Internal Workshop of the BEREC ad hoc Working Group on 5G Cybersecurity:
Recommendation 2335/2019 – The way forward to its implementation
EXISTING SECURITY CAPABILITIES OF 5G NETWORKS
Security architecture specified by 3GPP
3GPP and other Standards Developing Organizations provide multiple security measures, such as
authentication and authorization mechanisms between network and devices and between network elements of a single or different networks;
cryptographic protection of traffic on the various network interfaces;
temporary identities and concealed identities to hide the subscribers’ permanent identities in the communication over the radio interface;
secure environment inside the (physically exposed) base stations to ensure a secure boot and protect sensitive data.
Most of the new security functions are ‘mandatory to support, optional to use’, i.e. vendors are required to implement the features but they are not necessarily taken into use by network operators or enterprises using 5G products
Security capabilities not specified by 3GPP
Security is comprehensively baked into the 5G product life-cycle of suppliers with various proactive and reactive measures, such as
security threat and risk analysis within planning of new features and product
secure coding, hardening and privacy implementation within development
security testing within integration and verification
security vulnerability monitoring and patching within support and maintenance
Lots of security capabilities are part of the deployment and operations of actual 5G networks, such as:
The degree of RAN and Core separation in a specific network deployment situation is not distinctively determined by the 3GP
building end-to-end networks with secure architecture, such as network perimeter protection, network zoning, traffic separation, certificate management, secure network topologies, secure operations and maintenance, etc
preventing and detecting compromised credentials and advanced attacks with single-sign-on, privileged identity management, user behavior analytics and compliance logging capabiliti
security orchestration and management of virtualizatio
continuous auditing and monitoring of security configurations to manage frequently changing, evolving and growing 5G environment