Ericsson - Guide To 5G Network Security

A guide to 5G
network security
Conceptualizing security in mobile
communication networks – how does 5G fit in?
ericsson.com
Ericsson | A guide to 5G network security 3
Executive Summary
An introduction to telecom In qualitative terms alone, Advances in technology, together with the
network security 5G is worlds ahead of 4G broader development of networks beyond
• Today’s telecommunication networks • From a user perspective, 5G is inherently 5G RAN, are expected to have a significant
are generally separated into four log- different to any of the previous mobile impact on security, such as software-de-
ical parts: radio access network, core generations. Machine-type communica- fined networking (SDN), network function
network, transport network and inter- tion, enabled by 5G, is widely anti- virtualization (NFV) and edge computing.
connect network. Each network part cipated to become the strategic differ- The 5G 3GPP standard is agnostic, in that
comprises three so-called planes, each ence and unique selling point of 5G in it is flexible enough to allow for different
of which is responsible for carrying a dif- the long run. 5G networks will serve as types of physical and virtual overlap
ferent type of traffic, namely: the control critical infrastructures to facilitate the between the radio access network (RAN)
plane which carries the signaling traffic; digitization, automation and connec- and core network, for example, from a
the user plane which carries the payload tivity to machines, robots and transport remote device to the Core network.
(actual-) traffic; and the management solutions etc. Thus, there is significant The separation of functions between
plane which carries the administrative value at stake and, so too, a significantly RAN and core raises questions about
traffic. In terms of network security, all different tolerance for risk. competitiveness and performance.
three planes can each be exposed to • 5G marks the beginning of a new era of From an economic, competitive and
unique types of threats. There are also network security with the introduction of performance perspective, failing to make
uniform threats which can affect all IMSI encryption. All traffic data which is use of technological developments in the
three planes simultaneously. sent over 5G radio network is encrypted, configuration and deployment of 5G
• Telecommunication network security is integrity protected and subject to mutual commercial networks will ultimately prove
defined by the following components: authentication e.g. device to network. counterproductive to realizing unique 5G
– Standardization; a process whereby • Standardization authorities, such as use cases, such as critical machine-type
operators, vendors and other stake- those represented through 3GPP, do not communication or applications which
holders set standards for how standardize how functions are imple- belong to latency-sensitive autonomous
networks around the globe will work mented and realized. The main purpose systems.
together. This also includes how best of the specifications is to secure inter- In the era of 5G, it’s important that,
to protect networks and users against operability between the functions when we begin to conceptualize security
malicious actors. required to provide network connectiv- on a system wide level where telecom
– Network design; network vendors ity. Consequently, there is little about networks are an important component,
design, develop and implement the virtualization and cloud deployments in we adopt a strong understanding of the
agreed standards for functional the specifications. These details will be following:
network elements and systems, which addressed at the implementation and • Increased value at stake and
play a crucial part in making the end deployment phases. decreased risk tolerance
network product both functional and • Fairly trivial malware is still prevalent • Cyber-physical dependencies
secure. for infecting devices or at least gaining • Security of standards, products,
– Network configuration; at the an initial foothold within a targeted IT deployments and operations
deployment phase, networks are system. Simultaneously, telecommuni- • Proactive cybersecurity measures
configured for a targeted security cation networks using specialized • Vulnerability management
level, which is key to setting security equipment can be targeted by malware • Securing the supply chain.
parameters and further strengthening which is anything but trivial.
the security and resilience of the
network. Understanding security in the era of 5G
– Network deployment and operation; Telecommunication networks are evolving
the operational processes which allow rapidly across a broad technological
networks to function and deliver environment which includes virtualization,
targeted levels of security are highly IoT and Industry 4.0. This is met by an
dependent on the deployment and equally broad yet deteriorating cybers-
operations of the network itself. ecurity environment.
4 Ericsson | A guide to 5G network security
Contents
1. Introduction..................................................................................................................... 5
2. Conceptualizing security in telecom networks.............................................. 7

2.1 What is a telecom network and how does it work?........................................................ 7
2.2 Key security consideration in the standardization, development, deployment
and operations of telecom networks.................................................................................. 7
2.3 What kind of threats do telecom networks meet?.......................................................... 8
3. Critical Infrastructure - value at stake in 5G.................................................... 9

3.1 K
ey technology trends shaping the evolution of telecom networks.......................10
4. 3GPP standardization of the 5G system............................................................11

4.1 What is a 3GPP standardized 5G system?......................................................................11
4.2 Security functions provided by the 3GPP standard.....................................................11
4.2.1 Mutual authentications..............................................................................................11
4.2.2 Confidentiality of user plane data..........................................................................11
4.2.3 Privacy.............................................................................................................................12
4.2.4 Encryption and integrity protectionw....................................................................12
4.2.5 A false base station15w................................................................................................12
4.2.6 Compartmentalizationw...........................................................................................12
4.2.7 Implementation aspects of the 5G system..........................................................12
4.3 Security Assurance in 3GPP SECAM.................................................................................12
5. Security Architecture in 5G..........................................................................................13

5.1 System-wide security............................................................................................................13
5.2 Deployment/Vertical security............................................................................................14
6. Ericsson’s 5G product security...................................................................................15

