Obviously, to undertake the development of a new communication standard without thinking about security mechanisms is an unusually dubious and useless business.

5G Security Architecture — a set of security mechanisms and procedures implemented in 5th generation networks and covering all network components, from the core to the radio interfaces.

5G networks are, in essence, an evolution networks of the 4th generation LTE. Radio access technologies have undergone the most significant changes. For 5th generation networks, a new RAT (Radio Access Technology) - 5G New Radio. As for the core of the network, it has not undergone such significant changes. In this regard, the security architecture of 5G networks has been developed with a focus on reusing the relevant technologies adopted in the 4G LTE standard.

However, it is worth noting that rethinking such well-known threats as attacks on air interfaces and signaling layer (signaling plane), DDOS attacks, Man-In-The-Middle attacks, etc., has prompted telecom operators to develop new standards and integrate completely new security mechanisms into 5th generation networks.

BACKGROUND

In 2015, the International Telecommunication Union drew up a first-of-its-kind global plan for the development of fifth-generation networks, which made the issue of developing security mechanisms and procedures in 5G networks particularly acute.

The new technology offered truly impressive data transfer rates (over 1 Gbps), latency of less than 1 ms, and the ability to simultaneously connect about 1 million devices within a radius of 1 km2. Such high requirements for 5th generation networks are reflected in the principles of their organization.

The main one was decentralization, which meant placing many local databases and their processing centers on the periphery of the network. This made it possible to minimize delays in M2M-communications and relieve the core of the network due to the maintenance of a huge number of IoT devices. Thus, the border of next-generation networks expanded to base stations, allowing you to create local communication centers and provide cloud services without the risk of critical delays or denial of service. Naturally, the changed approach to networking and customer service interested intruders, because it opened up new opportunities for them to attack both confidential user information and the network components themselves in order to cause a denial of service or seize the computing resources of an operator.

The main vulnerabilities of 5th generation networks

Large attack surface

DetailsWhen building telecommunication networks of the 3rd and 4th generations, telecom operators usually limited themselves to working with one or several vendors who immediately supplied a set of hardware and software. That is, everything could work, as they say, “out of the box” - it was enough just to install and configure the equipment purchased from the vendor; there was no need to replace or supplement proprietary software. Modern trends run counter to such a "classic" approach and are aimed at network virtualization, a multi-vendor approach to their construction, and a variety of software. Increasingly popular technologies such as SDN (eng. Software Defined Network) and NFV (English Network Functions Virtualization), which leads to the inclusion of a huge amount of software built on the basis of open source codes in the processes and functions of managing communication networks. This gives attackers the opportunity to better understand the operator's network and identify more vulnerabilities, which, in turn, increases the attack surface of next-generation networks compared to current ones.

A large number of IoT devices

DetailsBy 2021, about 57% of devices connected to 5G networks will be IoT devices. This means that most hosts will have limited cryptographic capabilities (see point 2) and will therefore be vulnerable to attack. A huge number of such devices will increase the risk of botnets spreading and make it possible to carry out even more powerful and distributed DDoS attacks.

Limited cryptographic capabilities of IoT devices

DetailsAs already mentioned, 5th generation networks actively use peripheral devices that allow you to remove some of the load from the network core and thereby reduce latency. This is necessary for such important services as driving unmanned vehicles, emergency alert system IMS and others, for whom ensuring the minimum delay is critical, because human lives depend on it. Due to the connection of a large number of IoT devices, which, due to their small size and low power consumption, have very limited computing resources, 5G networks become vulnerable to attacks aimed at taking control and then manipulating such devices. For example, scenarios of infection of IoT devices that are part of the "smart House”, types of malware such as Ransomware and ransomware. Scenarios for intercepting control of unmanned vehicles that receive commands and navigation information through the cloud are also possible. Formally, this vulnerability is due to the decentralization of next-generation networks, but the next paragraph will indicate the problem of decentralization more clearly.

Decentralization and network expansion

DetailsPeripheral devices that play the role of local network cores carry out user traffic routing, request processing, as well as local caching and storage of user data. Thus, the boundaries of the 5th generation networks are expanding, in addition to the core, to the periphery, including local databases and 5G-NR (5G New Radio) radio interfaces. This creates an opportunity to attack the computing resources of local devices, which are a priori less protected than the central nodes of the network core, in order to cause a denial of service. This is fraught with disconnection of Internet access for entire areas, incorrect functioning of IoT devices (for example, in the “smart home” system), as well as the unavailability of the IMS emergency alert service.

