T 14 Security For 5G and Beyond 2019 PDF

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/COMST.2019.2916180, IEEE
Communications Surveys & Tutorials
1
Security for 5G and Beyond

Ijaz Ahmad∗† , Shahriar Shahabuddin∗‡ , Tanesh Kumar∗ , Jude Okwuibe∗ , Andrei Gurtov§ , Mika Ylianttila∗
∗ Centre for Wireless Communications, University of Oulu, Finland
† VTT Technical Research Centre of Finland
‡ Nokia, Oulu, Finland
§ Department of Computer and Information Science, Linköping University, Sweden
Email: ∗ firstname.lastname@oulu.fi, † ijaz.ahmad@vtt.fi, ‡ shahriar.shahabuddin@nokia.com, § gurtov@acm.org
Abstract—The development of the Fifth Generation (5G) mobile networks. The main disruption, however, was in the
wireless networks is gaining momentum to connect almost all Third Generation (3G) of mobile networks in which IP-based
aspects of life through the network with much higher speed, communication enabled the migration of Internet security vul-
very low latency and ubiquitous connectivity. Due to its crucial
role in our lives, the network must secure its users, components, nerabilities and challenges into mobile networks. The security
and services. The security threat landscape of 5G has grown threat landscape got further widened and complicated in the
enormously due to the unprecedented increase in types of services Fourth Generation (4G) mobile networks with the increased
and in the number of devices. Therefore, security solutions if not use of IP-based communication necessary for new devices and
developed yet must be envisioned already to cope with diverse new services [5]. The amalgamation of massive number of IoT
threats on various services, novel technologies, and increased
user information accessible by the network. This article outlines devices and the provision of new services, for example for
the 5G network threat landscape, the security vulnerabilities in smart homes, hospitals, transport, and electric grid systems in
the new technological concepts that will be adopted by 5G, and 5G will further exacerbate the security challenges.
provides either solutions to those threats or future directions The security solutions and architectures used in previous
to cope with those security challenges. We also provide a brief generations (i.e. 3G and 4G), apparently, will not suffice for
outline of the post-5G cellular technologies and their security
vulnerabilities which is referred to as Future Generations (XG) 5G. The main reason for new security solutions and archi-
in this paper. In brief, this article highlights the present and tecture is the dynamics of new services and technologies in
future security challenges in wireless networks, mainly in 5G, 5G [6]. For example, virtualization and multi-tenancy in which
and future directions to secure wireless networks beyond 5G. different, and possibly conflicting, services share the same
Index Terms—5G, Security, Mobile Networks Security, SDN mobile network infrastructure were not common before. The
Security, NFV Security, Cloud Security, Privacy, Security Chal- latency requirements, such as authentication latency in vehicu-
lenges, Security Solutions lar communication or Unmanned Aerial Vehicles (UAVs) were
not that much critical. Succinctly put, the security architectures
I. I NTRODUCTION of the previous generations lack the sophistication needed to
The 5G wireless networks will provide very high data rates secure 5G networks. The Next Generation Mobile Networks
and higher coverage with significantly improved Quality of (NGMN) consortia suggests that 5G should provide more than
Service (QoS), and extremely low latency [1]. With extremely hop-by-hop and radio bearer security, which was common in
dense deployments of base stations, 5G will provide ultra- 4G and prior generations of cellular networks [7].
reliable and affordable broadband access everywhere not only Furthermore, there are new technological concepts or so-
to cellular hand-held devices, but also to a massive number lutions that will be used in 5G to meet the demands of
of new devices related to Machine-to-Machine communication increasingly diverse applications and connected devices. For
(M2M), Internet of Things (IoT), and Cyber-Physical Systems example, the concepts of cloud computing [8], Software De-
(CPSs) [2]. Such enrichment implies that 5G is not a mere fined Networking (SDN) [9], and Network Function Virtual-
incremental advancement of 4G as one might intuitively think, ization (NFV) [10] are considered to be the potential problem
but an integration of new disruptive technologies to meet solvers in terms of costs and efficiency. However, each of these
the ever growing demands of user traffic, emerging services, technologies have its own security challenges. For instance,
existing and future IoT devices [3]. With all these capabilities, the core network entities such as Home Subscriber Server
5G will connect nearly all aspects of the human life to (HSS) and Mobility Management Entity (MME) that hold
communication networks, and this underscores the need for the user billing, personal, and mobility handling information,
robust security mechanisms across all network segments of the respectively, deployed in clouds will render the whole net-
5G. Wireless networks have particularly been a major target work ineffective if security breaches occur. Similarly, SDN
for most security vulnerabilities from the very inception. centralizes the network control logic in SDN controllers. These
The First Generation (1G) mobile networks were prone to controllers will be the favorite choice for attackers to render
the challenges of illegal interception, cloning and masquerad- the whole network down through Denial of Service (DoS) or
ing [4]. Message spamming for pervasive attacks, injection of resource exhaustion attacks. The same is true for hypervisors
false information or broadcasting unwanted marketing infor- in NFV. Therefore, it is highly important and timely to bring
mation became common in the Second Generation (2G) of forth the possible weaknesses in these technologies and seek
1553-877X (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/COMST.2019.2916180, IEEE
2
solutions to those weaknesses. TABLE I

This article studies the state of the art of security in 5G ACRONYMS AND CORRESPONDING FULL MEANING
networks. It starts off with a dive into the security challenges Acronyms Full Form
and corresponding solutions for the previous generations of AI Artificial Intelligence
AKA Authentication and Key Agreement
networks ranging from 1G to 4G. It then presents a com- AMF Autonomous Management Framework
prehensive overview of the technologies associated with 5G APIs Application Programming Interfaces
ARIB Association of Radio Industries and Businesses
with regards to their corresponding security challenges and BTS Base Transceiver Stations
respective solutions. This article also provides insights into CCPS Cloud-based Cyber-Physical Systems
CPS Cyber-Physical System
security in communication networks beyond 5G, named as DTLS Datagram Transport Layer Security
XG. The rest of this paper is organized as follows: Section II DoS Denial of Service
DDoS Distributed DoS
describes the related work followed by a brief history of se- DPI Deep Packet Inspection
curity in previous generations of wireless cellular networks in EAP-AKA Extensible Authentication Protocol-AKA
EPC Evolved Packet Core
Section III. A general overview of security in 5G is presented EPS Evolved Packet System
in Section IV. Section V presents the security challenges and ETSI European Telecommunications Standards Institute
E-UTRAN Evolved Universal Terrestrial Radio Access Network
potential security solutions for 5G networks, these challenges GSM Global System for Mobile Communication
and solutions are categorized according to the part of access GSMA GSM Association
network where they affect, i.e. the backhaul network and core GTP GPRS Tunnelling Protocol
HetNets Heterogeneous Networks
network. Security challenges for key enabling technologies HIDS Host Intrusion Detection System
of 5G such as SDN, NFV, cloud computing and Multi Input HSS Home Subscriber Server
HTTP HyperText Transfer Protocol
Multi Output (MIMO) are presented in Section VI, followed HX-DoS HTTP and XML Denial of Service
by the security solutions in the same order in Section VII. In IaaS Infrastructure as a Service
IDS Intrusion Detection Systems
Section VIII, privacy related issues and possible solutions are ID/P-S Intrusion Detection or Prevention Systems
presented. Section IX presents new dimensions for security IETF Internet Engineering Task Force
IP Internet Protocol
of future networks in terms of using advanced disruptive IMSI International Mobile Subscriber Identity
technologies to solve the existing weaknesses and forthcoming IoT Internet of Things
IPSec Internet Protocol Security
security challenges in communication networks. Section X ITU International Telecommunications Union
concludes the paper. For smooth readability, the outline of (LTE)-(A) (Long Term Evolution)-(Advanced)
MEC Multi-access Edge Computing
the article is depicted in Fig. 1 and the most used acronyms MIMO Multiple-Input and Multiple-Output
are presented in full form in Table. I. MME Mobility Management Entity
mmWave Millimeter Wave
M2M Machine-to-Machine Communications
MTC Machine Type Communication
II. R ELATED W ORK MVNOs Mobile Virtual Network Operators
NAS Non-Access Stratum
The ubiquitous connectivity with below 1 ms latency and NFV Network Function Virtualization
Gigabit speed aimed by 5G has gained momentum towards NGMN Next Generation Mobile Networks
NIDS Network Intrusion Detection System
its realization [11]. Since 5G is yet to be deployed, ”what NIST National Institute of Standards and Technology
will be done by 5G and how will it work?” as presented in a OFDM Orthogonal Frequency Division Multiplexing
ONF Open Networking Foundation
survey on 5G [11], is still a question. The vision of 5G lies in PaaS Platform as a Service
providing very high data rates (Gigabits per second), extremely PDN Public Data Network
QoS Quality of Service
low latency, manifold increase in base station density and RAN Radio Access Network
capacity, and significant improvement in quality of service, RAT Radio Access Technology
SaaS Software as a Service
compared to 4G systems [1]. There are a number of survey SIM Subscriber Identity Module
articles that thoroughly discuss 5G networks such as [1], [12]– SIPDAS Slowly-increase Polymorphic DDoS Attack Strategy
SDN Software Defined Networking
[14]. Due to its foreseen role and impact on our lives, security SN Serving Network
of 5G is far more concerning. Therefore, there is a great effort TCP Transmission Control Protocol
TLS Transport Layer Security
to ensure the security of networked systems in 5G, users of TMSI Temporary Mobile Subscriber Identity
the networked systems and the 5G network itself. TVDc Trusted Virtual Data Center
UAVs Unmanned Aerial Vehicles
The limitations in 4G and how to move towards 5G by UAV-BS UAV with Base Station
overcoming those limitations is discussed in [11]. The con- UDP User Datagram Protocol
UE User Equipment
cerns related to security, indirectly if not directly effecting UMTS Universal Mobile Telecommunications System
it, pertaining to 4G are the lack of mechanisms to support USIM Universal Subscriber Identity Module
data traffic bursts, limited processing capabilities of base VNFs Virtual Network Functions
V2V Vehicle-to-Vehicle
stations, and latency. These limitations, if not removed, will V2X Vehicle-to-Everything
make the network prone to security challenges. For example, XG Future Generations
XML Extensible Markup Language
bursts in data traffic can be due to legitimate reasons such as 3GPP 3G Partnership Project
crowd movements, or otherwise due to DoS attacks. Similarly, 5GPPP 5G Public-Private Partnership
limited capacity of base stations in ultra-dense 5G networks
will cause availability challenges for legitimate users or a
weak point for resource exhaustion attacks. So also is latency,
3
Fig. 1. Outline of the article.
which can be problematic in authentication of vehicles in layer security techniques for 5G wireless networks is presented
Vehicle to Everything (V2X) communication. Therefore, the in [20]. The main focus of the article is physical layer security
survey article [11] provides some interesting insights on the coding, massive MIMO, Millimeter Wave (mmWave) commu-
limitations of the current 4G networks that must be solved in nications, Heterogeneous Networks (HetNets), non-orthogonal
5G. multiple access techniques, and full duplex technology.
General requirements and mechanisms for strengthening A study of security of 5G in comparison with current
security in 5G are presented in [15]. By revisiting the LTE or traditional cellular networks is carried out in [21]. Here,
security requirements, the authors outline the security require- security of 5G is studied in terms of authentication, avail-
ments for 5G on a high level in [15]. A survey on security of ability, confidentiality, key management and privacy. Several
4G and 5G networks is presented in [16]. The article focuses challenges such as access procedure in HetNets, efficiency of
on existing authentication and privacy-preserving schemes for security systems with respect to the stringent latency require-
4G and 5G networks. Security challenges and the possible mit- ments, and the lack of new trust models have been highlighted.
igation techniques along with standardization efforts in 4G and The article [21] also proposed a security architecture for 5G
older generations are presented in [17]. A survey on security networks based on the findings of the study and evaluated the
threats and attacks on mobile networks is presented in [18]. identity management and authentication schemes.
The article focuses on the security threats and challenges in An interesting work on security research in future mobile
the mobile access and core networks. The main challenges, networks is presented in [22]. The work aims at providing
however, are related to the 4G network architecture. a comprehensive view of security on mobile networks, as
Security challenges and the possible mitigation techniques well as open up some research challenges. A methodology
in the wireless air interfaces are discussed in [19]. The article is developed that can categorize known attacks, their impact,
considers various wireless access technologies such as Blue- defense mechanisms for those attacks, and the root causes
tooth, Wi-Fi, WiMAX and LTE, and discusses the inherent of vulnerabilities. The main vulnerabilities that could still
security limitations and future directions for strengthening the cause security challenges include pre-authentication traffic,
security of each technology. The main focus, however, is on jamming attacks, insecure inter-network protocols (e.g. DI-
the security of the wireless air interfaces. A survey on physical AMETER [23]), insecure implementations in network compo-
4
nents, and signaling-based DoS attacks. However, the security TABLE II

challenges in 5G will be more diverse due to the amalgamation S UMMARY OF SECURITY EVOLUTION FROM 1G TO 4G
of new things or networks of new things (e.g. massive IoT), Network Security Mechanisms Security Challenges
and the conglomeration of new technological concepts. 1G No explicit security and Eavesdropping, call intercep-
SDN, NFV and the extended concepts of cloud computing privacy measures. tion, and no privacy mecha-
nisms.
such as Multi-access Edge Computing (MEC) [24]–[26] have 2G Authentication, Fake base station, radio link
many benefits in terms of performance and cost efficiency, anonymity and security, one way authentica-
however, these technologies have their own security weak- encryption-based tion, and spamming.
protection.
nesses. Until this time, there is no survey article that studies 3G Adopted the 2G secu- IP traffic security vulnerabili-
the security of 5G in the context of these new technological rity, secure access to net- ties, encryption keys security,
concepts and their impact on the security of 5G or future work, introduced Authen- roaming security.
tication and Key Agree-
wireless networks. The articles mentioned in the related work ment (AKA) and two way
are focused on specific areas. For instance, [22] and [21] are authentication.
focused on authentication, [20] and [19] are targeted towards 4G Introduced new Increased IP traffic induced
encryption (EPS-AKA) security, e.g. DoS attacks, data
security of physical layer and air interfaces respectively, [18] and trust mechanisms, integrity, Base Transceiver
presents security in access and core networks, presents LTE encryption keys security, Stations (BTS) security, and
security and general security requirements of 5G, and [16] non-3G Partnership eavesdroping on long term
Project (3GPP) access keys. Not suitable for security
covers privacy issues in future networks. security, and integrity of new services and devices,
In this article, we have focused not only on the security of protection. e.g. massive IoT, foreseen in
5G networks, but also on the forthcoming technologies that 5G.
will be used in 5G and beyond, for example, SDN, NFV,
MEC, and massive MIMO, etc. This article provides a detailed
description of the security challenges within these technologies that was first deployed commercially by AT&T and Bell labs
and the potential solutions to those security challenges. How- during 1983 [31]. Due to the nature of analog communica-
ever, the increasing diversity and number of communicating tions, it was difficult to provide efficient security services
devices such as IoT and V2X would require drastically new for 1G. This advance phone service did not use encryption
security solutions that will need context awareness and high and thus there was no security of information or telephone
degree of automation. Therefore, this article also discusses conversations. Hence, practically the whole system and users
the future of security in environments replete with massive were open to security challenges such as eavesdropping, illegal
IoT, such as smart cities. Furthermore, this article outlines access, cloning, and user privacy [4], [32]. Digital mobile
how new disruptive technological concepts such as Artificial systems were proposed to increase the efficiency of the limited
Intelligence (AI), blockchain, and UAVs can be used to secure frequency bands [33], [34], and thus, Global System for
a highly connected society in the near future, termed as XG Mobile (GSM) communication became the most successful
in this article. and widely used standard in cellular communications as part
of 2G cellular networks [31].
III. S ECURITY IN W IRELESS N ETWORKS : F ROM 1G TO 4G GSM MoU association identified four aspects of security
Security of communication networks has been a difficult services to be provided by a GSM system. They are anonymity,
task due to complexities in the underlying network, the pro- authentication, signaling protection and user data protection
prietary and perimeter-based security solutions that are hard [35]. Anonymity is provided by using temporary identifiers
to manage, and the weaknesses in identity management [27]. so that it is not easy to identify the user of a system. The
Moreover, the Internet architecture inherits the problems aris- real identifiers are used only when the device is switched
ing from the infrastructure, is ripe with security challenges and on and then a temporary identifier is issued. Authentication
is stagnant to innovation [28]. Wireless network security has is used by the network operator to identify the user. It is
been evolving with gradual up-gradation since the inception performed by a challenge-response mechanism [36], [37]. The
of mobile networks [29]. The main change, however, came signalling and user data protection was carried out through
with the introduction of IP-based communication in wireless encryption in which the Subscriber Identity Module (SIM)
networks where more and more Internet-based security chal- played an important role in the encryption keys. However,
lenges migrated to wireless networks. Therefore, in this section 2G had several security limitations or weaknesses. The op-
we provide an overview of the changing security paradigm erators only authenticated the UEs in a unilateral mechanism,
(summarized in Table. II) in wireless networks from 1G to whereas the UEs had no option to authenticate the operator.
4G or from non-IP wireless networks to IP-based wireless Therefore, it was possible for a false operator to impersonate
networks. the original operator and perform a man-in-the-middle attack
[38]. Moreover, the encryption algorithms were also reverse
engineered [39] and the ciphering algorithms were subject to
A. Security in Non-IP Networks several attacks [40], [41]. GSM did not provide data integrity
The 1G cellular systems used analog signal processing and against channel hijacking in the absence of encryption, and
were designed primarily for voice services [30]. The most were also vulnerable to DoS attacks [39]. Furthermore, 2G
successful 1G system called Advanced Mobile Phone Service systems did not have the capability to upgrade their security
5
functionality over time [42]. specified for MTC [49] [50], home eNB [51] and relay nodes
[52].
The Evolved Packet System-AKA (EPS-AKA) had one
B. Security in 3G
major enhancement over UMTS-AKA which is called cryp-
The 3G cellular networks were developed primarily to tographic network separation. This feature limits any security
provide higher data rates than 2G networks. 3G systems also breach in a network and also limits the possibility of spreading
enabled new services like video telephony and video streaming attacks across the network. This is achieved by binding any
via cellular networks [43]. The 3G standard proposed an EPS-related cryptographic keys to the identity of the Serving
upgraded security architecture to mitigate the vulnerabilities Network (SN), to which the keys are delivered. This feature
of 2G systems. The three key principles of 3G security are also enables the UE to authenticate the SN. Note that, UE can-
specified by the 3GPP in [42], namely: (I) 3G security will not authenticate the SN in UMTS. It can only ensure whether
inherit the essential features of 2G security, (II) 3G security an SN is authorized by the UE’s home network [53]. There are
will upgrade the limitations of 2G security, and (III) 3G some enhancements created for EPS for device confidentiality;
will add more security features that was not available in 2G. the device identity is not sent to the network before security
Universal Mobile Telecommunications System (UMTS) is a measures for traffic protection has been activated. The user and
3G cellular technology that is developed and maintained by signaling data confidentiality also went through changes for
3GPP [44]. The security architecture of UMTS consists of the EPS. The endpoint of the encryption of the network side
five sets of security features that are specified in TS33.102 is in the base station while it is the radio network controller in
[45], which is more commonly known as Release 99. 3G. Additional confidentiality protection mechanism was also
These set of UMTS security features ensures that the UE has introduced for signaling between the UE and the core network.
a secure access to 3G services and provides protection against 3GPP specified the security features of mobility within
attacks on radio access link [46]. The UMTS Authentication the E-UTRAN as well as between E-UTRAN and earlier
and Key Agreement (AKA) protocol has been designed in generation or non-3GPP systems. There are two types of non-
such a way that the compatibility with GSM is maximized. 3GPP access networks. They are trusted non-3GPP access
However, UMTS AKA serves additional protocol goals like and un-trusted non-3GPP access. For an untrusted non-3GPP
mutual authentication of the network and, and agreement on access network, the UE has to pass a trusted evolved packet
integrity key, etc. Contrary to the unilateral authentication of data gateway which is a part of the EPC [54]. In addition, a
GSM, UMTS supports bilateral authentication which removes new key hierarchy and handover key management mechanism
the threat of a false base station. The access security feature has been introduced to ensure secure mobility process in LTE.
includes user identity confidentiality that ensures that a user Due to the early termination point of the encryption, EPS
cannot be eavesdropped on a radio access link. The user structure introduced a new challenge. Due to the security
identity confidentiality also needs to support user location con- weakness of the early termination point, the eNB became
fidentiality and user untraceability. To achieve these objectives, more vulnerable than the 3G security architecture. Besides,
the user is identified by a temporary identity or by a permanent EPS architecture allows to place the eNB outside of network
encrypted identity. Similarly, the user should not be identified operators security domain, i.e. in physically insecure locations.
for a long period of time and any data that might reveal user Therefore, the eNB is vulnerable to physical attacks, DoS
identity must be encrypted [45]. attacks or passive attacks at eavesdropping on long term keys.
To tackle these vulnerabilities, 3GPP introduced stringent
requirement on the eNB. 3GPP requirements include secure
C. Security in 4G
setup and configuration of the base station SW, secure key
The release 10 from 3GPP, which is commonly known management inside the BTS, and secure environment for
as LTE-Advanced (LTE-A), fulfills the requirements of the handling the user and control plane data etc.
4G standard that was specified by International Telecom-
munications Union - Radio Communication Sector (ITU-R)
IV. S ECURITY IN 5G: A N OVERVIEW
[47]. LTE-A network has two major parts; Evolved Packet
Core (EPC) and Evolved- Universal Terrestrial Radio Access 5G will provide ubiquitous broadband services, enable con-
Network (E-UTRAN). The EPC is an all IP and packet nectivity of massive number of devices in the form IoT, and
switched backbone network. The LTE-A system supports non- entertain users and devices with high mobility in an ultra-
3GPP access networks. LTE-A systems also introduced new reliable and affordable way [2]. The development towards
entities and applications like Machine-Type-Communication IP-based communication in 4G has already helped develop
(MTC), home eNodeB or femtocells and relay nodes. 3GPP new business opportunities, however, 5G is considered a
defined similar sets of security features for LTE-A. They are: new ecosystem connecting nearly all aspects of the society;
(I) Access security, (Evolved Universal Terrestrial Radio Ac- vehicles, home appliances, health care, industry, businesses,
cess Network II) Network domain security, (III) User domain etc., to the network. This development, however, will introduce
security, (IV) Application domain security, and (V) Visibility a new array of threats and security vulnerabilities that will pose
and configurability of security [48]. However, each of the a major challenge to both present and future networks [55].
feature has been enhanced significantly to secure the LTE- Connecting the power grid for instance, 5G will connect
A systems. Besides, totally new security mechanisms were critical power infrastructures to the network, hence security
6
breaches in such critical infrastructures can be of catastrophic security challenges such as inter-federated conflicts and re-
magnitudes to both the infrastructures and the society which source hijacking. Therefore, the security challenges associated
5G serves. Therefore, security of 5G and systems connected with all technologies used by 5G need proper investigation. In
through 5G must be considered right from the design phases. the following subsection, we provide a brief overview of 5G
To elaborate the security implications in 5G, the design security architecture, focusing mainly on the security domains
principles of 5G are briefly elaborated below. defined by 3GPPP.
A. Overview of 5G design principles

B. Overview of 5G Security Architecture
With new types of services and devices, and new user
According to ITU-T [59], a security architecture logically
requirements in terms of low latency, higher throughput, and
divides security features into separate architectural compo-
ubiquitous coverage, arises the need for new design principles
nents. This allows a systematic approach to end-to-end security
for 5G [56]. The 5G design principles outlined by NGMN,
of new services that facilitates planning of new security
presented in Fig. 2, highlight the need for highly elastic
solutions and assessing the security of existing networks. The
and robust systems. The radio part needs extreme spectrum
5G security architecture has been defined in the latest 3GPP
efficiency, cost-effective dense deployment, effective coordina-
technical specification release (release 15) [60] with different
tion, interference cancellation and dynamic radio topologies.
domains. The security architecture is shown in Fig. 3, except
The network beyond radio has different requirements, which
domain (VI), and has the following main domains.
are more towards inclusion of radically new technologies.
For example, the common composable core will use SDN • Network access security (I): Comprises the set of secu-
and NFV to separate the user and control planes and enable rity features that enables a UE to securely authenticate
dynamic network function placement [57]. This is targeted and access network services. Access security includes
towards minimizing legacy networking and introducing new security of 3GPP and non-3GPP access technologies, and
interfaces between the core and Radio Access Technologies delivery of security context from SN to the UE.
(RATs). • Network domain security (II): Comprises of a set of
The 5G network architecture must support the deployment security features that enables network nodes to securely
of security mechanisms and functions (e.g. virtual security exchange signaling and user plane data.
firewalls) whenever required in any network perimeter. As • User domain security (III): Consists of security features
presented in Fig. 2, the operation and management need to that enables secure user access to UE.
be simplified. The most prominent technology for simplifying • Application domain security (IV): Includes security
network management is SDN [58]. SDN separates the network features that enables applications (user and provider do-
control from the data forwarding plane. The control plane is mains) to securely exchange messages.
logically centralized to oversee the whole network underneath • Service Based Architecture (SBA) domain security
and control network resources through programmable Appli- (V): Comprises of security features for network element
cation Programming Interfaces (APIs). However, centralizing registration, discovery, and authorization, as well as se-
the network control and introducing programmable APIs in curity for service-based interfaces.
network equipment also open loopholes for security vulnera- • Visibility and configurability of security (VI): Includes
bilities. Therefore, we need to analyze the security challenges security features that inform users whether security fea-
associated with SDN. Similarly, NFV and network slicing have tures are in operation or not.
Fig. 2. 5G Design Principles.
7
mechanisms. However, one of the advantages of public-key

based authentication and key agreement schemes is that the
home network does not need to be contacted for each authen-
tication.
D. General Overview of security in 5G

