Page |1

5G Security Controls and Assurance

By Dr. David Soldani, 06/03/ 2021

Contents
Abbreviations ................................................................................................................................................ 2
Security Architecture and Procedures .......................................................................................................... 4
Security Assurance Specifications ................................................................................................................. 4
Studies and Reports ...................................................................................................................................... 4
Others Specifications .................................................................................................................................... 5
Primary Authentication ................................................................................................................................. 5
Secondary Authentication ............................................................................................................................ 6
Protection of Network Interfaces ................................................................................................................. 6
Network Element Security Assurance Scheme ............................................................................................. 8
References .................................................................................................................................................. 11
Biography .................................................................................................................................................... 11
Appendix – Cryptography ........................................................................................................................... 12
 Page |2

Abbreviations
5G AV 5G Authentication Vector
AAnF AKMA Anchor Function
AES Advanced Encryption Standard
AKA Authentication and Key Agreement
AKMA Authentication Key Management for Applications
ARPF Authentication credential Repository and Processing Function
AUSF Authentication Server Function
AUTN AUthentication TokeN
EAP Extensible Authentication Protocol
EMSK Extended Master Session Key
GUTI Globally Unique Temporary UE Identity
HRES Hash RESponse
HXRES Hash eXpected RESponse
IKE Internet Key Exchange
IPUPS Inter-PLMN UP Security
KSI Key Set Identifier
LI Lawful Intercept
MSK Master Session Key
NAI Network Access Identifier
NIA Integrity Algorithm for 5G
NSSAI Network Slice Selection Assistance Information
NSSAA Network Slice Specific Authentication and Authorization
PEI Permanent Equipment Identifier
RES RESponse
SEAF SEcurity Anchor Function
SG Security Gateway
SEPP Security Edge Protection Proxy
SIDF Subscription Identifier De-concealing Function
SUCI Subscription Concealed Identifier
SUPI Subscription Permanent Identifier
TLS Transport Layer Security
UDM Unified Data Management
UDR Unified Data Repository
XRES eXpected RESponse
 Page |3

This article focuses on the most important security specifications for 5G networks, i.e. 3GPP Technical
Specification 33-Series [1].

The main active working group addressing 5G security and privacy issues is 3GPP System Architecture 3
(3GPP SA3). The group is responsible for identifying the security and privacy requirements and defining
the security architectures and associated protocols to address these requirements. 3GPP SA3 also ensures
that cryptographic algorithms which need to be part of the 5G security specifications are available.

3GPP Release 15 defines the 5G security infrastructure and further enhances 4G security. It also supports
security assurance and test methods for 5G core network functions and base station (gNB).

3GPP Release 16 fortifies the security architecture for wireless-wireline convergence; and supports
security for vertical functions and authentication and key management of vertical applications, such as
network sliding, industrial IoT, cellular IoT, multi-access edge computing (MEC), terrestrial and aerial
manned and unmanned vehicles. It also supports security assurance requirements and test cases for data
analytics, interworking and service communication proxy functions.

3GPP Release 17 will further evolve the user plane integrity; authentication functions; security controls
for rouge base stations, slice enhancement, private networks, drones, and broadcast channels. Also, it will
support security assurance requirements and test cases for additional network equipment and related
functions.

The following sections outline the most important technical specifications and provide some insights into
the new security control mechanisms for confidentially and integrity protection [2]-[4], and schemes for
network element security assurance [5] in 5G.

Figure 1. 3GPP Technical Specifications and Reports for Release 15 (R15), Release (16) and Release (17).
 Page |4

Security Architecture and Procedures

TS 33.501 Security architecture and procedures for 5G System

Security Assurance Specifications

TS 33.511 Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class

TS 33.512 5G Security Assurance Specification (SCAS); Access and Mobility management Function (AMF)

TS 33.513 5G Security Assurance Specification (SCAS); User Plane Function (UPF)

TS 33.514 5G Security Assurance Specification (SCAS) for the Unified Data Management (UDM) network product class

TS 33.515 5G Security Assurance Specification (SCAS) for the Session Management Function (SMF) network product class

TS 33.516 5G Security Assurance Specification (SCAS) for the Authentication Server Function (AUSF) network product class

TS 33.517 5G Security Assurance Specification (SCAS) for the Security Edge Protection Proxy (SEPP) network product class

TS 33.518 5G Security Assurance Specification (SCAS) for the Network Repository Function (NRF) network product class

TS 33.519 5G Security Assurance Specification (SCAS) for the Network Exposure Function (NEF) network product class