6.1 Key 5G security functionality..............................................................................................15
6.2 Ericsson’s Security Reliability Model................................................................................15
6.6.1 Functions........................................................................................................................15
6.6.2 Assurance.......................................................................................................................16
6.6.3 Documentation.............................................................................................................16
6.6.4 Enabling Product Near Security Services.............................................................16
6.3 Avoiding vulnerabilities........................................................................................................16
6.4 Detecting flaws.......................................................................................................................17
6.5 Vulnerability watch................................................................................................................17
6.6 Vulnerability remediation....................................................................................................17
6.7 Ericsson’s Product Security Incident Response Team.................................................17
References......................................................................................................................................18
Glossary.....................................................................................................................................19-20
1. Introduction
New forms of wireless connectivity are new set of issues, such as the security, principles, implementation considerations
galvanizing a wave of digital transforma- safety, and robustness of cyber-physical and the day to day operations of networks.
tion which is disrupting our industries and systems. Novel types of attack, as well as In this document, 5G refers to the entire
forcing us to rethink traditional ways of new privacy and cybersecurity regulations, ecosystem of IoT, Industry 4.0, cloud,
working. This transformation is not just may take many industries by surprise. internet services, digitalization and
changing how we work with IT, office tools supporting technology in general.
and administrative systems; but it’s also Mitigating security and privacy Telecommunication networks, both fixed
creating new business opportunities. threats under 5G and mobile, are set to play an important
Value chains are becoming value The subject of security and privacy role in the 5G era, ultimately providing the
networks, where one-to-one relations continues to provoke a passioned response necessary low-latency connectivity to the
between suppliers, vendors, operators and high expectations from citizens and internet.
and end-users are being reinvented as governments alike. At the same time, It should be clear however, that
ecosystems of partners and co-creators. information security is a top concern telecommunication networks do not
among enterprises which are embarking provide end-to-end connectivity for all
Internet of Things and Industry 4.0 on a digital transformation journey. services. More specifically, mass-market
This cross-industry transformation has It’s imperative, therefore, that IoT IoT devices will only rely on telecommuni-
created a need to evolve the concept of is secure from the start, protecting cation networks to obtain access to the
wireless connectivity for the fifth genera- personal data, business-sensitive internet. Devices like these are still
tion of mobile technology (5G)1, to enable information, and critical infrastructure. required to have an over the top identity
new ways of defining performance Regulators are expected to walk management scheme, end-to-end security
monitoring and assurance as well as a fine line between protecting privacy, solutions (between the device and the
quality of service and user experience2. safeguarding national security, stimulating server on the internet) and must ensure
Compared with previous generations economic growth, and benefiting society their own specific application security.
of wireless communications technology, as a whole. To succeed with 5G trans- Devices and applications which do not
the rationale for 5G development is to formation, industries need to gather need to connect to the internet, such as a
expand the broadband capability of competence, understand new threats call between two mobile phones, whereby
mobile networks to provide specific and learn how to mitigate them. their communication will never leave the
capabilities not only for consumers but Building a secure 5G requires us to telecommunication network, enjoy
also for various industries and society at take a holistic view and not only focus on comprehensive network security.
large. Hence, unleashing the potential individual technical parts in isolation. The mobile network parts and, to some
of the Internet of Things3 (IoT). For example, interactions between user degree, fixed access of telecommunication
With IoT and Industry 4.0, a plethora of authentication, traffic encryption, mobility, networks are specified by the 3GPP
new device types with less homogeneity overload situations, and network resilience standardization organization. This
than today’s PCs and smartphones will be aspects need to be considered together. document refers to these parts as the 5G
connected with new and broader sets of It is also important to understand system (see chapter 4), not to be confused
applications. Not just internet-based relevant risks and how to address them with the more general use of the term 5G.
apps and content, but rather real time, appropriately.
mission-critical, industrial control systems
(Supervisory Control and Data Acquisition, 5G and end-to-end encryption
-SCADA) systems. The next digital era will Adopting this broader perspective
not just be confined to data behind screens ultimately leads us to encryption,
and keyboards, but will also enter the something which is often mentioned in
cyber-physical domain through robots, public debate. End-to-end encryption,
sensors, and autonomous cyber-physical although an integral tool, is still just one of
processes. the many tools needed to ensure the
Digital transformation will further security of a system. Let’s not forget also,
introduce new dimensions of attack vectors, the trustworthiness of 5G does not only
values, and vulnerabilities through these originate from a set of technical security
connected digital systems. IoT brings a features, but also from system design
2. Conceptualizing security
in telecom networks
2.1 What is a telecom network and how planes, each of which carries a different • User payload traffic contains the actual
does it work? class of traffic: signaling traffic, user data that is transferred for the user.
Telecommunication networks consist of payload traffic and management traffic. Without appropriate security measures,
four main logical network parts: radio The signaling plane transports messages the privacy of the user and the confi-
access network, core network, transport that are used to control user sessions, e.g. dentiality of enterprise or government
network, and interconnect network. establishing a call or data session. The data would be at risk. So far, integrity
The radio access network (RAN) is an contents of a call or web page is referred to protection for user payload traffic has
instance of access network, and a major as user plane or user payload. The been seen as necessary .
part of modern telecommunications. There management plane includes management • The management layer is needed to
are many types of access networks, such of monitoring, troubleshooting, configura- ensure that the service provider’s busi-
as the 3GPP access networks: GSM/GPRS, tion and optimization of networks. ness performs optimally. The man-
UMTS, EUTRAN, NG-RAN (5G), satellite, All planes are of interest for threat actors agement plane is an attractive target
and non-3GPP access networks: WiFi or for varying reasons: for hackers to gain access to network
fixed (wired) access network. • Signaling5 – the metadata which sup- resources, where they can manipulate
The core network can provide a number ports the networks is targeted to obtain and disturb network traffic and data.
of services to subscribers that are connected information such as the geographical Mitigation of network management
via the access network into the core, such position of a subscriber. Modification of related risks and threats requires secu-
as telephone calls and data connections. signaling traffic may be attempted to rity policies and several security controls
The transport network keeps the access re-route calls or intercept SMS messages to be implemented, such as access con-
network connected with the core, and the of a target for eavesdropping purposes trol and security monitoring, in the right
base stations within the radio access or denying service. Today’s security risks places (section 4).
network connected with each other. The are far more developed and complex
interconnect network connects different compared to previous generation tech- 2.2 Key security consideration in the
core networks with each other. Telecommu- nology. As such, signaling of previous standardization, development, deploy-
nication networks transfer voice and data generations, such as 2G, was developed ment and operations of telecom networks
across the globe with high quality and with a reduced focus on security. This Standardization has played a vital role
consistency. User devices such as mobile was owing, in part, to a high level of from the beginning of the emergence of
phones can stay connected regardless of trust in signaling peers. Now we know global cellular networks such as GSM or
time and place, which is all possible thanks better. Telecom signaling is regularly 2G. In this process, operators and vendors
to standardized signaling systems and attacked and sometimes exploited on a agree about how networks around the
interfaces. daily basis. In current 5G 3GPP stan- globe will work together and how the
Each network part can be subdivided dardization, security is now taking a networks and users can be protected
further into three so-called network central role across all aspects. against malicious actors. Network vendors
translate the agreed standards to
functional network elements and systems.
Core Network of The design and development performed
Management
Other Operator by the network vendor is a crucial part in
making the end network product
functional as well as secure.
In the deployment phase, networks are
also designed and configured for targeted
Interconnect
User Access Network Core Network Network Public
security level, as well as to set security
Equipment Networks parameters and further harden the
Transport Network resilience of the network. At the opera-
tional phase, operational processes which
Management Traffic facilitate the network and deliver a
Control Signaling
User Payload
targeted level of security are highly
dependent on the deployment and
Figure 1: The mobile communication network – logical elements and logical planes operations of the network. One way of
The threat actors behind cyber-attacks

Operations process
and their methods vary. When money is at
- Secure operational procedures, e.g. segregation of duties, use of least privilege and logging
- Monitoring of performance of security functions, vulnerability mgmt, and detection of attacks play, the interest is high from criminals –
- Response and recovery after breach deriving predominantly from malicious
external actors, but so too internal actors
Deployment from within the network operators’ or IT
- Solid network design with security and resilience in mind
- Configuration of security parameters, hardening system organization (e.g. employees or
subcontractors). For instance, having
Vendor product development process access to the billing and charging system
- Solid network design with security and resilience in mind of a telecom network allows insiders with
- Configuration of security parameters, hardening malicious intent to commit fraud. Other
- Version control and secure software update
typical attacker groups are hacktivists –
Telecommuncations, standardization process politically motivated saboteurs who intend
- Secure protocols, algorithms, storage to disrupt service, deface websites or steal
sensitive information with the intent to
cause financial damage or to send political
messages. Another common class of
Figure 2: Key security considerationes attackers are insider threats such as
disgruntled former employees or employees
who seek to exploit their trusted position
depicting these four interrelated processes ties, often present in commonly used for personal gain.
is shown in figure 2. software components. Therefore, extra While the same groups that target any
While the fundamental security features attention must be paid to monitor and other industry also attack operators,
are specified in standardization, vendors respond to any vulnerabilities in any third telecommunication networks have some
enjoy a lot of room to maneuver through- party components which are used. unique characteristics that makes them an
out the development process, and so too interesting target for nation-state actors
operators throughout the deployment and 2.3 What kind of threats do telecom and espionage. Telecommunication
operation processes. networks meet? networks store and transfer location data
Vendors implement common technolo- Cybersecurity threats facing societies and and sensitive information like messages
gies differently7. Main features like industries have largely remained the same and voice conversations between high
interoperability and roaming are neces- for the past ten years. Fairly trivial malware value targets, e.g. government officials,
sary, while non-common features (e.g. is still the prevalent way of infecting a decision makers and high-ranking leaders.
value adding features) differ from vendor device or for gaining an initial foothold The target data can contain information
to vendor. The quality and security of within a targeted IT system. Simultane- such as who has said what, when and to
vendors’ implementations vary and ously, telecom networks using specialized whom. Such information is of high interest
competition between vendors is an equipment can be targeted by malware to intelligence organizations from different
important driver for product level security. which can be anything but trivial. Aside parts of the world.
A high level of product security assur- from the variation and sophistication of Industrial espionage has moved into
ance is vital for success in security. Security technical threats, the mode of operation of the digital sphere as more and more of
assurance, an important process in the attackers and the cyber-threat landscape the valuable assets a company has, are
vendor’s software development process, has shifted considerably over time. created, stored and shared digitally.
usually contains a set of sub-processes on Crime-ware (attack toolkits) is currently The goal is to gain access to a company’s
different levels to ensure that a product being sold as-a-service, complemented trade secrets like financial records, pricing
functions and performs as it is intended, with options like trial periods, 24/7 user information, intellectual property like new
and nothing else. Vulnerability assessment support, dedicated discussion forums technology/innovations, and sensitive
and penetration testing or risk assessment and multi-language documentation. customer information. The uniting factor is
and privacy impact assessments are This development has contributed to the actor’s objective of using information
examples of such sub-processes. a dramatic increase in the frequency of to swing the competitive situation in their
In addition, every piece of code needs cybersecurity attacks, in combination with favor. State actors (or state supported
to be reviewed and scanned for flaws attractive incentives (i.e. cyber-attacks actors) have always had an interest in
and vulnerabilities. Security assurance constitute a low-risk high-pay-off crime). keeping an eye on what other states are
is not limited to internal activities only. Due to high degrees of digitization of doing. As social, economic and political
Supply chain security controls often industries and public services, the activities have increasingly moved to
form a crucial part of a vendor’s security increased frequency of attacks has also the digital space carried over public
activities. Similar standards of internal been aggravated by increased severity telecom networks, intelligence gathering
security need to be extended to suppliers of impact that a cybersecurity attack operations have followed suit.
of components and third-party software can result in. Collectively, this is why
used in the end products and solutions. cybersecurity has become a top concern
Most of the vulnerabilities exploited in live and a boardroom level discussion
networks are publicly known vulnerabili- worldwide.
3. Critical Infrastructure
- value at stake in 5G
Industries and services which are