The Next Generation Mobile Networks (NGMN) has pro-
vided recommendations for 5G based on current network
architectures and the shortfall in security measures that are
either not developed or developed but not yet put to use [7].
The recommendation highlights the cautionary notes which
Fig. 3. Overview of the security architecture. includes factors such as the infancy of 5G with many un-
certainties, lack of defined design concepts and the unknown
end-to-end and subsystems architectures. The recommendation
The 5G security architecture itself does not define partic-
highlights the security challenges in access networks, and
ular security threats and the solutions for those threats [6].
cyber-attacks against users and the network infrastructure, as
However, there are certain defined security solutions either
depicted in Fig. 4. The details of the security limitations and
coming from the previous generations with modifications for
recommendations can be found in [7] and the key points are
enhancements or defined newly according to the realm of
summarized below:
5G. The LTE security concepts are the starting points, but
Flash network traffic: It is projected that the number
considered as benchmarks for security of future wireless
of end user devices will grow exponentially in 5G that
networks [61]. In any case, the high-level vision of 5G security
will cause significant changes in the network traffic patterns
is based on i) Supreme built-in-security, ii) Flexible security
either accidentally or with malicious intent. Therefore, the
mechanisms, and iii) Automation, as described by Nokia [62].
5G systems must efficiently handle large swings in traffic
As the basis of security, and related to the domains of
and provide resilience whenever such surges occur while
security highlighted by 3GPP, in the following subsection we
maintaining acceptable level of performance.
briefly describe how authentication is carried out in 5G.
Security of radio interface keys: In previous network
architectures, including 4G, the radio interface encryption
C. UE-Network Mutual Authentication keys are generated in the home network and sent to the
In LTE architecture, EPS-AKA was used to perform mutual visited network over insecure links causing a clear point of
authentication between the UE and the network [63], [64]. exposure of keys. Thus, it is recommended that keys should
AKA, started in GSM, evolved with the next generations [65], either be secured first or not sent over insecure links such as
[66], and is still considered as the most viable mechanism for SS7/DIAMETER.
authentication and authorization in 5G networks [60]. AKA is User plane integrity: The 3G and 4G systems provide
based on symmetric keys and runs in SIM. Extensible Authen- protection to some signaling messages but do not provide
tication Protocol (EAP)-AKA method for 3G networks [66] cryptographic integrity protection for the user data plane.
was developed by 3GPP to support identity privacy and fast Hence, it is recommended to provide protection at the transport
re-authentication. The EPS-AKA provided further security or application layer that terminates beyond mobile networks.
such as using multiple keys in different contexts, renewal However, application level end-to-end security may involve
of keys and that without involving the home network every too much overhead for data transmission in packet headers and
time. EPS-AKA has some challenges such as computation and handshakes. Therefore, an exception to this could be network
communication overhead, and latency [67], however, has no level security for resource constrained IoT devices or latency
visible vulnerabilities demonstrated so far, and thus will be sensitive 5G services.
used in 5G [15]. Mandated network security: There can be certain service-
For communication through trusted non-3GPP access net- driven constraints (e.g. latency) in security architectures lead-
work, the UE is authenticated through the AAA server using ing to optional use of security measures. Unfortunately, such
the Extensible Authentication Protocol-AKA (EAP-AKA) or constraints undermine system-lever security assumptions and
improved EAP-AKA for authentication. For untrusted non- could not be completely eliminated. The challenge exacerbates
3GPP access networks, the UE uses the evolved packet in multi-operator scenarios where one operator suffers due
data gateway IPsec tunnel establishment to connect to the to inadequate security measures by the other. Therefore it
EPC [68]. Both of these mechanisms have many benefits is highly recommended that some level of security must be
such as short message size, and requires only one handshake mandated in 5G after proper investigation to recognize the
between the UE and SN, and between the serving and home most critical security challenges.
networks [15]. Furthermore, the symmetric-key-based protocol Consistency in subscriber level security policies: User
in these schemes makes the computations required in the security measures must be intact when a user moves from
authentication center (part of the HSS), and in the USIM one operator network to another. It is highly possible that
(Universal SIM) very efficient compared to public-key-based security services are not updated frequently on per-user basis
8
Fig. 4. Security threat landscape in 5G networks.
as the user moves from one place to another, or from one vision of secure 5G systems that is outlined by NGMN [7]
operator network to another as in the case of roaming. Hence is based on three principles. These are: i) flexible security
network operators need to share security policies and some mechanisms, ii) supreme built-in security, and iii) security
level of subscriber service information. This recommendation automation, as highlighted in Fig. 5. The objective of the
highlights the possibility of using virtualization techniques to vision is that 5G systems must provide highly robust security
enable per-service slice configuration to keep security of the against cyber-attacks with enhanced privacy and security assur-
user or service intact with roaming. ance. The security systems should be flexible for inclusion of
DoS attacks on the Infrastructure: DoS and Distributed novel technologies and using different security e.g. encryption,
DoS (DDoS) attacks can circumvent the operation criti- technologies at different layers or network perimeters. Since
cal infrastructure such as energy, health, transportation, and 5G will accumulate very diverse technologies, such as massive
telecommunication networks. DoS attacks are usually designed IoT, which could induce security vulnerabilities in the network,
in a way that they exhaust the physical and logical resources of security by design will be inevitable. The same reason of di-
the targeted devices. This threat will be more severe due to the versity necessitates automated security systems to intelligently
possibility of attacks from machines that are geographically adjust and adapt itself according to the environment, threats,
dispersed and are in huge numbers (compromised IoT). Hence, and security controls. This will also require a holistic security
the network must increase its resilience through strong security orchestration and management [7].
measures.
Security is a multi-dimensional subject, and diversity of Although, the conglomeration of new things, e.g. in massive
devices and services in 5G makes it even more complex. In IoT, and diverse service will make the security landscape much
the following sub-section we describe the possible security more complex, the new technological concepts such as SDN,
solutions on a high level, and the point of view and recom- NFV, and cloud computing also can minimize the complexity.
mendations of various regulatory and standardization bodies. For instance, the challenges of diversity can be eliminated
In the subsequent sections we provide detailed analysis of through policy-based, yet, centralized network control lever-
the security challenges in the network and the main enabling aging cloud computing and SDN. A centralized network
technologies in 5G. controller deployed in the cloud, for example the software-
based SDN controller, overlooking the whole network from
a central vintage point can be used to mitigate security
E. The road ahead for 5G security vulnerabilities in the network that relies on the controller. The
Since 5G is not an incremental advancement to 4G, security current controller-network APIs already enable the controller
systems should also be re-designed according to the new to fetch the flow statistics from the data plane and use it for
design principles and architectural requirements of 5G. The various purposes such as load-balancing or risk assessment.
9
Fig. 5. 5G security vision and objectives.
Similarly, virtualization leveraging NFV can enable service- computing among others [77], [78]. For example in the case
specific slicing to strengthen security of services through of 5G networks, two kinds of recommendation are given by
isolation. ITU-T in the context of network authentication with services.
Using massive MIMO, one can direct the beam only to It includes Push mode where network access control device is
legitimate users and can on run-time switch the beam from po- familiar with the application layer protocol, and thus share the
tential malicious users [69]–[73]. And if the attacker is not in key authentication features directly with the service platform.
the vicinity of the legitimate user, then beamforming makes the The other one is Pull mode, where access control device does
overall system more secure. Due to the high attenuation loss, not understand the application layer protocol, and thus the
beam forming is a major requirement. Hence, massive MIMO, service platform has to take authentication results from 5G
in conjuction with channel coding [74]–[76], naturally brings network [79].
more security to the overall system. In mmWave, due to the ITU-T SG20 is dedicated for drafting the standards and rec-
reduction of the size of the antennas, it is comparatively easy ommendations for IoT technologies, smart cities and commu-
to use massive MIMO beamforming system. As a result, the nities [80]. In the context of security, it is working with SG17
scalability of the overall system achieved with massive MIMO, to draw the security requirements and standards [81], [82]. Re-
the systems will have more resistance to security threats in cently ITU-T Y. 4806, has developed recommendation for safe
the mmWave domain. The same is the case of increasing execution of various IoT based infrastructures such as smart
network resource in ultra-dense networks. Naturally, when the transportation and cities, industrial automation and wearables
resources are more the systems will have more resistance to among others. The core aim is to enlist the potential threats to
security attacks, such as resource exhaustion and DoS attacks. the safety of IoT enabled infrastructure and provide relevant
To provide a thorough analysis of the security of fu- recommendations to deal with such security attacks [83]. Apart
ture wireless networks, there are some basic concepts and from this, ITU-T X.1361 presents recommendation for IoT
definitions that cover the whole picture, irrespective of the security architecture and ITU-T X.1362 for IoT encryption
underlying technologies. These are provided by ITU-T in the procedure using associated mask data (EAMD) [84], [85].
form of security recommendations and provide a stepping ITU-T is also working to draft of the security requirements
stone framework in security of communication networks. and recommendations for narrow band-IoT.
Furthermore, ITU-T SG17 is also involved in security
F. Security Recommendations by ITU-T standards for the related enabling technologies. For example
The International Telecommunication Union (ITU) agency the major recommendation from ITU-T in SDN security
Telecommunication Standardization Sector (ITU-T) security domain are give in the areas; Data Confidentiality, Data
recommendations provides a set of security dimensions to Integrity, Access Control, Authentication, Non-Repudiation,
provide protection against all major security threats [59]. The Communication Security, Availability and Privacy [27], [86].
eight security dimensions are not limited to network only, but In addition to SDN security, same group from ITU-T propose
covers applications and end user information as well. Further- security guidelines for NFV security. ITU x.805 presents
more, the security dimensions apply to enterprises offering the security architecture for end to end network and that is
services or service providers. These security dimensions are based on security layers and planes. Most of the security
listed in Table. III with brief descriptions. How the security requirements and recommendations revolve around these two
dimensions are covered in 5G is discussed as follows. concepts [87], [88]. ITU-T X.1600-1699 discuss the security
ITU-T Study Group 17 (SG17) is assigned for security recommendations for cloud computing systems. Out of them,
related work and potential recommendations. ITU-T has been ITU-T X.1601 deals with the security framework for clouds
working on security recommendations for various relevant and presents the potential attacks and related solutions [89].
areas in telecommunications and internet technologies such Moreover, ITU-T also proposed the guidelines for security
as for the Next Generation Network (NGN), IoT and cloud concerns among consumer and cloud service providers [90],
10
TABLE III in [94]. The work presented in [94] discusses 5G architecture

S ECURITY DIMENSIONS DEFINED BY ITU-T enhancements and the security enhancements accordingly.
Security Dimension Brief Explanation There are also several technology-specific standardization
Access Control Protects against unauthorized use of net- and specification bodies. For instance, the Open Network-
work resources. It also ensures that only ing Foundation (ONF) [95] is dedicated to the accelerated
authorized persons or devices access the
network elements, services, stored informa- adoption of SDN and NFV technologies. ONF publishes
tion and information flows. technical specifications including specifications for security of
Authentication Confirms identities of communicating enti- these technologies [27]. The European Telecommunications
ties, ensures validity of their claimed iden-
tities, and provides assurance against mas- Standards Institute (ETSI) Industry Specification Group for
querade or replay attacks. NFV [96] is working on security with a dedicated group
Non-Repudiation Provides means for associating actions with called the Industry Specification Group NFV Security group
entities or user using the network and that
an action has either been committed or not (ISG NFV Sec). The group has published its latest specifi-
by the entity. cation on security management and monitoring specification
Data Confidentiality Protects data from unauthorized disclosure, in release 3 [97]. Regarding security, Release 3 specifies
ensures that the data content cannot be
understood by unauthorized entities. security requirements for automated, dynamic security policy
Communication security Ensures that information flows only be- management and security function life-cycle management, as
tween the authorized end points and is not well as, Security Monitoring for NFV systems. Furthermore,
diverted or intercepted while in transit.
Data integrity Ensures the correctness or accuracy of data,
the ISG NFV Sec group has highlighted the need for a standard
and its protection from unauthorized cre- interface in the ETSI NFV architecture to enable adding
ation, modification, deletion, and replica- security functions that can react to potential security threats
tion. It als provides indications of unautho-
rized activities related the data.
in real-time.
Availability Ensures that there is no denial of authorized In 2014, the ESTI MEC ISG [98] was initiated to look
access to network resources, stored informa- into Multi-access Edge Computing (MEC) security standards
tion or its flow, services and applications. and empower NFV capabilities within the Radio Access
Privacy Provides protection of information that
might be derived from the observation of Network (RAN) to deliver security and robustness. The Na-
network activities. tional Institute of Standards and Technology (NIST) [99] is
working to develop standards to improve IoT security. Simi-
larly, the GSM Association (GSMA) IoT security guidelines
[91]. and assessment [100] program has delivered guidelines and
assessment schemes to provide proven and robust end-to-
end security for IoT systems. NGMN 5G security group is
G. Security Standardization working on identifying the security requirements for MEC
With the anticipation of 5G, various actors; even outside the and proposing the corresponding recommendations. Regarding
telecom sector such as automotive are indulging in evaluating privacy, subscription privacy is one of the core security areas
the security impacts of 5G. Hence, different key organizations of focused in the 3GPP SA3. For example privacy enhanced
are providing immense contributions for the rapid development identity protection deals with safeguarding the International
of security standards, the most crucial ones being highlighted Mobile Subscriber Identity (IMSI) from adversaries on the
in Table III. However, the standardization is still in the drafting air interface. SA3 is also taking valuable inputs from the
phase. In March 2015, 3GPP has set the deadline for defining Fraud and Security Group of GSMA to identify subscriber
the standards of 5G in or around 2020. Next Generation privacy challenges [93]. Furthermore, the standards suggested
Mobile Networks (NGMN) published its white paper [7] on by the Internet Engineering Task Force (IETF) will be critical
5G in the same year that covered wide range of topics such as because 5G will use various Internet protocols. The ITU-T
virtualization, IoT, radio architecture, privacy, and availability, continuously gathers contributions from regional organizations
etc. Regarding the 5G security standardization, the NGMN P1 like ETSI and ARIB and proposes recommendations for the
WS1 5G security group is mainly gathering requirements and standardization organizations.
providing their suggestions. A number of industry initiated efforts are in place to find
In January 2016, the 3GPP security group SA3 [92] started the potential security challenges and seek solutions to those
work to standardize the security aspects of 5G and provide challenges. The Security, Identity, and Mobility alliance called
contributions to 5G Public-Private Partnership (5GPPP) initi- the SIMalliance [101] is a global, non-profit SIM card industry
ated projects. The major task was to propose a 5G security association. The association advocates the protection of sensi-
architecture, analyze threats and outline requirements. Simi- tive connected and mobile services in wireless networks. The
larly, the 5G PPP phase 1 security landscape [93] produced alliance has published several reports and white papers focus-
by the 5G PPP Security WG highlights the new major security ing on how to improve the security of 5G networks [102], its
requirements and risks, presents the 5G security architecture use-cases such as smart homes security [103], and an analysis
along side privacy and access control in 5G, describes the of the security needs of the 5G market [104]. A consistent
security impacts of new technologies such as slicing and point that remains in the SIMalliance is that: ”Security in 5G
virtualization, and highlights the security standardization ef- is use case dependant”.
forts. Overview of 5G security in 3GPP is also published Other related players in the industry also publish their
11
TABLE IV
S ECURITY ACTIVITIES OF VARIOUS STANDARDIZATION BODIES
Standardization bodies Workgroups Major security areas in focus Milestones

3GPP Service and System Security architecture, RAN security, authen- TR 33.899 Study on the security aspects
Aspects Security Group tication mechanism, the subscriber privacy, of the next generation system, TS 33.501:
(SA3) network slicing Security architecture and procedures for 5G
System
5GPPP 5GPPP Security WG Security architecture, the subscriber privacy, 5G PPP Security Landscape (White Paper)
the authentication mechanism June 2017.
IETF I2NSF, DICE WG, ACE Security solutions for massive IoT devices RFC 8192, RFC 7744, Deterministic Net-
WG, DetNet WG in 5G, User privacy, Network security func- working (DetNet) Security Considerations
tions (NSFs)
NGMN NGMN 5G security group Subscriber privacy, Network slicing, MEC 5G security recommendations: Package 1
(NGMN P1 WS1 5G se- security and 2, and 5G security: Package 3
curity group)
ETSI ETSI TC CYBER, ETSI Security architecture NFV security, MEC ETSI GS NFV-SEC 010, ETSI GS NFV-
NFV SEC WG, ESTI security, privacy SEC 013 ETSI GS NFV-SEC 006 and ETSI
MEC ISG GS MEC 009
NIST Security working group IoT security guidelines and assessment Draft Interagency Report, NISTIR 8200
concerns, statistics, challenges and solutions regarding security and extremely low latency. New use cases of MTC, IoT,
in 5G. For example, mobile network vendors such as Huawei, and V2X etc. will impose very diverse requirements on the
Ericsson and Nokia have published several reports and white network [111]–[113]. For instance, V2X and missision-critical
papers. Huawei has been publishing various architectural and MTC applications will need latencies on the order of 1 ms or
transformational aspects of security from earlier generations less. On top of such requirements, the needed reliability and
to 5G, and focus on the 5G security challenges and blueprint availability of services will be orders of magnitude higher than
is presented in [105]. In its white paper [106], Huawei has the current networks [114]. The current networks, however, are
provided interesting insights in the 5G security requirements already prone to many Internet-based threats that can target the
and challenges, the security architecture transformation and access nodes such as eNBs in LTE and low powered access
promotion of 5G security standardization and their security nodes, as detailed in [68]. With the amalgamation of diverse
ecosystem. Ericsson has provided interesting insights into 5G IP devices in 5G, the security threats will further increase [5].
security scenarios and solutions in the white papers [107], With a fast increase of a massive number of new devices
[108]. Nokia also has also published several documents [109] and services, network capacity demand is increasing faster
and research articles [15] on 5G security. Similarly, Cisco than ever. Besides improving link budget and coverage, Het-
has presented the potential of 5G and the security challenges Nets will contain nodes with different characteristics such as
involved with the new technologies that will be enabled by transmission power, radio frequency, low power micro nodes
5G in [110]. and high-power macro nodes, all under the management of the
All these major vendors also participate in the standardiza- same operator [115] [116]. However, the diversity of nodes and
tion process and thus are providing interesting insights into access mechanisms will also bring about some new types of
security challenges and possible solutions in the respective security challenges. For example, open access supplementary
forums such as ETSI, NGMN, and ITU. In the following networks such as wireless local area network or even Fem-
section (Section V), we discuss the security challenges in tocells are usually preferred by network operators to increase
5G networks and the potential solutions or possible security network capacity [117]. However, such open access networks
approaches to counter the security challenges. In the subse- are intended for authorized users renders their information or
quent section (Section VI), we thoroughly discuss the security data in transit vulnerable to eavesdroppers and unauthorized
challenges in the main enabling technologies in 5G along with users [118].
the corresponding security solutions for those challenges.
Small cells, such as femtocells [119], [120] and pico-
cells [121], [122] using low power access points have gained
V. S ECURITY IN 5G N ETWORKS : C HALLENGES AND
momentum due to many benefits such as low-cost and indoor
S OLUTIONS
coverage, higher date rates and data offload relief to macro
To properly investigate the security perspectives of the base stations, and improved user satisfaction, etc [123]. How-
overall network in a systematic way, security in the network ever, the low power access points will require low complexity
architecture is described in three-tiers i.e. i) access networks, and highly efficient handover authentication mechanisms. Such
ii) backhaul network, and iii) the core network. For clarity, we fast and reliable handover mechanisms are yet to be developed
have first highlighted the security challenges (also depicted in for 5G, whereas the previous cryptographic methods will not
Table. III) and then presented the potential solutions. suffice for low-powered access points [124]. This gape can
open the network to security vulnerabilities such as man-in-
A. Heterogeneous Access Networks the-middle attacks and phishing attacks.
1) Security Challenges: The main requirement of 5G net- Handover between different access technologies, for in-
works is very higher data rates with ubiquitous availability stance 3GPP and non-3GPP has been another challenge from
12
Fig. 6. High-level architecture presentation of 5G networks.
security perspective as outlined for 4G HetNets in [125]. For The current 3GPP networks require the UE to provide its
example, session replay attacks through recovering session IMSI over the air in an unencrypted form during the initial
keys and the possibility of malicious point of access being non- attach phases. This enables passive attackers to identify a
3GPP secured are the key challenges. The later has more rele- user from the IMSI by observing the traffic [128]. This also
vance to 5G due to the increased number of access points and enables the attacker to track the user during roaming from
different access technologies in 5G HetNets. An instance of one network to another. Future mobile network operators will
that in terms of vulnerability with roaming has been revealed use less trusted or non-3GPP networks alongside the trusted
in [126] regarding the 5G-AKA protocol specified within or 3GPP networks. Roaming from one network to another i.e.
3GPP TS 33.501 v0.7.0. [127]. Furthermore, the encryption non-3GPP to 3GPP will be common. During roaming, the UE
keys for the radio interfaces are usually computed in the home also has to provide its IMSI to the SN for authentication, which
core network and transmitted to the visited radio network is another challenge for IMSI security or user’s privacy [128].
over SS7 or DIAMETER signaling links. NGMN has pointed Since, 5G will accommodate a huge number of user devices,
out in [79] that these keys can be leaked out and making a and smart things (e.g. IoT), one of the key challenges in 5G
clear point of exposure in the network. The basic techniques will be the massive number of nodes sending and receiving
for improving their security include improving the SS7 and data simultaneously, practically jamming the radio interfaces.
DIAMETER security by introducing firewalls [79]. However, The situation can be worsened by malicious nodes sending
design of secure key management protocols is still an open excessive signaling traffic to cause scalability challenges or
challenge in 5G networks. in other words, DoS attacks. According to the 5G security
TABLE V
S ECURITY CHALLENGES IN 5G NETWORK SEGMENTS .
Affected network segments

Security threats Potential targets
HetNet Access Backhaul Core Network
DoS attack on signaling plane Centralized control elements X

