As 5G powers the enablement of the connected intelligent edge and accelerates the cloud economy, the number of connected smart devices continues to multiply and diversify. While that growth drives digital transformation across many diverse industries, it also increases the attack surface of end-to-end systems.
That’s why we need an agile and robust platform that can provide security and privacy, at scale, across different use cases and deployments. 5G with the connected intelligent edge is a such platform. While 5G is already meeting today’s demanding requirements, we look forward to evolving security and privacy features in 5G Advanced, bringing new levels of data protection for a growing set of connected devices and services through the rest of this decade.
Resilient communication requires an end-to-end approach to system security
As mobile technology expands its usefulness and benefits to a variety of vertical segments, the end-to-end system — from cloud, to network, to device — requires greater resiliency in areas like security, privacy, trust, identity, and robustness.
The original 5G vision of supporting a wide range of devices, services, and deployment scenarios, also included the support of a robust and secure system. Building on the proven LTE security framework and deployment experiences, 5G introduced a wide range of security enhancements. Key features included identity privacy protection, enhanced and flexible authentication mechanisms, user-plane integrity protection, slice-specific authentication and authorization, and service-based interface security. All of these aimed to deliver an end-to-end security approach to the system design.
In addition, these features were designed in alignment with functional enhancements developed for different verticals, providing a flexible framework that enables the protection of diverse deployments beyond mobile broadband, such as sidelink, V2X, multi-access edge computing, mobile broadcast, private networks, IoT, and more.
Zero-trust security is at the core of a resilient system
The 5G system is designed to be compatible with cybersecurity zero-trust principles. A zero-trust security model is built on the principle that no user or network function can be trusted. Verification is always needed for access to the system resources on an ongoing basis, whether internal or external to the network. This principle shifts the focus away from network perimeter security, to restricting access by internal and external users and software components, using strong authentication and fine-grained authorization. It focuses on protecting resources — such as data, compute resources, applications, and services — instead of safeguarding network segments.
5G introduced a service-based architecture (SBA) to the core network that facilitates zero-trust security with fine-grained service authentication and authorization. Other end-to-end security functionalities included:
- Mutual authentication and authorization
- Encryption and integrity check in both signaling and user plane
- Subscription Permanent Identifier (SUPI) encryption
- Secured radio to core network communications with Internet Protocol Security (IPSec)
- Secured roaming interconnect with a Security Edge Protection Proxy (SEPP)
Efficiently addressing the growing demand for data and 5G services will entail disaggregating and distributing cloud processing across the connected intelligent edge, closer to the user. At the same time, initiatives like the open RAN (O-RAN) have moved mobile network architectures toward new topologies featuring disaggregation and virtualization for scalability, cost-effectiveness, and performance.
The disaggregated RAN architecture defined in O-RAN brings many benefits from a security perspective, such as improved security agility, adaptability, and resiliency. The transparency provided by O-RAN, among other properties, will strengthen the cellular system security in various aspects, including interface and software security and the adoption of zero-trust security.
5G already delivers strong security today with focused enhancements coming in 5G Advanced and beyond
3GPP Release 15 established the 5G security foundation focusing on end-to-end system security for enhanced mobile broadband use cases. It introduced security functionalities, such as improved subscriber authentication and privacy, secure service-based architecture, and secure roaming interconnections.
Both Releases 16 and 17 have improved 5G system resiliency for a broader selection of devices, use cases, and verticals. For instance, Release 16 drove enhanced security for V2X, non-public networks (NPN), ultra-reliable and low-latency communication (URLLC), integrate access and backhaul (IAB), as well as cellular and industrial IoT, while Release 17 further improved security for the edge, sidelink, drone communication, and multicast and broadcast systems.
Release 18 — the first set of 5G Advanced specifications — will further extend the zero-trust principles and is investigating improvements of end-to-end security for features such as AI/ML security for 5G, and additional enhancements in identity privacy. While it continues to provide enhancements for new use cases and deployments, it also starts to establish the security foundation for the next-generation mobile platform.
In addition to AI/ML, key security technology enablers for the next-generation mobile era should include native security mechanisms, hardware-embedded anchors of trust, privacy-preserving technologies, options to be prepared for the post-quantum era, and more.