking about the possibility of developing and improving the security architecture in order to effectively counteract new threats and ensure compatibility with new security systems that did not exist at the time of its development.
The question of trust: Current-generation mobile networks assume a three-way model of trust involving the mobile operator, service provider, and end user, where the mobile operator is responsible for the state and security of the network. This model is not suitable for 5G networks, where there will be many more participants with different roles, such as virtualized infrastructure providers or VNF (Virtualized Network Functions) providers, and each of them needs to have a clear role in the new multi-party trust model.
Virtualization and slicing or" slicing " networks: 5G networks are expected to be suitable for absolutely any use case. Since different use cases put forward completely different requirements for these networks, which may even contradict each other, 5G networks should be universal. Virtualization and Network Slicing technologies will help them do this. Therefore, virtualization and slicing should also be a mandatory part of the 5G security architecture.
Protocols and network functions: As with the current generation of mobile networks, the introduction of 5G will bring a number of new protocols and network functions (both secure and unsecured). At the same time, a huge number of 5G networks will be used for normal operation, including solutions inherited from previous generations. Therefore, the security architecture must be able to identify all applicable protocols and network functions in order to develop the most effective security system.
Security management points: 5G networks will be much more complex than 4G networks and earlier generations. They will have much more participants, more different levels and means of accessing the network. In addition, 5G networks will be more "dynamic" in the sense that new (virtualized) network nodes can be automatically added and removed from the network or part of it at almost any time. Clearly defining network boundaries and interfaces is essential for identifying and modeling attack vectors.
Security management: Along with new use cases, new models of trust, and new technologies that 5G networks will bring with them, new security features and new challenges will emerge. Therefore, the security architecture should take this into account and allow you to model mobile networks with a different set of features and different weaknesses.
Network management: the specifications of the current generation of mobile networks do not formalize aspects of network management in any way, as it is considered that this depends on the implementation and application scenarios of specific networks. There will be new roles and new participants in 5G networks, so network management issues are important to ensure its efficient and secure operation, and this should be reflected in the security architecture.
Stay tuned
So, with the opinion of experts on how timely development of a security architecture helps to better assess possible risks and choose the right mechanisms for ensuring the security of 5G networks and related systems, we figured out. In the next post, we will move from theory to practice and talk about how the authors of the study propose to approach the development of a security architecture for one of the largest and most complex objects in the 5G ecosystem a "smart" city.