Hijacking attacks SDN controller, hypervisor X X
Signaling storms 5G core network elements X
Un-authorized access Low-power access points X
Configuration attacks Low-power access points X
Saturation attacks Ping-pong behavior in access points, and MME X X
Penetration attacks Subscriber information X
User identity theft User information data bases X
Man-in-the middle attack Un-encrypted channels, e.g. in IoT X
TCP level attacks Gateways, router and switches X
Key exposure Radio interfaces X
Session replay attacks Session keys in non-3GPP access X
Reset and IP spoofing Control channels X
Scanning attacks Radio interfaces interfaces X
IMSI catching attacks Roaming and UE X
Jamming attacks Wireless channels X
Channel prediction attacks Radio interfaces X
Active eavesdropping Control channels X X
Passive eavesdropping Control channels X X
NAS signaling storms Bearer activation in core network elements X
Traffic bursts by IoT Saturation of GTP end-points X X
13
recommendations by NGMN [79], a malicious attack can towards the legitimate user while the interleaving performed
trigger massive simultaneous and continuous acquisition of on the legitimate user’s channel is different from eavesdrop-
radio resources to cause the signaling plane overload. A per’s channel. In [144], a chaotic Discrete Hartley Transform
critical analysis of physical layer based security approaches (DHT) is proposed to enhance the physical layer security of
are highlighted in [129] suggesting that the existing solutions optical OFDM in passive optical networks. Typically, a data
for jamming attacks, channel prediction, and passive and active encryption approach is adopted to enhance the physical layer
eavesdropping will not suffice for the enhanced physical layer security for optical OFDM which mostly disregard the trans-
techniques adopted for 5G. mission performance improvement. The chaotic DHT for the
2) Security Solutions: In ideal situation, the access network optical OFDM of [144] enhances the physical layer security
security should protect the user, the network infrastructure and and improves the transmission performance. A frequency pre-
services from all the possible threats that could originate in coder and post-coder for OFDM-based systems for physical
the radio part of the network. 5G will use a diverse variety of layer security design is proposed in [145]. The diagonal matrix
access technologies for extended coverage, higher throughput of the channel of the legitimate user is decomposed into two
and lower latencies. Hence, 5G will leverage virtualization, unitary orthonormal matrices with this technique. The first
SDN, and cloud technologies to adapt execution logic to orthonormal matrix is used as a pre-coder before the IFFT at
specific services with composition and instantiation of access the transmitter while the other matrix is used as a post-coder
in different network locations [130]. With such capabilities, at the receiver.
5G will improve the systems’ robustness against various types In [146], a resource allocation problem for the orthogonal
of security challenges arising in diverse access technologies. frequency division multiple access (OFDMA) systems is for-
Communication security can be provided through multi- mulated which takes multiple-antenna eavesdropper, dynamic
ple varying methods, usually in the upper layers. Physical power consumption, artificial noise injection for secure com-
layer security, however, usually reduces the design complexity munication and secrecy data rate requirements were taken
besides ensuring information security [131]. Initiated mainly into consideration. The closed-form solution of the problem
by Shannon [132], and further strengthened with theoretical is derived by the dual decomposition which maximizes the
basis using information-theoretic approach by Wyner [133], number of securely delivered bits per joule. The simulation
physical layer security of wireless communications does not results provide the achievable maximum energy efficiency in
rely on higher-layer security systems or encryptions [134]. presence of a multiple-antenna eavesdropper. The simulation
The fundamental principle behind physical layer security is to results also reveal that the system energy efficiency decreases
utilize the randomness of the noise and communication chan- as the capability of the eavesdropper increases. A physical
nels to restrict the amount of information that can be revealed layer technique using time domain scrambling technique is
by unauthorized receivers [134]. Hence, the use of physical proposed in [147] which improves the confidentiality and
layer security schemes makes it very difficult for attackers security of OFDM systems. The technique proposes scram-
to decipher or access information under transmission [135]. bling the sample sequence within each time domain OFDM
Physical layer security has been a hot research topic that symbol to eliminate the inherent signal statistic features. The
has various dimensions and viewpoints as described in [129]. proposed scheme increases time complexity for cracking and
Therefore, there are many surveys and magazine articles [20], thus demonstrates promising security capability. In [148], a
[134], [136]–[138] that cover various aspects of physical layer secure OFDM scheme is proposed which is based on channel
security. shortening. The channel of the legitimate user is made shorter
The modification of transmitted waveforms for secure trans- than the CP length, while the channel of the eavesdropper
mission gained a lot of attention in recent years. In [139], the remains longer than the CP. This causes loss of overall
authors presented a method that eliminates the need of Cyclic performance of the eavesdropper. Simulation results show
Prefix (CP) insertion between successive Orthogonal Fre- a significant performance difference between the legitimate
quency Division Multiplexing (OFDM) symbols [140], [141]. user and eavesdropper. A list of the techniques to shape the
The proposed technique adds an alignment signal on top of waveform to secure the communication is presented in [149].
each transmitted OFDM symbol that cancels the interference A comprehensive survey on various OFDM based physical
of adjacent symbols. Due to the alignment signal function, layer techniques is presented in [150]. We invite interested
the eavesdroppers at different locations experience more in- readers to go through [149] and [150] to learn more about
terference. In [142], a secure Orthogonal Transform Division physical layer security by modifying the potential waveforms
Multiplexing (OTDM) waveform is designed to diagonalize that are expected to be used in 5G.
the channel matrix of the legitimate user while degrades the In multi-tier HetNets, the security performance of multiple
channel condition of the eavesdropper. The proposed method diverse RATs can be increased by deploying more low power
uses orthogonal transform basis functions which are extracted base stations in high path loss environments [151]. To mitigate
from the legitimate user’s channel to shape the waveform the security risks during handover between low and high-
securely. power base stations, [152] proposes SDN-based authentication
A physical layer security technique called OFDM with Sub- handover that enables HetNet management through global
carrier Index Selection (OFDM-SIS) is presented in [143]. The visibility of user behavior and resource management. The
technique uses the SIS and adaptive interleaving to provide a SDN-based approach shares user-dependent security context
two-fold security. The SIS technique maximizes the SNR only information among related access points, as well as ensures
14
efficiency in delay-constrained 5G environments. Duan et With the introduction of SDN, the backhaul network will
al. [124] proposes SDN enabled weighted secure context be simplified due to the control-data planes functional split,
information transfer in order to minimize the authentication as described in [161]. The control plane of the devices such
delay during handover among multiple RATs in HetNets. as serving or PDN gateways will be transformed into the core
Simple public key infrastructure based distributed access network, whereas simple forwarding devices will be used to
control is proposed in [153] to enable access control and route traffic to and from the Internet. However, the simplified
authentication in 5G HetNets. The proposed authentication devices such as OpenFlow switches and the communication
and registration scheme uses elliptic curve zero knowledge channels have their own security challenges such as weakness
proof to achieve secure certificate generation and enable secure of Transport Layer Security (TLS), and resource exhaustion
end-to-end communication. The certificate of Simple public attacks as detailed in [27] and described in section VII.B. In
key infrastructure based handover schemes ensures seamless the case of wireless backhaul, massive MIMO will be used
and secure mobility among different cells within the latency due to the increasing traffic demands. Massive MIMO has its
requirements. SDN-based centralized control platform moni- own security challenges, which are described in section VII.A.
tors the whole network activity in [153]. A deterministic low- 2) Security solutions: Due to its close nature and as a
jitter scheduling and lightweight layer 2 encryption coupled medium between two secure nodes, there are few security
with deterministic network slices is presented in [154]. The challenges in the backhaul network. Although GTP has several
mechanism in [154] uses SDN for centralized monitoring and weakness, it also has some benefits regarding security. Since
dynamic reconfiguration of slices to achieve strong security GTP works on top of User Datagram Protocol (UDP), it
and privacy for M2M and IoT communication. operates well with firewalls [162]. Even though GTP used in
Solutions for roaming between trusted and non-trusted net- the operator’s internal network, the support for firewalls might
works include the use of an identifier (temporary identity) be needed to curb resource exhaustion attacks on GTP end-
instead of sending IMSI to non-trusted networks. A possibility points. Furthermore, the signaling traffic due to short traffic
is that the identifier is generated by the trusted network and burst due to changing active-sleep modes, or increased number
shared between UE and non-trusted networks [128]. 3GPP has, of IoT devices, can be reduced by using the same tunnel for
so far, used the EAP-AKA for authentication between UE and multiple UEs with similar service requirements [160]. More-
non-3GPP access networks. In 5G, multiple methods based on over, the backhaul network is transforming into virtualized
EAP can be used, based on the type of service or preferences and SDN-based data plane, whereas most of the control plane
by the service provider. functionalities will be shifted to the core network. Working as
simple forwarding devices, the security threats in backhaul will
B. Backhaul Networks drastically minimize. Since, SDN based backhaul will have
1) Security Challenges: The backhaul network comprise its security challenges, the solutions for those challenges are
network elements and communication channels between the discussed in Section VII.B.
base station and the core network [155]. Therefore, the back-
haul network is not as exposed security threat as the access
C. Core Network
network. The communication can be either wireless [156],
usually microwave and occasionally satellite links, wire-line 1) Security Challenges: The core network of LTE or 4G,
through dedicated copper or fiber optics [157], or a converged called EPC, comprised different entities such as MME, serving
one using both [158]. The diversity in RAN technologies has gateway, PDN gateway, and HSS [163]. In 5G, the core
also evolved the backhaul networks, more so untill LTE [159]. network elements are represented by network functions [164].
The security of backhaul is different in a sense that it involves The detailed architecture of 5G core network with description
both radio and core part of the network. For instances, the of network functions is available in the latest 3GPP release
security parameters are, usually, adjusted in the elements of the 15 [165]. The core network is IP based and ensures end-
access network such as eNB, and MME in the core network. to-end service delivery, security and QoS, and maintains
For traffic towards the Internet or external network, the subscriber information. The 5G core network is more dynamic
eNB sends the traffic to the serving gateway through GPRS compared to the previous generations leveraging NFV, SDN
Tunneling Protocol (GTP). The serving gateway sends the and cloud technologies as described in Section VI. However,
traffic to Public Data Network (PDN) gateway which commu- it is the main target of security threats and prone to security
nicates with external networks or the Internet. GTP is again vulnerabilities as well.
used over the S5/S8 interface between the serving gateway The massive penetration of IP protocols in the control
and PDN-gateway. The LTE the backhaul enhanced network and user planes for different network functions make the 5G
security through introducing Internet Protocol Security (IPSec) core network highly vulnerable. The network must be highly
based GTP tunnels for the X2 interface between eNBs, and resilient and ensure availability with the increasing signaling
S1 interface between eNBs and MMEs [159]. One of the traffic. The increasing types of communication services and
basic challenges with such tunnels is that a tunnel must be devices can lead to high traffic volumes for signaling purposes.
setup when a UE enters active mode, or even starts a session The signaling procedures for attach/detach, bearer activation,
with a new service. This will be highly challenging when location update, and authentication occurring at the Non-
a huge number of IoT devices transmits small and sporadic Access Stratum (NAS) layer of 3GPP protocols can cause NAS
traffic [160], opening doors for DoS attacks on the end-points. signaling storms [1]. This will be particularly more challenging
15
in 5G due to possible integration of billions of IoT devices. most obvious changes are: 1) Control-User plane separation,
As a precaution, Nokia published [166] that signaling traffic is 2) Network slicing, 3) Service based architecture, and 4)
increasing 50% faster than the data traffic, yet the data traffic Flexible Non-3GPP access internetworking. All these changes
is increasing by 56 percent each year [167]. Using excessive have been made possible through technological concepts such
signaling to create a DoS attack on LTE has been demonstrated as SDN, NFV and virtualization, and cloud or mobile edge
in [168]. computing and their instantiation in the wireless network
Small cells with huge number of mobile devices moving domains to achive cost efficiency and simplicity in network
around will increase mobility handovers, thus adding to the management. Therefore, their security challenges and so-
signaling traffic. Hence, the signaling load will not only lutions are properly described in Section VII and Section
increase on MME, but on other control elements (network VIII respectively. In this section, we describe the security
functions in 5G) such as HSS, PDN gateways and serving solutions for those challenges that are highlighted in Section
gateways as well to maintain QoS.A DoS or resource exhaus- V, considering the core network as hollistic IP based logically
tion attack on any of these network elements will be easy centralized core network.
to materialize. Furthermore, the 3GPP NAS layer protocols For the logically centralized core network the main chal-
used for UE attach or detach functions, authentication, bearer lenge would be the signaling overload due to the huge number
activation, and location update can also result in signaling of diverse devices. However, one of the main change in 5G
storms [169]. The 3GPP also recommends the use of IPSec is that the core network elements e.g. MME are reprepre-
encryption for LTE interfaces such as S1-MME, X2, S5 and sented by network functions such as Access and Mobility
S6, etc. Such massive encryption-based tunnel establishment Management Fuction (AMF) [172]. There are also clearly
also increases the signaling costs in the core network elements. stated protocols and reference points for interaction among
The main objective here is to outline the vulnerability of the them [164]. Hence, to effectively handle the signaling overload
core network to DoS attacks. challenge, two approaches are discussed in 5GPPP [93]. First,
In 5G, huge number of infected IoT devices can overload using lightweight authentication and key agreement protocols
the signaling plane as an attempt to gain access or perform a for communication of massive IoT. Second, using protocols
DoS attack [79]. Resource constrained IoT devices, probably that allow to group devices together through various types of
in billions [170], will require the resources in the clouds to group-based AKA protocol [93].
perform processing, storing or sharing of information. Their A group based authentication scheme for narrow-band IoT
limited capabilities also make these devices an easy target devices has been proposed in [173]. IoT devices with similar
to masquerade or operate in a compromised environment for attributes are grouped (temporarily or permanently) together,
attacks on the network in the form of DoS attacks. Thus, IoT a group leader is chosen, sensitive information of IoT in the
will bring many challenges for the signaling plane or the core group is aggregated by the group leader, and sent to the core
network of 5G networks. In LTE, the HSS has been described network where the credentials of each IoT device can be
in [171] as the main point of attacks in terms of requests for verified separately by the corresponding node in the core net-
authentication and authorization. work. The groups are formed using anonymous attribute-based
3GPP details the subscription security policy update in its group establishment techniques. The propose mechanism also
study on the ”Feasibility Study on New Services and Markets improves identity privacy preservation besides minimizing the
Technology” [128]. The point of concern is the suggestion authentication overhead and signaling in the core network.
that IoT devices should periodically update the subscription A similar unified group-based authentication scheme using
security credentials, even devices with less frequent commu- SDN has been proposed for V2X in [174] that minimizes the
nication with the network should update the credentials from handover signaling overhead in future networks.
the core network. The reasons provided are that, IoT devices Since 5G is supposed to provide higher flexibility and
will be huge in number, have low capacities, and thus can be agility, the two concepts that are most prominent in this
compromised which necessitate the update to avoid security regard are Virtual Network Functions (VNFs) and software-
lapses in the network side. However, the massive burden on based network control. These features will be enabled by NFV
the core network entity that will be involved in the security and SDN. The basic philosophy of NFV is to implement
policy update is not discussed. Such updates involving massive network function in software called VNFs and deploy them
number of IoTs can potentially make the relevant core network on high-end servers or cloud platforms instead of specialized
element or function a bottleneck. function-specific hardware. SDN, on the other hand, separates
Moreover, the 5G core network is expected to utilize SDN the network control plane from the data forwarding plane.
and NFV to provide higher flexibility and scalability with The network control plane can be logically centralized and
cost-effectiveness [114]. These technologies have their own the forwarding devices can be rendered simple to increase
security challenges that must also be properly investigated due innovation in network control platforms and simplify the
to their vital role not only in the core network, but also in the network management. The two concepts can also be used to
security of the overall network and services. The main security improve network security.
challenges in these technologies are described below. The SDN based core network is described in [175]. A
2) Security Solutions: The 5G core network introduces new heirarchical SDN-based control is proposed for the whole
features and utilizes new technological concepts compared network that would allow different grade performance of the
to EPC [94]. Accroding to the 3GPP release 15 [172], the core network and provide service differentiation in 5G. The
16
proposed core network is a unified approach that takes care of NFV and cloud computing have been used in non-wireless
mobility, handoff and routing management with heirarchical networks and thus have a rich literature in terms of security. In
control planes. The heirarchichal control plane that handles this section, we describe their security challenges and solutions
different functions of the core network such as mobility or mainly from the scope of their use in 5G network. First the
QoS management, increases the scalability of the network to security challenges are discussed (also highlighted in Table VI)
meet the requirements of diverse services. Even though the and then the security solutions or proposals are described.
proposal is not for strengthening the network security, the
approach increases the capability of the network to ensure
A. Security in massive MIMO
availability for diverse services through modularity.
NFV also increases the network capabilities in terms of 1) Security Challenges in massive MIMO: Massive MIMO
security, as described in [176] for sharing network resources is considered as one the most promising and disruptive tech-
dynamically. For instance, in the case of mobility the virtual nologies for 5G [179]. The key idea of massive MIMO is to
AMF can be placed in different network sections (edge nodes) equip the base station with a large number of antenna elements
at run time where mobility is higher or instantiated on multiple that can serve a large number of user terminals with the same
hardware near the highly mobile devices. The aim is to frequency band [3]. The large number of antenna elements
eventually divide the traffic among multiple VNFs that could can be used in various modes to increase the data rates or
potentialy exhaust the resources of an AMF on a single node. to enhance the reliability, coverage or energy efficiency. In
A detailed article on the benefits and challenges in using addition, random matrix theory demonstrates that the effect
NFV in mobile networks [177] discusses how the foreseen of small-scale fading and uncorrelated noise start to fade as
signaling costs can be reduced in mobile networks. The authors the number of antennas goes towards infinity [180]. Despite
propose a grouping criterion to bundle together various func- its promises, the base-station needs to estimate the Channel
tions of the core network in order to minimize the signaling State Information (CSI) either through feedback or channel
costs and improve the performance of the overall network. reciprocity schemes to reap the benefits of massive MIMO.
Similarly, by using the GTP and avoiding some protocols, such The use of non-orthogonal pilot schemes for a multicell
as the DIAMETER protocol, the signaling traffic is drastically Time Division Duplex (TDD) networks introduce the concept
reduced. The DIAMETER protocol relies on Transmission of pilot contamination due to the limitations of coherence
Control Protocol (TCP) and stream control transmission pro- time [181]. The effect of pilot contmination is much more
tocol. Both are known to downgrade the network performance profound on massive MIMO. Pilot contamination is considered
during small bursts of traffic [178]. as one of the major performance limiting factor of a massive
MIMO system [182].
VI. S ECURITY IN K EY 5G T ECHNOLOGIES The security vulnerabilities in massive MIMO: passive
The security challenges in 5G can be effectively outlined eavesdropping and active eavesdropping, are described in [20].
by considering the main enabling technologies of 5G. As In the passive eavesdropping, the attacker tries to intercept
described in Section IV, the main enabling and disruptive the transmitted signals. The passive eavesdropper does not
technologies compared to the previous generations are massive transmit any signal itself. In the active eavesdropping, the
MIMO antennas, SDN, NFV and the concepts of cloud com- attacker also transmits signals to disrupt the legitimate user’s
puting such as Multi-access Edge Computing (MEC). SDN, transmission. If the only goal of the active attack is to
TABLE VI
S ECURITY CHALLENGES IN KEY 5G TECHNOLOGIES .
Effected Technology
Security Threat Target Point/Network Element
SDN NFV Cloud MIMO
DoS attack Centralized control elements X X X
Hijacking attacks SDN controller, hypervisor X X
Signaling storms 5G core network elements X
Resource (slice) theft Hypervisor, shared cloud resources X X
Configuration attacks SDN (virtual) switches, routers X X
Saturation attacks SDN controller and switches X
Penetration attacks Virtual resources, clouds X X
User identity theft User information data bases X
SPIDAS DoS attacks Cyber-Physical clouds X
TCP level attacks SDN controller-switch communication X
Man-in-the-middle attack SDN controller-switch communication X
Reset and IP spoofing Control channels X
Scanning attacks SDN controller interfaces X
Insider attacks Cloud and virtual systems X X
Data leakage Cloud storage systems X
Cloud intrusion Overall cloud systems X
Active eavesdropping Control channels X X
Passive eavesdropping Control channels X X
VM manipulation Clouds and virtual systems X X
17
disrupt the legitimate transmission, it can be called a jamming eavesdropping can be tackled by a co-operative base stations.
attack [183]. Another intelligent form of the active attack is In such scenarios, different base stations can exchange infor-
based on pilot contamination. It is called pilot spoofing where mation and thus presents an opportunity to jointly estimate the
the attacker pretends to be a legitimate user. level of legitimate user induced pilot contamination. Machine
Typically, the CSI is used at the base station to precode learning methods can also be employed for detecting active
the transmission so that a composite beam, which is created eavesdropping attacks.
from the signals transmitted through different antennas, can As the massive MIMO base station can serve a large number
be focused towards a specific user. The CSI is obtained of users at the same time, it is necessary to secure a message
through the channel estimation process which is generally from all the users other than the intended one. The precoder
based on the pilot signals sent by the legitimate users. A algorithm used in the base station has to be designed in a
pilot spoofing scheme that exploits the pilot contamination way to achieve this objective. It is also worth considering the
is presented in [184]. The eavesdropper sends the same pilot possibility of an eavesdropper employing powerful massive
signals to confuse the base station. Therefore, the base station antenna arrays to intercept the information. In [190], a physical
designs the precoder incorrectly which benefits the reception layer security approach called original symbol phase rotated
of the eavesdropper. The pilot training sequence is fixed and secure transmission scheme is proposed to defend against such
repeated over time and therefore, it can be obtainable by an a scenario. The basic idea of this phase is to rotate the phase of
attacker. Due to this attack, the estimated channel between the the original signal randomly to confuse the eavesdropper. On
base station and legitimate user becomes inaccurate while it the other hand, the legitimate users are able to correctly infer
helps the attacker to detect the transmitted signals from the the phase rotation and take proper inverse operations necessary
base station. The important assumption made in [184] is that to recover the original transmission.
the transmission of the attacker and legitimate user is synchro- A jamming resistant receiver is proposed in [186], [191] to
nized. The pilot spoofing attack detection and countermeasures counter the jamming attacks on massive MIMO up-link. The
are also presented in [183], [185]. We discuss the solutions in authors exploited the unused pilots sequences to estimate the
the next subsection. jamming channels. The receive filters are designed based on
According to [186], the jamming attacks are more difficult both legitimate user channels and the jamming channel to com-
to deal with than the spoofing attacks for a massive MIMO re- bat the jamming signals. The filters are based on conventional
ceiver. The attacker tries to create maximum jamming possible Minimum Mean-Square Error (MMSE) and Zero Forcing (ZF)
unlike the spoofing attack. The jamming attacks are typically filters. In [192], the authors use a generalized likelihood ratio
dealt with designing receiver that consider the jamming signals test to detect a jamming attack. The performance of the
as additive noise. However, the jamming is not noise-like detector increase with the number of BS antennas. An anti-
for massive MIMO as the legitimate channel is correlated jamming strategy based on pilot re-transmission is proposed
with the jamming channel [186]. The concept of beamform- in [193]. The authors proposed counter attack strategies for
ing, where several antennas serve a specific user, make the random and deterministic jamming attacks.
massive MIMO systems inherently robust against passive A two-way training based scheme against the pilot spoofing
eavesdropping attacks. However, the eavesdropper can take attack is proposed in [185]. The authors proposed a scheme
countermeasures by exploiting the high channel correlation in where the uplink and downlink both channel estimates are
the vicinity of the user or the weakness of channel estimation. available at the base station receiver which can be used
An overview of passive eavesdropping and active attacks on to find the difference between two estimation results. The
massive MIMO and possible detection techniques for such detection outcome will be fed back to the transmitter together
threats is presented in [187]. The channel estimation procedure with the down-link channel estimates. The proposed scheme
in MIMO has been one of the soft targets for security attacks, achieves a high detection probability and a positive secrecy
and has been properly demonstrated in [188]. Incorrect channel rate [185]. In [183], an enhanced scheme is proposed to
state information can also be used for jamming attacks [189], combat spoofing attacks which is based on the recent approach
which is also demonstrated in [188]. of superimposing a random sequence on the training sequence
2) Security solutions for massive MIMO: To attain full at the legitimate receiver. The authors consider two scenarios
benefits of MIMO, the system must be secured against the where the spoofer transmits the pilot signals only and the
major security challenges. Two different schemes to detect spoofer transmits both pilots and random sequences. The
an active eavesdropper are presented in [187]. One method proposed scheme is based on random matrix theory based
is to exploit controlled randomness by transmitting random source enumeration [183].
pilots to detect active eavesdroppers. The legitimate user In [194], a data-aided secure massive MIMO transmission
transmits a sequence of random symbols of random phase-shift with an active eavesdropper is presented. The authors show
keying that enables the base station to detect the eavesdropper. analytically that decreasing the signal power of the legitimate
The drawback of this method is that it incurs the overhead user is an effective approach to combat against a strong ac-
of transmitting additional random sequences. In the second tive eavesdropper. The authors proposed a data-aided secured
method, the beamformer is constructed in such a way that the down-link transmission scheme with an achievable secrecy
received sample by the legitimate user equals to an agreed sum-rate precoding. In [195], a linear precoder for massive
value. In the case of an active eavesdropper, the legitimate MIMO eavesdropper’s wiretap channel with finite alphabet
user will observe a much smaller value. The detection of active input is investigated. An upper bound on the secrecy rate for
18
the Gaussian Singular Value Decomposition (GSVD) design exposing critical APIs to unintended software will expose the
is derived which reveals that GSVD leads to a significant per- network to security threats. The number of security challenges
formance loss. The authors proposed and analyzed Per-Group- have grown since the inception of OpenFlow. Below we
GSVD (PG-GSVD) which eliminates the performance loss of highlight the main security challenges related to SDN.
GSVD. Another secure massive MIMO transmission scheme Security Challenges in SDN applications: SDN has two
is investigated in [196]. The authors derived an achievable principle properties that make the foundation of innovation
secrecy rate analytically when the number of transmit antennas in communication networks on one hand, and the basis of
approaches infinity. The derivation also assumes matched filter security vulnerabilities on the other. These are, first, the control
precoding and artificial noise generation in the transmitter side. of a network with software, and second, centralized network
The authors proved that the effect of the active eavesdropper intelligence [201]. In SDN, most network functions will be
can be completely eliminated when the transmit correlation implemented as applications, thus, a malicious application if
matrices of the eavesdropper and the users are orthogonal. granted access, can spread a havoc across the network. The
In addition, the authors derived a closed-form expression security challenges introduced by applications can be due to
for optimal power allocation for secure communication for open APIs in network equipment, lack of trust mechanisms be-
a single antenna active eavesdropper. tween applications and controllers, and lack of proper authen-
tication and authorization techniques for applications, mainly
third party applications [201]. Since 5G will implement most
B. Security in SDN
network functions as applications, solutions to such challenges
SDN separates the network control plane from the forward- need to be sought out before enabling SDN applications to
ing plane and centralizes the network control into software- manipulate the network.
based network control platforms. The softwarized network Security Challenges in SDN controllers: The centralized
control functions are logically centralized that interact with control plane of SDN (e.g. OpenFlow controller) makes it
forwarding devices through programmable APIs. This achieves a highly targeted point for compromising the network or
simplicity in network control, management and operation, carrying out malicious activities in the network due to its
and accelerates novelty in network feature development and pivotal role in decision making. The main types of threats will
deployment. Therefore, using the concepts of SDN in wireless be DoS and DDoS attacks. However, the centralized control
network has been a major focus of researchers and industry. plane as implemented in OpenFlow have even more security
Thus, there are many proposals for SDN-based wireless net- consequences. For example, controller visibility, controller-
works [197]–[200]. The SDN architecture has three functional applications interaction and controller scalability can be adver-
layers with interfaces between the layers, as shown in Figure 7. sarially used to compromise the security of the whole network.
OpenFlow is the first viable implementation of SDN that Regarding controller visibility, a DoS attack is demonstrated
follows the three tier architecture of SDN with OpenFlow in [202] that uses the control-data plane separation logic to
applications, OpenFlow controller and OpenFlow switches. recognize the controller and send specifically crafted flows to
exhaust the control plane resources. Regarding the controller-
applications interaction, there are no compelling mechanisms
to secure the controller from malicious applications opening
the challenges of application authorization, and resource usage
auditing and tracking [203]. By exploiting the controller
scalability, an attack is demonstrated in [204] in which IP
packets with random header fields are continuously sent to
the controller making it unavailable to legitimate flow setup
requests.
Security Challenges in the data plane: The SDN data
plane comprises simple forwarding devices having flow tables
that are used by SDN controllers to install flow forwarding
rules. The flow tables are limited in capacity, and thus can
be exhausted by maintaining a big number of unsolicited
Fig. 7. SDN architecture. flows. Thus malicious flows with different field headers will
easily exhaust the flow tables. This principle can be used for
1) Security Challenges in SDN: In SDN, network functions saturation attacks. During such attacks, legitimate flows will be
can be implemented as applications deployed in the SDN discarded due to the limited capability of the switch to buffer
application plane. The controller provides an abstract view of TCP/UDP flows. Since SDN switches are dumb and are not
the network to applications. Thus, in SDN applications can capable to differentiate between genuine and malicious flows,
manipulate the network according to the application require- they can be used for attacks against other switches and even
ments. However, SDN has many security challenges, more so controllers. The dependency on the controllers also make the
already demonstrated about the OpenFlow implementation of data plane security dependent on the controllers, and thus, if
SDN. For instance, centralizing the network control make the a controller is compromised a network of SDN switches will
control platform a favorable choice for DoS attacks. Similarly, be unwittingly compromised.
19
Security Challenges in interfaces: SDN has two main DoS attacks. For instance, self-organizing maps [212] are
interfaces i.e, the north-bound interface between controllers used in [213] against lightweight DoS and Distributed DoS
and applications, and the south-bound interface between con- (DDoS)attacks. Further approaches to increase controller re-
trollers and SDN switches. The north-bound interface is siliency against security lapses include distributed control
mainly a challenge for remote applications due to the unavail- plane [214], [215], [216], controller placement [217], [218],
ability of standardized interfaces. The south-bound interface control plane redundancy [219], and reactive vs proactive
uses Transport Layer Security (TLS) and Datagram Transport controller flow rule setup and updates [220].
Layer Security (DTLS). However, due to the configuration Security Solutions for the data plane: The data plane
complexity in the use of TLS and DTLS, their use is left transports the actual packets, and thus needs proper security
optional. This makes the controller-switch communication mechanisms. Since, the configurations in the data plane can
open to a multitude of attacks, including eavesdropping or be changed by applications, it must be secured from unau-
even attacking the control plane. thorized applications. Therefore, security mechanisms such
2) Security solutions for SDN: The security of SDN is as authentication and authorization are used for applications
multi-dimensional. In this article we focus on two main disci- that change the flow rules in the forwarding elements in the
plines. First, the security of SDN due to its inherent nature that data plane. FortNox [207] provides the mechanism in the
makes SDNs vulnerable to security threats. The second is how controller to check contradictions in flow rules that are gener-
SDN or the principles of SDN, such as centralized network ated by applications. The FlowChecker [221] can check and
control and greater control and visibility of traffic flows, can identify inconsistencies in flow rules in OpenFlow switches.
be used to increase network security. In this subsection we FlowChecker can also detect intra-switch misconfigurations
focus on the first principle i.e. security mechanisms proposed through binary decision diagrams.
to increase the security within SDNs or its individual planes. Security Solutions for the SDN interfaces: The north-
Security solutions for the SDN application plane: Mali- bound interface in SDN is still an open security challenge
cious applications must not be granted access to the network though there are many proposals to secure the controller
or the network control plane in SDN. Therefore, there are interface from malicious applications. The main challenge that
various proposals that perform rigorous verification of SDN needs further research is the security of the interface when
applications before they are granted access for network config- remote applications would like to access the control plane
urations through the control plane. For example, PermOF [205] or configure the data plane. Security mechanisms such as
is a fine-grained permission system that put boundaries an those for the south-bound interface that use TLS are not yet
applications to work within its defined privileges. The design available. In the south-bound interface, the OpenFlow protocol
of PermOF provides read, write, notification, and system supports TLS and DTLS for TCP and UDP traffic respec-
permissions to different application to enforce permission tively. TLS provides privacy and data integrity for the user
control. Thus, it secures the control platforms from malicious communication, whereas DTLS secures UDP traffic between
applications. Another permission system for SDN applications applications. TLS uses use symmetric cryptography for data
is described in [206] that ensures that the control plane encryption. Their detailed use is available in the OpenFlow
operations are available only to trusted applications. Similarly, specification [222].
FortNOX [207] is a security enforcement kernel proposed as a
solution for malicious applications that implements role-based
authorization for each OpenFlow application. The ROSE- C. Security in NFV
MARY controller [208] also proposes a permission system The main idea behind virtualization is to decouple a sys-
for applications to secure the controller operation from buggy tem’s service model from its physical realization to use logical
or malicious applications. instances of the physical hardware for different purposes.
Security solutions for the SDN control plane: Due to the Using the same idea, NFV separates network functions from
pivotal role of the control plane, there are many proposals and the underlying proprietary hardware [177]. By transferring
approaches to strengthen its security. The Security-Enhanced network functions from hardware to software applications,
(SE) Floodlight controller [209] extends the security of the NFV makes the foundation for enabling run-time network
original floodlight controller [210]. To secure the SDN control function placement at different network locations [177]. Thus,
layer, the SE-Floodlight controller provides mechanisms for NFV provides a futuristic demand-based network functions
privilege separation by adding a secure programmable north- placement in different network perimeters and eliminates the
bound API to the SDN controller. It operates as a mediator need for function or service-specific hardware [223], [224].
between the application and data planes by verifying flow However, there are a number of security challenges that have
rules generated by applications. The The ROSEMARY con- sparked serious concerns about the security of user informa-
troller [208] is a robust network operating systems for the SDN tion, the services and the network itself. These challenges are
controller to secure it from malicious applications. briefly described below.
To mitigate the controller scalability issues and improve 1) Security Challenges in NFV: With the deployment of
resilience against DoS attacks, AVANT-GUARD [211] limits NFV, a number of security challenges will surface mainly
the flow requests (failed TCP sessions) to the control plane due to the possibility of functions or service migration from
using a connection migrating tool. There are also various one point to another or from one resource to another [225].
approaches to improve the control plane security against Since the number of services or virtual functions will grow,
20
a growing concern is related to the manual configurations of diverse actors, let alone in services their can be several service
the virtual systems or VNFs [226] that can lead to potential providers. For example, multiple MVNOs and Communica-
security breaches due to the increased complexity with the tion Service Providers (CSPs) or other service providers will
growth of the systems. Similarly, the increased number of share the same network infrastructure. All of these service
VNFs is also a major concerns for unauthorized data access, providers will have different security and privacy policies.
traffic eavesdropping, and theft of services [18]. Moreover, The synchronization or otherwise mismatching security and
there are security challenges that are inherent to virtualized or privacy policies will be another pressing challenge in such
NFV systems as described below. shared environments [237]. Furthermore, the dynamic nature
Challenges in virtual systems: Virtualized systems cannot of VMs will make it difficult for MVNOs to track the usage of
always be secured like the physical systems [227]. Many network resource and binding it to specific users and devices
virtualized systems can run on the same network component for the purpose of billing.
but each might not need the same security, thus the same 2) Security solutions for NFV: Virtualization can highly
security procedures cannot be applied on the whole machine. increase the user, service and network security. A basic mech-
A scenario is described in [227] in which a server hosting anism is to use slicing to separate traffic of different services
virtual machine is divided into multiple zones, each having (Fig. 8) or network segments based on security priorities [238].
different security levels. In this case, a zone that need to Second, distributed VNFs can be deployed that increases the
conform with specific security level cannot be moved to scalability and availability of the system and resolve DoS and
another physical server since the other computer may not offer DDoS attacks [239]. By adding more intelligence regarding
the same security. On top of that, service chaining of various self-protection, these VNFs can substantially improve the
NFVs will make the analysis of root causes of security threats security of 5G networks [239]. In [240], the authors leverage
even further complicated [228]. NFV besides SDN to improve network security. Slicing the
Challenges in hypervisors: In network virtualization, hy- network for different services is considered as a strength of
pervisors are used to map various network functions to logical 5G compared to the previous generation networks. Leveraging
instances or physical hardware of network components [229]. NFV, 5G thus provides a unique opportunity to provide
A hypervisor can create and execute multiple guest operat- security as as service in cellular networks [240]. General best
ing systems and controls the necessary CPU scheduling and practices for improving the security of NFV infrastructures is
memory partitioning for those systems. Thus the hypervisor, presented in [241] and below we present the existing solutions
also called the virtual machine monitor, is the main entity in to some of the common security threats in NFV.
the whole of hypervisor-based virtualized eco-system. Hence,
if a hypervisor is hijacked the whole system can be com-
promised [227]. A number of attacks on the hypervisor are
discussed in [230]. In brief, the hypervisor can be targeted for
a number of attacks such as exploiting host operating system
to damage the isolation of a network slice, DoS attack on
VMs, and VM hopping attacks.
Challenges due to dynamicity: An interesting benefit of
VMs is that they can be created, deleted and moved around a
network easily. The same reason makes VMs more a security
concerns since tracking a malicious virtual machine would be
much more complex. The same challenge will also be carried Fig. 8. Secure end-to-end tunnels for different services.
into the 5G networks domain [5]. The main challenge will
be the dynamic nature of VNFs that will be more prone to Solutions for virtual systems: Even though virtual systems
configuration errors [231]. A study on security implications can be difficult to monitor compared to physical systems,
of virtualization [232] reveals several challenges that must virtual systems have their own benefits in terms of security. For
not be present in 5G. For instance, ”the loss of uniqueness instance, a virtual system can be easily migrated or replicated
of devices and data” in virtualized environments will be to minimize the effect of security attacks. To cope with the
specifically more challenging in 5G due to the integration of challenge of inconsistency, various solutions are proposed that
diverse things (IoT) or networks of things. Furthermore, track- ensure consistent security policies in virtualized environments,
ing malicious devices and developing trust system between as discussed in [231]. A policy manager that enforces security
hypervisors, VMs or management modules will be further policy in dynamic VNF environments is proposed in [242].
complicated [233]. The proposed software component for the NFV framework
Challenges for MVNOs: Mobile Virtual Network Oper- provides an easy and effective way for users to specify their
ators (MVNOs) [234]–[236] leveraging NFV to lease and requirements and enforce it within the network without dealing
operate the network face the security challenges mainly due to with complex security configurations.
limitations in the current NFV systems as described in [236]. Solutions for hypervisors: Due to the central role of the
The network infrastructure owners will expose APIs on their hypervisor, the basic choice for strengthening its security is
network hardware platforms to third parties to deploy their least or restricted exposure to VMs or other systems. Acting on
services on the same hardware [223]. Since 5G will have very these grounds, the modified version of Xen called Xoar [243]
21
increases its security. The platform breaks the control VM characterized by massive number of connected devices, form-
into multiple single-purpose VMs to make risk exposure ing a network of billions of sensors and actuators, supporting
explicit, maintain least access privileges, and thus increase a huge number of low-cost and energy-constrained devices.
the security of the overall system. The OpenVirteX [244] This use case underscores the need for cloud computing in
presents a new interesting network virtualization platform that two folds. First is on the need for real-time data sharing
provides customers with virtual SDNs. Working similar to the among devices, and second is on the need for low-storage
OpenFlow [28] SDN implementation, the hypervisor acts like devices to be provided with virtual storage capacity on the
the controller in OpenFlow in which the slices of the users cloud. MEC is another key use case of cloud computing that
have their own control and data planes. The interesting fact in holds great significance for 5G mobile networks and beyond.
this solution is the capability of the SDN controller that can MEC extends IT and cloud computing capabilities within the
oversea the activities of the hypervisor and can easily track RAN at the edge of mobile networks. This provides developers
security vulnerabilities. and content providers with direct access to real-time radio
Solutions for dynamictiiy: The dynamic nature of VNFs access information, hence promoting ultra-low latency, higher
and virtualized resources can be used as a strength in terms of bandwidth and enhancing overall user experience [246], [247].
security.For instance, the flexibility of NFV allows isolating However, these technologies and use cases also make the
compromised network elements, or even whole network seg- 5G cloud computing confront major security challenges, as
ments through defining security zones and using traffic steer- described below.
ing [228]. In the [228], a security oriented management and 1) Security Challenges in Cloud computing: The security
orchestration framework has been proposed that dynamically challenges in cloud computing are highly connected with the
manages the entire life cycle of security functions, as well technologies involved in cloud computing such as networking,
as secures NFV-based infrastructures and platforms. However, virtualization, and the services deployed in the clouds [248],
the elasticity of NFV has rarely been used to increase network [249]. Since diverse types of services reside in the cloud
security. and the cloud resources are highly distributed, heterogeneous
Solutions for MVNOs: The security of MVNOs is highly and virtualized, traditional security mechanisms are no longer
dependent on the security of the systems MVNOs use. How- enough for the security of clouds [250]. There are diverse
ever, that will not be enough alone. For instance, inter- technologies involved in cloud computing, and thus, diverse
operation of various components in a mix-and-match system security challenges exist that require specific security solutions
will require a security and trust monitoring framework. A tailered for those challenges as highlighted in [251]. Below
security and trust framework for VNFs in SDN-based mobile we describe the most concerning security challenges related
networks is proposed in [237]. The proposed framework to cloud computing that will effect the security of 5G.
applies adaptive trust evaluation and management technolo- Virtualization threats: Since virtualization would play a
gies and sustainable trusted computing technologies to en- vital role in the design and implementation of cloud-based
sure computing platform trust and achieve software-defined networks for 5G realization, the threat landscape on virtualized
network security [237]. Similarly, a conceptual NFV-based platforms is equally an issue of concern for service providers
security management and orchestration framework is presented as well as users and application developers. Security threats in
in [228]. The proposed framework protects the resources or this category may range from DoS attack to VM manipulation
other VNFs from security threats originating from the Internet as shown in Table VI. Though there can be logical isolation of
or other VNFs by validating their security characteristics. resources in the cloud platforms, malicious entities can exploit
However, the limited deployment of such operators in real- data leaks and cross-VM manipulation [252]. Moreover, the
time makes it difficult to fully understand the full range of threats in this landscape can be targeted towards the virtualized
possible security threats. Therefore, there is little research that infrastructures and platforms, edge computing systems as well
concentrates on the security solutions for MVNOs, apart from as the hypervisors.
increasing the security of VNFs or NFV. Cloud-Based Cyber-Physical System security threats:
Cloud-based Cyber-Physical Systems (CCPS) achieve
virtualization of network components using cyber-physical
D. Security in Clouds clouds, such components include various sensors and
The role of cloud computing in 5G mobile network has actuators. Such virtualized components are provisioned as
become a cardinal focus for both the industry and research conventional cloud resources used to provide cloud services
organizations working on 5G and related technologies. Cloud [253]. Typical security attack in this landscape include
computing provides computing resources and services to both HyperText Transfer Protocol (HTTP) and Extensible Markup
small and large enterprises on an on-demand fashion, hence Language (XML) DoS (HX-DoS) attack. HTTP and XML
optimizing on available resources and allowing for higher Denial of Service(HX-DoS) combines HTTP and XML
abstraction of the underlying mechanisms on the side of messages and flood them at rates preconceived to inundate
customers. Currently, a good number of social media sites the capacity of the cloud CPS infrastructures. Such attack
like Facebook, Netflix, YouTube, and Twitter have already em- could be launched on cloud infrastructures, Software or
braced the cloud concept and are expanding on its possibilities. platforms i.e. Infrastructure as a Service (IaaS), Service as a
One of the major use case of cloud computing in 5G is the Service (SaaS), and Platform as a Service PaaS [254], [255].
massive machine-type communications [245]. This use case is Other threats in this landscape include is Slowly-increasing
22
Polymorphic DDoS Attack Strategy (SIPDAS) identified in For mitigating CCPS attacks in the form of HX-DoS,
[255]. SIPDAS is a kind of DoS attack that evades pattern authors in [254] proposed the use of the so called ENDER
detection algorithms by modifying its behavior dynamically. (pre-dEcisioN, advaNce Decision, lEaRning) to identify and
distinguish a legitimate CCPS from an illegitimate one. To
Cloud intrusion: Cloud intrusion is a threat on the accomplish this, the ENDER system uses two decision theory
integrity of cloud resources provided on the network. This methods to detect attack traffic and then using a similar
threat also affects the availability and confidentiality of cloud technique as in traditional Intrusion Detection Systems
resources and services. The more sophisticated the intruder (IDSs), is then able to identify and mark an attack message.
the more the severity of such intrusion. In addition, threat Upon detecting such attack message, a small 1bit mark
severity is also influenced by the nature of the loopholes is then added to the message, and using a Reconstruct
and weak-links on the cloud environments. Such intrusion and Drop (RAD) algorithms, the system is able to remove
can affect different cloud service models as shown in Table VI. such message before any further harm is caused to the system.
Insider attacks: This is a socio-technical form of attack Cloud intrusion: Mitigating against cloud intrusion is
that poses a major threat to the overall cloud platform [256]. mainly achieved by building IDSs to work in conjunction with
Here, the term insiders implies the service provider’s staff with other control mechanisms in the cloud computing environ-
access to the physical servers on which user data is stored. ment. Such IDS systems are designed to constantly monitor the
When such insiders set to misuse or mismanage user data and activities in the cloud environment and will identify any form
information, this could constitute a major threat to the whole of malicious activities and policy violations [256]. Various
idea of the cloud. A classic example in recent time is the IDSs have been proposed to meet the varying needs of the
Facebook Cambridge Analytica data scandal where personal different cloud service models, namely IaaS, SaaS, PaaS.
information of up to 87 million Facebook users were allegedly There are also IDS systems designed for network hosts and
used for political motives [257]. hypervisors. The author in [261] provides a comprehensive
2) Security solutions for Clouds: The security solutions to discussion on the nature IDS for different cloud service mod-
security threats in clouds are also multi-faceted. For instance els, and further analyzes the evolving trends towards advanced
virtualization security and the security of VNFs residing IDSs to detect intrusion in present and future cloud environ-
in clouds has direct implications on the security of the ments. Among such IDS are the hypervisor-based intrusion
clouds [251]. Therefore, below the security solutions to each detection system, traditional Host-IDS (HIDS) and network-
of the mentioned challenges are described. IDS (NIDS). Where HIDS are preferably deployed on the
Virtualization security: Security threats related to front and back ends of the cloud platform, while NIDS and
virtualization are mostly on the part of the virtual machines. hypervisor-based intrusion detection systems are better placed
Virtual machine security has been a major project interest for on the back-end where the CSPs operate.
companies like IBM and XEN. In 2011, IBM designed The
Trusted Virtual Data Center (TVDc) [258], a technology that A more passive approach to addressing cloud intrusion
is designed to address the need for isolation and integrity is by building intrusion-tolerant cloud applications. Such
in a bid to address the security vulnerabilities on virtualized applications are designed to identify and ignore intrusive
systems. Here is important to mention that in securing requests from adversaries. However, this approach is more
virtualized platforms, it is imperative to extend all security or less of temporal nature depending on the vulnerability of
measures implemented on the operating system of the physical the cloud facility. Over time adversaries tend to circumvent
machines to the operating system of the VMs, only then can the mechanisms of such controls, hence the service providers
the effectiveness of the security strategy be guaranteed [259]. will need to keep pace with evolving intrusion patterns to
Prior to the development of the TVDc, XEN developed the keep this approach effective.
sHype system which is a secure hypervisor architecture for
isolating VM systems with flexible security of mandatory Insider attack: Mitigating insider attack vulnerabilities in
access control [260]. Such access control systems would 5G cloud-based networks is as much of a social challenge as
control the flow of information and communication between it is a technical challenge. While the CPS works on providing
multiple VMs across different machines. Another possible users with secure interfaces and APIs, the possibility of abuse
mitigation technique for networked DoS attack in virtualized and nefarious use of the data in the cloud by authorized
systems is the implementation of firewall proxies, this will service provider staff equally calls for concern. This challenge
require an ACK to be received on the client side before an is further confounded by other natural happenstances like
attacker’s request can be forwarded. leakages and data losses. On this aspect, the need for more
robust backup facilities and multiplicity of backups across
Cloud-Based Cyber-Physical system: Cloud-Based different locations and platforms comes as workable mitigating
CPS (CCPS) attacks in the form of HX-DoS, DDoS or strategy. For other intentional insider attacks, implementing
SIPDAS can generally be mitigated by frequently checking proper auditing and routine background checks coupled with
the consumption of computational resources as well as digital time stamping and signatures on cloud data, could help
the intensity of incoming requests. A detection of some to mitigate the possibility of abuse and nefarious use of cloud
anomalies will then trigger a more advanced control measure. data by authorized insiders [256].
23
TABLE VII
S ECURITY SOLUTIONS FOR KEY 5G TECHNOLOGIES
Effected Technology
Solution Reference Security type
SDN NFV Cloud MIMO
Controller Replication [204] Control plane security through scalability X