expected to leverage such connectivity are:
Enhanced mobile
healthcare, manufacturing, transport
broadband Non-SIM
devices
Smart phones Homes, enterprises and venues
(mobile/wireless/fixed)
4K/8K, UHD, broadcasting, virtual
reality, augmented reality
and consumer goods.
While IoT is a phenomenon that has
already arrived, and can even be leveraged
Massive using both 4G and non-3GPP access
machine-type technologies, the machine type communi-
communication Smart building Logistics, tracking and Smart meters Smart agriculture Capillary networks
cation cases in 5G networks will empower
fleet management
IoT with network capabilities such as
ultra-low latency which has not yet
Critical machine-type been available.
communcation Traffic safety Remote manufacturing, Industrial applications From a 3GPP network perspective,
and control training and surgery and control
IoT means that mobile networks no longer
connect only human identities in the form
of consumers and business users, but also
Figure 3: 5G Use cases- two types of machine type communication
device identities. To achieve the necessary
level of targeted security in mobile networks,
5G will expand traditional relationships that are insensitive to delay. the trustworthiness of connected IoT
between consumers, business users and Most industry stakeholders foresee devices must be considered which, at the
mobile network operators. The expansion a huge amount of relatively simple devices very least, entails assuring the IoT device’s
will include new relationships in the form that will need connectivity, and create identity and access control, in essence
of digitized and automated business valuable data sets. For example, in the access privileges and confidentiality of
processes of enterprises, control and case of an intelligent door lock, compro- associated data generated by the IoT
operations of machinery of industry mising the confidentiality and/or integrity device (see figure 4).
companies. Furthermore, cyber-physical of a single door lock is a simple hack. From the 5G network point of view, trust
interdependency between telecommunica- Compromising the confidentiality of in IoT is based on trustworthiness of the
tion networks and smart connectivity a million door locks is an intelligence device’s hardware, software, configuration
of other infrastructure providers (cities, operation. etc. Hence, trustworthiness is cumulative
power, utility, transport etc.) will be For applications which rely on 5G critical and will be defined by how well network
enabled by new ways to access the machine-type communication, they’ll operators and those who manage IoT
mobile network. Ultimately this extension enjoy the benefit of ultra-reliable and low devices govern the following:
in relationships will depend on trust latency connectivity, where data volumes • identities and data,
between different stakeholders. can be high and business critical. In this • security and privacy,
The 5G use cases for massive and critical case, the communicating end-points are • actor compliance with agreed security
machine-type communication (figure 3) intelligent machines, vehicles and robots policies end-to-end.
are embodiments of new types of payload with or without human interventions i.e.
carried over mobile networks. Although autonomous9.
mobile broadband has been available and
on the market for quite some time (mobile
broadband was introduced in 3G), 5G
Trusted ID
is widely expected to introduce new
qualitative and quantitative improvements, Trusted SW
such as higher data rates, faster response
times8 (in the form of lower latency), more Secure Configuration
devices that can simultaneously connect
to a base station and higher bandwidth, Trustworthy Data
across a wider area of geographical
coverage. Furthermore, 5G also provides
an increased level of security relative to Protected
4G (see section 5). Communication
The massive machine-type communica-
Privacy
tion (which is a 3GPP term for IoT) will
support tens of billions of power-con- Physical Security
strained devices which typically transmit
at irregular intervals, low volumes of data Figure 4: IoT device security aspects
Network slicing
controlled devices and vehicles is already
Mobile
beginning to take place at scale. Conse-
Broadband SGW PDN
GW MME PCRF HSS OSS quently, when these movements intersect,
intelligent and autonomous devices will be
an integral part of industry and society.
Massive MTC
MME
SGW
HSS OSS
How all these technologies are built,
PGW
integrated and controlled will become

a major trust management issue for the
Mission Critical
future, particularly for usage in critical
MTC MME
SGW
PGW PCRF APP HSS OSS infrastructures and to ensure privacy is
protected. Here, the trust dimension is
crucial with the need for suppliers and
operators to independently manage trust
Radio-base Station Site Aggregation Access Aggregation Local Switching Primary and have outstanding capabilities to do so.
Network slicing13 (see figure 6) is about
Figure 6: Network slicing separating different types of user traffic
and creating dedicated core networks
From a connected IoT device point of view, between dynamically configured virtual- ad-hoc to facilitate a whole range of
the level of trust between actors and ized network functions. The introduction different 5G use cases (see figure 3).
identities depends on the existence, of AI and increasingly powerful computers, Network slicing enables the creation
efficiency, and transparency of trust together with cloud technologies, will of device type, industry sector or even
enablers, such as trusted hardware become a key driver of automation customer specific subnetworks.
and software, trustworthy identities, technologies. Consequently, the dominant The network slice control mechanism
communication, data and privacy, tendency in these technology trends is needs to provide appropriate slice
and trusted operations. already resulting in telecom networks management, configuration of access
Trustworthiness also depends on the becoming more and more software driven. control, and secure isolation while still
right combination of trust enablers. For Distributed cloud computing makes it authorizing the shared resources.
example, the hardware-based trust does possible to create partitioning for better Each slice may have its own security
not help if the application on top of the resilience and latency. From a security policy that defines the security controls
hardware does not make use of it. perspective, the distributed cloud may applicable for its specific threat landscape.
Ultimately, fully trusted application does introduce new attack vectors against Network slices designed for critical
not help, if the communication, e.g. the the 5G network if security is not built-in. services may also use the shared resources
network between the applications cannot On the other hand, distributed cloud may but require careful isolation. Critical services
be trusted. be seen as an opportunity, because of the require high reliability, resiliency, safety,
possibility to place security functionality security and, often also, privacy. The security
3.1 Key technology trends shaping the and mitigation mechanisms close to the of critical services must ensure that
evolution of telecom networks attack a source and thereby isolating the communication parties and the connec-
The 5G system may only appear as a faster scope of the attack to local area. tions remain protected. This requires
and more versatile radio technology but it The trend of connectivity, machine comprehensive security approach including
is much more. 5G is the first generation learning and other forms of AI is becoming automated asset management and
that was designed with virtualization and more and more integrated across applica- verification of security policy compliance.
cloud-based technology in mind. The 5G tions. Furthermore, market movement
system is not static for any specific access toward automation and autonomously
type or radio technology. For example, new
services provided by the 5G core network
are also available via 4G radio, WiFi or The evolution towards 5G
fixed access depending on the network
configuration. Evolution towards the 5G NR/
system had started in the mid-2000s when
5G ”5G”
4G
the focus in telecommunication networks LTE
LAA
was shifted from circuit switched telephony 3G
LTE+
services to packet switched networks and Cat- NB-
mobile broadband (figure 5). 2G M IoT
With cloud-based technologies, 1990 2000 2010 2015 2020
software execution can now be discon-
Circuit Switch Packet Switch
nected from specific physical hardware New device classes
(removing the need for boxed, e.g. Device - Device
SDN Extreme bit-rates
hardware dependent functions). This is NFV
Security Super low latency
Multi access
made possible thanks to Software Defined Control Plane/
Distributed Cloud
Automation/Flexibility
Use Plane split
Networking (SDN) and Network Function Diameter IMS based Call Control Positioning Network slicing
Virtualization (NFV). SDN offers flexibility