However, ETSI and 3GPP have now published more than 10 standards covering various aspects of 5G network security. The vast majority of the mechanisms described there are aimed at protecting against vulnerabilities (including those described above). One of the main is the standard TS 23.501 version 15.6.0, which describes the security architecture of 5G networks.

5G architecture

To begin with, let's turn to the key principles of the 5G network architecture, which will further fully reveal the meaning and responsibilities of each software module and each 5G security function.

Separation of network nodes into elements that ensure the operation of protocols custom plane (from English UP - User Plane) and elements that ensure the operation of protocols control plane (from the English CP - Control Plane), which increases the flexibility in terms of scaling and deploying the network, i.e. centralized or decentralized placement of individual network nodes is possible.
Mechanism support network slicingbased on the services provided to specific groups of end users.
Implementation of network elements in the form virtual network functions.
Support for simultaneous access to centralized and local services, i.e. the implementation of cloud concepts (from the English. fog computing) and border (from English. edge computing) calculations.
implementation convergent architecture that combines various types of access networks - 3GPP 5G New Radio and non-3GPP (Wi-Fi, etc.) - with a single network core.
Support for uniform algorithms and authentication procedures, regardless of the type of access network.
Support for stateless network functions, in which the computed resource is separated from the resource store.
Support for roaming with traffic routing both through the home network (from the English home-routed roaming) and with a local “landing” (from the English local breakout) in the guest network.
The interaction between network functions is represented in two ways: service-oriented и interface.

The 5G network security concept includes:

Network-side user authentication.
Network authentication by the user.
Negotiation of cryptographic keys between the network and the user equipment.
Encryption and integrity control of signal traffic.
Encryption and integrity control of user traffic.
User ID protection.
Protection of interfaces between different network elements in accordance with the concept of a network security domain.
Insulation of the various layers of the mechanism network slicing and defining for each layer its own security levels.
User authentication and traffic protection at the level of end services (IMS, IoT and others).

Key software modules and 5G network security features

AMF (from English Access & Mobility Management Function - access and mobility management function) - provides:

Organization of control plane interfaces.
Organization of signal traffic exchange RRC, encryption and protection of the integrity of its data.
Organization of signal traffic exchange NAS, encryption and protection of the integrity of its data.
Management of registration of user equipment in the network and control of possible states of registration.
Managing the connection of user equipment to the network and monitoring possible states.
Managing the availability of user equipment on the network in the CM-IDLE state.
Mobility management of user equipment in the network in the CM-CONNECTED state.
Transfer of short messages between user equipment and SMF.
Location services management.
Thread ID allocation EPS to interact with EPS.

SMF (eng. Session Management Function - session management function) - provides:

Communication session management, i.e. creating, modifying and releasing a session, including maintaining a tunnel between the access network and the UPF.
Distribution and management of user equipment IP addresses.
Select the UPF gateway to use.
Organization of interaction with PCF.
Policy Enforcement Management QoS.
Dynamic configuration of user equipment using DHCPv4 and DHCPv6 protocols.
Control of billing data collection and organization of interaction with the billing system.
The seamlessness of the provision of services (from the English. SSC - Session and Service Continuity).
Interaction with guest networks within roaming.

UPF (eng. User Plane Function - user plane function) - provides:

Interaction with external data transmission networks, including the global Internet.
User Packet Routing.
Packet marking according to QoS policies.
User package diagnostics (for example, signature-based application discovery).
Providing reports on traffic usage.
UPF is also an anchor point for supporting mobility both within and between different radio access technologies.

UDM (English Unified Data Management - a unified database) - provides:

Management of user profile data, including storage and modification of the list of services available to users and their corresponding parameters.
Management SUPI
3GPP Authentication Credential Generation AKA.
Access authorization based on profile data (for example, roaming restrictions).
User registration management, i.e. storage of the serving AMF.
Support for service and session seamlessness, i.e. storage of the SMF assigned to the current session.
SMS delivery management.
Several different UDMs can serve the same user in different transactions.

UDR (Eng. Unified Data Repository - storage of unified data) - provides storage of various user data and is, in fact, a database of all network subscribers.