SEFloodlight [209] Control plane access authorization X
DoS detection [213] DoS and DDoS detection techniques X X
NetServ [262] Self-protection of control plane from DoS attacks X X X
FRESCO [263] Composable security for SDN X
PermOF [264] Application authorization in SDN X
FlowChecker [221] Flow rules verification in SDN switches X
VeriFlow [265] Flow rules verification in SDN switches X
Flow admission [266] Flow-based access control in SDN X
Resonance [267] Control access to SDN and core network elements X
Splendid Isolation [268] Ensures traffic isolation for VNFs and virtual slices X
TLS protocol [269] Provide security to control channels X
IBC protocol [270] Provide security to control channels X
Capacity sharing [271] Security in sharing of resources X X
DDoS Defender [272] Defence from IP spoofing and DDoS X X
OpenHIP [273] User identity verification for roaming and clouds services X X
ECOS [274] Privacy and trust in offloading X
OF-RHM [275] Ensure identity security of users X
mMIMO security [187] Active attack detection methods X
OSPR [190] Active eavesdropping detection X
Physical layer security [118] Passive eavesdropping detection X
Security principles [241] NFV security challenges and best practices X
Policy manager [242] NFV security configurations X
Xoar [243] NFV and VM security platform X
OpenVirteX [244] NFV hypervisor security X
SecMANO [228] NFV orchestration and MVNO security X
NFVITP [237] MVNO security principles and practices X X
Security proposals [276] Integrity verification, security of data and storage systems X
ENDER [277] HX-DoS mitigation Security for cloud web services X
Secure protocol [278] Service-based access control security X X
CSA proposal [256] Cloud Security Alliance (CSA) proposal for security X
VII. P RIVACY C HALLENGES AND S OLUTIONS First is radio path encryption which is mainly designed to
Privacy remains a core issue in mobile and communication protect the voice and data circuits from invalid interceptions.
systems since the invention of these technologies. In recent Second is the Temporary Mobile Subscriber Identity (TMSI)
decades, the evolution of smart devices such as mobile phones which is proposed to avoid attacks related to user’s identity
and other handheld devices have enabled more diverse services and ensure anonymity [279]. Notwithstanding, both techniques
to consumers. With the advancement in mobile technologies, have their shortcomings also. For instance, regarding the
the services are also becoming smarter, ubiquitous and more encryption in GSM, A5/1 and A5/2 were considered to be
pervasive. The current evolution towards 5G networks is quite insecure and exposed to various attacks such as eavesdropping.
promising not only from consumers perspective but also from The TMSI could not completely assure the anonymity of the
the involved stakeholders point of view. This will help various users because IMSI catchers can still reveal the real identity
stakeholders to enhance their business models for bigger and of subscribers. 2G systems did not have mutual authentication
better revenues. However, the complete and successful deploy- approaches between mobile phone subscribers and correspond-
ment of future 5G systems need addressing the challenges ing networks. This is because GSM could only be able to
of privacy. Hence in this section, the changing paradigm of authenticate the subscriber with the respective network and not
privacy from 1G to 4G, and in-depth study of privacy in 5G vice versa. This means that it can only provide authentication
is discussed. and confidentiality characteristics and couldn’t guarantee the
complete authorization mechanism. This also implies that it
A. Privacy: 1G - 3G does not provide complete non-repudiation [279], [40], [280].
Traditionally, phone users have been mainly concerned With further advancements in mobile communication sys-
about the privacy of their calls, however, 1G did not have tems, 3GPP proposed various specifications for 3G networks
suitable encryption mechanisms to ensure privacy. Hence, that could address these identified privacy shortcomings. For
private communications can be listened to and intercepted by example, mutual authentication mechanism is proposed to
the adversaries even from a far away distance. 2G was then provide more robust privacy features. The 3GPP also defined
proposed as an advancement to address some of the challenges various subscriber privacy requirements for 3G UMTs, which
identified in 1G. In order to preserve the user’s privacy in 2G include; user identity confidentiality, user location confiden-
systems, there have been two major mechanisms proposed. tiality and user traceability. The user identity confidentiality
24
refers to the globally unique IMSI and ensure that user how their data is used. Hence, there are concerns that the
communication over the radio access link should not be personal information can be exploited by various involved
eavesdropped by any means [281]. However, it is observed stakeholders. Therefore, end-to-end data confidentiality mech-
that they are exposed to various attacks which were mainly anisms are required to ensure data protection [284].
targeting the identity and confidentiality of the subscribers 5G is considered as a driving force for IoT based appli-
such as IMSI paging attacks and AKA error message attacks cations and expected to a play vital role in the successful
[282], [280]. deployment of low latency services [285]–[287]. 5G wireless
networks will enable IoT communication which is crucial
B. Privacy: 4G for future smart and digital services, such as health-care and
industrial applications [288]. Hence, there will be increased
4G networks are currently the most widely used mobile
privacy challenges from both perspectives. It is important that
networks and have significant amount of enhancement in
data must not be accessed by unauthorized entities and only
terms of data rates compared to the previous generations. As
legitimate stakeholders should have access to it. Data attacks
such, it can facilitate applications that require voice and video
can be made in two ways: one, attacks on data while in
technologies. With the increased speed or user bandwidth,
transit, and second, illegal access to data in storage systems.
it is exposed to more privacy risks compared to previous
During transit, the potential attacks can be message modifi-
generations. Keeping the context of privacy in mind, there are
cation, eavesdropping and man-in-the-middle attacks [289].
quite a number of vulnerabilities in 4G networks. Two of the
Strong cryptographic techniques are required to protect data in
most critical vulnerabilities being man-in-middle attacks, and
such cases. For storage systems, privacy-by-design approach,
eavesdropping attacks. This happens when adversaries set up
i.e., protecting privacy during the design and manufacturing
fake base stations and act as real network base stations [16].
phases [290], and strong authentication and authorization
Several research works have proffered various possible solu-
mechanisms are needed to protect the data from unauthorized
tions to mitigate man-in-the-middle attacks, popular among
access [291]. There are also privacy concerns regarding user
these is the use of cryptographic authentication protocols.
location and identity [292], that require various techniques
Another prominent challenge in such networks is the ability
such as cryptography and obfuscation [293].
to preserve the User Equipment (UE) privacy. The exposure of
As mentioned, 5G will be a shared environment of multi-
the IMSI generates issues to user privacy, and this information
ple stakeholders such as users/subscriber, network operators,
can cause several active and passive attacks. Also the TMSI
network infrastructure providers, service provider, MVNOs
can be attacked by malicious adversaries, i.e. rainbow and
and Communication Service Providers (CSPs). One of the
brute force attacks. Thus, one of the solutions to IMSI attacks
key challenge in 5G is to build and maintain trust among
is encrypting the IMSI [283], since revealing it can lead to
them. These multiple stakeholders in 5G systems will enable
several passive and active attacks targeted at specific IMSIs
new business models [292], [294]. This is because each
and their respective users. Furthermore, TMSI generated by the
involved entity might have different priorities for preserving
authentication center has been found to be prone to rainbow
subscriber’s privacy considering their own business interests.
and brute force attacks, hence an attacker who gets hold of
Thus, it may lead to the situations where all involved entities
the TMSI can be able to perform social engineering in tracing
do not fully cooperate to guarantee the privacy of the con-
the TMSI to the corresponding IMSI of a UE [15].
sumers [237]. Thus, in order to maintain subscribers trust on
various stakeholders and also within all involved parties, it is
C. Privacy: 5G highly important to have such trust models which can fulfill
The advent of new architectures, technologies and services the privacy needs of the subscriber and protect the interest of
in 5G networks will eventually generate higher privacy risks each entity in the whole 5G system.
for users and other stakeholders as compared to previous Managing identities in 5G networks would be a key chal-
generations. In addition, the integration of technologies such lenge because 5G will enable rapid communication among
SDN, NFV, cloud/edge computing with the 5G eco-system will huge number of users and devices having their own identities.
expose the networks to even more serious privacy challenges. Leakage in identity privacy may lead to various consequences,
Table VI highlights the potential privacy concerns for various for example, it can reveal users information about daily life
mobile generations. Three parameters are used to show the routine. One of the common attacks on identity is IMSI
importance of various privacy features in different generations, catching, where IMSI of mobile user is fetched [15]. Due
i.e., Low (L), Medium (M), and High (H). ’NA’ is used in the to unavailability of TMSI, UE is unable to use IMSI as its
table to present if any privacy challenge is ”Not Applicable”. identifier. A quicker method of fetching IMSI is by setting a
5G network will be a shared eco-system comprising various fake base station which might be considered as genuine/real
actors, and will provide different sets of digital services for because of its signal strength. This base station can ask identity
these different actors. For example, various heterogeneous information from mobile users, and in response the UEs give
operators and service providers involved in the process may their IMSI because they considered it as preferred base station.
access personal data of the consumer with or without their IMSI attacks can be both active and passive. A potential
consent. This is a critical issue because consumers/users will solution to overcome the IMSI catching attack is by allocating
be mostly unaware of the entities that are gathering, processing random TMSI to various mobile users at regular interval in a
and storing their data. The users will, in most cases, not know given network. IMSI is only used when any fault occurs or
25
TABLE VIII
P OTENTIAL PRIVACY CONCERNS FOR VARIOUS GENERATIONS
Privacy Concern 1G - 3G 4G 5G XG Relevant References

Lack of Authentication M H H H [16], [138], [279], [296], [297]
Data Privacy Attacks M M H H [16], [292], [284], [298]
Lack of Access Control L M H H [14], [153], [299], [300]
Identity based Attacks L M H H [279], [282], [281], [301], [295], [15]
Location based Attacks L M H H [281], [292], [302], [303], [304], [305]
Cross-Border Privacy H H H H [306], [298], [307], [308]
Legalization/Regulation and Governance M H H H [307], [309], [308], [310]
Cloud based Privacy L M H H [311], [312], [313], [314]
IoT based Privacy L M H H [285], [286], [99], [311], [315], [316]
Context/AI based Privacy NA L M H [317], [318], [319], [320], [321]
TMSI is not available [295]. paradigm shift in security as well. The development in com-
Location based services are getting vast attention for various puting paradigms, such as quantum computing, will compel
purposes such as finding nearest desired places, friends and us to design new robust security architectures leveraging
relatives, and wearable devices for tracking and monitoring powerful computing to strengthen network security. Breaking
purposes [292]. However, location based services will raise cryptographic algorithms with super-fast or organized shared
several privacy concerns. For example, in certain mobile computing might become a reality. The basic idea is that
applications, location based service providers ask for personal the diversity and growth of computing and communication
information of users which might not be needed for that par- technologies must be matched with novel security systems.
ticular mobile application. By using location information, one In this section, we present a broader view of a future
can easily track the life schedule of any particular individual generation of wireless network, termed as the XG (Fig. 9) and
and can cause harm. In order to tackle such location based discuss strengthening its security through novel technological
privacy issue, several approaches are already utilized such concepts that are currently hot research topics. For example,
as; encryption based approaches, anonymity based techniques, super-fast security mechanisms at various network nodes and
obfuscation based approaches, location cloaking algorithms, locations such as network edge or fog nodes, security automa-
privacy policies, and regulations among others [302], [304], tion and self healing that would require the development in AI,
[305], [322], [323]. and using the concepts of blockchain for securely providing
Recent developments in wireless and communication tech- security-critical services.
nologies allow global access and connectivity of user data.
Hence, if a user is using any online application in one country, A. The Concept of XG
his/her data can be stored or processed in any other country For presenting future directions in network security, we
[307], [308]. This leads to huge user privacy concerns because define XG as a secure and autonomous network of numerous
each country has its own privacy regulations and polices for smart objects in smart environments, all connected to make a
data protection. For example, regulation agencies may give smart city, with no observable latency, no restrictions on band-
priority to some data which are crucial in that country but width, and available everywhere. Smart environments [327]
may not be important or acceptable in the other country. Also have been the focus of research for many decades. The revo-
various legislation might have different values for personal lution of IoT [285] provides the basis for the computation and
data privacy. With the addition of public clouds and online communication paradigms required for smart environments.
service providers, the storage of user information cannot be By integrating smart environments, smart cities are at the
restricted to only a particular country. Therefore, it is vital to forefront of future Internet, whereas IoT is the basic building
define regulations that can protect consumer data through cross block of a smart city [328]. IoT provides the foundational
border territories. European Union has recently announced the infrastructure for the smart world, but the foundation of IoT
updated General Data Protection Regulation that highlights itself lies in smart networks [329]. Smart networks described
European Union laws on data protection and to preserve in [329], are network environments that use software that
privacy of all users within the European Union and the can configure heterogeneous networks automatically to meet
European economic area [324], [325]. It also defines rules and the user and service needs through network infrastructure
regulations on international transfers of personal information. abstractions [329]. Hence, the real benefits of IoT, aiming the
smart cities, can be realized when the communication systems
VIII. N EW D IMENSIONS IN S ECURITY OF F UTURE are also smart enough to intelligently and autonomously
N ETWORKS : T HE XG deliver the necessary information generated and needed by
IoT [330]. This needs i) intelligent communication systems
The dramatic increase in types and number of IoT devices, that are responsive to the needs of IoT in real-time, and ii)
the concepts of networked smart societies or a radically provide coverage, in ideal conditions, everywhere. XG, in our
new gadget-free world as presented in [326] necessitate a view, will be the future network having these capabilities.
26
Fig. 9. Overview of security systems in communication networks for future cities (highlight AI, SDN, NFV in figure).
B. A Glimpse of Security Challenges in XG security softwarization and virtualization, AI and blockchain

