5G Systems and Diversified Interconnections
By Sheeba Backia Mary Baskaran and Ali Kashif Bashir
NEC Technologies India Private Ltd. and University of the Faroe Islands
IEEE Internet Policy Newsletter, June 2018
The fifth generation (5G) broadband wireless communication technology introduces new networking paradigms, and it offers network operators the potential to offer services to new categories of users. The basic performance criteria for 5G systems have been set by the ITU in their IMT-2020 Recommendation. The 5G network with its highly heterogeneous ecosystem, fast control plane procedures, extremely low user plane latency, highest degree of energy efficiency and robust security procedures is expected to provide a plethora of services to the end users.
Apart from the good operational performance and user experience anticipated with 5G, a major factor that will have implications over every business aspect is security and privacy. With the advent and development of the Internet of Things (IoT), apart from the support for basic communication, a wide variety of vertical businesses including small- and medium-sized enterprises rely on 5G both implicitly and explicitly. An increasing number of everyday machines and objects are now embedded with sensors or actuators and have the ability to communicate over the internet. Collectively they make up the IoT ecosystem.
The new communication system is expected to efficiently provide connectivity services beyond conventional locations. At locations where connectivity is newly provided, communication among new types of devices, such as vehicles, wearables, machines and infrastructure, is also conceivable. 5G is designed to be an access agnostic architecture that can support both 3GPP and non-3GPP access. The non-3GPP access includes Wi-Fi. Moreover, 5G also supports connections with external data networks, where any communication device with malicious intent can act as a Wi-Fi access point . Due to the prevailing issues in authentication methods, a man-in-the-middle attack is possible in the case of access to external data networks through 5G.
Basically 5G is designed to support 3GPP and non-3GPP access with primary authentication using either 5G AKA or EAP-AKA (EAP-TLS versions 1.2 and 1.3 can also be implemented in the future) and access to external data network with a secondary authentication through any EAP method. The 5G system will be designed to accommodate slices of functions to serve customized service(s). A network slice is composed of a collection of logical network functions that supports the communication service requirements of particular use case(s). It shall be possible to direct terminals to selected slices in a way that fulfills operator or user needs (e.g., based on subscription or terminal type). The network slicing primarily targets a partition of the core network, but it is not excluded that the radio access network (RAN) may need specific functionality to support multiple slices or even partitioning of resources for different network slices.
The mobile network operators subdivide their networks into trust zones. Subnetworks of different operators are assumed to lie in different trust zones. Messages that traverse these trust boundaries are susceptible to attackers if not protected end-to-end by Network Domain Security for IP-based protocols (NDS/IP) or with any proprietary security solutions. 5G may have dramatic effects on IoT as very small, low power radios will be able to connect. This capability of 5G opens major security threats, such as data theft and privacy violations, but the management of data and control traffic based on trust boundaries will minimize the threat vectors. The population that migrates from using a pokey internet connection to 5G for home automation and business automation will be vulnerable to the evolving threats. All home devices, including your TV, refrigerator, microwave oven, doors, and air conditioners will connect directly to the internet via 5G. Any malicious activity over the automated home network could result in financial and life threats.
Currently security in 5G is designed in such a way that it can support user and signalling data confidentiality and integrity protection. As user privacy is one of the major concerns, where the existing 4G systems doesn’t support user privacy, the 5G system is expected to address it. To ensure subscription identifier protection, the subscription unique permanent identifier is replaced with a one-time subscription concealed identifier on the air. The home network public key is used in the subscription identifier concealment. Other than user privacy, an identifier-related issue will emerge in IoT when a single device is operated by more than one user. In this case the accountability of the user over the device subscription is a major concern.
Among various ongoing research activities Deutsche Telekom created an initiative to introduce a study on Layer for User Centric Identifiers and Authentication. A user-centric authentication layer on top of the existing subscription authentication, supporting various authentication mechanisms and interactions with external authentication systems as well as a degree of confidence, is expected to be a part of 5G security procedure. GSMA identified the core principles behind this user-centric identifier as the introduction of “a new Identity” as the identity of the user behind the device, implementation of a service- and layer-agnostic identity, and the introduction of an identity relationship management concept.
Few use cases that require this kind of innovation include a multi-user device where the device and its subscription remains the same, but the users differ over a period of time. In the IoT environment, we can expect diversified connectivity where most of the devices will be multi-user devices, where the accountability and security provision becomes harder, and where a device subscription should not be affected due to any one user’s malicious act. Similarly one’s malicious act should not affect the service to subsequent users. Due to the possibility that devices are not owned by a specific single user, it may be difficult to assume that one device’s connectivity is statically associated with one user. As devices can be shared among people, a new model of providing connectivity to devices is needed together with mechanism from prevention of fraudulent access by unauthorized users (e.g., a rental car shared by users).
Without quantum-safe cryptography and security, all information that is transmitted on public channels now or in the future is vulnerable to eavesdropping. Even encrypted data that is safe against current adversaries can be stored for later decryption once a practical quantum computer becomes available. At the same time, it will no longer be possible to guarantee the integrity and authenticity of transmitted information, as tampered data will go undetected. From business, ethical, and legal perspectives, this would violate the regulatory requirements for data privacy and security that are in existence today. Moreover machine learning can predict more real time threat vectors and malicious activities in diversified use case(s). Therefore, the 5G security design shall consider quantum safe cryptography and machine learning as ways forward to deal with advanced threat vectors and emerging diversified use case(s).