how to configure the routing paths Figure 5: Evolution toward 5G and key technology trends
4. 3GPP standardization
of the 5G system
4.1 What is a 3GPP standardized 3GPP does not standardize how 5G system addressed in a much broader way (see
5G system? functions are implemented and realized. section 5) – 5G standards or, for that
The main service which the 5G system The main purpose of the specifications is matter, any other technical standards will
provides today’s users is mobile (wireless) secure interoperability between the only be part of a much bigger picture.
connectivity of a device to a network, often functions required to provide network
for Internet connectivity. This is also why connectivity. Consequently, there is little 4.2.1 Mutual authentication: the end-
the first 5G system use cases e.g. enhanced about virtualization and cloud deploy- users of the 5G system are authenticated
mobile broadband and fixed wireless ments in the 3GPP specifications. Those to support charging for network access,
access, were piloted to offer users a better aspects are handled by other standards accountability (e.g., which user had which
experience of the Internet. organizations, especially ETSI ISG NFV IP address and when), and Lawful
3GPP does not typically standardize (European Telecommunications Standards Intercept. The network is also authenti-
application services (such as Internet Institute, Industry Specification Group, cated towards the end-users so that the
applications) since they are considered to Network Functions Virtualization) and end-users know that they are connected
be out of scope of 3GPP’s connectivity ONAP (Open Network Automation to a legitimate network.
focus. There are however a few exceptions: Platform). Some details are not standard-
telecommunication networks have ized at all and are left for implementations 4.2.2 Confidentiality of user plane data
traditionally provided the possibility for and deployments. Further, aspects that are – the actual traffic data that is being
two devices to connect to each other with part of a digitized society and industrial transmitted – is achieved by encryption
the support of the network (e.g., to set up IoT that are not related to the radio access of end-user data as it passes through the
voice calls). In 4G networks, voice calls are connectivity is mainly out of scope for 3GPP. mobile network to prevent eavesdropping
set-up using voice over LTE (VoLTE) over the air or on wires. Once the data
service on top of the connectivity service. 4.2 Security functions provided leaves the 5G system and traverses the
VoLTE uses the IP Multimedia Subsystem by the 3GPP standard Internet, the 3GPP standard does not
(IMS) also standardized in 3GPP, similar This section contains an overview of some ensure confidentiality.
voice service is also planned for 5G. of the most important security services
Furthermore, 3GPP standardizes the provided by 3GPP standard to safeguard 4.2. 3 Privacy threats to end users are
security to support these services. the connectivity for users, and the service mitigated by mechanisms that protect
3GPP standards also cover some aspects availability and charging by the operator user identifiers. Note that, similarly to
of machine type communications and IoT. of the network. 3GPP’s 5G system confidentiality, even though the 5G system
Here, the focus is to provide the devices standards provide security mechanisms, protects the privacy of the end-user using
with connectivity. Consequently, the 3GPP which are based on well-proven 4G an Internet application over the 5G system,
standards cover efficient means to provide security mechanisms, but also include new the 3GPP standards do not intend to, and
these devices with an IP point of presence. enhancements for e.g. encryption, cannot, mitigate all privacy threats outside
Any security issues related to the actual authentication and user privacy. the 5G system even though there may be
application is considered out of scope and While 3GPP security mechanisms privacy concerns for the application also
needs to be taken care of over the top. provide reliable links for non-malicious bad in a more general 5G setting. These threats
For example, 3GPP’s 5G system can radio conditions (see below) they do not require additional efforts by Internet
provide a temperature controller in a protect against all possible threats, for application providers. The 5G system
refrigerated goods wagon of a train with IP instance DDoS and radio jamming. protects the messages sent by a social
connectivity, but seen from the general 5G Protecting against DDoS attacks and radio media user while they traverse through the
view, the authentication of the manage- jamming is something that is left for mobile RAN and 5G system core network.
ment traffic to the controller must be implementation and deployment, e.g. The social media service must itself ensure
addressed over the top, since the IP to re-route traffic via other base stations that the message is protected end-to-end,
address may be accessible via the Internet, if one is jammed, or scaling mechanisms since it will traverse the Internet once it
so anyone could send messages to the and selective dropping/throttling in case leaves the 5G system. It is of course also
controller. of DDoS. Therefore, the appropriate level up to the social media service to ensure
Apart from the security assurance of cyber-resilience in the 5G system and the privacy of the user data once it has
specifications (see section 4.3 below), 5G in general needs to be understood and reached their servers and is being stored
and processed.
4.2.4 Encryption and integrity protection secure. Other examples of compartmen- secure standardized system and protocols.
3GPP standards ensure that appropriate talization are cryptographically separated Therefore, 3GPP and GSMA took the
encryption and integrity protection keys used at mobility events, and network initiative to create a security assurance
algorithm choices are made. 3GPP here slicing. Isolation of network slices is an scheme called the Network Equipment
enjoys the support of security algorithm important aspect, but it is not in the scope Security Assurance Scheme (NESAS),
expert group of ETSI (European Telecom- of 3GPP standards and is provided through which is suitable to the telecom equipment
munications Standards Institute), implementation and deployment, e.g. lifecycle. Ericsson strongly and actively
specifically ETSI SAGE (Security targeted for specific use cases (see section supports the initiative in both 3GPP and
Algorithms Group of Experts). For IP layer 3) and desired performance and derived GSMA by feeding the strongest parts of
and above, 3GPP relies on well-proven economic benefit. our own Security Reliability Model (SRM)
IETF security protocols. Finally, one of the key purposes of 3GPP into the scheme, ensuring the other parts
The 5G system provide reliability standardization is to ensure interoperability are covered by the scheme, and aligning
and robustness against non-malicious of security mechanisms between 5G system the two.
unavailability situations, i.e. errors that functions. NESAS comprises two main components:
appear due to unusual but expected bad security requirements and an auditing
radio conditions and broken links. 4.2.7 Implementation aspects of the 5G infrastructure. The security requirements
system are only standardized by 3GPP are defined jointly by operators and
4.2.5 A false base station15 in GSM could to a very limited degree. vendors in 3GPP. These requirements
identify a subscriber via the IMSI For example, whether certain functions are currently defined on a node basis
(International Mobile Subscriber Identity)16. are implemented in single physical servers and collected in so-called SeCurity
The technique is called IMSI catching. (physically isolated and separated) or Assurance Specifications (SCAS). There is,
In GSM an attacker could even eavesdrop implemented as virtual machines (VMs) for example, one specification defining
on users’ data. Later generation mobile in a cloud or virtualized environment security requirements for 4G base stations.
networks, starting from 3G, prevent the (shared hardware) is up to implementation Various types of requirements exist,
eavesdropping attacks because the and operator deployment choices including the use of functional security
network is there authenticated to the user. (economics). This means that there is no policies, such as minimum length of
However, IMSI catching attacks are still simple rule of thumb derived from 3GPP management passwords, but also
possible in 3G and 4G. In 5G standards, standards regarding the separation of qualitative requirements on hardening
even IMSI catching attacks are prevented. RAN and Core functions but rather flexibility and penetration testing. The auditing
This is through a technique where the prevails, even in a single physical network infrastructure is governed by the GSMA,
user’s long-term identifier is never different configuration for different 5G the global mobile operator organization.
transmitted over the radio interface in use cases are possible, resulting in several The GSMA appoints audit firms that
clear text. Further, 5G increases the differently configured logical networks perform the audits of vendors’ develop-
frequency with which temporary user are running over one physical network. ment and testing processes. The GSMA
identifiers are updated, further For functions implemented in a traditional also awards certificates to the vendors
improving privacy. non-virtualized fashion, 3GPP, in that pass audit and revokes certificates
cooperation with GSMA, develops security from the ones that do not.
4.2.6 Compartmentalization: The 5G assurance specifications, which sets NESAS aims to meet the needs of many
system supports different types of requirements for some implementation national and international cybersecurity
compartmentalization, e.g. functions that aspects17. regulations, such as the EU cybersecurity
aim to isolate possible security breaches certification framework. The move
from escalating from one part of the 4.3 Security Assurance in 3GPP SECAM towards larger portions of products being
network to another. For example, there is Mobile networks form the backbone of the software – as we can see with SBA and
a clear split between the Radio Access connected society and are even classified cloud-based implementations – also offers
Network and the core network functions. as critical infrastructure in some jurisdic- the possibility for faster update cycles if
This means that, should a radio base tions, making security assurance especially vulnerabilities are discovered.
station get compromised, the core network, important. Early on, the telecom industry
which provides global functions and realized the need to ensure secure
processes more sensitive data, is still implementations in addition to the
5. Security Architecture in 5G
The 3GPP standardization section (4)