technologies can be used to secure future (XG) networks.
5G networks will integrate low power and low data rate IoT
devices [331]. The number of the IOT devices are projected
to reach 80 billion within the next decade. The massive C. Security Softwarization and Virtualization
number of IoT devices in massive numbers of smart spaces Taking the network functions from software rather than
will introduce new security challenges, as discussed in [332]. hardware is one of the key trends in future wireless networks.
Currently, the important communication protocols for IoT Virtualization creates another level of abstraction by provid-
include the IEEE 802.15.4 standard [333], [334], IPv6 over ing the framework to deploy network functions as software
Low-power Wireless Personal Area Networks (6LoWPAN) components, as promoted with the concepts of VNFs. The
standard [335], [336], and Constrained Application Protocol two concepts interwoven together, will not only provide the
(CoAP) [337], [338]. These protocols rely on cryptographic benefits of cost and performance efficiency, but will increase
algorithms such as the Elliptic Curve Cryptosystems (ECCs) end-to-end reliability of future networks [345]–[347]. Security
as the basis to secure the communication. With the advent functions implemented in software being able to be deployed
of quantum computing and increasing capacities of the next in any network perimeter based on necessity, introduces many
generation computing devices, these protocols will no longer new opportunities in strengthening network security.
be secure, as thoroughly discussed in [170]. Similarly, proper For example, traffic monitoring can be used to detect and
security keying models for IoT are still lacking [339] and prevent intrusions. Intrusion detection or prevention systems
routing protocols have vulnerabilities [340]–[342]. (ID/P-S) observe the traffic, find vulnerabilities or threats,
Furthermore, in a huge number of connected devices, rec- and use countermeasures to secure the network. Due to in-
ognizing malicious ones will be more challenging. Devices dependent control planes in traditional networks, ID/P-S tech-
with limited computation, battery and storage capacities, could nologies in each network domain are usiauln yldependently
potentially act as malicious bots in a network [332]. Mobile configured to deal with se ucctyirhallenges. Hence, it is hard
botnets, compromised limited capability devices, are already to update the current systems with newly identified types
posing serious security challenges due to connectivity to the of attacks and threat vectors or deploy consistent network-
Internet through cellular networks [18]. On one hand, devices wide security policies. Software-based ID/P-S systems using
not needing connectivity can be interconnected or be made virtualization technologies will enable run-time updates, as
available online through embedding a simple software. On the well as run-time security policy or system deployment in any
other hand, a large-scale analysis of firmware images [343] network segment, solely based on necessity.
reveal that embedded systems are ripe with security vulnera- Similarly, conventional access control mechanisms use fire-
bilities. Such devices will also endanger public privacy [344]. walls on network boundaries to examine incoming or outgoing
However, there are potential security approaches that can packets to prevent attacks and unauthorized access [348],
be used to ensure security in such environments. For instance, [349]. First, the insiders are considered as trusted partners
service or application-based security, using strong isolation who might be previously compromised and can launch at-
leveraging network slicing, software-based security functions tacks or circumvent the security mechanisms. Second, changes
that are portable, and leveraging AI for proactive security in network policies and traffic conditions require complex
measures in different network perimeters. In the following sub- configuration of firewalls. Technologies like SDN that enable
sections, we describe how new technological concepts such as programmability, centralize the network control, and equip
27
the network management plane with global visibility of the units of the cloud, learn about the environment using specific
network state can mitigate the risks involved in configura- monitoring methods, communicate with each other, and make
tions and easily monitor the overall network traffic (ingress decisions based on AI. These agents detect abnormalities,
or egress ports). SDN is also termed as security-defined malfunctions and security threats within the systems. Using the
networking [350], since it enables security software (SDN tools of AI such as neural networks and decision trees, the au-
applications) to be easily deployed, updated or removed from thors in [359] demonstrate revealing hidden communication by
a network. mobile malware or malicious software. Similarly, the authors
A number of firewall applications such as FLOW- in [360] use fuzzy logic, neural networks and trend analysis
GUARD [351] and OpenFlow firewall software [352] can be in IDSs. Moreover, AI algorithms and solutions such as
considered as the basic step towards softwarized security for Bayesian AI methods [361] dealing with uncertainty in terms
softwarized and virtualized networks. A detailed description of of finding malicious activity, as in DPI, opens new horizons
software-based virtualized security functions such as dynamic, for strengthening security of networks of massive number
reliable and scalable firewaling is described in [349]. A of connected devices (e.g. IoT), applications, and diversified
virtualized Deep Packet Inspection (DPI) system for intrusion services. For example, in [362] the authors demonstrate using
detection and prevention in a softwarized network infrastruc- AI to secure vehicular communication and effectively counter
ture is described in [353] and softwarized network monitoring DoS attacks.
in [354]. Even though virtualization and softwarization have Due to the diversity of services and devices in next gen-
their own limitations in terms of speed or latency, the flexibil- eration networks, autonomous decision making in terms of
ity and agility of such systems make these inevitable in future security policy verification, policy conversion to configurations
networks. and subsequently deployment will require leveraging AI for
the purpose. As described in [363], AI has the potential to
D. AI-based Security help operators in situations where there are no prior data
Analysis of huge amounts of data or monitoring the network or experience, or the data is too complicated to understand
traffic-in-transit for security require a paradigm of proactive, with traditional approaches. With the conglomeration of di-
self-aware and self-adaptive intelligent systems. Such systems verse IoT devices, UAVs, V2X, wearables and smart home
will employ novel algorithms and technologies of AI, and as a appliances, differentiating a security attack from a legitimate
result, cyber-security may become one of the best application traffic will be practically impossible or unmanageable without
areas for AI. Conventionally, a security attack or a security using AI [362]. One of the stringent requirements of IoT, or
lapse happens and then patching starts once the attack or for instance UAVs and V2X communication will be latency.
the lapse is recognized. This needs to change since critical Security services such as authentication and access control
infrastructures such as electricity smart grids, transportation need to be proactively carried out within the time constraints
and health-care systems are formally accepting connectivity in order to meet the main service requirements such as service
through communication infrastructures and reactive security migration from one edge node to another. In doing so, AI will
measures will not suffice. The change must be towards proac- play a critical role to timely identify the terminal actions and
tive security measures due to the criticality of security of these requirements to avoid service interruptions [362]. However,
infrastructures. Proactive security measures would require specific emphasis must be put to use AI in the realm of
continuous intelligence gathering, and using that intelligence network security.
to mitigate the possibility of security risks or lapses. AI,
with its promising algorithms and full solutions having gained
E. Security Automation
appreciation in other fields, must also be used in the realm of
network security. Machine execution of complex functions or automation can
Firewalls using DPI can be considered as an instantiation of be used in i) information acquisition, ii) information analysis,
AI in security, yet clear and specific development of AI-based iii) decision and action selection and iv) action implementation
security approaches and solutions need to be introduced [355]. for accuracy and reliability [364]. Due to the complexity of
A more enticing example is the Completely Automated Public next generation networks in terms of heterogeneity in net-
Turing test to tell computers and humans apart that brings works, devices, applications and services, network functions
the two domains (security and AI) at an intersection [356]. must be automated [365], [366]. Automation leveraging AI
This is widely used in commercial contexts where a human is already happening in many areas related to communication
is differentiated from a bot through recognizing distorted networks, for instance, in autonomous vehicles [367], [362].
characters or a sequence of characters [357]. As the pattern As the networks are getting complex making the network
recognition software move towards more sophisticated pattern management much more complicated, security parameters
recognition, the drive to maintain security will also drive adjustment, intrusion detection and prevention, and security
more sophisticated use of AI. Consequently, the advances in policy enforcement such as access control and authorization
decision procedures, model checking, and recently, Boolean need to be automated. Human-machine interaction is already
satisfiability have grasped the attention of cyber-security re- a major reason for the network downtime [368], and security
searchers [356]. lapses due to human errors are no exception [369].
A cloud monitoring model based on cooperative intelligent Manual configurations of network security technologies
agents is proposed in [358]. The agents, located in different such as firewalls and IPSec technologies on extended sets
28
of devices are prone to configuration errors, intra- and inter- stakeholders in the system [380]. Blockchain can also be a
policy conflicts resulting in serious security vulnerabilities and vital tool for providing various means to secure storage for
threats [370]. A study on manual configurations of firewalls the patient’s records. In addition, it can also securely maintain
in [371] reveals that major security breaches occur due to the patient’s medical history required for proper treatment or
complexity of manual configurations. Therefore, security au- medication. Future blockchain based health-care systems are
tomation is inevitable and with the emergence of complex IoT expected to improve particularly in terms of intelligence and
systems and networks, human intervention for each security context awareness, secure data access and sharing, better
policy setup, system updates or even lapses will be highly quality and management, and security and privacy. The low
challenging. latency, massive data communication and intelligent services
The evolving network paradigm paves the way for security provided by the future XG technologies will be one of the key
automation, albeit the limited efforts for security automation. requirements in future blockchain based health-care systems.
For instance, SDN automates many processes and proce- Another useful and popular application of blockchain is
dures including physical and virtual network management, in the area of IoT [381]–[383]. There will be numerous
reconfiguration, and introduces the possibility of deploying sensors/nodes/devices connected with IoT networks that re-
new automated services leveraging network abstractions [372]. quire proper management with less complexity and resource
Similarly, using various dimensions of AI to perceive or utilization. Along with that, security and privacy remain the
understand and eliminate a security threat well before it causes top most concerns in IoT because of its massive scale in
any damage in an automated fashion is already realizable. diverse applications [384]. Traditionally, the security frame-
Examples of such advancements include self-healing solutions works for IoT networks consume higher resources in terms of
for future mobile networks. A self-healing solution resolves energy and processing power. Also, most of the related work
outages or carry out network tasks autonomously without suggest that many of the security frameworks are based on
human intervention [373]. However, security automation will centralized approaches. Centralized security systems, however,
minimize the involvement of user perspectives which opens have challenges of scalability and single point of failures.
the debate of social acceptance as discussed in [374]. Furthermore, user privacy has many loop holes in IoT based
applications with existing privacy preserving methods. Thus,
blockchain based approaches in such cases can offer decen-
F. Blockchain: A New Security Perspective
tralized means of security and privacy mechanisms for IoT
Blockchain is considered as the next big revolution for applications [385], [386]. Due to decentralized and distributed
future Internet and communication technologies. Blockchain, nature of the blockchain technology, it can be well applied to
as a decentralized and distributed technology, has immense IoT, for example to manage the configuration of IoT devices,
potential in various useful and critical applications such as store and share the critical data, and enhance the security
banking, health-care, supply chain management, and IoT and privacy [382]. The future XG technologies will provide
among others [375], [376]. The initial focus area of blockchain solid platform to support blockchain for building security and
was related to bitcoin, crypto-currencies and financial/banking privacy mechanism for low power and resource constrained
purposes, however, its potential applicability in various ar- IoT devices.
eas of daily life made it necessary to draw the focus of
blockchain research to other identified applications as well.
The utilization of the blockchain for current network and G. UAV Base Station for Security
communication technologies are opening doors for more se- The agility and resilience requirements of future services
cure and safer means of communications. Blockchain allows motivate the use of UAVs equipped with Base Stations (UAV-
various stakeholders/entities to securely share and access the BS) for future wireless networks. The UAV-BS provides
the critical data. A distributed ledger containing the required quick deployment opportunity and temporary solutions to
data is shared with all the involved stakeholders within the any potentially unexpected situation or disaster management.
process. Thus, blockchain ensure more security features in the However, strong security measures are required for UAV-BS
overall communication system. The emergence of AI in future assisted communications. There are already some existing
communication systems in integration with the blockchain security threats that can be used against UAV-BS too. For
technology will be key enabler of many critical applications. instance, an attacker may manipulate the transferable data
A few use cases of blockchain with keeping security as the by delaying the control commands. The manipulation can
major highlight is discussed in this subsection. be carried out through corrupting, replaying and blocking
Health-care is among one of the prominent application the data during transmission [387]. An adversary may also
domains where blockchain will have a huge impact with its de- passively eavesdrop on critical data that can be used for further
centralized nature of computation. For example, secure sharing attacks [388].
of health-care information is one of the crucial requirements Due to stringent power and weight requirements, the BS
in order to provide intelligent and better quality of health-care carried by the UAVs may not be able to support complex
services [377], [378]. Health-care data is very sensitive and cryptographic algorithms like a terrestrial base stations. This
must be controlled by the respective patients [379]. Blockchain can cause the UAV-BS more prone to security vulnerabilities.
can provide a secure data accessibility mechanism where Moreover, the UAVs will have higher possibility to fall in the
patient’s health data can be accessed by various relevant hands of an attacker due to its operating location. Therefore,
29
UAVs must support mechanisms to safeguard from physical protect the privacy, there will also be need of strong regulations
tampering in the events it falls to the hands of an attacker. In and polices for such smart environments [397].
such cases, UAVs should use basic insider-attack protection Smart spaces will also play a key role in implementing the
mechanisms in which physical access does not guarantee vision of future smart cities and XG is going to play vital
access to the internal functions of a system. Due to lack of role by providing faster means of communication. Enabling
specific lightweight cryptographic protocols for UAV-BS, the technologies related to smart cities along with the corre-
backhaul communication can also be targeted by attackers. sponding big data challenges will make privacy one of the
However, the research on UAV-BS security is gaining momen- topmost concern for users in the coming future [398], [399].
tum and various solutions are proposed to tackle the mentioned Since smart cities will require high level of interconnectivity
challenges, as discussed in [389]–[392]. where multiple stakeholders can provide various services, the
Albeit the inherent security challenges, UAV-BS can also pervasive nature of services and their delivery will add more
assist in secure information flow, specifically in disaster hit woes for privacy. For examples authors in [400] highlighted
areas, or network segments under cyber-threats. Effective com- five types of privacy requirements needed for smart cities’
munications is the key to public safety in disaster or emergency applications and technologies: i) privacy of location, ii) privacy
situations [393]. A use-case presented in [391] is using drone of state of body and mind, iii) privacy of social life, iv) privacy
BS to augment the operation of public safety networks in of behavior and action, and v) privacy of media. Hence, there
critical situations. A fleet or swarm of drone used together are more dimensions for adversaries to compromise the privacy
to provide services in various scenarios, such as described of the whole eco-system. However, these intelligent or smart
in [390], can be used to securely operate and provide services. environments will also be context-aware and capable to take
A security attack on a whole fleet will be much more difficult AI-based decisions. Therefore, AI-based privacy mechanisms
due to shared intelligence and task execution. For instance, should be adapted to ensure intelligent and appropriate pri-
resource-exhaustion attacks will not easily affect the working vacy solutions by sensing the specific context and needs of
of the drones when multiple drones operate. Hence, using applications.
UAV-BS in situations where the available base station is either
under a security attack (e.g. DoS) or congested, that limits its
IX. D ISCUSSION AND F UTURE R ESEARCH D IRECTIONS
availability to legitimate users, seems an interesting approach
for future dense networks or smart cities with massive number The network security has evolved as the networking tech-
of IoT devices, smart vehicles or normal mobile users. nologies matured. There are also new disruptions due to
novel technological concepts such as SDN that furthered new
paradigms in security, such as Software Defined Security.
H. Privacy: However, there are still areas in which further research is
As highlighted above, the XG technology will be key highly important to ensure robust security in 5G and beyond.
enabler of massive and critical applications in various domains Few such important areas, based on the lessons learned from
such as smart health-care, industries automation, transporta- the existing literature, are discussed below.
tion/ Vehicle-to-Vehicle (V2V) and massive IoT. Along with
security, the privacy landscape will also vary according to
different requirements of applications. Massive amount of A. 5G Networks: Access, Backhaul, Core Networks
data is expected to be generated by these future applications, 5G will bring connectivity to almost all aspects of life, e.g.
because xG will provide the underlying network for ubiquitous connecting hospitals, schools, vehicles, home appliances, and
and pervasive digital services. Therefore, there will be a wider more, through increasing network capacity and efficiency of
scope for adversaries to attack the consumer’s privacy, as the technologies. New technological concepts are added from
described below with examples. the access to the core networks. In the access network, ultra-
Future digital services will merely not be only acquired densification and offloading, moving towards mmWave and
through gadgets but gadget free users can also attain the de- unlicensed spectrum, and leveraging the advances in MIMO
sired services anytime and anywhere. The concept of gadget- are the key technologies to fulfill the data rate and service
free smart environment (also called as the Naked World) is requirements [3]. However, these technologies must also be
introduced in [326], [394], [395], where gadget-free users can investigated from the point of view of security, since the
get digital services from the nearby intelligent environment security challenges in these technologies e.g. MIMO are much
and without using hand-held gadgets. Digital services and different than conventional security challenges. For instance,
computation capabilities will be embedded in the smart en- ensuring secrecy in resource allocation in MIMO as elaborated
vironment. This kind of open and shared environment will in [401] needs further investigations. Using the concepts of
be highly exposed to users’ privacy risks, i.e risks in leakage AI or big data in physical layer as described in [402] for
of data, location and identity [396]. Also all other involved improving the data or network security needs further research.
stakeholders such as infrastructure provider, network operator The concepts of AI or big data are currently used mainly in
and service providers need to ensure that users’ personal the upper layers. Similarly, beamforming for improving the
information should not leak during various phases such as user traffic or network security is also an interesting research area.
interaction with environment, identification process and data Currently various methods are used to protect the information
storage among others. In addition to technological solutions to from eavesdropping, however using the strength of MIMO
30
to securely perform other tasks, for example wireless power Research on service dynamics-based or traffic volatility-based
transfer [403], constitute interesting future research. control procedures distribution is still needed. Furthermore, the
The backhaul network connecting the access and core security of SDN must be investigated mainly on use-case basis
networks has a major change in terms of splitting the control specifically for future wireless networks, where the changes
and data planes. The split is mainly advocated with the in service functioning, user node or traffic behaviour can be
emergence of SDN, taking the control plane out of the data frequent.
plane and deploying it in the clouds. Similarly, the major NFV brings interesting opportunities to the wireless ne-
change in the core network is also the split of the control towrks domain. When the basic security challenges in NFV
plane functionalities from the forwarding plane. For example, are mitigated, NFV can strengthen the network security in a
the PCRF from PDN gateway will reside in the cloud-based variety of ways. For instance, NFV-based softwarized security
core network. Even though the split has many benefits such functions that can be mitigated from the centralized cloud to
as global network resource visibility and programmability, different network perimeters will enable highly dynamic se-
there are many challenges that still need effective solutions. curity, as par with the promises of dynamic networks. Further
In the backhaul network, the GTP tunnel processing for small research is needed to highlight the basic challenges in moving
sessions generated by IoT devices will make the interaction security functions throughout the network, and to investigate
of the control-data planes extremely high. In such scenarios, the impact on the network, security functionality, and the
malicious or even legitimate but compromised nodes will be challenges related to such movement of security functions.
capable of causing saturation attacks. Furthermore, the process Network slicing will enable resizing, shrinking and extending
of recognizing malicious or compromised nodes will further of network resources for various services and network func-
increase the interaction between the control and data planes. tions. Security policies related to such adjustments of resources
Hence, the security challenges due to the split in backhaul among various stakeholders need to facilitate security of the
networks need thorough analysis from the point of view of the overall system. Security policies in this case and service level
new services and devices, particularly, the resource constrained agreements for curtailing illegitimate use of network resources
devices which can be easily compromised to act as bots. From among lessor and the lessee parties must come forward.
the core network perspective, the traffic generated by massive The security challenges faced in different cloud computing
IoT deployment will make the authentication, mobility, and paradigms are mostly related to virtualization and VNFs, as
policy control entities in the core network easily exhaustible well as the security policies related to these technologies [245].
by malicious actors. One way forward, although needs further The security challenges in the smaller forms of clouds, e.g. fog
investigation, is the functional split that some functions, e.g. computing, are much different and are highly dependant on
firewalls and authentication mechanisms must reside near the the resource capacities and networking [405]. It is important
edge as virtualized security functions to recognize malicious to note that the services that use these technologies will have
activities at the entrance points. Such capabilities require the direct impact on the security of these platforms. For instance,
technologies of SDN, NFV and MEC in the network. However, compromised IoT devices sending sporadic messages to the
these technologies-albeit all the promising capabilities, need MEC or fog platforms will cause resource saturation easily
further research in terms of security as described below. compared to thickly resourced cloud platforms. However, the
advanced concepts of cloud computing such as MEC and
fog computing will facilitate robust security besides bring-
B. Key 5G Technologies: SDN, NFV, MEC
ing services near to the users. For example, bringing the
The use of SDN, NFV and the advanced concepts of authentication mechanisms near the edge or in other words,
cloud computing such as MEC or even fog computing [404] the user, will facilitate faster authentication in latency critical
will be inevitable in future networks. The main concern, applications. Since the security of the cloud computing is
though, is that the security challenges in each of the these highly related to the technologies using these concepts, such
technologies are handled or solved in a solitary fashion usually. as NFV and SDN, therefore, it is highly important to study
Similarly, the security concerns are solved only looking at the mutual impact of these technologies on each other.
the security of the technology, paying little attention to the
use case or applicability of the technology. For example, the
security of the centralized control for resource exhaustion C. Mutual Impact of the Key Technologies on Overall Security
is considered mainly in the form of either increasing its The combination of the key enabling technologies such
resource capacity [220] or distributing the control planes [215], as SDN, NFV and cloud computing has two sided effects
[216]. However, looking at the dynamism of future wireless on security. This combination can either decrease security or
networks, both of these solutions will be sub-optimal. On one increase the security of the overall system. Furthermore, the
hand, a high resource controller in each corner of the network security of the overall system can be compromised due to
will not be cost effective. On the other hand, the dynamism or lapses in security in one technology. For example, in future
moreso, the user behavior in different parts of the network can networks the control plane can be placed in a cloud when
change sporadically. Hence, resource extension in certain parts the control-data planes separation occur. Consider a situation
of the network is not the only way. Similarly, the dynamism of security breaches in the cloud platform such that un-
of future networks might require speedy distribution of certain authorized access to the control platform, e.g. SDN controller,
or partial control procedures in different parts of the network. is granted to a malicious user or application. The malicious
31
application in this case can change the forwarding behavior network, the existing trust models are not sufficient. New
of the entire network connected to that controller. In such trust models must be erected for the new actors entering
cases the security of the cloud will have a direct impact on the domain. That will cover the extended requirements in
SDN or the underlying network. Similarly, the compromised authentication between various actors, accountability and non-
cloud will have threatening effects on NFV or the whole repudiation. Furthermore, the new technologies that enable
NFV management systems that usually reside in clouds [225]. sharing the infrastructure resources through slicing require
Moreover, a compromised SDN controller can leave the clouds mechanisms to dynamically expand or contract their leased
disconnected. In addition, compromised virtual machines or resources securely and timely. Similarly, constrained devices
slices can also compromise the security of the clouds as such as the tiny sensors used for climate monitoring might
described in [406], [407]. open security loopholes into the system. Therefore, new trust
Strong security of each technology has positive implications models are necessary which might be difficult at this time, but
for the other technologies and the overall system. For example, can be defined gradually as the actors adopt 5G.
a secure cloud platform means only the inherent security of the
technology can have adverse implications on that technology. F. New Opportunities