TS 33.520 5G Security Assurance Specification (SCAS); Non-3GPP InterWorking Function (N3IWF)

TS 33.521 5G Security Assurance Specification (SCAS); Network Data Analytics Function (NWDAF)

TS 33.522 5G Security Assurance Specification (SCAS); Service Communication Proxy (SECOP)

Studies and Reports

TR 33.807 Study on the security of the wireless and wireline convergence for the 5G system architecture

TR 33.809 Study on 5G security enhancements against False Base Stations (FBS)

TR 33.811 Study on security aspects of 5G network slicing management

TR 33.813 Study on security aspects of network slicing enhancement

TR 33.819 Study on security enhancements of 5G System (5GS) for vertical and Local Area Network (LAN) services

TR 33.824 Study on security aspects of Integrated Access and Backhaul (IAB) for Next Radio (NR)

TR 33.825 Study on the security of Ultra-Reliable Low-Latency Communication (URLLC) for the 5G System (5GS)

TR 33.826 Study on Lawful Interception Service Evolution

 Page |5

TR 33.836 Study on security aspects of 3GPP support for advanced Vehicle-to-Everything (V2X) services

TR 33.839 Study on security aspects of enhancement of support for edge computing in 5G Core (5GC)

TR 33.840 Study on security aspects of the disaggregated gNB architecture

TR 33.841 Study on the support of 256-bit algorithms for 5G

TR 33.848 Study on security impacts of virtualisation

TR 33.850 Study on security aspects of enhancements for 5G Multicast-Broadcast Services (MBS)

TR 33.851 Study on security for enhanced support of Industrial Internet of Things (IIoT)

TR 33.852 Study on traffic characteristics and performance requirements for AI/ML model transfer in 5G Systems (5GS)

TR 33.854 Study on security aspects of Unmanned Aerial Systems (UAS)

TR 33.861 Study on evolution of Cellular Internet of Things (CIoT) security for the 5G System

Others Specifications
TS 33.535 Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)

TS 33.536 Security aspects of 3GPP support for advanced Vehicle-to-Everything (V2X) services

Primary Authentication
The Extensible Authentication Protocol (EAP) – 5G Authentication and Key Agreement (5G AKA) procedure
makes it possible the mutual authentication between the UE and the network, based on a secret (shared)
master key (K) in the USIM and Authentication Credential Repository and Processing Function (ARPF).

On the side of the 5G core network (5GC), the key element that effectively performs authentication with
the UE is Authentication Server Function (AUSF). It uses services of Unified Data Management (UDM) and
ARPF, which are responsible for hosting the functions related to data management and for selecting
authentication methods and computing data and keying material that AUSF needs. At the same time, the
Subscriber Identifier De-concealing Function (SIDF) comes into play to derive the SUPI from SUCI. All this
is happening in the home network core.

On the side of the serving network, the key function is Security Anchor Function (SEAF), that stores the
anchor key (KSEAF) provided by the AUSF of the home network. Keys for more than one security context
can then be derived from the KSEAF without the need of a new authentication run, regardless of the access
network technology used by the UE. (In 5G, the home network is in charge of authentication instead of
the visiting/roaming network.)
 Page |6

Another authentication framework is the Authentication and Key management for Applications (AKMA),
where subscriber credentials can be used for authentication and key management at the application layer,
for 3rd party applications. This may be particularly relevant for IoT applications.

Figure 2. Key generation hierarchy in 5G [4].

Secondary Authentication
The EAP supports both primary (typically implemented during initial registration for example when a
device is turned on for the first time) and secondary (executed for authorisation during the set-up of user
plane connections, for example, to surf the web or to establish a call) authentication.

The secondary authentication allows the operator to delegate the authorisation to a third party. It is
meant for authentication between UE and external data networks (EDN), residing outside the operator’s
domain. (A similar service was also possible in 4G, but it is now integrated in 5G architecture.) This
mechanism allows an independent authentication and authorization, e.g. using network slicing, before
the UE may connect to that external network using EAP to request secondary authentication by the
external network.

Protection of Network Interfaces

In 5G, the implementation of the Radio Access Network (RAN) may be split or disintegrated, where RAN
is separated into: Distributed Units (DU) and Central Units (CU). The CU performs security functions
(cryptography), it terminates the Access Stratum (AS) security protocols and is typically deployed in sites
with restricted access to maintenance personnel. (Together DU and CU form the gNB.)