No matter whether operations are executed by humans or machines, service and infrastructure providers need to be able to enforce policy for all administrative actions like monitoring and charging. The holistic security management depends on specifying and distributing security policies to virtual and physical security functions and maintaining their consistency in a dynamic network setup. The security policies in legacy systems are operator specific which need to be optimized in 5G systems by considering end-user security requirements for specific services. Lack of clear policies in security and standardization of technology will become a hurdle in adapting these technologies. Therefore, technology policy designers should pay urgent and special attention to designing optimized security policies for 5G systems.
 3GPP TS 33.501, V0.6.0 (2017-12), “Security Architecture and Procedures for 5G System - (Release 15).”
 3GPP TS 33.210, V14.0.0 (2016-12), “Network Domain Security (NDS); IP network layer security - (Release 14).”
 S3-180039, “Reply LS on 5G Identity and Access Management Requirements S1-174557 LS in,” Attachment: S1-174556, “Study Item on a Layer for User Centric Identifiers and Authentication.”
 3GPP TR 22.891, V14.2.0 (2016-09) “Feasibility Study on New Services and Markets Technology Enablers; Stage 1 - (Release 14).”
Dr. Sheeba Backia Mary Baskaran
Dr. Sheeba Backia Mary Baskaran is a Research Engineer with NEC Technologies India Private Ltd. She received her Bachelor of Technology degree in Information Technology from Anna University, Chennai, Master of Engineering degree in Computer Science and Engineering from Anna University, Coimbatore and PhD in Faculty of Information and Communication Engineering from Anna University, Chennai in 2017. She is carrying out her research in Security Solutions for Next Generation Networks. Her research interest includes WMAN, LTE, LTE-Advanced, 5G, IoT Security and MAC layer protocol design. She contributes to 3GPP SA3 standard Specifications and holds patents in 5G security.
Ali Kashif Bashir
Ali Kashif Bashir (M’15, SM’16) is working as an Associate Professor in Faculty of Science and Technology, University of the Faroe Islands, Faroe Islands, Denmark. He received his Ph.D. degree in computer science and engineering from Korea University, South Korea. In the past, he held appointments with Osaka University, Japan; Nara National College of Technology, Japan; the National Fusion Research Institute, South Korea; Southern Power Company Ltd., South Korea, and the Seoul Metropolitan Government, South Korea. He is also attached to Advanced Network Architecture Lab as a joint researcher. He is supervising/co-supervising several graduate (MS and PhD) students. His research interests include: cloud computing, NFV/SDN, network virtualization, network security, IoT, computer networks, RFID, sensor networks, wireless networks, and distributed computing. He is serving as the Editor-in-chief of the IEEE INTERNET TECHNOLOGY POLICY NEWSLETTER and the IEEE FUTURE DIRECTIONS NEWSLETTER. He is an Editorial Board Member of journals, such as the IEEE ACCESS, the Journal of Sensor Networks, and the Data Communications. He has also served/serving as guest editor on several special issues in journals of IEEE, Elsevier, and Springer. He is actively involved in organizing workshops and conferences. He has chaired several conference sessions, gave several invited and keynote talks, and reviewed the technology leading articles for journals, such as the IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, the IEEE Communication Magazine, the IEEE COMMUNICATION LETTERS, IEEE Internet of Things, and the IEICE Journals, and conferences, such as the IEEE Infocom, the IEEE ICC, the IEEE Globecom, and the IEEE Cloud of Things.
Stephan S. Jones, Ph.D.
Stephan S. Jones, Ph.D., Director, Center for Information and Communication Sciences, Ball State University joined the Center for Information and Communication Sciences faculty in August of 1998. He came to Ball State University (BSU) from completing his doctoral studies at Bowling Green State University where he served the Dean of Continuing Education developing a distance-learning program for the College of Technology’s undergraduate Technology Education program. Dr. Jones was instrumental in bringing the new program on board because of his technical background and extensive research in the distance-learning field. Prior to coming to higher education, Dr. Jones spent over sixteen and a half years in the communication technology industry. He owned his own teleconnect, providing high-end commercial voice and data networks to a broad range of end users. Dr. Jones provided all the engineering and technical support for his organization that grew to over twenty employees and two and a half million dollars per year revenue. Selling his portion of the organization in December of 1994, Dr. Jones worked briefly for Panasonic Communications and Systems Company as a district sales manager providing application engineering and product support to distributors in a five-state area prior to starting doctoral studies.
Article Contributions Welcomed
IEEE Internet Policy Newsletter Editorial Board
Dr. Ali Kashif Bashir, Interim Editor-in- Chief
Dr. Syed Hassan Ahmed
Dr. Mudassar Ahmad
Dr. Onur Alparslan
Dr. Muhammad Bilal
Dr. Syed Ahmad Chan Bukhari
Dr. Ankur Chattopadhyay
Dr. Junaid Chaudhry
Dr. Waleed Ejaz
Dr. Yasir Faheem
Dr. Prasun Ghosal
Dr. Tahir Hameed
Dr. Y. Sinan Hanay
Dr. Shagufta Henna
Dr. Fatima Hussain
Dr. Rasheed Hussain
Dr. Saman Iftikhar
Dr. Stephan Jones
Dr. Mohammad Saud Khan
Dr. Jay Ramesh Merja
Dr. Mubashir Husain Rehmani
Dr. Hafiz Maher Ali Zeeshan
About: This newsletter features technical, policy, social, governmental, but not political commentary related to the internet. Its contents reflect the viewpoints of the authors and do not necessarily reflect the positions and views of IEEE. It is published by the IEEE Internet Initiative to enhance knowledge and promote discussion of the issues addressed.