focused on security mechanisms in scope
System-wide security M
for 3GPP, that being the functional
elements and interfaces. Additional
security considerations related to deploy-
ment scenarios of 5G system are covered Application & cloud ID management
Devices & GWs M Access & network M M M
in this section, including: infrastructure for users
• System-wide security
(horizontal security)
– Network level = Access &
= Apps & Cloud
=
– Slicing Network
– Application level security
M Security Mgmt
–C onfidentiality and
integrity protection Security functions
– Interconnect (SBA)
Trust anchoring
Figure 7: System-wide security

• 5G function element deployments
(vertical security)
– NFV different domains in telecommunication ability of the 5G system and the services
– Distributed clouds networks, including radio access (e.g., it provides. To ensure availability of
radio unit, baseband units, antennas), transport services during node failure,
5.1 System-wide security transport networks (e.g., optical equipment, cable or fiber breaks, or overload events
As noted earlier, consumers and enter- Ethernet bridges, IP/MPLS routers, SDN transport networks can employ various
prises use existing (4/3/2G) cellular controller), packet core (e.g., MME, S-GW, technical solutions as well as consider-
networks for mobile broadband (connec- PGW, HSS), network support services (e.g., ations during network design, including:
tivity services), messaging service (e.g., DNS, DHCP), cloud infrastructure, and • Geo-redundant paths that allow traffic
SMS), and telephony services. Societal various management systems (e.g., to be re-routed in case of a path failure.
behavior and business services are network management, customer experi- • Link redundancy solutions for fast
evolving which raises the expectation on ence management, security management). failover in case of port or link failure.
cellular networks to provide reliable and Security across all these domains must • Path redundancy mechanisms that
secure communication. be coordinated to provide the targeted re-routes traffic flows due to path failure
The aim of 5G is to become a reliable availability of services and confidentiality or overload conditions.
and trusted innovation platform for and integrity of data sent, stored, and • High-availability configuration of critical
businesses and organizations to build and processed within the 5G system. Horizontal network nodes to handle node failure.
deliver new added-value services, but it is security will also protect the privacy of 5G • Use of traffic segmentation mechanisms
also considered an enabler for digitizing users based on that data sent over the (e.g., VLAN and MPLS) to logically sepa-
and modernizing critical national infra- system is always confidentiality and rate traffic between different domains.
structures such energy, transport etc. The integrity protected. • Quality of Service enforcement using
latter raises the bar for 5G systems to The previous section described the traffic queuing mechanisms, rate limit-
provide greater availability and improved controls available in 3GPP nodes but let us ing, and traffic policing for resource and
assurances of secure communication now explore controls and design consider- congestion management.
services. The horizontal, system-wide ations in the transport and cloud domains • DDoS detection and mitigation solutions.
security approach spans across the in the 5G system. • Port-based authentication to ver-
network from the user device to the Transport networks play an important ify authorized network devices are
reference point where the operator role in the 5G system because they provide attached to the network.
terminates their services. high speed low-latency connectivity • IPsec or MACsec to create authenticated
Horizontal security (see figure 7) services between all 5G network functions. and cryptographic secured tunnels for
is achieved by combining and coordinating Consequently, the availability of transport sending data between sites and network
a multitude of security controls across networks is directly related to the avail- elements.
The Service Based Architecture (SBA) and blades and network security functions provide a secure deployment in virtualized
splitting of functionality in the traditional deployed with policies tailored to the deployments. Currently, the industry is
radio baseband unit opens to deployments specific application requirements. working on establishing methods to
in cloud environments. This flexibility achieve similar trust and security as in
grants several opportunities to realize new 5.2 Deployment/Vertical security embedded systems. For instance, hard-
value-added service offerings, but also 3GPP specifies network functions and how ware platforms (data center servers)
bares new risks and attack vectors that they interact, but it does not specify how need to include hardware technologies
must be controlled in order to uphold the network functions should be implemented such as trusted platform modules (TPM),
operator’s targeted security posture. in embedded systems or in virtual hardware security modules (HSM), and
Some activities and controls to increase environments. secure enclaves in CPUs and these
the trustworthiness in cloud include, but Traditionally, radio base station capabilities need to be utilized by the
are not limited to: equipment and radio core nodes are virtualization platform and exposed
• Hardening of the Network Function developed on vendor designed hardware to and attested by applications running
Virtualization environment, e.g., host OS platforms. These platforms have been on those platforms.
hardening, secure configuration of the carefully designed to meet strict require- Virtualization of 3GPP functions allows
hypervisor or container environment. ments on availability, mean time between a flexible distribution of the functions
• Tenant separation such that tenants are failures (MTBF), performance, scalability, across infrastructure across the network
unable to interfere, have unauthorized power consumption, and physical security in ways that are not possible for hard-
data access, or intercept network traffic properties. ware-based solutions. It is possible, for
from other tenants. For example, a radio baseband unit example, to deploy a network slice where
• Compliance monitoring of tenants includes tamper resistant hardware to both RAN and Core Network functions
to ensure they remain within defined securely store sensitive secrets, support deeper in the network towards the edge
security policy secure boot procedures that verifies the on distributed cloud platform to serve
• Generation of detailed audit trails integrity and origin of software that is local enterprise services or regional IoT
to support incident response and loaded onto the hardware, and hardware applications. This requires that network
restoration activities accelerators to boost cryptographic orchestrators which deploy the applica-
• Workload life-cycle management to performance. During the manufacturing tions, the distributed cloud platform on
ensure secure onboarding of virtual of baseband units, the hardware is which the applications run, and the
network functions, verify the integrity of provisioned with vendor unique applications themselves can be hardened
software during boot and the integrity credentials, called Vendor Credentials, and provide enough security controls.
of workloads in operations, and secure that are used to cryptographically This is necessary to meet the operator’s
decommissioning of workloads. authenticate the device vendor of origin. wanted security posture, at the same time
This credential is used to secure deploy- as fulfilling the security requirement for the
A logical construct that is used to describe ment and integration of baseband units network slice use case. This is achieved by
the segregation of network services with into operator networks. These credentials solutions that coordinate service deploy-
different performance and security are securely stored on hardware devices ment and security configuration across
properties is the network slice. Several of with an established Trusted Execution all involved domains. After deployment,
the abovementioned controls and design Environment (TEE) as specified by the continuous monitoring is needed to verify
guidelines will be combined to realize Trusted Computing Group creating trust that the wanted security state is main-
different network slices. For instance, a that can be carried into deployment that tained throughout the lifecycle of deployed
mission critical application that requires is rooted in the hardware. services.
high availability, priority access to In virtualized deployments, the situation
resources, and isolation from other is different since multiple vendors may be
services may be realized using services involved in providing different parts of the
with geographic path redundancy with solution, such as the hardware infrastruc-
fast failover, authenticated with confiden- ture, the virtualization platform, and the
tiality and integrity using IPsec, and applications execute the 3GPP network
processed by dedicated 5G Core network functions. Secure provisioning and storage
functions deployed on committed server of identifiers and credentials is integral to
6. Ericsson’s 5G product security
Ericsson’s 5G radio network products