UDSF (English Unstructured Data Storage Function - a function for storing unstructured data) - ensures that AMF modules save the current contexts of registered users. This information can generally be represented as data of an indefinite structure. User contexts can be used to ensure the seamlessness and uninterruptedness of subscriber sessions both in the event of a planned withdrawal from the service of one of the AMFs, and in the event of an emergency. In both cases, the standby AMF will "pick up" the service using the contexts stored in the USDF.

Combining UDR and UDSF on the same physical platform is a typical implementation of these network functions.

PCF (eng. Policy Control Function - policy control function) - generates and assigns users certain service policies, including QoS parameters and billing rules. For example, for the transmission of one or another type of traffic, virtual channels with different characteristics can be dynamically created. At the same time, the requirements of the service requested by the subscriber, the level of network congestion, the amount of traffic consumed, etc. can be taken into account.

NEF (English Network Exposure Function - network exposure function) - provides:

Organization of secure interaction of external platforms and applications with the network core.
Manage QoS settings and billing rules for specific users.

SEAF (eng. Security Anchor Function - anchor security function) - together with AUSF provides authentication of users when they register on a network with any access technology.

AUSF (eng. Authentication Server Function - authentication server function) - plays the role of an authentication server that receives and processes requests from SEAF and redirects them to ARPF.

ARPF (English Authentication Credential Repository and Processing Function - a function of storing and processing authentication credentials) - provides storage of personal secret keys (KI) and parameters of cryptographic algorithms, as well as the generation of authentication vectors in accordance with 5G-AKA algorithms or EAP-AKA. It is located in the home operator's data center protected from external physical influences and, as a rule, is integrated with UDM.

SCMF (eng. Security Context Management Function - management function security context) - Provides 5G security context lifecycle management.

SPCF (eng. Security Policy Control Function - security policy management function) - ensures the coordination and application of security policies in relation to specific users. This takes into account the capabilities of the network, the capabilities of the user equipment, and the requirements of the specific service (for example, the levels of protection provided by a critical communications service and a wireless broadband Internet service may differ). The application of security policies includes: selection of AUSF, selection of an authentication algorithm, selection of data encryption and integrity control algorithms, determination of the length and life cycle of keys.

SIDF (eng. Subscription Identifier De-concealing Function - the function of extracting the user identifier) - provides the extraction of a permanent subscription identifier of the subscriber (eng. SUPI) from the hidden identifier (eng. SUCI) received as part of the Auth Info Req request.

Basic security requirements for 5G communication networks

DetailsUser authenticationA: The serving 5G network must authenticate the user's SUPI in the 5G AKA process between the user and the network.

Service network authentication: The user must authenticate the identity of the serving 5G network, and authentication is provided through the successful use of the keys obtained as a result of the 5G AKA procedure.

User authorization: The serving network must authorize the user with a user profile obtained from the home carrier's network.

Authorization of the serving network by the home operator's network: The user must be provided with confirmation that he is connected to a service network that is authorized by the home operator's network to provide services. Authorization is implicit in the sense that it is provided by the successful completion of the 5G AKA procedure.

Authorization of the access network by the home operator's network: The user must be provided with confirmation that he is connected to an access network that is authorized by the home operator's network to provide services. Authorization is implicit in the sense that it is ensured by the successful establishment of access network security. This type of authorization must be used for any type of access network.

Unauthenticated emergency services: To comply with regulatory requirements in some regions, 5G networks must allow unauthenticated access for emergency services.

Network core and radio access network: The 5G core and 5G radio access network must support the use of encryption and integrity algorithms with a key length of 128 bits to ensure security AS и NAS. Network interfaces must support 256-bit encryption keys.

Basic safety requirements for user equipment

Details

User equipment must support encryption, integrity protection, and protection against replay attacks of user data transmitted between it and the radio access network.
The user equipment must activate encryption and data integrity protection mechanisms as directed by the radio access network.
User equipment must support encryption, integrity protection, and protection against replay attacks of RRC and NAS signaling traffic.
The user equipment must support the following cryptographic algorithms: NEA0, NIA0, 128-NEA1, 128-NIA1, 128-NEA2, 128-NIA2
The user equipment may support the following cryptographic algorithms: 128-NEA3, 128-NIA3.
The user equipment must support the following cryptographic algorithms: 128-EEA1, 128-EEA2, 128-EIA1, 128-EIA2 if it supports connection to the E-UTRA radio access network.
Protection of the confidentiality of user data transmitted between user equipment and the radio access network is optional, but must be provided in all cases where it is permitted by regulations.
Privacy protection for RRC and NAS signaling traffic is optional.
The user's permanent key must be secure and must be stored in highly secure user equipment components.
A subscriber's permanent subscription identifier should not be transmitted in clear text over the radio access network, except for information necessary for correct routing (for example, MCC и MNC).
The public key of the home operator's network, the identifier of this key, the identifier of the security scheme and the routing identifier must be stored in USIM.

