Cybersecurity of 5G Networks – BEREC Presentation

Cybersecurity of 5G Networks

Internal Workshop of the BEREC ad hoc Working Group on 5G Cybersecurity:
Recommendation 2335/2019 – The way forward to its implementation

EXISTING SECURITY CAPABILITIES OF 5G NETWORKS

Security architecture specified by 3GPP

• 3GPP and other Standards Developing Organizations provide multiple security measures, such as
  • authentication and authorization mechanisms between network and devices and between network elements of a single or different networks;
  • cryptographic protection of traffic on the various network interfaces;
  • temporary identities and concealed identities to hide the subscribers’ permanent identities in the communication over the radio interface;
  • secure environment inside the (physically exposed) base stations to ensure a secure boot and protect sensitive data.
• Most of the new security functions are ‘mandatory to support, optional to use’, i.e. vendors are required to implement the features but they are not necessarily taken into use by network operators or enterprises using 5G products

Security capabilities not specified by 3GPP

• Security is comprehensively baked into the 5G product life-cycle of suppliers with various proactive and reactive measures, such as
  • security threat and risk analysis within planning of new features and product
  • secure coding, hardening and privacy implementation within development
  • security testing within integration and verification
  • security vulnerability monitoring and patching within support and maintenance
• Lots of security capabilities are part of the deployment and operations of actual 5G networks, such as:
  • The degree of RAN and Core separation in a specific network deployment situation is not distinctively determined by the 3GP
  • building end-to-end networks with secure architecture, such as network perimeter protection, network zoning, traffic separation, certificate management, secure network topologies, secure operations and maintenance, etc
  • preventing and detecting compromised credentials and advanced attacks with single-sign-on, privileged identity management, user behavior analytics and compliance logging capabiliti
  • security orchestration and management of virtualizatio
  • continuous auditing and monitoring of security configurations to manage frequently changing, evolving and growing 5G environment

Cybersecurity of 5G Networks

©2020 GSA

https://gsacom.com