If there is a proper isolation enforced in virtualized resources,
the overall cloud platform will be more secure. Similarly, 5G networks will amalgamate diverse services and technolo-
if the SDN data plane or the control planes are properly gies unlike previous generations. Thus, the security challenges
secured, the security of virtual networks over the data plane and solutions will be as different and diverse as the services
and cloud applications interacting with the SDN controller and technologies used in 5G. Albeit the complexities of
will be more secure [27]. Furthermore, there is also a need services, the technologies used in 5G will also enable new
to develop integrated security solutions where coordination security technologies that were practically absen tin the previ-
among various security controls, possibly in different layers, ous generations. For example, using the disciplines of AI such
is required to deliver integrated security to the overall sys- as neural networks for security in 4G were not easily realizable
tem [248]. However, the implications of security of these three due to the resource constraints, such as limited computation
technologies on each other are not properly studied, and thus, near the sources of traffic. 5G delivers high computation near
need further investigation. the sources of traffic through the concepts of cloud computing
near the edge, e.g. MEC. MEC resources near the edge can
be used to learn the traffic behaviour, detect possible security
D. Future Privacy Measures threats, and stop security breaches at the edge before they
5G and beyond networks will create heaps of privacy con- occur, this will mostly be facilitated using the disciplines of
cerns than ever before. These challenges are not merely from AI. As it is now known that the traffic over the network
consumer’s perspective but also from the view point of service will further exacerbate, the data can also be used for network
providers, network operators, Vendors and CSPs in order to en- analysis [408], and thus its role in decision making will also
sure the successful deployment of such networks. The enabling be considered for improving network security. Similarly, the
technologies such as blockchain and edge computing/clouds concepts of Blockchain can improve the security of sensitive
are integrated to future 5G and beyond networks and are services over the network [409]. Therefore, 5G will bring new
expected to fulfill the privacy requirements to some extent. opportunities to utilize the recent development in computing
However, it will not ensure the complete privacy protection as technologies to strengthen the security of the overall network,
future networks consists of multiple stockholders with diverse as well as the services that use the network.
business interests. This makes privacy a challenging task for
each stakeholders in the network. Therefore, it is a key for the X. C ONCLUSION
regulatory bodies to draft the privacy regulations in such a way
Wireless communication networks have been evolving from
that it should protect consumer’s privacy and at the same time
connecting simple mobile phones in 1G towards connecting
maintain the interests for each of the involved entities. Apart
almost all aspects of life in 5G. During this evolution, security
from this, existing cryptographic techniques can be utilized
landscape has equally evolved from simple phone tapping
with new security algorithms to ensure the authentication and
to diverse attacks on mobile devices, network equipment
authorization of valid entities. Approaches such as privacy-by-
and services. For integrating new things (IoT) and services
design and customized privacy are going to play crucial role
into the network, 5G will use new technologies such as
for future privacy solutions. Furthermore, AI based privacy
advanced cloud computing concepts (e.g. MEC), SDN, NFV,
solutions will be necessary for future network as the privacy
and massive MIMO etc. These technologies have their own
should be given by sensing the particular context.
inherent security challenges which can further complicate the
network security landscape. Therefore, in this paper we have
E. New Trust Models discussed the security challenges that exist in different parts
In previous generations of networks, the devices connected of the network such as access network, core network, and
to mobile networks were assumed to be trustworthy, and within the technologies that will be used in 5G networks. The
thus the trust models were straightforward [107]. Now that conglomeration of diverse devices, services, and new network-
new devices (massive IoT) ranging from home appliances ing technologies does increase the security threat landscape,
to surveillance to industrial equipment will span across the and thus new security solutions must be sought for efficient
32
and secure connectivity. Hence, we have thoroughly discussed [9] Hu, F. and Hao, Q. and Bao, K., “A Survey on Software Defined
the security challenges in different parts and technologies Networking (SDN) and OpenFlow: From Concept to Implementation,”
Communications Surveys Tutorials, IEEE, vol. PP, no. 99, pp. 1–1,
of 5G networks, and have outlined the possible security 2014.
principles, techniques and proposals for the mentioned security [10] B. Han and V. Gopalakrishnan and L. Ji and S. Lee, “Network function
challenges. Since privacy of users and user information is virtualization: Challenges and opportunities for innovations,” IEEE
Communications Magazine, vol. 53, no. 2, pp. 90–97, Feb 2015.
going more towards the hands of the infrastructure owners [11] N. Panwar, S. Sharma, and A. K. Singh, “A Survey on 5G: The Next
and systems’ operators, for instance in cloud storage systems, Generation of Mobile Communication,” Physical Communication,
privacy has grasped a lot of research attention. Therefore, we vol. 18, pp. 64 – 84, 2016, special Issue on Radio Access Network
Architectures and Resource Management for 5G. [Online]. Available:
also outline the weaknesses in the privacy of wireless networks http://www.sciencedirect.com/science/article/pii/S1874490715000531
and discuss the potential solutions for ensuring user and data [12] A. Gupta and R. K. Jha, “A Survey of 5G Network: Architecture and
privacy. Emerging Technologies,” IEEE Access, vol. 3, no. , pp. 1206–1232,
Due to the increasing diversity of devices and emergence of 2015.
[13] A. Gohil and H. Modi and S. K. Patel, “5G technology of mobile
new services, we have provided a vision of future connected communication: A survey,” in 2013 International Conference on Intel-
world, i.e. the XG. Since the connected systems in near ligent Systems and Signal Processing (ISSP), vol. , no. , March 2013,
future will be complex, the security threat landscape will pp. 288–292.
[14] C. Sexton and N. J. Kaminski and J. M. Marquez-Barja and N.
also be complex, and thus new modes of security operations Marchetti and L. A. DaSilva, “5G: Adaptable Networks Enabled by
will be inevitable. For instance, blockchain securely shares Versatile Radio Access Technologies,” IEEE Communications Surveys
information among the intended users, thus how to use the Tutorials, vol. 19, no. 2, pp. 688–720, Secondquarter 2017.
technology to strengthen user security has been highlighted [15] P. Schneider and G. Horn, “Towards 5G Security,” in 2015 IEEE
Trustcom BigDataSE ISPA, vol. 1, Aug 2015, pp. 1165–1170.
in this article. To sum it up, it is highly likely that new [16] M. A. Ferrag, L. Maglaras, A. Argyriou, D. Kosmanos, and
types of security threats and challenges will arise along with H. Janicke, “Security for 4G and 5G Cellular Networks: A survey
the deployment of novel communication technologies and of existing authentication and privacy-preserving schemes,” Journal
of Network and Computer Applications, vol. 101, pp. 55 – 82, 2018.
services. However, considering these challenges right from the [Online]. Available: http://www.sciencedirect.com/science/article/pii/
initial design phases to the deployment phases will minimize S1084804517303521
the likelihood of potential security and privacy lapses. [17] N. Seddigh and B. Nandy and R. Makkar and J. F. Beaumont, “Security
advances and challenges in 4G wireless networks,” in 2010 Eighth
International Conference on Privacy, Security and Trust, vol. , no. ,
ACKNOWLEDGMENT Aug 2010, pp. 62–71.
[18] S. Mavoungou and G. Kaddoum and M. Taha and G. Matar, “Survey
This work has been supported by Academy of Finland under on Threats and Attacks on Mobile Networks,” IEEE Access, vol. 4,
projects: 6Genesis Flagship (grant 318927), MEC-AI, Indus- no. , pp. 4543–4572, 2016.
[19] Y. Zou and J. Zhu and X. Wang and L. Hanzo, “A Survey on Wireless
trial Edge, and SecureConnect. Andrei Gurtov was supported Security: Technical Challenges, Recent Advances, and Future Trends,”
by the Center for Industrial Information Technology (CENIIT). Proceedings of the IEEE, vol. 104, no. 9, pp. 1727–1765, Sept 2016.
Ijaz Ahmad was also supported by the Jorma Ollila grant. [20] Y. Wu and A. Khisti and C. Xiao and G. Caire and K. K. Wong and X.
Gao, “A Survey of Physical Layer Security Techniques for 5G Wireless
Networks and Challenges Ahead,” IEEE Journal on Selected Areas in
R EFERENCES Communications, vol. 36, no. 4, pp. 679–695, 2018.
[21] D. Fang and Y. Qian and R. Q. Hu, “Security for 5G Mobile Wireless
[1] M. Agiwal and A. Roy and N. Saxena, “Next Generation 5G Wireless Networks,” IEEE Access, vol. 6, no. , pp. 4850–4874, 2018.
Networks: A Comprehensive Survey,” IEEE Communications Surveys [22] D. Rupprecht and A. Dabrowski and T. Holz and E. Weippl and
Tutorials, vol. 18, no. 3, pp. 1617–1655, thirdquarter 2016. C. Ppper, “On Security Research Towards Future Mobile Network
[2] D. Kutscher, “It’s the Network: Towards Better Security and Transport Generations,” IEEE Communications Surveys Tutorials, vol. 20, no. 3,
Performance in 5G,” in 2016 IEEE Conference on Computer Commu- pp. 2518–2542, 2018.
nications Workshops (INFOCOM WKSHPS), April 2016, pp. 656–661.
[23] Calhoun, Pat and Loughney, John and Guttman, Erik and Zorn, Glen
[3] J. G. Andrews and S. Buzzi and W. Choi and S. V. Hanly and A.
and Arkko, Jari, “DIAMETER base protocol,” Tech. Rep.
Lozano and A. C. K. Soong and J. C. Zhang, “What Will 5G Be?”
[24] “Mobile Edge Computing A key technology towards 5G,”
IEEE Journal on Selected Areas in Communications, vol. 32, no. 6,
http://www.etsi.org/images/files/ETSIWhitePapers/etsi wp11 mec a
pp. 1065–1082, June 2014.
key technology towards 5g.pdf, 2015, eTSI White Paper No. 11,
[4] Jyhi-Kong Wey and Han-Tsung Chang and Lir-Fan Sun and Wei-Pang
accessed: 10-10-2016.
Yang, “Clone terminator: an authentication service for advanced mobile
phone system,” in 1995 IEEE 45th Vehicular Technology Conference. [25] P. Lopez, A. Montresor, D. Epema, A. Datta, T. Higashino,
Countdown to the Wireless Twenty-First Century, vol. 1, no. , Jul 1995, A. Iamnitchi, M. Barcellos, P. Felber, and E. Riviere, “Edge-centric
pp. 175–179 vol.1. Computing: Vision and Challenges,” ACM SIGCOMM Computer Com-
[5] I. Ahmad and T. Kumar and M. Liyanage and J. Okwuibe and munication Review, vol. 45, no. 5, pp. 37–42, 2015.
M. Ylianttila and A. Gurtov, “5G security: Analysis of threats and [26] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge Computing: Vision
solutions,” in 2017 IEEE Conference on Standards for Communications and Challenges,” IEEE Internet of Things Journal, vol. 3, no. 5, pp.
and Networking (CSCN), vol. , no. , Sept 2017, pp. 193–199. 637–646, Oct 2016.
[6] G. Arfaoui and P. Bisson and R. Blom and R. Borgaonkar and H. [27] I. Ahmad and S. Namal and M. Ylianttila and A. Gurtov, “Security in
Englund and E. Flix and F. Klaedtke and P. K. Nakarmi and M. Nslund Software Defined Networks: A Survey,” IEEE Communications Surveys
and P. OHanlon and J. Papay and J. Suomalainen and M. Surridge and Tutorials, vol. 17, no. 4, pp. 2317–2346, Fourthquarter 2015.
J. P. Wary and A. Zahariev, “A Security Architecture for 5G Networks,” [28] McKeown, Nick and Anderson, Tom and Balakrishnan, Hari and
IEEE Access, vol. 6, no. , pp. 22 466–22 479, 2018. Parulkar, Guru and Peterson, Larry and Rexford, Jennifer and Shenker,
[7] Alliance, NGMN, “NGMN 5G white paper,” Next Generation Mobile Scott and Turner, Jonathan, “OpenFlow: enabling innovation in cam-
Networks, White paper, 2015. pus networks,” ACM SIGCOMM Computer Communication Review,
[8] P. Rost and C. J. Bernardos and A. D. Domenico and M. D. Girolamo vol. 38, no. 2, pp. 69–74, 2008.
and M. Lalam and A. Maeder and D. Sabella and D. Wbben, “Cloud [29] S. Shahabuddin, S. Rahaman, F. Rehman, I. Ahmad, and Z. Khan,
technologies for flexible 5G radio access networks,” IEEE Communi- “Evolution of cellular systems,” A Comprehensive Guide to 5G Secu-
cations Magazine, vol. 52, no. 5, pp. 68–76, May 2014. rity, pp. 1–29, 2018.
33
[30] K. Tanaka, “GSM security: a description of the reasons for security [55] M. Liyanage, I. Ahmad, A. B. Abro, A. Gurtov, and M. Ylianttila, A
and the techniques,” in 2001 IEEE Conference on the History of Comprehensive Guide to 5G Security. John Wiley & Sons, 2018.
Telecommunications, 2001. [56] P. K. Agyapong and M. Iwamura and D. Staehle and W. Kiess and
[31] Ghosh, A. and Zhang, J. and Andrews, J. G. and Muhamed R., A. Benjebbour, “Design considerations for a 5G network architecture,”
Fundamentals of LTE. Englewood Cliffs NJ USA:Prentice-Hall, 2010. IEEE Communications Magazine, vol. 52, no. 11, pp. 65–75, Nov 2014.
[32] Chandra, Praphul and Bensky, Dan and Bradley, Tony and Hurley, Chris [57] X. Costa-Perez and A. Garcia-Saavedra and X. Li and T. Deiss and A.
and Rackley, Stephen A and Rittinghouse, John and Ransome, James de la Oliva and A. di Giglio and P. Iovanna and A. Moored, “5G-
F and CISM, CISSP and Stapko, Timothy and Stefanek, George L and Crosshaul: An SDN/NFV Integrated Fronthaul/Backhaul Transport
others, Wireless security: Know it all. Newnes, 2011. Network Architecture,” IEEE Wireless Communications, vol. 24, no. 1,
[33] J. G. Sempere, “An overview of the GSM system,” in IEEE Vehicular pp. 38–45, February 2017.
Technology Society, , pp. 1–33. [58] F. Z. Yousaf and M. Bredel and S. Schaller and F. Schneider, “NFV
[34] M. Paetsch, The evolution of mobile communications in the U.S. and and SDNKey Technology Enablers for 5G Networks,” IEEE Journal
Europe: Regulation, technology, and markets. Boston: Artech House, on Selected Areas in Communications, vol. 35, no. 11, pp. 2468–2478,
1993. Nov 2017.
[35] C. Brookson, “GSM security: a description of the reasons for security [59] Telecommunication Standardization Sector of ITU, “Security architec-
and the techniques,” in IEE Colloquium on Security and Cryptography ture for systems providing end-to-end communications,” International
Applications to Radio Systems, 1994, pp. 2/1–2/4. Telecommunication Union, Tech. Rep. X.805, 2003.
[36] Pagliusi, Paulo S., “A Contemporary Foreword on GSM Security,” [60] 3rd Generation Partnership Project (3GPP), “Technical Specification
in Proceedings of the International Conference on Infrastructure Group Services and System Aspects (SA3);TS 33.501: Security Archi-
Security, ser. InfraSec ’02. London, UK, UK: Springer-Verlag, 2002, tecture and Procedures for 5G System, Release 15,” 3rd Generation
pp. 129–144. [Online]. Available: http://dl.acm.org/citation.cfm?id= Partnership Project (3GPP), Tech. Rep. 33.501, 2018.
647333.722873 [61] Forsberg, Dan and Horn, Günther and Moeller, Wolf-Dietrich and
[37] P. Bouska and M. Drahansk, “Communication Security in GSM Net- Niemi, Valtteri, LTE security, 2012.
works,” in 2008 International Conference on Security Technology, vol. , [62] Nokia. Security challenges and opportunities for 5G mobile networks.
no. , Dec 2008, pp. 248–251. Nokia. [Online]. Available: https://onestore.nokia.com/asset/201049
[38] M. Conti and N. Dragoni and V. Lesyk, “A Survey of Man In The [63] X. Li and Y. Wang, “Security Enhanced Authentication and Key
Middle Attacks,” IEEE Communications Surveys Tutorials, vol. 18, Agreement Protocol for LTE/SAE Network,” in 2011 7th International
no. 3, pp. 2027–2051, thirdquarter 2016. Conference on Wireless Communications, Networking and Mobile
[39] Toorani, M. and Beheshti A., “Solutions to the GSM security weak- Computing, vol. , no. , Sept 2011, pp. 1–4.
nesses,” in International Conference on Next Generation Mobile Apps, [64] G. M. Kien, “Mutual entity authentication for LTE,” in 2011 7th Inter-
Services and Technologies, Cardiff, Wales, UK, 2008, pp. 576–581. national Wireless Communications and Mobile Computing Conference,
[40] G. Cattaneo, G. D. Maio, and U. F. Petrillo, “Security issues and attacks vol. , no. , July 2011, pp. 689–694.
on the gsm standard: a review,” Journal of Universal Computer Science, [65] Muxiang Zhang and Yuguang Fang, “Security analysis and enhance-
vol. 19, no. 16, pp. 2437–2452, oct 2013. ments of 3GPP authentication and key agreement protocol,” IEEE
[41] J. D. Goli’c, Cryptanalysis of Alleged A5 Stream Cipher. Berlin, Transactions on Wireless Communications, vol. 4, no. 2, pp. 734–742,
Heidelberg: Springer Berlin Heidelberg, 1997, pp. 239–255. March 2005.
[42] 3GPP, “Security Objectives and Principles,” 3rd Generation Partnership [66] Arkko, J., “Extensible Authentication Protocol Method for 3rd Gen-
Project (3GPP), TS 33.120, apr 2001-03. [Online]. Available: eration Authentication and Key Agreement (EAP-AKA),” IETF RFC
http://www.3gpp.org/ftp/Specs/html-info/33120.htm 4187, Jan. 2006.
[43] Garg, Vijay Kumar and Rappaport, Theodore S, Wireless Network [67] K. A. Alezabi and F. Hashim and S. J. Hashim and B. M. Ali,
Evolution: 2G to 3G. Prentice Hall PTR, 2001. “An efficient authentication and key agreement protocol for 4G (LTE)
[44] Holma, Harri and Toskala, Antti, WCDMA for UMTS: Radio access for networks,” in 2014 IEEE REGION 10 SYMPOSIUM, vol. , no. , April
third generation mobile communications. john Wiley & sons, 2005. 2014, pp. 502–507.
[45] 3GPP, “3G Security; Security Architecture,” 3rd Generation Partnership [68] J. Cao and M. Ma and H. Li and Y. Zhang and Z. Luo, “A Survey on
Project (3GPP), TS 33.102, jun 2008. [Online]. Available: http: Security Aspects for LTE and LTE-A Networks,” IEEE Communica-
//www.3gpp.org/ftp/Specs/html-info/33102.htm tions Surveys Tutorials, vol. 16, no. 1, pp. 283–302, First 2014.
[46] K. Boman and G. Horn and P. Howard and V. Niemi, “UMTS security,” [69] S. Shahabuddin, O. Silvén, and M. Juntti, “ASIP design for multiuser
Electronics Communication Engineering Journal, vol. 14, no. 5, pp. MIMO broadcast precoding,” in 2017 European Conference on Net-
191–204, Oct 2002. works and Communications (EuCNC), June 2017, pp. 1–4.
[47] I. ITU, “Requirements related to technical performance for IMT- [70] S. Shahabuddin, O. Silvén, and M. Juntti, “Programmable ASIPs for
Advanced radio interface(s),” International Telecommunications Union, Multimode MIMO Transceiver,” Journal of Signal Processing Systems,
Tech. Rep., 2008. vol. 90, no. 10, pp. 1369–1381, Oct. 2018.
[48] 3GPP, “Technical Specification Group Services and System As- [71] S. Rahaman, S. Shahabuddin, M. B. Hossain, and S. Shahabuddin,
pects;3GPP System Architecture Evolution (SAE); Security architec- “Complexity analysis of matrix decomposition algorithms for linear
ture (Release 15),” 3rd Generation Partnership Project (3GPP), Tech. MIMO detection,” in 2016 5th International Conference on Informat-
Rep. 33.401, 2017-09. ics, Electronics and Vision (ICIEV), May 2016, pp. 927–932.
[49] Taleb, Tarik and Kunz, Andreas, “Machine type communications in [72] S. Shahabuddin, J. Janhunen, Z. Khan, M. Juntti, and A. Ghazi, “A
3GPP networks: potential, challenges, and solutions,” IEEE Communi- customized lattice reduction multiprocessor for MIMO detection,” in
cations Magazine, vol. 50, no. 3, pp. 178–184, 2012. 2015 IEEE International Symposium on Circuits and Systems (ISCAS),
[50] 3GPP, “Technical Specification Group Services and System Aspects; May 2015, pp. 2976–2979.
Study on security aspects of Machine-Type Communications (MTC) [73] S. Shahabuddin, M. Juntti, and C. Studer, “ADMM-based infinity norm
and other mobile data applications communications enhancements detection for large MU-MIMO: Algorithm and VLSI architecture,” in
(Release 12),” 3rd Generation Partnership Project (3GPP), Tech. Rep. 2017 IEEE International Symposium on Circuits and Systems (ISCAS),
33.868, 2014-06. May 2017, pp. 1–4.
[51] ——, “Technical Specification Group Services and System Aspects; [74] S. Shahabuddin, J. Janhunen, M. Juntti, A. Ghazi, and O. Silvén, “De-
Security of Home Node B (HNB) / Home evolved Node B (HeNB) sign of a Transport Triggered Vector Processor for Turbo Decoding,”
(Release 11),” 3rd Generation Partnership Project (3GPP), Tech. Rep. Analog Integrated Circuits and Signal Processing, vol. 78, no. 3, pp.
33.320, 2012-06. 611–622, Mar. 2014.
[52] ——, “Technical Specification Group Services and System Aspects; [75] S. Shahabuddin, J. Janhunen, and M. Juntti, “Design of a Transport
Feasibility study on LTE relay node security Release 10,” 3rd Gener- Triggered Architecture Processor for Flexible Iterative Turbo Decoder,”
ation Partnership Project (3GPP), Tech. Rep. 33.816, 2011-03. in Proceedings of wireless innovation forum conference on wireless
[53] Forsberg, Dan and Horn, Günther and Moeller, Wolf-Dietrich and communications technologies and software radio (SDR wincomm), Jan
Niemi, Valtteri, LTE security. John Wiley & Sons, 2012. 2013.
[54] J. Cao and M. Ma and H. Li and Y. Zhang and Z. Luo, “A Survey on [76] S. Shahabuddin, J. Janhunen, M. F. Bayramoglu, M. Juntti, A. Ghazi,
Security Aspects for LTE and LTE-A Networks,” IEEE Communica- and O. Silvén, “Design of a unified transport triggered processor for
tions Surveys Tutorials, vol. 16, no. 1, pp. 283–302, 2014. LDPC/turbo decoder,” in 2013 International Conference on Embedded
34
Computer Systems: Architectures, Modeling, and Simulation (SAMOS), [103] Securing the Smart Home. [Online]. Available: https://simalliance.org/
July 2013, pp. 288–295. wp-content/uploads/2015/03/Securing-the-Smart-Home FINAL.pdf
[77] A. Maximov, M. Naslund, P. Stahl, G. Correndo, V. Krivcovs, [104] An analysis of the security needs of the 5G market.
S. Phillips, V. Lehtovirta, V. Torvinen, F. Klaedtke, S. Heikkinen et al., [Online]. Available: https://simalliance.org/wp-content/uploads/2016/
“5g-ensure d2. 4: Security architecture (draft),” 2016. 02/SIMalliance 5GWhitepaper FINAL.pdf
[78] ITU-T, “SERIES Y: Y.3102. Framework of the IMT-2020 network,” [105] 5G Security: Forward Thinking Huawei White Paper.
International Telecommunication Union, Geneva, Switzerland, Recom- [Online]. Available: https://www.huawei.com/minisite/5g/img/5G
mendation ITU-T Y, 2018. Security Whitepaper en.pdf
[79] Alliance, NGMN, “5G security recommendations Package,” White [106] 5G Security Architecture White Paper. [Online]. Available:
paper, 2016. https://www-file.huawei.com/-/media/corporate/pdf/white%20paper/
[80] V. P. Kafle, Y. Fukushima, and H. Harai, “Internet of things stan- 5g security architecture white paper en-v2.pdf?la=en&source=corp
dardization in itu and prospective networking technologies,” IEEE comm
Communications Magazine, vol. 54, no. 9, pp. 43–49, Sep. 2016. [107] 5G security - scenarios and solutions. [Online]. Available: https://www.
[81] A. Meddeb, “Internet of things standards: who stands out from the ericsson.com/en/white-papers/5g-security-scenarios-and-solutions
crowd?” IEEE Communications Magazine, vol. 54, no. 7, pp. 40–47, [108] 5G security - enabling a trustworthy 5G sys-
July 2016. tem. [Online]. Available: https://www.ericsson.com/en/white-papers/
[82] ——, “Internet of things security: We’re walking on eggshells!” in 5g-security---enabling-a-trustworthy-5g-system
Qatar Foundation Annual Research Conference Proceedings, vol. 2016, [109] 5G Security Overview: Security for Programmable Cloud-Based
no. 1. HBKU Press Qatar, 2016, p. ICTOP3170. Mobile Networks. [Online]. Available: https://www.itu.int/en/ITU-T/
[83] ITU-T, “SERIES Y: Y.4806. Security capabilities supporting safety Workshops-and-Seminars/20180319/Documents/Peter Schneider.pdf
of the Internet of things,” International Telecommunication Union, [110] 5G Security Innovation with Cisco. [Online].
Geneva, Switzerland, Recommendation ITU-T Y, 2017. Available: https://www.cisco.com/c/dam/en/us/solutions/
[84] ——, “SERIES X: X.1361. Security framework for the Internet of collateral/service-provider/service-provider-security-solutions/
things based on the gateway model,” International Telecommunication 5g-security-innovation-with-cisco-wp.pdf
Union, Geneva, Switzerland, Recommendation ITU-T X, 2018. [111] M. M. Alam, H. Malik, M. I. Khan, T. Pardy, A. Kuusik, and Y. Le
[85] ——, “SERIES X: X.1362. Simple encryption procedure for Internet Moullec, “A Survey on the Roles of Communication Technologies in
of things (IoT) environments,” International Telecommunication Union, IoT-Based Personalized Healthcare Applications,” IEEE Access, vol. 6,
Geneva, Switzerland, Recommendation ITU-T X, 2017. pp. 36 611–36 631, 2018.
[86] ——, “SERIES X: X.1038. Security requirements and reference archi- [112] H. Malik, H. Pervaiz, M. Mahtab Alam, Y. Le Moullec, A. Kuusik,
tecture for software-defined networking,” International Telecommuni- and M. Ali Imran, “Radio Resource Management Scheme in NB-IoT
cation Union, Geneva, Switzerland, Recommendation ITU-T X, 2016. Systems,” IEEE Access, vol. 6, pp. 15 051–15 064, 2018.
[87] A. Pastor and J. Folgueira, “Practical Experience in NFV Security [113] H. Malik, M. M. Alam, Y. L. Moullec, and A. Kuusik, “NarrowBand-
Field: Virtual Home Gateway,” in Guide to Security in SDN and NFV. IoT Performance Analysis for Healthcare Applications,” Procedia
Springer, 2017, pp. 127–148. Comput. Sci., vol. 130, no. C, pp. 1077–1083, May 2018. [Online].
Available: https://doi.org/10.1016/j.procs.2018.04.156
[88] ITU-T, “Security architecture for systems providing end-to-end com-
[114] E. Dahlman and G. Mildh and S. Parkvall and J. Peisa and J. Sachs and
munications,” 2003.
Y. Seln and J. Skld, “5G wireless access: requirements and realization,”
[89] ITU-T, “SERIES X: X.1601. Security framework for cloud computing,”
IEEE Communications Magazine, vol. 52, no. 12, pp. 42–47, December
International Telecommunication Union, Geneva, Switzerland, Recom-
2014.
mendation ITU-T X, 2015.
[115] R. Q. Hu and Y. Qian and S. Kota and G. Giambene, “Hetnets - a
[90] M. Drozdova, S. Rusnak, P. Segec, J. Uramova, and M. Moravcik,
new paradigm for increasing cellular capacity and coverage [Guest
“Contribution to cloud computing security architecture,” in Emerging
Editorial],” IEEE Wireless Communications, vol. 18, no. 3, pp. 8–9,
eLearning Technologies and Applications (ICETA), 2017 15th Interna-
June 2011.
tional Conference on. IEEE, 2017, pp. 1–6.
[116] A. Damnjanovic and J. Montojo and Y. Wei and T. Ji and T. Luo and
[91] ITU-T, “SERIES X: X.1641. Guidelines for cloud service cus- M. Vajapeyam and T. Yoo and O. Song and D. Malladi, “A survey
tomer data security,” International Telecommunication Union, Geneva, on 3GPP heterogeneous networks,” IEEE Wireless Communications,
Switzerland, Recommendation ITU-T X, 2016. vol. 18, no. 3, pp. 10–21, June 2011.
[92] 3GPP. (2017, May) SA3-Security. The Third Generation [117] P. Xia and V. Chandrasekhar and J. G. Andrews, “Open vs. Closed
Partnership Project (3GPP). [Online]. Available: http://www.3gpp. Access Femtocells in the Uplink,” IEEE Transactions on Wireless
org/Specifications-groups/sa-plenary/54-sa3-security Communications, vol. 9, no. 12, pp. 3798–3809, December 2010.
[93] 5G PPP Security WG, “5G PPP Phase1 Security Landscape, White [118] H. M. Wang and T. X. Zheng and J. Yuan and D. Towsley and M. H.
paper,” 5GPPP Papers, 2017. Lee, “Physical Layer Security in Heterogeneous Cellular Networks,”
[94] X. Zhang and A. Kunz and S. Schrder, “Overview of 5G security in IEEE Transactions on Communications, vol. 64, no. 3, pp. 1204–1219,
3GPP,” in 2017 IEEE Conference on Standards for Communications March 2016.
and Networking (CSCN), vol. , no. , Sept 2017, pp. 181–186. [119] V. Chandrasekhar, J. Andrews, and A. Gatherer, “Femtocell Networks:
[95] ONF. (2013, October) The Open Networking Foundation. a Survey,” Communications Magazine, IEEE, vol. 4, no. 9, pp. 59–67,
Open Networking Foundation. [Online]. Available: https: 2008.
//www.opennetworking.org [120] D. Knisely, T. Yoshizawa, and F. Favichia, “Standardization of Femto-
[96] ETSI. (2018, April) Network Functions Virtualisation. European cells in 3GPP,” Communications Magazine, IEEE, vol. 47, no. 9, pp.
Telecommunications Standards Institute (ETSI). [Online]. Available: 68–75, 2009.
http://www.etsi.org/technologies-clusters/technologies/nfv [121] D. Wake and D. Johansson and D. G. Moodie, “Passive picocell: a
[97] ——. (2018, April) Network Functions Virtualisation (NFV) Release new concept in wireless network infrastructure,” Electronics Letters,
3; Security; Security Management and Monitoring specification. vol. 33, no. 5, pp. 404–406, Feb 1997.
European Telecommunications Standards Institute (ETSI). [Online]. [122] K. Chandra and R. V. Prasad and B. Quang and I. G. M. M.
Available: http://www.etsi.org/deliver/etsi gs/NFV-SEC/001 099/013/ Niemegeers, “CogCell: cognitive interplay between 60 GHz picocells
03.01.01 60/gs NFV-SEC013v030101p.pdf and 2.4/5 GHz hotspots in the 5G era,” IEEE Communications Maga-
[98] Multi-access Edge Computing. [Online]. Available: https://www.etsi. zine, vol. 53, no. 7, pp. 118–125, July 2015.
org/technologies-clusters/technologies/multi-access-edge-computing [123] J. Hoadley and P. Maveddat, “Enabling small cell deployment with
[99] NIST Cybersecurity for IoT Program. [Online]. Available: https: HetNet,” IEEE Wireless Communications, vol. 19, no. 2, pp. 4–5, April
//www.nist.gov/programs-projects/nist-cybersecurity-iot-program 2012.
[100] GSMA IoT Security Guidelines and Assessment. [Online]. Available: [124] X. Duan and X. Wang, “Fast authentication in 5G HetNet through SDN
https://www.gsma.com/iot/future-iot-networks/iot-security-guidelines/ enabled weighted secure-context-information transfer,” in 2016 IEEE
[101] SIMalliance: Securing connected and mobile services. [Online]. International Conference on Communications (ICC), vol. , no. , May
Available: https://simalliance.org/about-us/mission-objectives/ 2016, pp. 1–6.
[102] 5G Security Making the Right Choice to Match your Needs. [125] N. Qachri, O. Markowitch, and J.-M. Dricot, “Vertical handover
[Online]. Available: https://simalliance.org/wp-content/uploads/2016/ security in 4g heterogeneous networks: Threat analysis and open
02/SIMalliance-5G-Security-Technical-Paper.pdf challenges,” in Future Generation Information Technology, T.-h. Kim,
35
Y.-h. Lee, and W.-c. Fang, Eds. Berlin, Heidelberg: Springer Berlin [148] H. M. Furqan, J. M. Hamamreh, and H. Arslan, “Enhancing physical
Heidelberg, 2012, pp. 7–14. layer security of OFDM systems using channel shortening,” in 2017
[126] Martin Dehnel-Wild and Cas Cremers, “Security vulnerability in IEEE 28th Annual International Symposium on Personal, Indoor, and
5G-AKA draft: 3GPP TS 33.501 draft v0.7.0,” 3rd Generation Mobile Radio Communications (PIMRC), Oct 2017, pp. 1–5.
Partnership Project (3GPP), Tech. Rep., 2018. [Online]. Available: [149] J. M. Hamamreh, H. M. Furqan, and H. Arslan, “Classifications and
https://www.cs.ox.ac.uk/5G-analysis/5G-AKA-draft-vulnerability.pdf Applications of Physical Layer Security Techniques for Confidentiality:
[127] 3rd Generation Partnership Project (3GPP), “Technical Specification A Comprehensive Survey,” IEEE Communications Surveys Tutorials,
Group Services and System Aspects (SA3);TS 33.501: Security Archi- pp. 1–1, 2018.
tecture and Procedures for 5G System, version 0.7.0,” 3rd Generation [150] R. Melki, H. N. Noura, M. M. Mansour, and A. Chehab, “A survey