build further on proven 4G platforms
which, today, offer state-of-the art security Security Reliability Model
functions such as support for secure
protocols, e.g. TLS and IPsec, on all
interfaces, vendor credentials, HW rooted
trust anchors for trusted boot, and signed
software to ensure that only software
provided by Ericsson can execute on the Product Near
Functions Assurance Documentation Security Services
platform.
Such functions together with others
such as access management, logging, and
analytic tools constitute a solid foundation
for implementing security policies and Product Development Organization Services Organization
operating the network securely. The SRM
Figure 8: Security Reliability Model
framework specifically addresses opera-
tional needs by mandating hardening
guidelines and security user guides for all cases and more actors interacting with the priorities for Ericsson is the relationship
Ericsson products. Additionally, Ericsson infrastructure. In this new environment, between usability and serviceability.
strategically offers products near security efficient control of who may interact with Security functionality is of little value if it is
engineering services to assist operators in whom, and who may do what and where, not used or if it is used in ways that defeats
making network security assessments and becomes a central security objective. its purpose. Here, Ericsson is working
configuring the network according to To this end, Ericsson is already developing toward making security functionality
identified needs. tools for efficient and correct policy unobtrusive and the default thing to do.
management, policy distribution, policy Ericsson also engages with its customers
6.1 Key 5G security functionality verification, and policy enforcement that to show and discuss how its products can
In addition to the improvements already can enable functionality across tomorrow’s be leveraged to contribute to reaching the
described as part of the 5G standards, new networks. customer’s operational security objectives.
deployment scenarios and use cases drive Defense in depth is an important
the need for applying state-of-the art principle and what cannot be prevented 6.2 Ericsson’s Security Reliability Model
security technology. Ericsson is actively must be detected, responded to, and For many years, Ericsson has worked
working in several areas to achieve this. recovered from. Telecom networks are systematically to incorporate security
A fundamental challenge instantiating uniquely instrumented to monitor considerations into all phases of product
a Virtualized Network Function (VNF) is to performance in general. Ericsson is development and has a well-established
securely provision it with roots of trust that leveraging and augmenting these capabili- internal governance framework for
enable it to become a trustworthy peer in ties and together with modern analytics product security, the Security Reliability
the network that can protect the confiden- technology, drawing upon AI and Machine Model (SRM) (see figure 8). SRM is how
tiality and integrity of data both in transit Learning, creating intrusion detection Ericsson is able to consistently deliver on
and at rest. Here, Ericsson have developed capabilities for our networks. security ambitions in products. Its key
solutions, founded in in-house research One specific concern that has received characteristics are that it:
and built directly into the 5G offering. considerable attention is the ability to • Defines the product security and
For Physical Network Functions (PNF), build a false base station through readily privacy ambition level,
i.e. traditional HW/SW deployments, deployable technology and at relatively • Ensures the implementation of
Ericsson’s 5G offering inherits the hardware low cost. In this area, Ericsson has appropriate security and privacy,
rooted security for secure boot and signed contributed toward standardizing • Follows up and measures actual product
software verification established already functionality that will make it possible to security and privacy status, and
for 4G/LTE. efficiently detect the presence of rogue • Enables Product Near Security Services.
5G functionality, when established in the radio nodes in the network. Ericsson’s internal “Area of Regulation
market, will provide for many new use Perhaps one of the most important
(AoR): Product Security and Privacy” The most prominent assurance activities latest patches, disablement of insecure
defines how responsibilities and authori- leveraged by Ericsson are Risk Assess- services and replacement of default
ties are distributed between different roles ments, Secure Coding practices, Vulnera- passwords.
and functions to manage and control bility Analyses and Hardening. These are
product security and privacy across defined as such: 6.6.3 Documentation
Ericsson products. SRM is linked to the • A Risk Assessment will identify risks The documentation aspect in SRM defines
distinct responsibilities and defines in related to the product when used in the security and privacy specific customer
detail what needs to be implemented and customer’s network, after which it will documents. The documents defined in
which activities need to be performed. either create controls to reduce the risks SRM are the Hardening Guidelines,
SRM is enforced through the above or suggest alternative means to reduce Security and Privacy User Guide, and the
“AoR Product Security and Privacy”, and the risk exposure of the customer. Unac- Security Test Results report.
further details are provided by a set of ceptable risks will be mitigated with risk
Ericsson internal Generic Product Require- treatment actions. 6.6.4 Enabling Product
ments (GPR). GPR defines the key product • By following secure coding practices, Near Security Services
functionalities, security and privacy related Ericsson reduces the possibility of design Ericsson’s product-near security services
product documentation which are needed, flaws and implementation bugs during are currently handled separately by the
as well as confirmation of security the software development. Secure service organizations and are inde-
assurance activities. coding activities aim to reduce flaws pendently defined by the products.
and weaknesses in the software code Currently, SRM does not define specific
6.6.1 Functions through code reviews and various static mandatory deliverables in this area.
Security Reliability Model (SRM) defines and dynamic scanners and tools. Typical deliverables are security and
a set of security and privacy functions for • The Ericsson way of performing Vul- privacy training recommendations,
Ericsson products. The product organization nerability Analysis (often referred to solution level integration guidance and
responsible for each Ericsson product will as Vulnerability Assessment within the potential deployment-time hardening
analyze, decide and document the industry) comprises the testing and ver- activities that need to be included in
applicability and compliance to the GPR ification (including penetration testing) customer delivery projects.
security and privacy requirements. Not all activities which are designed to identify
functions listed in the GPR are compulsory, weaknesses and vulnerabilities present 6.3 Avoiding vulnerabilities
nor applicable, for a specific product. in the product or solution. The vulnera- The work to avoid vulnerabilities includes
In addition, products may be designed to bility analysis verifies security character- product and feature risk assessments and
support privacy and security requirements istics and security configuration of the secure design, secure coding principles
that are not in the GPR. product/solution and identifies new vul- and use of analysis tools, and supply chain
One key deliverable of a Risk Assess- nerabilities through both black box and security considerations.
ment process (see 6.6.2 below) is to white box testing. Remaining vulnerabil-
identify a list of security and privacy ities shall be documented with mitiga-
functions which are required to minimize tion proposals. A Vulnerability Analysis
known risks to an acceptable level. shows that Risks discovered in the Risk
Assessment activity are sufficiently con-
6.6.2 Assurance trolled (or mitigations documented) in
Assurance activities are divided to three the final product.
levels; basic, advanced and tailored level. • Hardening means increasing product
All basic level assurance activities shall be security by reducing its attack surface.
performed by the product development, Hardening is a design and a configura-
given that the activities are applicable. tion issue as well as a deployment issue.
Advanced level activities can be performed Hardening ensures that the product
for parts of products with need of high is configured in a manner that mini-
security assurance. Tailored level activities mizes the risk of unauthorized access,
are used for products, or parts thereof, including system compromise. Hard-
where product specific assurance require- ening includes, for example, removal of
ments exist. unnecessary software, installation of the
The Ericsson process emphasizes the