Each encryption algorithm is assigned a binary number:

"0000": NEA0 - Null ciphering algorithm
"0001": 128-NEA1 - 128-bit SNOW 3G based algorithm
"0010" 128-NEA2 - 128-bit BEA based algorithm
"0011" 128-NEA3 - 128-bit ZUC based algorithm.

Data encryption using 128-NEA1 and 128-NEA2

PS The scheme is borrowed from TS 133.501

128-NIA1 and 128-NIA2 generation of simulated inserts to ensure integrity

PS The scheme is borrowed from TS 133.501

Basic security requirements for 5G network functions

Details

AMF must support primary authentication using SUCI.
SEAF must support primary authentication using SUCI.
UDM and ARPF must store the user's permanent key and protect it from theft.
The AUSF shall provide the SUPI to the local serving network only if the primary authentication using SUCI is successful.
NEF shall not forward hidden core information outside the operator's security domain.

Basic security procedures

Trust Domains

In 5G networks, trust in network elements decreases as elements move away from the network core. This concept influences the decisions implemented in the 5G security architecture. Thus, we can talk about the trust model of 5G networks, which determines the behavior of network security mechanisms.

From the user side, the domain of trust is formed by UICC and USIM.

On the network side, the trust domain has a more complex structure.

The radio access network is divided into two components − DU (from the English. Distributed Units - distributed units of the network) and CU (from the English Central Units - the central units of the network). Together they form gNB - radio interface of the base station of the 5G network. DUs do not have direct access to user data as they can be deployed on segments of insecure infrastructure. CUs, on the other hand, must be deployed in secure network segments, as they are responsible for terminating the traffic of AS security mechanisms. At the core of the network is AMF, terminating the traffic of NAS security mechanisms. The current 3GPP 5G Phase 1 specification describes aligning AMF with safety function SEAF, containing the root key (also known as "anchor key") of the visited (serving) network. AUSF is responsible for storing the key obtained after successful authentication. It is necessary for reuse in cases where the user is simultaneously connected to several radio access networks. ARPF stores user credentials and is an analogue of USIM for subscribers. UDR и UDM store user information that is used to determine the logic for generating credentials, user identifiers, ensuring session continuity, etc.

Hierarchy of keys and their distribution schemes

In 5G networks, unlike 4G-LTE networks, the authentication procedure has two components: primary and secondary authentication. Primary authentication is required for all user devices connecting to the network. Secondary authentication can be performed upon request from external networks, if the subscriber connects to them.

After the initial authentication is successfully completed and a shared key K is generated between the user and the network, KSEAF, a special anchor (root) key of the serving network, is extracted from the key K. Subsequently, keys are generated from this key to ensure the confidentiality and data integrity of the RRC and NAS signaling traffic.

Scheme with explanations
Notation:
CK (Eng. Cipher Key)
IK Integrity Key is a key used in data integrity protection mechanisms.
CK' (eng. Cipher Key) is another cryptographic key created from CK for the EAP-AKA mechanism.
IK' (eng. Integrity Key) is another key used in data integrity protection mechanisms for EAP-AKA.
KAUSF — generated by ARPF and user equipment from CK и IK during 5G AKA and EAP-AKA.
KSEAF is the anchor key obtained by the AUSF function from the key KAMFAUSF.
KAMF - the key received by the SEAF function from the key KSEAF.
KNASint, KNASenc — keys received by the AMF function from the key KAMF to protect NAS signaling traffic.
KRRCint, KRRCenc — keys received by the AMF function from the key KAMF to protect RRC signaling traffic.
KUPint, KUPenc — keys received by the AMF function from the key KAMF to protect AS signaling traffic.
NH - intermediate key received by the AMF function from the key KAMF to ensure data security during handovers.
KgNB - the key received by the AMF function from the key KAMF to ensure the safety of mobility mechanisms.