Since the traffic transmitted through F1 and E1 interfaces may carry sensitive data, the 3GPP TS 33.501
requires mandatory confidentiality, integrity and replay protection for the F1 signalling plane (F1-C) and
for the E1 interface (E1-C and E1-U), while leaving it optional for the F1 user plane interface (F1-U). For
both F1 and E1 interfaces the support of “IPSec ESP protocol (IETF RFC 4303) and IKEv2 certificate-based
 Page |7

authentication (TS 33.310)” is mandatory. The F1-U may be protected differently, including turning
integrity and/or encryption off or on for F1-U.

IPSec IPSec

RESTful APIs
HTTP/2
DTLS
[ENISA] IPSec (Optional) IPSec

Figure 3. Protection of network interfaces and communication between network functions in 5G [2].

Interfaces N2 and N3 (also shown in Figure 3) are interfaces that connect 5G-RAN with Access and Mobility
Function (AMF) and with the UPF (User Plane Function), respectively. In both cases, the support of the
“IPsec ESP and IKEv2 certificate-based authentication” are required. In addition, 3GPP TS 33.501 demands
the support of DTLS (RFC 6083), clarifying also that the use of DTLS for transport layer security does not
rule out usage of other network layer protection, emphasizing the advantage of IPSec in terms of providing
topology hiding. (A Security Gateway (SEG) may be used to terminate the IPSec tunnel between the gNB
side and that on the 5GC side.)

The 5GC Service Based Architecture (SBA) is based on network entity functionalities which are refactored
into services exposed and offered to other network entities. These network functions expose their
functionality through Service Based Interfaces (SBI) through an SBI message bus that implements RESTful
APIs over HTTP/2. Essentially, all NFs can communicate with each other using either a request/response
or subscribe/notify interactions between NF service consumers and producers.

From the security point of view, NFs must support client and server certificates and TLS, which is envisaged
to be used for transport protection, whilst NDS/IP can still be used for network layer protection.

The Network Repository Function (NRF) can be seen as the authorization server that issues access tokens
to other NFs that want to communicate to each other.

The mutual authentication between these functions is mandatory, and for NF-NRF communication it is
done during discovery, registration and access token request. (The actual authentication mechanism
would depend on the protection mechanism used. If that was the TLS, then the authentication provided
by TLS would be used.)

The authorization is based on the OAuth 2.0 framework (RFC 6749).

 Page |8

Network Element Security Assurance Scheme

The Global System for Mobile Communications Association (GSMA) network element security assurance
scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance
framework to facilitate improvements in security levels across the mobile industry.

Figure 4. GSMA NESAS and 3GPP SCAS methodologies and milestones [5].

The NESAS defines security requirements based on 3GPP technical specifications and an assessment
framework for secure product development and product lifecycle processes; and security evaluation
scheme for network equipment, using the 3GPP defined security specifications and test cases, i.e., 3GPP
security assurance specifications (SCAS).

 NESAS Development and Lifecycle Assessment Methodology - defines audit and assessment
process for vendor development and product lifecycle process under the GSMA Network
Equipment Security Assurance Scheme (NESAS).

 NESAS Development and Lifecycle Security Requirements - defines security requirements for
vendor development and product lifecycle process under the GSMA Network Equipment Security
Assurance Scheme (NESAS).

The NESAS is focused on the vendor aspects of the supply chain, and thus provides a security assurance
framework to improve security levels across the all mobile industry, because it has been developed
following established practices and schemes that provide trustworthy security assurance.

The NESAS is widely supported by security authorities (such as ENISA in EU, ANSSI in France and BSI in
Germany) and industry organizations, globally.

The NESAS 1.0 release was finalized in October 2019. Ericsson, Nokia and Huawei openly support NESAS
as a unified cyber security certification framework for mobile network equipment, and more than ten
operators have requested NESAS compliance, before deploying 5G equipment in their countries.

On 24 August 2020, the GSMA announced that the world’s leading mobile network equipment vendors,
Ericsson, Huawei, Nokia and ZTE, had successfully completed an assessment of their product development
and life cycle management processes using the GSMA’s NESAS. In particular, Huawei has passed the
auditing process for LTE eNodeB and 5G gNodeB product lines, and 5G Core product line. In January 2021,
the Huawei 5G gNodeB and LTE eNodeB passed the 3GPP’s security assurance specifications testing.
 Page |9

Operators Vendors Audit & Test Regulator

The 10 tier-1 carriers are included All the four major vendors Eight assessment institutions are The EU Member States (MS)
in the 5G bidding document, five participate in the assessment authorized, including two audit unanimously agree that:
of which are from Europe institutions and six laboratories NESAS was widely recognized by
ECCG representatives as the basis
Audit institutions:
for the basic level solution for EU
5G security certification

Laboratories*:

（soon）

*) Security test laboratories – that are deemed by an International Laboratory Accreditation Cooperation (ILAC) member accreditation body to have been ISO 17025 accredited and meet the NESAS requirements –
will be considered to have achieved NESAS accreditation satisfied

• https://www.gsma.com/security/nesas-security-auditors/
• https://www.gsma.com/security/nesas-security-test-laboratories/

Figure 5. Examples of how the NESAS is widely supported globally [5].

