As 5G networks have begun to rollout, operators have been looking for ways to minimize cost, increase network resilience and speed up implementation. In some cases, they have looked to a multi-vendor solution to achieve this.
The new 5G standard facilitates this approach. By creating a number of standardized interfaces within the 5G architecture, the designers of 5G have created opportunities for competitive supply of different parts of the network.
5G security is an evolution of the 4G security with enhancements to address known 4G vulnerabilities. It introduces no radical changes to a security architecture based on a clear core/RAN separation.
Central to this architecture is the interface between the core network which controls 5G network communications (including access, mobility, session management, authentication and data encryption) and the RAN which conveys signals between the user terminal and the core network.
A stable and standardized interface gives global vendors confidence that equipment for either RAN or core can interoperate with another vendor’s equipment.
This also has implications for the security of the 5G network. User authentication and data encryption functions are managed and controlled by the core. The RAN, in contrast, functions as a pipe between the core infrastructure and the mobile device.
The signals and data conveyed through the RAN remain encapsulated between core and terminals, so that external sources do not have access to unencrypted traffic. The core always retains control of 5G call security.
Moreover, the inbound and outbound traffic between RAN and core is always encrypted using a Security Gateway (SGw). The SGw is an essential component – beyond the scope of the 3GPP standards – of the 5G network security architecture to be deployed by mobile operators to protect their security control zone. Choosing a different RAN vendor does not change this.
The upshot is that managing the security of the 5G network is similar to 4G. In particular, any security risk in the RAN can be managed as done for earlier network generations, provided that operators ensure proper configuration of 5G security functions and deploy a 5G network security architecture, end to end.
The 3GPP standards set out the security architecture, but it remains imperative that vendors and operators support and implement them consistently.
So, to wrap things up, there are a couple of things we need to remember when we are talking about security in the 5G era.
5G security is an evolution of 4G security. 5G introduces new technologies, particularly support for virtualizing core network control plane functions. This requires some new security features. However, the overall 5G security architecture builds on 4G.
The Core/RAN distinction is maintained. The basic security architecture of mobile communications, including RAN/core separation, does not change in 5G.
RAN/core separation facilitates multi-vendor operation. One powerful reason why RAN/core separation has been maintained in 5G standards is to reduce over-dependence on vendors and increase competition.
First, the network should not be dependent on just one vendor, as this would render it less resilient. Secondly, competition between vendors will force them to improve their security standards. And it is this raising of the threshold on cyber security standards across the board that is needed, along with compliance to more stringent regulations and enforcement of those standards.
The “edge” of the network is not the RAN. There is some confusion whether shifting core network functions to the “edge” (i.e. closer to the user) implicates the RAN. In fact, it does not. Multi-access Edge Computing (MEC) on the network does not affect the core/RAN separation, as MEC is defined and implemented as an Application Function (AF) of the core network in 5G.
Please access the full report here – The Facts on 5G – Final Report
David Kennedy is Practice Leader at global telecoms consultancy Ovum.