Schemes for generating SUCI from SUPI and vice versa

Schemes for obtaining SUPI and SUCI

Production of SUCI from SUPI and SUPI from SUCI:

Authentication

Primary Authentication

In 5G networks, EAP-AKA and 5G AKA are standard primary authentication mechanisms. Let's break the primary authentication mechanism into two phases: the first is responsible for initiating authentication and choosing an authentication method, the second is responsible for mutual authentication between the user and the network.

Initiation

The user submits a registration request to SEAF, which contains the user's hidden subscription identifier SUCI.

SEAF sends an authentication request message (Nausf_UEAuthentication_Authenticate Request) to the AUSF containing SNN (Serving Network Name) and SUPI or SUCI.

The AUSF checks if the SEAF requesting authentication is allowed to use the given SNN. If the serving network is not authorized to use the given SNN, then the AUSF responds with a "Serving network not authorized" (Nausf_UEAuthentication_Authenticate Response) authorization error message.

Authentication credentials are requested by the AUSF in UDM, ARPF or SIDF over SUPI or SUCI and SNN.

Based on SUPI or SUCI and user information, the UDM/ARPF selects the authentication method to be used next and issues the user's credentials.

Mutual Authentication

When using any authentication method, the UDM/ARPF network functions must generate an authentication vector (AV).

EAP-AKA: UDM/ARPF first generates an authentication vector with AMF separating bit = 1, then generates CK' и IK' of CK, IK and SNN and constitutes a new authentication vector AV (RAND, AUTN, XRES*, CK', IK') that is sent to AUSF with instructions to use it for EAP-AKA only.

5G AKA: UDM/ARPF gets the key KAUSF of CK, IK and SNN, after which it generates 5G HE AVeng. 5G Home Environment Authentication Vector). 5G HE AV authentication vector (RAND, AUTN, XRES, KAUSF) is sent to AUSF with instructions to use it for 5G AKA only.

After that AUSF is obtained anchor key KSEAF from the key KAUSF and sends a request to the SEAF "Challenge" in a "Nausf_UEAuthentication_Authenticate Response" message containing also RAND, AUTN and RES*. Next, RAND and AUTN are transmitted to the user equipment using a secure NAS signaling message. The user's USIM calculates RES* from the received RAND and AUTN and sends it to SEAF. SEAF relays this value to AUSF for verification.

AUSF compares the XRES* stored in it and the RES* received from the user. If there is a match, the AUSF and UDM in the operator's home network are notified of successful authentication, and the user and SEAF independently generate a key KAMF of KSEAF and SUPI for further communication.

Secondary Authentication

The 5G standard supports optional secondary authentication based on EAP-AKA between the user equipment and the external data network. In this case, the SMF plays the role of an EAP authenticator and relies on the work AAA- external network server that authenticates and authorizes the user.

There is a mandatory primary authentication of the user in the home network and develops a common NAS security context with AMF.
The user sends a session request to the AMF.
The AMF sends a session request to the SMF indicating the user's SUPI.
The SMF validates the user's credentials against the UDM using the provided SUPI.
The SMF sends a response to the request from the AMF.
The SMF initiates an EAP authentication procedure in order to obtain permission to establish a session from the AAA server on the external network. To do this, the SMF and the user exchange messages to initiate the procedure.
The user and the external network AAA server then exchange messages to authenticate and authorize the user. In this case, the user sends messages to the SMF, which in turn exchanges messages with the external network via UPF.

Conclusion

Although the 5G security architecture is based on the reuse of existing technologies, it faces entirely new challenges. A huge number of IoT devices, extended network boundaries, and elements of a decentralized architecture are just some of the key principles of the 5G standard that give free rein to the imagination of cybercriminals.

The main standard for 5G security architecture is TS 23.501 version 15.6.0 - contains key points of operation of mechanisms and security procedures. In particular, it describes the role of each of the VNFs in ensuring the protection of user data and network nodes, in generating crypto keys and in implementing the authentication procedure. But even this standard does not provide answers to the acute security questions that telecom operators face more often, the more intensively the new generation networks are developed and put into operation.

In this regard, I would like to believe that the difficulties of operating and protecting networks of the 5th generation will not affect ordinary users, who are promised transmission speed and response like the son of a mother's friend, who can't wait to try out all the declared capabilities of new generation networks.

Useful links

3GPP Specification series
5G security architecture
5G system architecture
5G Wiki
5G architecture notes
5G security overview

Source: habr.com

Introduction to 5G Security Architecture: NFV, Keys and 2 Authentications