importance of risk assessments to identify
needs for extra controls and to avoid
functionality that could be abused by a
malicious actor. Risk assessments serve to
identify exposed parts of a product which
require extra attention in coding and testing.
The use of secure coding principles
contributes to overall code quality and
robustness. Ericsson is committed to the
idea that secure code is good code and
that good code is secure code. Apart from
mandating allocating time for program-
mers to learn about secure coding
practices, Ericsson also provides the design
teams with a wide selection of code
analysis tools as part of the development
environment and infrastructure.
Supply chain security considerations established a central database service that situations, breaches often go unnoticed
is prime concern for all industries and catalogues all third part components used due to lack of monitoring of log files and
perhaps especially for telecom. For Ericsson, in Ericsson products. The Ericsson Product data flows. When an incident is noticed,
we believe it is business critical to address Security Incident Response Team (PSIRT) the investigation becomes very difficult,
these concerns to the satisfaction of the continuously monitors both public and if not impossible, due to lack of traceability.
customer. To this end, an internal program subscription-based sources for alerts on If many internal users have administrator
continuously works, with the support of discovered vulnerabilities in third party permissions to the network or subsystems
senior management, to apply the standard software. The Ericsson database allows accountability maybe lost. Often also the
risk management cycle of assessing risk, external notification to be instantly mapped log files are not protected and stored long
planning mitigations, deploying controls, to Ericsson products. Where there is a enough, or backup restoration is not tested.
and evaluating the results. match, an alert is sent internally to the All these deficiencies in basic opera-
affected product development organiza- tional procedures contribute greatly to
6.4 Detecting flaws tion that must provide an analysis of how increased risk of network security breach
Nobody expects software to be free from the reported fault impacts the Ericsson and exaggerate the damage in the event
flaws and much of the total design effort product in question. The answer must of a security breach. The same flaws may
goes into testing. However, testing for be provided within strict time frames, allow the attackers to hide their tracks
security vulnerabilities very much is about depending on the severity of the effectively, resulting in increased difficulty
crafting input that lies outside what is vulnerability. addressing detection, attribution and
expected and tested for normal operations, complete remediation.
and that cause the system to misbehave in 6.6 Vulnerability remediation Good network design in deployment is
a way that can be exploited by an attacker. If a product is affected by a vulnerability, needed to limit options to laterally extend
To design such testing, special compe- a trouble ticket will be issued, and a the attack. Breach in security of one
tence is a prerequisite. Ericsson maintains remediation will be implemented and network component should not expose
Vulnerability Assessment teams that, with provided through standard support the rest of the network to the attacker.
their knowledge, experience, and tools channels. Ericsson applies a one-track The principle of defense in depth explains
regularly prevent such flaws from approach for new developments, but for how security controls must exist on every
graduating to the release phase. Fuzzing each released software version a mainte- layer and every stage, necessary as no
is one technique that is used extensively to nance track is opened that allow faults layer can be trusted fully i.e. there is no
randomly introduce unexpected variations (of all kinds) to be corrected without such thing as a ‘secure internal network’.
into protocol messages that are processed requiring an upgrade to a later version of Solid operational procedures will include
by a product. Where available, state-of- the product. Normally, maintenance segregation of duties of network admini-
the-art commercial tools are used, but for releases are pre-scheduled, but if urgently strators and provide traceability back to
more specialized interfaces, Ericsson needed, unplanned emergency corrections every change and action done in the
works to develop inhouse support for can also be made. system. No one individual should have
fuzzing and other tests methods. unaccountability in making significant
6.7 Ericsson’s Product Security changes to the system alone.
6.5 Vulnerability watch Incident Response Team It is widely understood that prevention
One enabler for building very complex At Ericsson, PSIRT (Product Security alone is not enough. Resources need to be
systems is the abundant availability of well Incident Response Team) is responsible assigned to active detection of attacks,
performing third party components and for actively and continuously monitoring and respond in a time sensitive manner
libraries. The reuse of proven code, both new vulnerabilities early on and making during and after an attack e.g. eviction of
open source and commercially licensed, sure they are fixed timely throughout the successful threat actor. Exercised
enables most software companies to Ericsson’s portfolio. activities with the goal of returning to
concentrate on creating added value, As PSIRT experiences in security normal operation after incident are vital.
rather than reinventing the wheel. incident response regularly testify, the Immediately after response, removing
Unfortunately, however, including third most common way to fail in security is to exploited vulnerabilities and weaknesses
party functionality comes at the price of have shortcomings in the configurations of are essential to avoid known vulnerabilities
third party vulnerabilities. the network, elements of a network or poor being exploited again.
To address this challenge, Ericsson has network operational procedures. In such
References
1. Ericsson.com. What is 5G? – Ericsson. [online] Available at: 11. Smeets, B., Bergström, D. and Kristiansson, J. (2017). Secure
https://www.ericsson.com/en/5g/what-is-5g brokering of digital identities. [online] Ericsson Research
Blog. Available at: https://www.ericsson.com/research-blog/
2. Ericsson.com. 5G systems - Enabling the transformation of secure-brokering-digital-identities, and, Smeets, B., Englund,
industry and society – Ericsson White Paper. [online] H., Sandgren, N. and Ståhl, P. (2017). Smart Contracts for
Available at: https://www.ericsson.com/en/white-pa- Identities. [online] Ericsson Research Blog. Available at:
pers/5g-systems--enabling-the-transformation-of-indus- https://www.ericsson.com/research-blog/smart-con-
try-and-society tracts-for-identities
3. Ericsson.com. IoT connections outlook – Mobility Report 12. Smeets, B. and Ståhl, P. (2017). Secure IoT identities. [online]
June 2018. [online] Available at: https://www.ericsson.com/ Ericsson Research Blog. Available at: https://www.ericsson.
en/mobility-report/reports/june-2018/iot-connections-out- com/research-blog/secure-iot-identities
look
13. Ericsson.com. Network Slicing – Ericsson. [online] Available at:
4. Ericsson.com. (2018). 5G security - enabling a trustworthy 5G https://www.ericsson.com/en/digital-services/trending/
system – Ericsson White Paper. [online] Available at: https:// network-slicing
www.ericsson.com/en/white-papers/5g-security---en-
abling-a-trustworthy-5g-system 14. Keller, R. (2018). Voice in 5G system—architecture and EPS
fallback. [online] Ericsson Future Digital Blog. Available at:
5. Ericsson.com. (2018) Signaling security – Ericsson White https://cloudblog.ericsson.com/digital-services/voice-in-5g-
Paper. [online] Available at: https://www.ericsson.com/en/ system-architecture-and-eps-fallback
white-papers/signaling-security
15. Norrman, K. and Kumar Nakarmi, P. (2018). Detecting false
6. Ericsson.com. 5G standardization – Ericsson. [online] base stations in mobile networks. [online] Ericsson Research
Available at: https://www.ericsson.com/en/tech-innovation/ Blog. Available at: https://www.ericsson.com/research-blog/
standardization/5g-standardization detecting-false-base-stations-mobile-networks
7. Cagenius, T., Ryde, A., Vikberg, J. and Willars, P. (2018). 16. Norrman, K. and Kumar Nakarmi, P. (2017). Protecting 5G
Simplifying the 5G ecosystem by reducing architecture against IMSI catchers. [online] Ericsson Research Blog.
options. [online] Ericsson Technology Review. Available at: Available at: https://www.ericsson.com/research-blog/
https://www.ericsson.com/assets/local/publications/ protecting-5g-imsi-catchers/
ericsson-technology-review/docs/2018/etr-5g-core-radio-
migration.pdf 17. Norrman, K., Teppo, P., Mononen, K. and Nilsson, M. (2014).
Setting the standard: methodology counters security threats.
8. Ericsson.com. Telecom Security Products and Solutions - [online] Ericsson Review. Available at: https://www.ericsson.
Ericsson. [online] Available at: https://www.ericsson.com/ com/assets/local/publications/ericsson-technology-review/
en/security docs/2014/er-security-assurance-3gpp.pdf
9. Ericsson.com. 5G ultra-low latency propels jet engine 18. GSMA.com. Network Equipment Security Assurance Scheme.
manufacturing. [online] Available at: https://www.ericsson. [online] Available at: https://www.gsma.com/aboutus/
com/en/networks/cases/5g-ultra-low-latency-pro- workinggroups/working-groups/fraud-security-group/
pels-jet-engine-manufacturing Ericsson.com. Bringing 5G network-equipment-security-assurance-scheme
business value to industry - Ericsson. [online] Available at:
https://www.ericsson.com/en/trends-and-insights/ 19. Ericsson.com. Ericsson PSIRT. [online] Ericsson Enterprise
consumerlab/consumer-insights/reports/5g-business-val- Security. Available at: https://www.ericsson.com/en/
ue-to-industry-blisk about-us/enterprise-security/psirt
10. Ericsson.com. (2017). Protecting the networked society -