The NESAS 1.0 framework was approved in October 2019 and comprises a number of technical
specifications that meet the basic requirements of the EU Cyber Security Act. The NESAS specifications
will be further improved by the end of this year to meet higher security assurance levels in compliance
with the EU Cyber Security Act. This will take into account the best industry standards and security
practices.

Trustworthy products and resilient networks cannot be achieved without the full participation of all the
elements in the trust chain for a network. We need a layered defense, where controls of various types
and kinds overlap each other in coverage, and that’s how a defense-in-depth 5G security strategy should
be implemented.

An example of defense-in-depth approach for 5G security deployment requires the support of:

 All 3GPP SCAS requirements, and fundamental security control enhancements, such as: user
plane (UP) integrity protection, UP security policy, roaming security, user privacy preservation
(encryption of international mobile subscriber identity), unified authentication and enhanced
encryption algorithms.

 Equipment security, for example: 3-plane isolation, data security, host intrusion detection and
Trusted Execution Environment (TEE).

 Sub-solutions to Radio Access Network (RAN) security (e.g. rouge base station detection, secure
transmission), MEC security (MEC platform hardening, MEC security operations, e2e encrypted
local network), Core Network security (multi-layer isolation and hardening, disaster and elastic
recovery), Network Slicing security (slice isolation, encryption and protection, differentiated slice
security) and Massive Connectivity security (signaling domain anti-DDoS and date domain anti-
DDoS).

 Security management, which includes an Element Management System (EMS) layer, for
situational awareness, anomaly detection, trusted integrity measurements, certificate
management, log auditing, and Network Element (NE) vulnerability management; and an end-to-
end Security Operation Centre (SOC), for security situational awareness, AI-based threat analysis
and detection, security orchestration and Network Element (NE) vulnerability management.
 P a g e | 10

5G security requires collaboration in terms of standards, devices, and deployment. All parties in the
industry chain need to take their own security responsibilities. In order to mitigate the related cyber
security risks:

 Suppliers must prioritized cyber security sufficiently (e.g. respect laws, regulations, standards,
certify their products, and ensure quality in their supply chains).

 Telecoms operators are responsible for assessing risks and taking appropriate measures to ensure
compliance, security and resilience of their networks.

 Service providers and customers are responsible for the implementation, deployment, support
and activation of all appropriate security mechanisms of service applications and information
(data).

 Regulators are responsible for guaranteeing that Telco providers take appropriate measures to
safeguard the general security and resilience of their networks and services.

 Governments have the responsibility of taking the necessary measures to ensure the protection
of the national security interests and the enforcement of conformance programs and
independent product testing and certification.

 Standardization development organizations must ensure that there are proper specifications and
standards for security assurance and best practices in place, such as the GSMA NESAS.

The mobile industry needs a globally trusted and mutually recognized security assurance scheme. All
stakeholders are invited to adopt and contribute to the GSMA NESAS, which is a security assurance
scheme with shared and tailored specifications. Industry players, governments, security agencies and
regulators are recommended to adopt the GSMA NESAS for testing and evaluating telecoms equipment.

The NESAS is a customized, authoritative, unified, efficient and constantly evolving security assurance
scheme for the mobile industry, and could be a part of certification and accreditation processes against a
predetermined set of security standards and policies for security authorization in any country.
 P a g e | 11

References
[1] 3GPP TS 33.501, “Security architecture and procedures for 5G System,” February 2021. Retrieved
from:
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169
[2] ENISA, “Security in 5G Specifications - Controls in 3GPP Security Specifications (5G SA),” February
2021. Retrieved from:
https://www.enisa.europa.eu/news/enisa-news/cybersecurity-for-5g-enisa-releases-report-on-security-controls-in-3gpp
[3] ENISA, “5G Supplement - To the Guideline on Security Measures under the EECC,” December 2020.
Retrieved from:
https://www.enisa.europa.eu/publications/5g-supplement-security-measures-under-eecc
[4] Reiner Stuhlfauth, “5G Security Aspects,” Rohde & Swartz webinar, May 2020. Retrieved from:
https://www.rohde-schwarz.com/us/knowledge-center/videos/5g-security-aspects-video-detailpage_251220-638752.html
[5] D. Soldani, “5G Security,” Cyber Defense eMagazine, February 2021. Retrieved from:
https://cyberdefensemagazine.tradepub.com/free/w_cyba111/prgm.cgi

