Fifth Generation Mobile Network (5G) Security

Fifth generation mobile network (5G) is intended to solve future constraints for accessing network services. The user and network operator depend on security assurances provided by the Authentication and Key Agreement protocols (AKA) used. For 5G network, the AKA has been standardized and 5G-AKA protocol is one of the primary authentication methods that have been defined. Also, 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP.

The heterogeneous nature of 5G makes the access and provision of network services very difficult and raises security concerns. This requires robust authentication and authorization mechanisms that can provide secure access and provisioning of service to multiple users and providers in a heterogeneous network. Developed security mechanisms and protocols for authorization authentication and accounting and trust zone frameworks to address the security and privacy challenges in the 5G network.

  • Proposed Security framework and models to address 5G security at different levels of the system.

  • Formally analyse the 5G-AKA and 5G EAP-AKA protocols as specified by The Third Generation Partnership Project (3GPP) standard. Using ProVerif a security protocol verification tool, we perform a full systematic evaluation of the 5G-AKA protocol based on the latest 5G specifications.

  • Identity and Access Management (IAM) mechanism is needed to complement the improved user experience promised in 5G. Propose a Network Service Federated Identity (NS-FId) model that addresses these security requirements and complements the 5G Service-Based Architecture (SBA).

  • Proposed Network Service Federated Identity (NS-FId) protocol, a federated protocol that provides secure access to services from multiple SPs and provides SSO to users.

  • Proposed a Secondary Authentication Protocol (SAP) for service authentication.

  • Proposed a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains.




© EKKE 2021