Ericsson White Paper. [online] Available at: https://www.
ericsson.com/assets/local/publications/white-papers/
wp-iot-security-february-2017.pdf
18 Ericsson | Network security and 5G
Glossary
1G Core Incident
First generation wireless. Analog technology The “backbone” network which provides the An event that results in unauthorized access,
supporting voice. interconnect between other networks and loss, disclosure, modification, disruption,
systems to exchange information such as or destruction of data.
2G calls and data, including the special purposes
Second generation wireless. Introduced SMS, servers and databases. Interface
MMS and data transmission. A shared boundary across which two or more
Distributed Denial of Service Attack (DDoS) separate components of a computer system
3G A denial of service (DoS) attack is a malicious exchange information.
Third generation wireless. High data speeds, attempt to make a server or a network resource
always on data access and increased voice unavailable. Interoperability
capacity. A characteristic of a product or system, whose
Distributed Cloud interfaces are completely understood, to work
4G Interconnecting data and applications served with other products or systems.
Fourth generation wireless. An all IP from different locations.
based network system with increased Internet of Things (IoT)
data speeds over. Edge computing The interconnection via the Internet of
Computation and processing of data is computing devices embedded in everyday
5G performed on distributed device nodes as objects to enable them to send and receive data.
Fifth generation wireless. Targets high data opposed to primarily taking place in a
rate, reduced latency, energy saving and centralized cloud environment. IP connectivity
massive device connectivity. A network or interface that supports Internet
Encryption Protocol (IP) communications.
3GPP The process of converting information or data
The 3rd Generation Partnership Project, a (plaintext) into encoded format (ciphertext) Internet Protocol security (IPsec)
collaboration between groups of telecommuni- to prevent unauthorized access. A framework of open security standards for
cations standards associations. helping to ensure private, secure communica-
European Telecommunications Standards tions over Internet Protocol (IP) networks
Artificial Intelligence (AI) Institute (ETSI) using cryptographic security services
The ability of a digital system to perform tasks A non-profit organization that establishes
commonly associated with intelligent beings. telecommunications standards for Europe. MACsec
A security standard which defines connection-
Authenticate Evolved Universal Mobile Telecommuni- less data confidentiality and integrity on
The process of determining whether someone cations System Terrestrial Radio Access ethernet links.
or something is, who or what it declares itself Network (EUTRAN)
to be. The air interface in an LTE cellular network. Integrity protection algorithm
A software algorithm that is designed to
Active detection Functional element maintain and assure the accuracy and
The process of proactively identifying the A manageable logical entity uniting completeness of data.
occurrence of a breach. one or more physical device.
Latency
Baseband unit Hardening Delays in transmitting or processing data.
A subsystem in a telecommunications device Increasing product security by reducing its
that processes baseband radio signals. attack surface. Hardening ensures that the Layer
product is configured in a manner that Level of abstraction in a network protocol stack.
Botnets minimizes the risk of unauthorized access
A network of computing devices infected with and system compromise. Long Term Evolution (LTE)
malicious software and controlled as a group A standard for 4G wireless broadband
without the owners’ knowledge. Hypervisor or container environment technology that offers increased network
The separation a computer’s operating system capacity and speed to mobile device users.
Breach and applications from the underlying physical
A security incident where the confidently, hardware. Lawful intercept
integrity or availability of a system has Facilities in telecommunications networks that
occurred. Internet Engineering Task Force (IETF) allow law enforcement agencies with legal
The body that defines standard Internet authorization to wiretap individual subscribers.
Continuous integration (CI) operating protocols. Logical network
The practice of merging all developer working IMS A way of representing networks that have
copies to a shared repository several times a day. IP Multimedia Subsystem or IP Multimedia the same connectivity properties.
Compartmentalization Core Network Subsystem enables the
Functions that aim to isolate possible security convergence of data, speech, and mobile Massive machine type communication
breaches from escalating from one part of the network technology over an IP–based Automatic data generation, exchange,
network to another. infrastructure. processing and actuation among intelligent
Ericsson | Network security and 5G 19
machines on a large scale with the quality of privacy related product documentation, and Quality of Service (QoS)
transmitting low volume of non-delay sensitive the needed evidence about security assurance Technology that manages data traffic to
information. activities. reduce packet loss, latency and jitter
the network.
Mean time between failures Radio jamming
Predicted elapsed time between inherent The deliberate jamming, blocking or interfer- Transport network
failures of a system. ence with authorized wireless communications. Connects the access network with the core or
base stations with each other within the radio
Metadata Radio unit access network
Summarization information of data, A remote radio transceiver that connects to an
for example the duration of a call or who operator radio control panel via electrical or Trusted Execution Environment
was called. wireless interface. A secure area of a processor used to guarantee
code and data loaded inside is protected with
Mobile Broadband Roaming respect to confidentiality and integrity.
Wireless internet, often through a mobile When a cellular customer makes and receive
telecommunications network. voice calls, send and receive data when Topology
travelling outside the geographical coverage The arrangement of a network, including its
Network slicing area of the home network. nodes and connecting lines.
Virtualization capability that allows multiple
logical networks to run on top of a shared Payload Trusted Platform Module (TPM)
physical network infrastructure. The part of transmitted data that is the actual A specialized chip used to carry out crypto-
intended message. graphic operations like the storing of encryption
Domain Name System (DNS) keys to secure information which is usually
A method and infrastructure for converting Penetration testing used by the host system to authenticate
alphabetic names into numeric IP addresses. An authorized simulated attack on a computer hardware.
system, performed to evaluate the security of
Dynamic Host Configuration Protocol (DCHP) the system. User plane data
A protocol for assigning dynamic IP addresses The part of transmitted data that is the actual
to devices on a network. Product Security Incident Response Team intended message.
(PSIRT)
Network Function Virtualization (NFV) Ericsson unit that is responsible for actively Universal Mobile Telecommunication System
The visualization of network services that and continuously monitoring new vulnerabilities (UTMS)
traditionally run on proprietary, dedicated and making sure they are fixed timely through- Also known as 3G.
hardware out Ericsson’s portfolio.
Voice over LTE (VoLTE)
Next Generation Radio Access Scaling mechanisms A technology that supports voice calls
Network (NG-RAN) Mechanism to increase or decrease capacity to over a 4G telecommunications network.
Infrastructure for 5G. meet the required demand at a given moment.
Vendor credentials
Port-based authentication Secure coding Vendor unique information used to identify
A mechanism to authenticate devices wishing The practice of developing computer software hardware such as radio base station so that it
to attach to local access network. in a way that guards against the accidental can be identified and trusted in a specific
introduction of security vulnerabilities. operator network and used for bootstrapping
Radio Access Network (RAN) operator keys.
Technology that connects individual devices Selective dropping/throttling
to other parts of a network through radio A technique to discard or queue incoming traffic, Virtualization
connections. often in response to network congestion. To create a virtual version of a device or
resource, such as a server, storage device,
Geographical redundancy Service Based Architecture network or operating system.
Replicates data between two geographically System architecture centered around services
distant sites so that applications can switch that can register themselves and subscribe to Vulnerability
from one site to another in the case of failure. other services. Employed in 5G core networks. A weaknesses or gap in a system that can be
exploited by threats to gain unauthorized
Path and link redundancy Software-Defined Networking (SDN) access to an asset.
An alternative channel of communication in An architecture that aims to make networks
the event of a failure. agile and flexible that enables providers to
respond quickly to changing business
Global System for Mobile requirements.
communication (GSM) Signaling (traffic)
Also known as 2G technology employed The exchange of information between involved
in second generation telecommunication points in the network that sets up, controls,
networks. and terminates a call or data session.
Generic Product Requirements (GPR) Security Reliability Model (SRM)

Ericsson’s set of requirements that define the Ericsson’s methodology to achieve security
needed product functionalities, security and and privacy ambition in products.
Ericsson.com The content of this document is subject 18:000589 Uen
to revision without notice due to con- © Ericsson AB 2018
tinued progress in methodology, design
and manufacturing. Ericsson shall have
no liability for any error or damage of
any kind resulting from the use of this
document

Ericsson - Guide To 5G Network Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ericsson - Guide To 5G Network Security

Uploaded by

Copyright:

Available Formats

A guide to 5G

2. Conceptualizing security in telecom networks.............................................. 7

3. Critical Infrastructure - value at stake in 5G.................................................... 9

4. 3GPP standardization of the 5G system............................................................11

5. Security Architecture in 5G..........................................................................................13

6. Ericsson’s 5G product security...................................................................................15

The threat actors behind cyber-attacks

Industries and services which are

integrated and controlled will become

Virtualization (NFV). SDN offers flexibility

The 3GPP standardization section (4)

Figure 7: System-wide security

6. Ericsson’s 5G product security

Ericsson’s 5G radio network products

The Ericsson process emphasizes the

10. Ericsson.com. (2017). Protecting the networked society -

Generic Product Requirements (GPR) Security Reliability Model (SRM)

You might also like