Biography

David Soldani received a Master of Science (M.Sc.) degree in Engineering with full marks and magna cum
laude approbatur from the University of Florence, Italy, in 1994; and a Doctor of Science (D.Sc.) degree
in Technology with distinction from Helsinki University of Technology, Finland, in 2006. In 2014, 2016
and 2018 he was appointed Visiting Professor, Industry Professor, and Adjunct Professor at University of
Surrey, UK, University of Technology Sydney (UTS), Australia, and University of New South Wales
(UNSW), respectively. D. Soldani is currently at Huawei Technologies and, since 2018, he has been serving
as Chief Technology (CTO) and Cyber Security Officer (CSO) within the ASIA Pacific Region, and, since
2020, as Chairman of the IMDA 5G task force, in Singapore. Prior to that he was Head of 5G Technology,
e2e, Global, at Nokia; and Head of Central Research Institute (CRI) and VP Strategic Research and
Innovation in Europe, at Huawei European Research Centre (ERC). David can be reached online at
https://www.linkedin.com/in/dr-david-soldani/
 P a g e | 12

Appendix – Cryptography
This section summarizes all the cryptography key concepts so that anyone can understand the application
of cryptography, and all the beneficiary effects those technologies have in achieving a secure
communication between peer entities, in terms of confidentiality (encryption) and integrity (hashing),
authenticity (proof of origin), non-repudiation, and access control, e.g. across a wireless channel (with
public access). (N.B. Availability is not guaranteed.)

Ways to do cryptography, stream and block ciphers:

 Algorithm → High degree of confusion and diffusion.

 Symmetric key → Very fast (+), key distribution (-) and scalability (-).
 Asymmetric key → Very slow (-), key distribution (+) and scalability (+).
 Hashing → One way operation for data at rest and data in motion (transit) integrity.
 Message digest → Representation of message that ensures the authentication and integrity of
information, but not confidentiality.
 Digital signatures → Authentication, integrity of message and non- repudiation (inability to deny)
services (origin and delivery) → Private Key + Digest.
 Digital certificate → Binds individuals and entities to their public keys.
 Secure cryptography ↔ Proper Key Management.
 Key digest → Symmetric Key + Digest.
Figure 6 illustrates and example of encryption using asymmetric key and integrity (hashing), e.g. across a
wireless channel (with public access), Figure 7 depicts an example of Public Key Infrastructure (PKI), and
Figure 8 shows how Secure Sockets Layer (SSL) and its successor, i.e. Transport Layer Security (TLS),
between networked computers, work.

A generates this
symmetric key Key transmission CT
only for this E (Key) D
communication

Message Efficient encryption CT Confidentiality Message

(PlaneText)
E (Message) D (PlaneText)

A Channel B
Digital
H Digest E Signature
(Sender)
D H
Integrity
Integrity

Digest Digest
Digital
Digest D Signature
(Receipt)
E

E = Encryption D = Decryption H = Hash Function CT = CryptoText (CipherText) m = Message k = Key

= Symmetric Key = A Public Key = A Private (Secret) Key = B Public Key = B Private (Secret) Key

Figure 6. Example of encryption using asymmetric key and integrity (hashing) across a wireless channel (with public access).
 P a g e | 13

X.509 Certificate

Public Key Infrastructure (PKI)

Public Public
(Subject) (Subject)
RA
Subject
Issuer

Web site
CA Private Public
(Issuer) (Subject)

Decrypts Certificate passed Certificate

certificate for automatically via Revocation List
the browser Certificate
trusting the (CRL)
certificate

Ctrl
Request of formal check that
Public the certificate is still valid
(Issuer)
User Controller  Certificate

RA = Registration Authority CA = Certification Authority Ctrl = Control Authority

Figure 7. Example of Public Key Infrastructure (PKI).

Request
Server

User Seller
(Client)

Public + List of encryption methods (AES)

(Server)

Random Use Shared

Number # Secret for the
duration of
(Secret) Session Key (Shared Secret)
the session
(Encrypted Random Number # using Server Public Key)

AES (Rijndael) = Advanced Encryption Standard (Specification for encryption of electronic data by NIST)

Figure 8. Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), between networked computers.