Partnership Project (3GPP), Tech. Rep. 33.501, 2017. on OFDM physical layer security,” Physical Communication, vol. 32,
[128] ——, “Study on New Services and Markets Technology Enablers, pp. 1 – 30, 2019.
Release 14,” 3rd Generation Partnership Project (3GPP), Tech. Rep. [151] H. Wu and X. Tao and N. Li and J. Xu, “Secrecy Outage Probability in
22.891, 2016. Multi-RAT Heterogeneous Networks,” IEEE Communications Letters,
[129] W. Trappe, “The challenges facing physical layer security,” IEEE vol. 20, no. 1, pp. 53–56, Jan 2016.
Communications Magazine, vol. 53, no. 6, pp. 16–20, June 2015. [152] X. Duan and X. Wang, “Authentication handover and privacy protection
[130] D. Soldani and P. Chatzimisios and A. Jamalipour and B. Barani and S. in 5G hetnets using software-defined networking,” IEEE Communica-
Redana and S. Rangan, “5G Radio Access Architecture and Technolo- tions Magazine, vol. 53, no. 4, pp. 28–35, April 2015.
gies [Guest editor introduction],” IEEE Communications Magazine, [153] W. Boubakri and W. Abdallah and N. Boudriga, “Access control in
vol. 54, no. 11, pp. 14–15, November 2016. 5G communication networks using simple PKI certificates,” in 2017
[131] G. Shiqi and X. Chengwen and F. Zesong and K. Jingming, “Resource 13th International Wireless Communications and Mobile Computing
allocation for physical layer security in heterogeneous network with Conference (IWCMC), vol. , no. , June 2017, pp. 2092–2097.
hidden eavesdropper,” China Communications, vol. 13, no. 3, pp. 82– [154] T. H. Szymanski, “Strengthening security and privacy in an ultra-dense
95, March 2016. green 5G Radio Access Network for the industrial and tactile Internet
[132] Shannon, Claude E, “Communication theory of secrecy systems,” Bell of Things,” in 2017 13th International Wireless Communications and
Labs Technical Journal, vol. 28, no. 4, pp. 656–715, 1949. Mobile Computing Conference (IWCMC), vol. , no. , June 2017, pp.
[133] Wyner, Aaron D, “The wire-tap channel,” Bell Labs Technical Journal, 415–422.
vol. 54, no. 8, pp. 1355–1387, 1975. [155] M. Jaber and M. A. Imran and R. Tafazolli and A. Tukmanov, “5G
[134] A. Mukherjee and S. A. A. Fakoorian and J. Huang and A. L. Backhaul Challenges and Emerging Research Directions: A Survey,”
Swindlehurst, “Principles of Physical Layer Security in Multiuser Wire- IEEE Access, vol. 4, no. , pp. 1743–1766, 2016.
less Networks: A Survey,” IEEE Communications Surveys Tutorials, [156] M. Jaber and F. J. Lopez-Martinez and M. A. Imran and A. Sutton
vol. 16, no. 3, pp. 1550–1573, Third 2014. and A. Tukmanov and R. Tafazolli, “Wireless Backhaul: Performance
[135] Y. S. Shiu and S. Y. Chang and H. C. Wu and S. C. H. Huang and Modeling and Impact on User Association for 5G,” IEEE Transactions
H. H. Chen, “Physical layer security in wireless networks: a tutorial,” on Wireless Communications, vol. 17, no. 5, pp. 3095–3110, May 2018.
IEEE Wireless Communications, vol. 18, no. 2, pp. 66–74, April 2011. [157] M. Atakora and H. Chenji, “A Multicast Technique for Fixed and
[136] Y. Liu and H. H. Chen and L. Wang, “Physical Layer Security Mobile Optical Wireless Backhaul in 5G Networks,” IEEE Access,
for Next Generation Wireless Networks: Theories, Technologies, and vol. 6, no. , pp. 27 491–27 506, 2018.
Challenges,” IEEE Communications Surveys Tutorials, vol. 19, no. 1, [158] O. Krasko and H. Al-Zayadi and A. Masyuk and M. Klymash,
pp. 347–376, Firstquarter 2017. “Enhanced MAC design for convergence of 5G backhaul network,”
[137] X. Chen and D. W. K. Ng and W. H. Gerstacker and H. H. Chen, “A in 2017 2nd International Conference on Advanced Information and
Survey on Multiple-Antenna Techniques for Physical Layer Security,” Communication Technologies (AICT), vol. , no. , July 2017, pp. 213–
IEEE Communications Surveys Tutorials, vol. 19, no. 2, pp. 1027– 216.
1053, Secondquarter 2017. [159] H. Raza, “A brief survey of radio access network backhaul evolution:
[138] X. Wang and P. Hao and L. Hanzo, “Physical-layer authentication for part II,” IEEE Communications Magazine, vol. 51, no. 5, pp. 170–177,
wireless security enhancement: current challenges and future develop- May 2013.
ments,” IEEE Communications Magazine, vol. 54, no. 6, pp. 152–158, [160] J. Gebert and D. Zeller, “Fat pipes for user plane tunneling in 5G,”
June 2016. in 2016 IEEE Conference on Standards for Communications and
[139] J. M. Hamamreh, Z. E. Ankarali, and H. Arslan, “CP-Less OFDM Networking (CSCN), vol. , no. , Oct 2016, pp. 1–6.
With Alignment Signals for Enhancing Spectral Efficiency, Reducing [161] J. Prados-Garzon and O. Adamuz-Hinojosa and P. Ameigeiras and
Latency, and Improving PHY Security of 5G Services,” IEEE Access, J. J. Ramos-Munoz and P. Andres-Maldonado and J. M. Lopez-
vol. 6, pp. 63 649–63 663, 2018. Soler, “Handover implementation in a 5G SDN-based mobile network
[140] E. Suikkanen, J. Janhunen, S. Shahabuddin, and M. Juntti, “Study of architecture,” in 2016 IEEE 27th Annual International Symposium on
adaptive detection for MIMO-OFDM systems,” in 2013 International Personal, Indoor, and Mobile Radio Communications (PIMRC), vol. ,
Symposium on System on Chip (SoC), Oct 2013, pp. 1–4. no. , Sept 2016, pp. 1–6.
[141] S. Shahabuddin, J. Janhunen, E. Suikkanen, H. Steendam, and [162] J. M. Tilli and R. Kantola, “Data plane protocols and fragmentation
M. Juntti, “An adaptive detector implementation for MIMO-OFDM for 5G,” in 2017 IEEE Conference on Standards for Communications
downlink,” in 2014 9th International Conference on Cognitive Radio and Networking (CSCN), vol. , no. , Sept 2017, pp. 207–213.
Oriented Wireless Networks and Communications (CROWNCOM), [163] 3rd Generation Partnership Project (3GPP). The Evolved Packet Core,
June 2014, pp. 305–310. Release 8. [Online]. Available: http://www.3gpp.org/technologies/
[142] J. M. Hamamreh and H. Arslan, “Secure Orthogonal Transform Di- keywords-acronyms/100-the-evolved-packet-core
vision Multiplexing (OTDM) Waveform for 5G and Beyond,” IEEE [164] J. Kim, D. Kim, and S. Choi, “3GPP SA2 architecture and
Communications Letters, vol. 21, no. 5, pp. 1191–1194, May 2017. functions for 5G mobile communication system,” ICT Express,
[143] J. M. Hamamreh, E. Basar, and H. Arslan, “OFDM-Subcarrier Index vol. 3, no. 1, pp. 1 – 8, 2017. [Online]. Available: http:
Selection for Enhancing Security and Reliability of 5G URLLC Ser- //www.sciencedirect.com/science/article/pii/S240595951730019X
vices,” IEEE Access, vol. 5, pp. 25 863–25 875, 2017. [165] 3rd Generation Partnership Project (3GPP), “Technical Specification
[144] A. A. E. Hajomer, X. Yang, and W. Hu, “Secure OFDM Transmission Group Services and System Aspects; Network architecture, Release
Precoded by Chaotic Discrete Hartley Transform,” IEEE Photonics 8,” 3rd Generation Partnership Project (3GPP), Tech. Rep. 3GPP TS
Journal, vol. 10, no. 2, pp. 1–9, April 2018. 23.002 , 2018.
[145] J. M. Hamamreh, H. M. Furqan, and H. Arslan, “Secure pre-coding and [166] Nokia. (2012) A signaling storm is gathering
post-coding for OFDM systems along with hardware implementation,” - Is your packet core ready? [Online]. Avail-
in 2017 13th International Wireless Communications and Mobile able: https://blog.networks.nokia.com/mobile-networks/2012/12/05/
Computing Conference (IWCMC), June 2017, pp. 1338–1343. a-signaling-storm-is-gathering-is-your-packet-core-ready/
[146] D. W. K. Ng, E. S. Lo, and R. Schober, “Energy-Efficient Resource [167] Cisco, Visual Networking Index, “Global Mobile Data Traffic Forecast
Allocation for Secure OFDMA Systems,” IEEE Transactions on Ve- Update, 2015–2020 White Paper,” Document ID, vol. 958959758, 2016.
hicular Technology, vol. 61, no. 6, pp. 2572–2585, July 2012. [168] Bassil, Ramzi and Chehab, Ali and Elhajj, Imad and Kayssi,
[147] H. Li, X. Wang, and W. Hou, “Secure Transmission in OFDM Systems Ayman, “Signaling Oriented Denial of Service on LTE Networks,”
by Using Time Domain Scrambling,” in 2013 IEEE 77th Vehicular in Proceedings of the 10th ACM International Symposium on
Technology Conference (VTC Spring), June 2013, pp. 1–5. Mobility Management and Wireless Access, ser. MobiWac ’12. New
36
York, NY, USA: ACM, 2012, pp. 153–158. [Online]. Available: [190] B. Chen and C. Zhu and W. Li and J. Wei and V. C. M. Leung and L.
http://doi.acm.org/10.1145/2386995.2387024 T. Yang, “Original Symbol Phase Rotated Secure Transmission Against
[169] X. Zhou and Z. Zhao and R. Li and Y. Zhou and T. Chen and Z. Niu Powerful Massive MIMO Eavesdropper,” IEEE Access, vol. 4, no. , pp.
and H. Zhang, “Toward 5G: when explosive bursts meet soft cloud,” 3016–3025, 2016.
IEEE Network, vol. 28, no. 6, pp. 12–17, Nov 2014. [191] T. T. Do, E. Bjrnson, E. G. Larsson, and S. M. Razavizadeh, “Jamming-
[170] C. Cheng and R. Lu and A. Petzoldt and T. Takagi, “Securing Resistant Receivers for the Massive MIMO Uplink,” IEEE Transactions
the Internet of Things in a Quantum World,” IEEE Communications on Information Forensics and Security, vol. 13, no. 1, pp. 210–223, Jan
Magazine, vol. 55, no. 2, pp. 116–120, February 2017. 2018.
[171] R. Piqueras Jover, “Security attacks against the availability of LTE [192] H. Akhlaghpasand, S. M. Razavizadeh, E. Bjrnson, and T. T. Do,
mobility networks: Overview and research directions,” in 2013 16th “Jamming Detection in Massive MIMO Systems,” IEEE Wireless
International Symposium on Wireless Personal Multimedia Communi- Communications Letters, vol. 7, no. 2, pp. 242–245, April 2018.
cations (WPMC), vol. , no. , June 2013, pp. 1–9. [193] T. T. Do, H. Q. Ngo, T. Q. Duong, T. J. Oechtering, and M. Skoglund,
[172] 3rd Generation Partnership Project (3GPP), “Technical Specification “Massive MIMO Pilot Retransmission Strategies for Robustification
Group Services and System Aspects; System Architecture for the 5G Against Jamming,” IEEE Wireless Communications Letters, vol. 6,
System, Release 15,” 3rd Generation Partnership Project (3GPP), Tech. no. 1, pp. 58–61, Feb 2017.
Rep. 3GPP TS 23.501, 2018. [194] Y. Wu, C. Wen, W. Chen, S. Jin, R. Schober, and G. Caire, “Data-Aided
[173] J. Cao and P. Yu and M. Ma and W. Gao, “Fast Authentication and Data Secure Massive MIMO Transmission with Active Eavesdropping,” in
Transfer Scheme for Massive NB-IoT Devices in 3GPP 5G Network,” 2018 IEEE International Conference on Communications (ICC), May
IEEE Internet of Things Journal, vol. , no. , pp. 1–1, 2018. 2018, pp. 1–6.
[174] C. Lai and H. Zhou and N. Cheng and X. S. Shen, “Secure Group [195] Y. Wu, J. Wang, J. Wang, R. Schober, and C. Xiao, “Secure Transmis-
Communications in Vehicular Networks: A Software-Defined Network- sion With Large Numbers of Antennas and Finite Alphabet Inputs,”
Enabled Architecture and Solution,” IEEE Vehicular Technology Mag- IEEE Transactions on Communications, vol. 65, no. 8, pp. 3614–3628,
azine, vol. 12, no. 4, pp. 40–49, Dec 2017. Aug 2017.
[175] V. Yazc and U. C. Kozat and M. O. Sunay, “A new control plane for [196] Y. Wu, R. Schober, D. W. K. Ng, C. Xiao, and G. Caire, “Secure
5G network architecture with a case study on unified handoff, mobility, Massive MIMO Transmission With an Active Eavesdropper,” IEEE
and routing management,” IEEE Communications Magazine, vol. 52, Transactions on Information Theory, vol. 62, no. 7, pp. 3880–3900,
no. 11, pp. 76–85, Nov 2014. July 2016.
[176] P. Rost and A. Banchs and I. Berberana and M. Breitbach and M. Doll [197] I. Ahmad and M. Liyanage and S. Namal and M. Ylianttila and A.
and H. Droste and C. Mannweiler and M. A. Puente and K. Samdanis Gurtov and M. Eckert and T. Bauschert and Z. Faigl and L. Bokor and
and B. Sayadi, “Mobile network architecture evolution toward 5G,” E. Saygun and H. A. Akyldz and O. L. Perez and M. U. Itzazelaia
IEEE Communications Magazine, vol. 54, no. 5, pp. 84–91, May 2016. and B. Ozbek and A. Ulas, “New concepts for traffic, resource and
[177] H. Hawilo and A. Shami and M. Mirahmadi and R. Asal, “NFV: state mobility management in software-defined mobile networks,” in 2016
of the art, challenges, and implementation in next generation mobile 12th Annual Conference on Wireless On-demand Network Systems and
networks (vEPC),” IEEE Network, vol. 28, no. 6, pp. 18–26, Nov 2014. Services (WONS), Jan 2016, pp. 1–8.
[198] Costa-Requena, Jose and Santos, Jesus Llorente and Guasch, Vicent
[178] Wang, Guohui and Ng, TS Eugene, “The impact of virtualization on
Ferrer and Ahokas, Kimmo and Premsankar, Gopika and Luukkainen,
network performance of amazon ec2 data center,” in Infocom, 2010
Sakari and Perez, Oscar Lopez and Itzazelaia, Mikel Uriarte and Ah-
proceedings ieee. IEEE, 2010, pp. 1–9.
mad, Ijaz and Liyanage, Madhusanka and Ylianttila, Mika and de Oca,
[179] F. Boccardi and R. W. Heath and A. Lozano and T. L. Marzetta
Edgardo Montes, “SDN and NFV integration in generalized mobile
and P. Popovski, “Five disruptive technology directions for 5G,” IEEE
network architecture,” in Networks and Communications (EuCNC),
Communications Magazine, vol. 52, no. 2, pp. 74–80, February 2014.
2015 European Conference on, June 2015, pp. 154–158.
[180] L. Lu, G. Y. Li, A. L. Swindlehurst, A. Ashikhmin, and R. Zhang, “An [199] Namal, Suneth and Ahmad, Ijaz and Saud, Saad and Jokinen, Markku
Overview of Massive MIMO: Benefits and Challenges,” IEEE Journal and Gurtov, Andrei, “Implementation of OpenFlow based cognitive
of Selected Topics in Signal Processing, vol. 8, no. 5, pp. 742–758, radio network architecture: SDNR,” Wireless Networks, pp. 1–15, 2015.
Oct 2014. [200] I. Ahmad, “Improving software defined cognitive and secure
[181] O. Elijah, C. Y. Leow, T. A. Rahman, S. Nunoo, and S. Z. Iliya, “A networking,” Ph.D. dissertation, 06 2018. [Online]. Available:
Comprehensive Survey of Pilot Contamination in Massive MIMO5G http://jultika.oulu.fi/files/isbn9789526219516.pdf
System,” IEEE Communications Surveys Tutorials, vol. 18, no. 2, pp. [201] Kreutz, Diego and Ramos, Fernando M.V. and Verissimo, Paulo,
905–923, Secondquarter 2016. “Towards Secure and Dependable Software-defined Networks,” in
[182] E. Larsson, O. Edfors, F. Tufvesson, and T. Marzetta, “Massive Proceedings of the Second ACM SIGCOMM Workshop on Hot
MIMO for next generation wireless systems,” IEEE Communications Topics in Software Defined Networking, ser. HotSDN ’13. New
Magazine, vol. 52, no. 2, pp. 186–195, Feb. 2014. York, NY, USA: ACM, 2013, pp. 55–60. [Online]. Available:
[183] J. K. Tugnait, “Pilot Spoofing Attack Detection and Countermeasure,” http://doi.acm.org/10.1145/2491185.2491199
IEEE Transactions on Communications, vol. 66, no. 5, pp. 2093–2106, [202] Shin, Seungwon and Gu, Guofei, “Attacking Software-defined
May 2018. Networks: A First Feasibility Study,” in Proceedings of the Second
[184] X. Zhou, B. Maham, and A. Hjorungnes, “Pilot Contamination for Ac- ACM SIGCOMM Workshop on Hot Topics in Software Defined
tive Eavesdropping,” IEEE Transactions on Wireless Communications, Networking, ser. HotSDN ’13. New York, NY, USA: ACM, 2013,
vol. 11, no. 3, pp. 903–907, March 2012. pp. 165–166. [Online]. Available: http://doi.acm.org/10.1145/2491185.
[185] Q. Xiong, Y. Liang, K. H. Li, Y. Gong, and S. Han, “Secure Trans- 2491220
mission Against Pilot Spoofing Attack: A Two-Way Training-Based [203] Pan, Ping and Nadeau, Tom, “Software driven networks problem
Scheme,” IEEE Transactions on Information Forensics and Security, statement,” 2011.
vol. 11, no. 5, pp. 1017–1026, May 2016. [204] Fonseca, P. and Bennesby, R. and Mota, E. and Passito, A, “A replica-
[186] T. T. Do, E. Bjrnson, and E. G. Larsson, “Jamming resistant receivers tion component for resilient OpenFlow-based networking,” in Network
for massive MIMO,” in 2017 IEEE International Conference on Operations and Management Symposium (NOMS), 2012 IEEE, April
Acoustics, Speech and Signal Processing (ICASSP), March 2017, pp. 2012, pp. 933–939.
3619–3623. [205] Wen, Xitao and Chen, Yan and Hu, Chengchen and Shi, Chao
[187] D. Kapetanovic and G. Zheng and F. Rusek, “Physical layer security and Wang, Yi, “Towards a Secure Controller Platform for Openflow
for massive MIMO: An overview on passive eavesdropping and active Applications,” in Proceedings of the Second ACM SIGCOMM
attacks,” IEEE Communications Magazine, vol. 53, no. 6, pp. 21–27, Workshop on Hot Topics in Software Defined Networking, ser.
June 2015. HotSDN ’13. New York, NY, USA: ACM, 2013, pp. 171–172.
[188] R. Miller and W. Trappe, “On the Vulnerabilities of CSI in MIMO [Online]. Available: http://doi.acm.org/10.1145/2491185.2491212
Wireless Communication Systems,” IEEE Transactions on Mobile [206] S. Scott-Hayward and C. Kane and S. Sezer, “OperationCheckpoint:
Computing, vol. 11, no. 8, pp. 1386–1398, Aug 2012. SDN Application Control,” in 2014 IEEE 22nd International Confer-
[189] Sodagari, S. and Clancy, T.C., “On singularity attacks in ence on Network Protocols, vol. , no. , Oct 2014, pp. 618–623.
MIMO channels,” Transactions on Emerging Telecommunications [207] Porras, Philip and Shin, Seungwon and Yegneswaran, Vinod and Fong,
Technologies, vol. 26, no. 3, pp. 482–490, 3 2015. [Online]. Available: Martin and Tyson, Mabry and Gu, Guofei, “A Security Enforcement
http:https://doi.org/10.1002/ett.2657 Kernel for OpenFlow Networks,” in Proceedings of the First Workshop
37
on Hot Topics in Software Defined Networks, ser. HotSDN ’12. ACM, [228] M. Pattaranantakul and R. He and A. Meddahi and Z. Zhang,
2012, pp. 121–126. “SecMANO: Towards Network Functions Virtualization (NFV) Based
[208] Shin, Seungwon and Song, Yongjoo and Lee, Taekyung and Lee, Security MANagement and Orchestration,” in 2016 IEEE Trust-
Sangho and Chung, Jaewoong and Porras, Phillip and Yegneswaran, com/BigDataSE/ISPA, vol. , no. , Aug 2016, pp. 598–605.
Vinod and Noh, Jiseong and Kang, Brent Byunghoon, “Rosemary: [229] Casado, Martı́n and Koponen, Teemu and Ramanathan, Rajiv and
A Robust, Secure, and High-performance Network Operating Shenker, Scott, “Virtualizing the network forwarding plane,” in Pro-
System,” in Proceedings of the 2014 ACM SIGSAC Conference ceedings of the Workshop on Programmable Routers for Extensible
on Computer and Communications Security, ser. CCS ’14. New Services of Tomorrow. ACM, 2010, p. 8.
York, NY, USA: ACM, 2014, pp. 78–89. [Online]. Available: [230] Y. L. Huang and B. Chen and M. W. Shih and C. Y. Lai, “Security
http://doi.acm.org/10.1145/2660267.2660353 Impacts of Virtualization on a Network Testbed,” in 2012 IEEE Sixth
[209] Security-Enhanced Floodlight. [Online]. Available: http://www. International Conference on Software Security and Reliability, vol. ,
sdncentral.com/education/toward-secure-sdn-control-layer/2013/10/ no. , June 2012, pp. 71–77.
[210] Switch, Big, “Developing floodlight modules. Floodlight OpenFlow [231] W. Yang and C. Fung, “A survey on security in network functions
controller,” 2012. virtualization,” in 2016 IEEE NetSoft Conference and Workshops
[211] Shin, Seungwon and Yegneswaran, Vinod and Porras, Phillip and (NetSoft), vol. , no. , June 2016, pp. 15–19.
Gu, Guofei, “AVANT-GUARD: Scalable and Vigilant Switch Flow [232] van Cleeff, A and Pieters, W. and Wieringa, R., “Security Implications
Management in Software-defined Networks,” in Proceedings of the of Virtualization: A Literature Study,” in Computational Science and
2013 ACM SIGSAC Conference on Computer & Communications Engineering, 2009. CSE ’09. International Conference on, vol. 3, Aug
Security, ser. CCS ’13. ACM, 2013, pp. 413–424. 2009, pp. 353–358.
[212] Jiang, Dianbo and Yang, Yahui and Xia, Min, “Research on intrusion
[233] Ahmad, Ijaz and Liyanage, Madhusanka and Shahabuddin, Shahriar
detection based on an improved SOM neural network,” in Information
and Ylianttila, Mika and Gurtov, Andrei, “Design Principles for 5G
Assurance and Security, 2009. IAS’09. Fifth International Conference
Security,” A Comprehensive Guide to 5G Security, pp. 75–98, 2018.
on, vol. 1. IEEE, 2009, pp. 400–403.
[213] Braga, R. and Mota, E. and Passito, A, “Lightweight DDoS flooding [234] M. Balon and B. Liau, “Mobile virtual network operator,” in 2012
attack detection using NOX/OpenFlow,” in Local Computer Networks 15th International Telecommunications Network Strategy and Planning
(LCN), 2010 IEEE 35th Conference on, Oct 2010, pp. 408–415. Symposium (NETWORKS), vol. , no. , Oct 2012, pp. 1–6.
[214] Phemius, Kevin and Bouet, Mathieu and Leguay, Jeremie, “DISCO: [235] K. Samdanis and X. Costa-Perez and V. Sciancalepore, “From net-
Distributed multi-domain SDN controllers,” in Network Operations and work sharing to multi-tenancy: The 5G network slice broker,” IEEE
Management Symposium (NOMS), 2014 IEEE, May 2014, pp. 1–4. Communications Magazine, vol. 54, no. 7, pp. 32–39, July 2016.
[215] ——, “DISCO: Distributed SDN controllers in a multi-domain environ- [236] A. Khan and W. Kellerer and K. Kozu and M. Yabusaki, “Network
ment,” in Network Operations and Management Symposium (NOMS), sharing in the next mobile network: TCO reduction, management
2014 IEEE, May 2014, pp. 1–2. flexibility, and operational independence,” IEEE Communications Mag-
[216] Tootoonchian, Amin and Ganjali, Yashar, “HyperFlow: A distributed azine, vol. 49, no. 10, pp. 134–142, Oct 2011.
control plane for OpenFlow,” in Proceedings of the 2010 internet net- [237] Yan, Zheng and Zhang, Peng and Vasilakos, Athanasios V, “A security
work management conference on Research on enterprise networking. and trust framework for virtualized networks and software-defined
USENIX Association, 2010, pp. 3–3. networking,” Security and communication networks, vol. 9, no. 16, pp.
[217] Hu, Yannan and Wang, Wendong and Gong, Xiangyang and Que, 3059–3069, 2016.
Xirong and Cheng, Shiduan, “On reliability-optimized controller [238] A. Lioy, G. Gardikis, B. Gaston, L. Jacquin, M. D. Benedictis, Y. An-
placement for Software-Defined Networks,” Communications, China, gelopoulos, and C. Xylouris, “NFV-based network protection: The
vol. 11, no. 2, pp. 38–54, Feb 2014. SHIELD approach,” in 2017 IEEE Conference on Network Function
[218] Yannan Hu and Wang Wendong and Xiangyang Gong and Xirong Virtualization and Software Defined Networks (NFV-SDN), Nov 2017,
Que and Cheng Shiduan, “Reliability-aware controller placement for pp. 1–2.
Software-Defined Networks,” in Integrated Network Management (IM [239] M. Iwamura, “NGMN View on 5G Architecture,” in 2015 IEEE 81st
2013), 2013 IFIP/IEEE International Symposium on, May 2013, pp. Vehicular Technology Conference (VTC Spring), vol. , no. , May 2015,
672–675. pp. 1–5.
[219] Hock, D. and Hartmann, M. and Gebert, S. and Jarschel, M. and Zinner, [240] Y. Khettab and M. Bagaa and D. L. C. Dutra and T. Taleb and N.
T. and Tran-Gia, P., “Pareto-optimal resilient controller placement in Toumi, “Virtual security as a service for 5G verticals,” in 2018 IEEE
SDN-based core networks,” in Teletraffic Congress (ITC), 2013 25th Wireless Communications and Networking Conference (WCNC), vol. ,
International, Sept 2013, pp. 1–9. no. , April 2018, pp. 1–6.
[220] Fernandez, M.P., “Comparing OpenFlow Controller Paradigms Scala- [241] S. Lal and T. Taleb and A. Dutta, “NFV: Security Threats and Best
bility: Reactive and Proactive,” in Advanced Information Networking Practices,” IEEE Communications Magazine, vol. 55, no. 8, pp. 211–
and Applications (AINA), 2013 IEEE 27th International Conference 217, 2017.
on, March 2013, pp. 1009–1016.
[242] C. Basile and A. Lioy and C. Pitscheider and F. Valenza and M. Vallini,
[221] Al-Shaer, Ehab and Al-Haj, Saeed, “FlowChecker: Configuration Anal-
“A novel approach for integrating security policy enforcement with
ysis and Verification of Federated OpenFlow Infrastructures,” in Pro-
dynamic network virtualization,” in Proceedings of the 2015 1st IEEE
ceedings of the 3rd ACM Workshop on Assurable and Usable Security
Conference on Network Softwarization (NetSoft), vol. , no. , April 2015,
Configuration, ser. SafeConfig ’10. ACM, 2010, pp. 37–44.
pp. 1–5.
[222] Open Networking Foundation, “OpenFlow switch specification, version
1.5.1”,” Tech. Rep., 2015. [243] Colp, Patrick and Nanavati, Mihir and Zhu, Jun and Aiello, William
[223] C. Liang and F. R. Yu, “Wireless virtualization for next generation and Coker, George and Deegan, Tim and Loscocco, Peter and Warfield,
mobile cellular networks,” IEEE Wireless Communications, vol. 22, Andrew, “Breaking Up is Hard to Do: Security and Functionality
no. 1, pp. 61–69, February 2015. in a Commodity Hypervisor,” in Proceedings of the Twenty-Third
[224] Muhammad, Arif and Ari, Pouttu and Ijaz, Ahmad and Olli, Liinamaa ACM Symposium on Operating Systems Principles, ser. SOSP ’11.
and Mika, Ylianttila, “On the Demonstration and Evaluation of Service- New York, NY, USA: ACM, 2011, pp. 189–202. [Online]. Available:
Based Slices in 5G Test Network using NFV,” in workshop on Future http://doi.acm.org/10.1145/2043556.2043575
Networking Workshop for 5G and Beyond Testbed and Trials, 2019 [244] Al-Shabibi, Ali and De Leenheer, Marc and Gerola, Matteo and
IEEE WCNC. IEEE, 2019, pp. 1–6. Koshibe, Ayaka and Snow, William and Parulkar, Guru M and others,
[225] M. Pattaranantakul, R. He, Q. Song, Z. Zhang, and A. Meddahi, “NFV “OpenVirteX: A Network Hypervisor.” in ONS, 2014.
Security Survey: From Use Case Driven Threat Analysis to State-of- [245] Okwuibe, Jude and Liyanage, Madhusanka and Ahmad, Ijaz and
the-Art Countermeasures,” IEEE Communications Surveys Tutorials, Ylianttila, Mika, “Cloud and MEC Security,” A Comprehensive Guide
vol. 20, no. 4, pp. 3330–3368, Fourthquarter 2018. to 5G Security, p. 373, 2018.
[226] R. Mijumbi, J. Serrat, J. Gorricho, S. Latre, M. Charalambides, and [246] Hu, Yun Chao and Patel, Milan and Sabella, Dario and Sprecher,
D. Lopez, “Management and orchestration challenges in network Nurit and Young, Valerie, “Mobile Edge ComputingA Key Technology
functions virtualization,” IEEE Communications Magazine, vol. 54, Towards 5G,” ETSI white paper, vol. 11, no. 11, pp. 1–16, 2015.
no. 1, pp. 98–105, January 2016. [247] Yu, Yifan, “Mobile edge computing towards 5G: Vision, recent
[227] S. J. Vaughan-Nichols, “Virtualization Sparks Security Concerns,” progress, and open challenges,” China Communications, vol. 13, no. 2,
Computer, vol. 41, no. 8, pp. 13–15, Aug 2008. pp. 89–99, 2016.
38
[248] M. Almorsy, J. C. Grundy, and I. Müller, “An analysis of the [268] Schlesinger, Cole and Story, Alec and Gutz, Stephen and Foster, Nate
cloud computing security problem,” CoRR, vol. abs/1609.01107, 2016. and Walker, David, “Splendid Isolation: Language-Based Security for
[Online]. Available: http://arxiv.org/abs/1609.01107 Software-Defined Networks,” 2012.
[249] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. [269] Dierks, Tim, “The transport layer security (TLS) protocol version
Fernandez, “An analysis of security issues for cloud computing,” 1.2,” 2008. [Online]. Available: http://tools.ietf.org/html/rfc5246
Journal of Internet Services and Applications, vol. 4, no. 1, p. 5, Feb [270] Jun-Huy Lam and Sang-Gon Lee and Hoon-Jae Lee and Y. E. Oktian,
2013. [Online]. Available: https://doi.org/10.1186/1869-0238-4-5 “Securing distributed SDN with IBC,” in 2015 Seventh International
[250] N. Gonzalez, C. Miers, F. Redı́golo, M. Simplı́cio, T. Carvalho, Conference on Ubiquitous and Future Networks, July 2015, pp. 921–
M. Näslund, and M. Pourzandi, “A quantitative analysis of current 925.
security concerns and solutions for cloud computing,” Journal of Cloud [271] Santos, Mateus Augusto Silva and De Oliveira, Bruno Trevizan and
Computing: Advances, Systems and Applications, vol. 1, no. 1, p. 11, Margi, Cintia Borges and Astuto, Bruno Nunes and Turletti, Thierry
Jul 2012. [Online]. Available: https://doi.org/10.1186/2192-113X-1-11 and Obraczka, Katia and others, “Software-defined networking based
[251] “Security guidance for critical areas of focus in capacity sharing in hybrid networks,” 2013.
cloud computing v4. 0,” pp. 1–152, 2017. [Online]. [272] YuHunag, Chu and MinChi, Tseng and YaoTing, Chen and YuChieh,
Available: https://downloads.cloudsecurityalliance.org/assets/research/ Chou and YanRen, Chen, “A novel design for future on-demand service
security-guidance/security-guidance-v4-FINAL.pdf and security,” in Communication Technology (ICCT), 2010 12th IEEE
[252] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, International Conference on. IEEE, 2010, pp. 385–388.
get off of my cloud: Exploring information leakage in third-party [273] Namal, Suneth and Ahmad, Ijaz and Gurtov, Andrei and Ylianttila,
compute clouds,” in Proceedings of the 16th ACM Conference Mika, “Enabling Secure Mobility with OpenFlow,” in SDN for Future
on Computer and Communications Security, ser. CCS ’09. New Networks and Services (SDN4FNS), 2013 IEEE. IEEE, 2013, pp. 1–5.
York, NY, USA: ACM, 2009, pp. 199–212. [Online]. Available: [274] Gember, Aaron and Dragga, Christopher and Akella, Aditya, “ECOS:
http://doi.acm.org/10.1145/1653662.1653687 Leveraging Software-defined Networks to Support Mobile Application
[253] Puttonen, Juha and Afolaranmi, Samuel Olaiya and Moctezuma, Luis Offloading,” in Proceedings of the Eighth ACM/IEEE Symposium on
Gonzalez and Lobov, Andrei and Lastra, Jose L Martinez, “Security Architectures for Networking and Communications Systems, ser. ANCS
in Cloud-Based Cyber-Physical Systems,” in P2P, Parallel, Grid, ’12. ACM, 2012, pp. 199–210.
Cloud and Internet Computing (3PGCIC), 2015 10th International [275] Jafarian, Jafar Haadi and Al-Shaer, Ehab and Duan, Qi, “OpenFlow
Conference on. IEEE, 2015, pp. 671–676. random host mutation: transparent moving target defense using soft-
[254] Chonka, Ashley and Abawajy, Jemal, “Detecting and mitigating HX- ware defined networking,” in Proceedings of the first workshop on Hot
DoS attacks against cloud web services,” in Network-Based Information topics in software defined networks. ACM, 2012, pp. 127–132.
Systems (NBiS), 2012 15th International Conference on. IEEE, 2012, [276] A. N. Khan, M. M. Kiah, S. U. Khan, and S. A. Madani,
pp. 429–434. “Towards secure mobile cloud computing: A survey,” Future
[255] Ficco, Massimo and Rak, Massimiliano, “Stealthy Denial of Service Generation Computer Systems, vol. 29, no. 5, pp. 1278 – 1299,
Strategy in Cloud Computing,” IEEE Transactions on Cloud Comput- 2013, special section: Hybrid Cloud Computing. [Online]. Available:
ing, vol. 3, no. 1, pp. 80–94, 2015. http://www.sciencedirect.com/science/article/pii/S0167739X12001598
[256] Hubbard, Dan and Sutton, Michael and others, “Top Threats to Cloud
[277] A. Chonka and J. Abawajy, “Detecting and Mitigating HX-DoS Attacks
Computing v1. 0,” Cloud Security Alliance, pp. 1–14, 2010.
against Cloud Web Services,” in 2012 15th International Conference
[257] Nagi, Kuldeep, “New Social Media and Impact of Fake News on
on Network-Based Information Systems, Sept 2012, pp. 429–434.
Society,” 2018.
[278] J. K. Liu and M. H. Au and W. Susilo and K. Liang and R. Lu and B.
[258] Berger, Stefan and Cáceres, Ramón and Pendarakis, Dimitrios and
Srinivasan, “Secure sharing and searching for real-time video data in
Sailer, Reiner and Valdez, Enriquillo and Perez, Ronald and Schild-
mobile cloud,” IEEE Network, vol. 29, no. 2, pp. 46–50, March 2015.
hauer, Wayne and Srinivasan, Deepa, “TVDc: managing security in the
[279] S. Gindraux, “From 2G to 3G: a guide to mobile security,” in Third
trusted virtual datacenter,” ACM SIGOPS Operating Systems Review,
International Conference on 3G Mobile Communication Technologies,
vol. 42, no. 1, pp. 40–47, 2008.
vol. , no. , May 2002, pp. 308–311.
[259] Lindstrom Pete, “The Laws of Virtualization Security: Base-
linemag.com Driving Business Success with Technology,” 2008. [280] Gkioulos, Vasileios and Wolthusen, Stephen D and Iossifides, Athana-
[260] Sailer, Reiner and Valdez, Enriquillo and Jaeger, Trent and Perez, sios, “A Survey on the Security Vulnerabilities of Cellular Communi-
Ronald and Van Doorn, Leendert and Griffin, John Linwood and cation Systems (GSM-UMTS-LTE).”
Berger, Stefan and Sailer, Reiner and Valdez, Enriquillo and Jaeger, [281] Koien, Geir M and Oleshchuk, Vladimir A, Aspects of Personal Privacy
Trent and others, “sHype: Secure hypervisor approach to trusted in Communications: Problems, Technology and Solutions, 2013.
virtualized systems,” Techn. Rep. RC23511, vol. 5, 2005. [282] Khan, Mohammed Shafiul Alam and Mitchell, Chris J, “Another look
[261] Cox, Phil, “Intrusion detection in a cloud computing environment,” at privacy threats in 3G mobile telephony,” in Australasian Conference
2012. on Information Security and Privacy. Springer, 2014, pp. 386–396.
[262] Maccherani, E. and Femminella, M. and Lee, J.W. and Francescangeli, [283] Z. J. Haddad, S. Taha, and I. A. Saroit, “Anonymous authentication
R. and Janak, J. and Reali, G. and Schulzrinne, H., “Extending and location privacy preserving schemes for lte-a networks,” Egyptian
the NetServ autonomic management capabilities using OpenFlow,” Informatics Journal, vol. 18, no. 3, pp. 193 – 203, 2017.
in Network Operations and Management Symposium (NOMS), 2012 [Online]. Available: http://www.sciencedirect.com/science/article/pii/
IEEE, April 2012, pp. 582–585. S1110866517300142
[263] Shin, Seugwon and Porras, Phillip and Yegneswaran, Vinod and [284] Huawei, “5G Security: Forward Thinking,” Huawei, Tech. Rep.,
Fong, Martin and Gu, Guofei and Tyson, Mabry, “FRESCO: Mod- 2016. [Online]. Available: {http://www.huawei.com/minisite/5g/img/
ular composable security services for software-defined networks,” in 5G Security Whitepaper en.pdf}
Proceedings of Network and Distributed Security Symposium, 2013. [285] M. R. Palattella and M. Dohler and A. Grieco and G. Rizzo and J.
[264] Wen, Xitao and Chen, Yan and Hu, Chengchen and Shi, Chao and Torsner and T. Engel and L. Ladid, “Internet of Things in the 5G
Wang, Yi, “Towards a secure controller platform for OpenFlow appli- Era: Enablers, Architecture, and Business Models,” IEEE Journal on
cations,” in Proceedings of the second ACM SIGCOMM workshop on Selected Areas in Communications, vol. 34, no. 3, pp. 510–527, March
Hot topics in software defined networking. ACM, 2013, pp. 171–172. 2016.
[265] Khurshid, Ahmed and Zhou, Wenxuan and Caesar, Matthew and [286] S. Li, L. D. Xu, and S. Zhao, “5G Internet of Things: A survey,”
Godfrey, P. Brighten, “Veriflow: Verifying Network-wide Invariants in Journal of Industrial Information Integration, vol. 10, pp. 1 – 9, 2018.
Real Time,” SIGCOMM Comput. Commun. Rev., vol. 42, no. 4, pp. [Online]. Available: http://www.sciencedirect.com/science/article/pii/
467–472, Sep. 2012. S2452414X18300037
[266] Namal, S. and Ahmad, I. and Gurtov, A. and Ylianttila, M., “SDN [287] B. B. Snchez and . Snchez-Picot and D. S. D. Rivera, “Using 5G
Based Inter-Technology Load Balancing Leveraged by Flow Admission Technologies in the Internet of Things Handovers, Problems and Chal-
Control,” in Future Networks and Services (SDN4FNS), 2013 IEEE lenges,” in 2015 9th International Conference on Innovative Mobile
SDN for, Nov 2013, pp. 1–5. and Internet Services in Ubiquitous Computing, vol. , no. , July 2015,
[267] Nayak, Ankur Kumar and Reimers, Alex and Feamster, Nick and Clark, pp. 364–369.
Russ, “Resonance: dynamic access control for enterprise networks,” [288] G. P. Fettweis, “5G and the future of IoT,” in ESSCIRC Conference
in Proceedings of the 1st ACM workshop on Research on enterprise 2016: 42nd European Solid-State Circuits Conference, vol. , no. , Sept
networking. ACM, 2009, pp. 11–18. 2016, pp. 21–24.
39
[289] R. T. Tiburski, L. A. Amaral, and F. Hessel, Security Challenges in [312] Gai, Keke and Qiu, Meikang and Tao, Lixin and Zhu, Yongxin, “Intru-
5G-Based IoT Middleware Systems. Cham: Springer International sion detection techniques for mobile cloud computing in heterogeneous
Publishing, 2016, pp. 399–418. [Online]. Available: https://doi.org/10. 5G,” Security and Communication Networks, vol. 9, no. 16, pp. 3049–
1007/978-3-319-30913-2 17 3058, 2016.
[290] P. Porambage and M. Ylianttila and C. Schmitt and P. Kumar and A. [313] Eiza, Mahmoud Hashem and Ni, Qiang and Shi, Qi, “Secure and
Gurtov and A. V. Vasilakos, “The Quest for Privacy in the Internet of privacy-aware cloud-assisted video reporting service in 5G-enabled
Things,” IEEE Cloud Computing, vol. 3, no. 2, pp. 36–45, Mar 2016. vehicular networks,” IEEE Transactions on Vehicular Technology,
[291] M. Ikram, A. H. Chowdhury, B. Zafar, H.-S. Cha, K.-H. Kim, S.-W. vol. 65, no. 10, pp. 7868–7881, 2016.
Yoo, and D.-K. Kim, “A Simple Lightweight Authentic Bootstrapping [314] Mollah, Muhammad Baqer and Azad, Md Abul Kalam and Vasilakos,
Protocol for IPv6-based Low Rate Wireless Personal Area Networks Athanasios, “Security and privacy challenges in mobile cloud com-
(6LoWPANs),” in Proceedings of the 2009 International Conference puting: Survey and way ahead,” Journal of Network and Computer
on Wireless Communications and Mobile Computing: Connecting the Applications, vol. 84, pp. 38–54, 2017.
World Wirelessly, ser. IWCMC ’09. New York, NY, USA: ACM, [315] J. Ni and X. Lin and X. S. Shen, “Efficient and Secure Service-Oriented
2009, pp. 937–941. [Online]. Available: http://doi.acm.org/10.1145/ Authentication Supporting Network Slicing for 5G-Enabled IoT,” IEEE
1582379.1582583 Journal on Selected Areas in Communications, vol. 36, no. 3, pp. 644–
[292] Kumar, Tanesh and Liyanage, Madhusanka and Ahmad, Ijaz and 657, March 2018.
Braeken, An and Ylianttila, Mika, “User Privacy, Identity and Trust [316] Saqlain, Jahangir, “IoT and 5G: History evolution and its architecture
in 5G,” A Comprehensive Guide to 5G Security, pp. 267–279, 2018. their compatibility and future.” 2018.
[293] R. Masood, D. Vatsalan, M. Ikram, and M. A. Kaafar, “Incognito: A [317] Sultan, Kashif and Ali, Hazrat and Zhang, Zhongshan, “Big Data
Method for Obfuscating Web Data.” in WWW, 2018, pp. 267–276. Perspective and Challenges in Next Generation Networks,” Future
[294] Tikhvinskiy, Valery and Bochechka, Grigory and Gryazev, Andrey, Internet, vol. 10, no. 7, p. 56, 2018.
“QoS requirements as factor of trust to 5G network,” Journal of [318] Zhang, Chaoyun and Patras, Paul and Haddadi, Hamed, “Deep Learn-
Telecommunications and Information Technology, no. 1, pp. 3–8, 2016. ing in Mobile and Wireless Networking: A Survey,” arXiv preprint
[295] Norrman, Karl and Näslund, Mats and Dubrova, Elena, “Protecting arXiv:1803.04311, 2018.
IMSI and user privacy in 5G networks,” in Proceedings of the 9th [319] Jin, Ginger Zhe, “Artificial Intelligence and Consumer Privacy,” Na-
EAI International Conference on Mobile Multimedia Communica- tional Bureau of Economic Research, Tech. Rep., 2018.
tions. ICST (Institute for Computer Sciences, Social-Informatics and [320] Tschider, Charlotte, “Regulating the IoT: Discrimination, Privacy, and
Telecommunications Engineering), 2016, pp. 159–166. Cybersecurity in the Artificial Intelligence Age,” 2018.
[296] Køien, Geir M, “Privacy enhanced mobile authentication,” Wireless [321] Samek, Wojciech and Stanczak, Slawomir and Wiegand, Thomas,
Personal Communications, vol. 40, no. 3, pp. 443–455, 2007. “The Convergence of Machine Learning and Communications,” arXiv
[297] Lee, Chii-Hwa and Hwang, Min-Shiang and Yang, Wei-Pang, “En- preprint arXiv:1708.08299, 2017.
hanced privacy and authentication for the global system for mobile [322] J. Pellikka, P. Leukkunen, and I. Ahmad, “On-demand identity attribute
communications,” Wireless networks, vol. 5, no. 4, pp. 231–243, 1999. verification and certification for services,” January 2014, uS Patent
[298] Liyanage, Madhusanka and Salo, Jukka and Braeken, An and Kumar, App. 13/543,190.
Tanesh and Seneviratne, Suranga and Ylianttila, Mika, “5G Privacy: [323] I. Ahmad, M. Liyanage, M. Ylianttila, and A. Gurtov, “Analysis of
Scenarios and Solutions.” deployment challenges of Host Identity Protocol,” in 2017 European
[299] Son, In Keun and Mao, Shiwen and Li, Yihan and Chen, Min and Conference on Networks and Communications (EuCNC), June 2017,
Gong, Michelle X and Rappaport, Theodore Ted S, “Frame-based pp. 1–6.
medium access control for 5G wireless networks,” Mobile Networks [324] De Hert, Paul and Papakonstantinou, Vagelis, “The new General Data
and Applications, vol. 20, no. 6, pp. 763–772, 2015. Protection Regulation: Still a sound system for the protection of
[300] G. de la Roche and A. Valcarce and D. Lopez-Perez and J. Zhang, individuals?” Computer Law & Security Review, vol. 32, no. 2, pp.
“Access control mechanisms for femtocells,” IEEE Communications 179–194, 2016.
Magazine, vol. 48, no. 1, pp. 33–39, January 2010. [325] Tankard, Colin, “What the GDPR means for businesses,” Network
[301] Shaik, Altaf and Borgaonkar, Ravishankar and Asokan, N and Niemi, Security, vol. 2016, no. 6, pp. 5–8, 2016.
Valtteri and Seifert, Jean-Pierre, “Practical attacks against privacy and [326] I. Ahmad, T. Kumar, M. Liyanage, M. Ylianttila, T. Koskela,
availability in 4G/LTE mobile communication systems,” arXiv preprint T. Braysy, A. Anttonen, V. Pentikinen, J.-P. Soininen, and J. Huusko,
arXiv:1510.07563, 2015. “Towards gadget-free internet services: A roadmap of the naked
world,” Telematics and Informatics, vol. 35, no. 1, pp. 82 – 92, 2018.
[302] R. Yu and Z. Bai and L. Yang and P. Wang and O. A. Move and Y. Liu,
[Online]. Available: http://www.sciencedirect.com/science/article/pii/
“A Location Cloaking Algorithm Based on Combinatorial Optimization
S0736585316305597
for Location-Based Services in 5G Networks,” IEEE Access, vol. 4,
no. , pp. 6515–6527, 2016. [327] L. Filipponi and A. Vitaletti and G. Landi and V. Memeo and G.
Laura and P. Pucci, “Smart City: An Event Driven Architecture for
[303] S. Farhang and Y. Hayel and Q. Zhu, “PHY-layer location privacy-
Monitoring Public Spaces with Heterogeneous Sensors,” in 2010 Fourth
preserving access point selection mechanism in next-generation wire-
International Conference on Sensor Technologies and Applications,
less networks,” in 2015 IEEE Conference on Communications and
vol. , no. , July 2010, pp. 281–286.
Network Security (CNS), vol. , no. , Sept 2015, pp. 263–271.
[328] J. M. Hernández-Muñoz, J. B. Vercher, L. Muñoz, J. A. Galache,
[304] N. Ulltveit-Moe, V. A. Oleshchuk, and G. M. Køien, “Location-Aware
M. Presser, L. A. Hernández Gómez, and J. Pettersson, Smart
Mobile Intrusion Detection with Enhanced Privacy in a 5G Context,”
Cities at the Forefront of the Future Internet. Berlin, Heidelberg:
Wireless Personal Communications, vol. 57, no. 3, pp. 317–338, Apr
Springer Berlin Heidelberg, 2011, pp. 447–462. [Online]. Available:
2011. [Online]. Available: https://doi.org/10.1007/s11277-010-0069-6
https://doi.org/10.1007/978-3-642-20898-0 32
[305] Liao, Dan and Li, Hui and Sun, Gang and Zhang, Ming and Chang, [329] R. van den Dam, Internet of Things: The Foundational
Victor, “Location and trajectory privacy preservation in 5G-Enabled Infrastructure for a Smarter Planet. Berlin, Heidelberg:
vehicle social network services,” Journal of Network and Computer Springer Berlin Heidelberg, 2013, pp. 1–12. [Online]. Available:
Applications, vol. 110, pp. 108–118, 2018. https://doi.org/10.1007/978-3-642-40316-3 1
[306] Meltzer, Joshua Paul, “The I nternet, Cross-Border Data Flows and [330] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet
International Trade,” Asia & the Pacific Policy Studies, vol. 2, no. 1, of things (iot): A vision, architectural elements, and future
pp. 90–102, 2015. directions,” Future Generation Computer Systems, vol. 29, no. 7,
[307] Suominen, Kati, “Fuelling trade in the digital era,” 2018. pp. 1645 – 1660, 2013, including Special sections: Cyber-
[308] Maçães, Bruno, “A digital strategy for Europe,” ECIPE Policy Brief, enabled Distributed Computing for Ubiquitous Cloud and Network
Tech. Rep., 2015. Services & Cloud Computing and Scientific Applications Big
[309] Williamson, Brian, “Next generation communications & the level Data, Scalable Analytics, and Beyond. [Online]. Available: http:
playing field: what should be done,” Communications Chambers, 2016. //www.sciencedirect.com/science/article/pii/S0167739X13000241
[310] Burden, Kit, “EU update,” 2018. [331] G. A. Akpakwu and B. J. Silva and G. P. Hancke and A. M. Abu-
[311] Zhou, Jun and Cao, Zhenfu and Dong, Xiaolei and Vasilakos, Athana- Mahfouz, “A Survey on 5G Networks for the Internet of Things:
sios V, “Security and privacy for cloud-based IoT: challenges,” IEEE Communication Technologies and Challenges,” IEEE Access, vol. PP,
Communications Magazine, vol. 55, no. 1, pp. 26–33, 2017. no. 99, pp. 1–1, 2017.
40
[332] Z. K. Zhang and M. C. Y. Cho and C. W. Wang and C. W. Hsu works,” in Proceedings of the third workshop on Hot topics in software
and C. K. Chen and S. Shieh, “IoT Security: Ongoing Challenges and defined networking. ACM, 2014, pp. 97–102.
Research Opportunities,” in 2014 IEEE 7th International Conference [352] OpenFlow Firewall: A Floodlight Module. [Online]. Available:
on Service-Oriented Computing and Applications, vol. , no. , Nov 2014, http://www.openflowhub.org/display/floodlightcontroller
pp. 230–234. [353] P. Yasrebi and S. Monfared and H. Bannazadeh and A. Leon-Garcia,
[333] Montenegro, Gabriel and Kushalnagar, Nandakishore and Hui, “Security function virtualization in software defined infrastructure,”
Jonathan and Culler, David, “Transmission of IPv6 packets over IEEE in 2015 IFIP/IEEE International Symposium on Integrated Network
802.15. 4 networks,” Tech. Rep., 2007. Management (IM), vol. , no. , May 2015, pp. 778–781.
[334] J. A. Gutierrez and M. Naeve and E. Callaway and M. Bourgeois and [354] M. Liyanage, I. Ahmed, J. Okwuibe, M. Ylianttila, H. Kabir, J. L.
V. Mitter and B. Heile, “IEEE 802.15.4: a developing standard for Santos, R. Kantola, O. L. Perez, M. U. Itzazelaia, and E. M. D. Oca,
low-power low-cost wireless personal area networks,” IEEE Network, “Enhancing Security of Software Defined Mobile Networks,” IEEE
vol. 15, no. 5, pp. 12–19, Sept 2001. Access, vol. 5, pp. 9422–9438, 2017.
[335] Kushalnagar, Nandakishore and Montenegro, Gabriel and Schumacher,
[355] Morel, Benoit, “Artificial Intelligence and the Future of Cybersecurity,”
Christian, “IPv6 over low-power wireless personal area networks
in Proceedings of the 4th ACM Workshop on Security and Artificial
(6LoWPANs): overview, assumptions, problem statement, and goals,” Intelligence, ser. AISec ’11. New York, NY, USA: ACM, 2011, pp. 93–
Tech. Rep., 2007.
98. [Online]. Available: http://doi.acm.org/10.1145/2046684.2046699
[336] Mulligan, Geoff, “The 6LoWPAN Architecture,” in Proceedings of
[356] C. E. Landwehr, “Cybersecurity and Artificial Intelligence: From
the 4th Workshop on Embedded Networked Sensors, ser. EmNets ’07.
Fixing the Plumbing to Smart Water,” IEEE Security Privacy, vol. 6,
New York, NY, USA: ACM, 2007, pp. 78–82. [Online]. Available:
no. 5, pp. 3–4, Sept 2008.
http://doi.acm.org/10.1145/1278972.1278992
[337] Shelby, Zach and Hartke, Klaus and Bormann, Carsten, “The con- [357] E. Bursztein and S. Bethard and C. Fabry and J. C. Mitchell and D.
strained application protocol (CoAP),” 2014. Jurafsky, “How Good Are Humans at Solving CAPTCHAs? A Large
[338] C. Bormann and A. P. Castellani and Z. Shelby, “CoAP: An Appli- Scale Evaluation,” in 2010 IEEE Symposium on Security and Privacy,
cation Protocol for Billions of Tiny Internet Nodes,” IEEE Internet vol. , no. , May 2010, pp. 399–413.
Computing, vol. 16, no. 2, pp. 62–67, March 2012. [358] D. Grzonka, A. Jakbik, J. Koodziej, and S. Pllana, “Using a multi-
[339] J. Granjal and E. Monteiro and J. S Silva, “Security for the Internet agent system and artificial intelligence for monitoring and improving
of Things: A Survey of Existing Protocols and Open Research Issues,” the cloud performance and security,” Future Generation Computer
IEEE Communications Surveys Tutorials, vol. 17, no. 3, pp. 1294– Systems, 2017. [Online]. Available: http://www.sciencedirect.com/
1312, thirdquarter 2015. science/article/pii/S0167739X17310531
[340] A. Kamble and V. S. Malemath and D. Patil, “Security attacks and [359] L. Caviglione and M. Gaggero and J. F. Lalande and W. Mazurczyk and
secure routing protocols in RPL-based Internet of Things: Survey,” in M. Urbaski, “Seeing the Unseen: Revealing Mobile Malware Hidden
2017 International Conference on Emerging Trends Innovation in ICT Communications via Energy Consumption and Artificial Intelligence,”
(ICEI), vol. , no. , Feb 2017, pp. 33–39. IEEE Transactions on Information Forensics and Security, vol. 11,
[341] Winter, Tim, “RPL: IPv6 routing protocol for low-power and lossy no. 4, pp. 799–810, April 2016.
networks,” 2012. [360] Botha, Martin and von Solms, Rossouw and Perry, Kent and
[342] H. S. Kim and J. Ko and D. E. Culler and J. Paek, “Challenging the Loubser, Edwin and Yamoyany, George, “The Utilization of Artificial
IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL): A Intelligence in a Hybrid Intrusion Detection System,” in Proceedings
Survey,” IEEE Communications Surveys Tutorials, vol. 19, no. 4, pp. of the 2002 Annual Research Conference of the South African
2502–2525, Fourthquarter 2017. Institute of Computer Scientists and Information Technologists on
[343] Costin, Andrei and Zaddach, Jonas and Francillon, Aurélien Enablement Through Technology, ser. SAICSIT ’02. Republic of
and Balzarotti, Davide, “A Large-scale Analysis of the Security South Africa: South African Institute for Computer Scientists and
of Embedded Firmwares,” in Proceedings of the 23rd USENIX Information Technologists, 2002, pp. 149–155. [Online]. Available:
Conference on Security Symposium, ser. SEC’14. Berkeley, CA, http://dl.acm.org/citation.cfm?id=581506.581527
USA: USENIX Association, 2014, pp. 95–110. [Online]. Available: [361] Russell, Stuart J and Norvig, Peter, Artificial intelligence: a modern
http://dl.acm.org/citation.cfm?id=2671225.2671232 approach. Malaysia; Pearson Education Limited,, 2016.
[344] A. Riahi and E. Natalizio and Y. Challal and N. Mitton and A. Iera, [362] P. Sharma and Hong Liu and Honggang Wang and Shelley Zhang, “Se-
“A systemic and cognitive approach for IoT security,” in 2014 Inter- curing wireless communications of connected vehicles with artificial
national Conference on Computing, Networking and Communications intelligence,” in 2017 IEEE International Symposium on Technologies
(ICNC), vol. , no. , Feb 2014, pp. 183–188. for Homeland Security (HST), vol. , no. , April 2017, pp. 1–7.
[345] V. Petrov and M. A. Lema and M. Gapeyenko and K. Antonakoglou [363] M. G. Kibria and K. Nguyen and G. P. Villardi and O. Zhao and
and D. Moltchanov and F. Sardis and A. Samuylov and S. Andreev and K. Ishizu and F. Kojima, “Big Data Analytics, Machine Learning and
Y. Koucheryavy and M. Dohler, “Achieving End-to-End Reliability of Artificial Intelligence in Next-Generation Wireless Networks,” IEEE
Mission-Critical Traffic in Softwarized 5G Networks,” IEEE Journal Access, vol. , no. , pp. 1–1, 2018.
on Selected Areas in Communications, vol. 36, no. 3, pp. 485–501,
[364] Parasuraman, Raja and Sheridan, Thomas B and Wickens, Christopher
March 2018.
D, “A model for types and levels of human interaction with automa-
[346] S. Namal, I. Ahmad, M. Jokinen, A. Gurtov, and M. Ylianttila, “SDN
tion,” Systems, Man and Cybernetics, Part A: Systems and Humans,
Core for Mobility between Cognitive Radio and 802.11 Networks,”
IEEE Transactions on, vol. 30, no. 3, pp. 286–297, 2000.
in 2014 Eighth International Conference on Next Generation Mobile
[365] M. Golam Kibria and K. Nguyen and G. Porto Villardi and K. Ishizu
Apps, Services and Technologies, Sep. 2014, pp. 272–281.
and F. Kojima, “Next Generation New Radio Small Cell Enhancement:
[347] M. Liyanage, I. Ahmad, J. Okwuibe, E. M. de Oca, H. L. MAI, O. L.
Architectural Options, Functionality and Performance Aspects,” IEEE
Perez, and M. U. Itzazelaia, “Software Defined Security Monitoring in
Wireless Communications, vol. , no. , pp. 1–9, 2018.
5G Networks,” A Comprehensive Guide to 5G Security, pp. 231–243,
2018. [366] I. Ahmad, S. Namal, M. Ylianttila, and A. Gurtov, “Towards software
[348] I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila, and defined cognitive networking,” in 2015 7th International Conference
A. Gurtov, “Overview of 5G Security Challenges and Solutions,” on New Technologies, Mobility and Security (NTMS), July 2015, pp.
IEEE Communications Standards Magazine, vol. 2, no. 1, pp. 36–43, 1–5.
MARCH 2018. [367] M. Hengstler, E. Enkel, and S. Duelli, “Applied artificial intelligence
[349] C. Lorenz and D. Hock and J. Scherer and R. Durner and W. and trustThe case of autonomous vehicles and medical assistance
Kellerer and S. Gebert and N. Gray and T. Zinner and P. Tran- devices,” Technological Forecasting and Social Change, vol. 105, pp.
Gia, “An SDN/NFV-Enabled Enterprise Network Architecture Offering 105 – 120, 2016. [Online]. Available: http://www.sciencedirect.com/
Fine-Grained Security Policy Enforcement,” IEEE Communications science/article/pii/S0040162515004187
Magazine, vol. 55, no. 3, pp. 217–223, March 2017. [368] Mahajan, Ratul and Wetherall, David and Anderson, Tom, “Under-
[350] S. Scott-Hayward and G. O’Callaghan and S. Sezer, “SDN Security: standing BGP misconfiguration,” in ACM SIGCOMM Computer Com-
A Survey,” in Future Networks and Services (SDN4FNS), 2013 IEEE munication Review, vol. 32, no. 4. ACM, 2002, pp. 3–16.
SDN for. IEEE, 2013, pp. 1–7. [369] ONF. (2013, October) SDN Security Considerations in the Data
[351] Hu, Hongxin and Han, Wonkyu and Ahn, Gail-Joon and Zhao, Ziming, Center. Open Networking Foundation. [Online]. Available: https:
“FLOWGUARD: building robust firewalls for software-defined net- //www.opennetworking.org/sdn-resources/sdn-library
41
[370] Hamed, Hazem and Al-Shaer, Ehab, “Taxonomy of conflicts in network [391] D. He and S. Chan and M. Guizani, “Drone-Assisted Public Safety
security policies,” Communications Magazine, IEEE, vol. 44, no. 3, pp. Networks: The Security Aspect,” IEEE Communications Magazine,
134–141, 2006. vol. 55, no. 8, pp. 218–223, 2017.
[371] A. Wool, “A quantitative study of firewall configuration errors,” Com- [392] R. Mitchell and I. R. Chen, “Adaptive Intrusion Detection of Malicious
puter, vol. 37, no. 6, pp. 62–67, June 2004. Unmanned Air Vehicles Using Behavior Rule Specifications,” IEEE
[372] Ortiz Jr, Sixto, “Software-Defined Networking: On the Verge of a Transactions on Systems, Man, and Cybernetics: Systems, vol. 44,
Breakthrough?” Computer, vol. 46, no. 7, pp. 10–12, 2013. no. 5, pp. 593–604, May 2014.
[373] A. Asghar and H. Farooq and A. Imran, “Self-Healing in Emerging [393] X. Li and D. Guo and H. Yin and G. Wei, “The public safety
Cellular Networks: Review, Challenges and Research Directions,” IEEE wireless broadband network with airdropped sensors,” in 2015 IEEE
Communications Surveys Tutorials, vol. , no. , pp. 1–1, 2018. China Summit and International Conference on Signal and Information
[374] Edwards, W. Keith and Poole, Erika Shehan and Stoll, Jennifer, Processing (ChinaSIP), vol. , no. , July 2015, pp. 443–447.
“Security Automation Considered Harmful?” in Proceedings of the [394] K. Halunen, J. Hiki, and V. Vallivaara, “Evaluation of user
2007 Workshop on New Security Paradigms, ser. NSPW ’07. New authentication methods in the gadget-free world,” Pervasive and
York, NY, USA: ACM, 2008, pp. 33–42. [Online]. Available: Mobile Computing, vol. 40, pp. 220 – 241, 2017. [Online]. Available:
http://doi.acm.org/10.1145/1600176.1600182 http://www.sciencedirect.com/science/article/pii/S1574119217303206
[375] R. Beck, “Beyond Bitcoin: The Rise of Blockchain World,” Computer, [395] T. Kumar, P. Porambage, I. Ahmad, M. Liyanage, E. Harjula,
vol. 51, no. 2, pp. 54–58, February 2018. and M. Ylianttila, “Securing gadget-free digital services,” Computer,
[376] T. Aste and P. Tasca and T. Di Matteo, “Blockchain Technologies: The vol. 51, no. 11, pp. 66–77, Nov 2018.
Foreseeable Impact on Society and Industry,” Computer, vol. 50, no. 9, [396] T. Kumar and A. Braeken and M. Liyanage and M. Ylianttila, “Identity
pp. 18–28, 2017. privacy preserving biometric based authentication scheme for Naked
[377] X. Yue, H. Wang, D. Jin, M. Li, and W. Jiang, “Healthcare healthcare environment,” in 2017 IEEE International Conference on
data gateways: Found healthcare intelligence on blockchain with Communications (ICC), vol. , no. , May 2017, pp. 1–7.
novel privacy risk control,” Journal of Medical Systems, vol. 40, [397] T. Kumar and M. Liyanage and A. Braeken and I. Ahmad and
no. 10, p. 218, Aug 2016. [Online]. Available: https://doi.org/10.1007/ M. Ylianttila, “From gadget to gadget-free hyperconnected world:
s10916-016-0574-6 Conceptual analysis of user privacy challenges,” in 2017 European
[378] M. Mettler, “Blockchain technology in healthcare: The revolution Conference on Networks and Communications (EuCNC), vol. , no. ,
starts here,” in 2016 IEEE 18th International Conference on e-Health June 2017, pp. 1–6.
Networking, Applications and Services (Healthcom), vol. , no. , Sept [398] L. van Zoonen, “Privacy concerns in smart cities,” Government
2016, pp. 1–3. Information Quarterly, vol. 33, no. 3, pp. 472 – 480, 2016,
open and Smart Governments: Strategies, Tools, and Experiences.
[379] M. Puppala and T. He and X. Yu and S. Chen and R. Ogunti and
[Online]. Available: http://www.sciencedirect.com/science/article/pii/
S. T. C. Wong, “Data security and privacy management in healthcare
S0740624X16300818
applications and clinical data warehouse environment,” in 2016 IEEE-
[399] K. Zhang and J. Ni and K. Yang and X. Liang and J. Ren and X. S.
EMBS International Conference on Biomedical and Health Informatics
Shen, “Security and Privacy in Smart City Applications: Challenges
(BHI), vol. , no. , Feb 2016, pp. 5–8.
and Solutions,” IEEE Communications Magazine, vol. 55, no. 1, pp.
[380] V. Ramani, T. Kumar, A. Bracken, M. Liyanage, and M. Ylianttila,
122–129, January 2017.
“Secure and efficient data accessibility in blockchain based healthcare
[400] D. Eckhoff and I. Wagner, “Privacy in the Smart City; Applications,
systems,” in 2018 IEEE Global Communications Conference (GLOBE-
Technologies, Challenges, and Solutions,” IEEE Communications Sur-
COM), Dec 2018, pp. 206–212.
veys Tutorials, vol. 20, no. 1, pp. 489–516, Firstquarter 2018.
[381] A. Dorri and S. S. Kanhere and R. Jurdak and P. Gauravaram,
[401] D. W. K. Ng and R. Schober, “Secure and Green SWIPT in Distributed
“Blockchain for IoT security and privacy: The case study of a smart
Antenna Networks With Limited Backhaul Capacity,” IEEE Transac-
home,” in 2017 IEEE International Conference on Pervasive Comput-
tions on Wireless Communications, vol. 14, no. 9, pp. 5082–5097, Sep.
ing and Communications Workshops (PerCom Workshops), vol. , no. ,
2015.
March 2017, pp. 618–623.
[402] A. Imran, “Challenges in 5G: How to empower SON with Big Data
[382] M. Samaniego and R. Deters, “Blockchain as a Service for IoT,” in for enabling 5G,” IEEE Network, vol. 28, no. 6, pp. 27–33, Nov. 2014.
2016 IEEE International Conference on Internet of Things (iThings) [403] D. W. K. Ng, E. S. Lo, and R. Schober, “Robust Beamforming for
and IEEE Green Computing and Communications (GreenCom) and Secure Communication in Systems With Wireless Information and
IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Power Transfer.” IEEE Trans. Wireless Communications, vol. 13, no. 8,
Smart Data (SmartData), vol. , no. , Dec 2016, pp. 433–436. pp. 4599–4615, 2014.
[383] N. Kshetri, “Can Blockchain Strengthen the Internet of Things?” IT [404] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, “Fog computing and
Professional, vol. 19, no. 4, pp. 68–72, 2017. its role in the internet of things,” in Proceedings of the First Edition
[384] A. Dorri and S. S. Kanhere and R. Jurdak, “Towards an Optimized of the MCC Workshop on Mobile Cloud Computing, ser. MCC ’12.
BlockChain for IoT,” in 2017 IEEE/ACM Second International Confer- New York, NY, USA: ACM, 2012, pp. 13–16. [Online]. Available:
ence on Internet-of-Things Design and Implementation (IoTDI), vol. , http://doi.acm.org/10.1145/2342509.2342513
no. , April 2017, pp. 173–178. [405] J. Ni and K. Zhang and X. Lin and X. S. Shen, “Securing Fog Com-
[385] M. Conoscenti and A. Vetr and J. C. De Martin, “Blockchain for the puting for Internet of Things Applications: Challenges and Solutions,”
Internet of Things: A systematic literature review,” in 2016 IEEE/ACS IEEE Communications Surveys Tutorials, vol. 20, no. 1, pp. 601–628,
13th International Conference of Computer Systems and Applications Firstquarter 2018.
(AICCSA), vol. , no. , Nov 2016, pp. 1–6. [406] F. Sabahi, “Virtualization-level security in cloud computing,” in 2011
[386] S. Huh and S. Cho and S. Kim, “Managing IoT devices using IEEE 3rd International Conference on Communication Software and
blockchain platform,” in 2017 19th International Conference on Ad- Networks, May 2011, pp. 250–254.
vanced Communication Technology (ICACT), vol. , no. , Feb 2017, pp. [407] M. Ali, S. U. Khan, and A. V. Vasilakos, “Security in cloud computing:
464–467. Opportunities and challenges,” Information Sciences, vol. 305, pp.
[387] Rudinskas, Darius and Goraj, Zdobyslaw and Stankūnas, Jonas, “Secu- 357 – 383, 2015. [Online]. Available: http://www.sciencedirect.com/
rity analysis of UAV radio communication system,” Aviation, vol. 13, science/article/pii/S0020025515000638
no. 4, pp. 116–121, 2009. [408] N. Javaid, A. Sher, H. Nasir, and N. Guizani, “Intelligence in IoT-Based
[388] N. M. Rodday and R. d. O. Schmidt and A. Pras, “Exploring security 5G Networks: Opportunities and Challenges,” IEEE Communications
vulnerabilities of unmanned aerial vehicles,” in NOMS 2016 - 2016 Magazine, vol. 56, no. 10, pp. 94–100, OCTOBER 2018.
IEEE/IFIP Network Operations and Management Symposium, vol. , [409] T. Kumar, V. Ramani, I. Ahmad, A. Braeken, E. Harjula, and M. Yliant-
no. , April 2016, pp. 993–994. tila, “Blockchain utilization in healthcare: Key requirements and chal-
[389] A. Singandhupe and H. M. La and D. Feil-Seifer, “Reliable Security lenges,” in 2018 IEEE 20th International Conference on e-Health
Algorithm for Drones Using Individual Characteristics From an EEG Networking, Applications and Services (Healthcom), Sep. 2018, pp.
Signal,” IEEE Access, vol. 6, no. , pp. 22 976–22 986, 2018. 1–7.
[390] C. Lin and D. He and N. Kumar and K. K. R. Choo and A. Vinel and
X. Huang, “Security and Privacy for the Internet of Drones: Challenges
and Solutions,” IEEE Communications Magazine, vol. 56, no. 1, pp.
64–69, Jan 2018.

T 14 Security For 5G and Beyond 2019 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

T 14 Security For 5G and Beyond 2019 PDF

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Security for 5G and Beyond

Email: ∗ firstname.lastname@oulu.fi, † ijaz.ahmad@vtt.fi, ‡ shahriar.shahabuddin@nokia.com, § gurtov@acm.org

solutions to those weaknesses. TABLE I

Fig. 1. Outline of the article.

nents, and signaling-based DoS attacks. However, the security TABLE II

A. Overview of 5G design principles

Fig. 2. 5G Design Principles.

mechanisms. However, one of the advantages of public-key

D. General Overview of security in 5G

Fig. 4. Security threat landscape in 5G networks.

Fig. 5. 5G security vision and objectives.

TABLE III in [94]. The work presented in [94] discusses 5G architecture

Standardization bodies Workgroups Major security areas in focus Milestones

Fig. 6. High-level architecture presentation of 5G networks.

Affected network segments

DoS attack on signaling plane Centralized control elements X

Controller Replication [204] Control plane security through scalability X

Privacy Concern 1G - 3G 4G 5G XG Relevant References

B. A Glimpse of Security Challenges in XG security softwarization and virtualization, AI and blockchain

You might also like