5G network security: Can it work for new services such as smart homes, smart cities, transport,

and eHealth.

The transition to 5G takes a new end-to-end network architecture and presents a number of distinctive
characteristics. It provides several advantages over earlier versions of cellular networks, including
quicker data transfer rates, decreased latency, and increased capacity. Enhanced mobile broadband
(eMBB), Ultra-reliable low latency communication (uRLLC), security, massive machine-type
communications (mMTC), and power efficiency are the five main functional drivers of 5G.
These developments, together with new security features, can unlock up exciting opportunities in the
fields of transportation, eHealth, smart cities, and houses. Real-time communication is made possible
by 5G networks' rapid data rates and low latency, which, when combined with their security, can be
used by emerging sectors including eHealth, smart cities, transportation, and the Internet of Things. As
a result, 5G networks can be perfect for driving the upcoming generation of intelligent products and
services. However, comprehensive security measures must be implemented to ensure that these services
are protected from potential cyber threats. These new services, which rely on a complex network of
interconnected devices and data transfers, present new security challenges.
To protect against prospective cyber threats such as data breaches, malware attacks, and denial-of-
service attacks, it is essential to implement stringent security measures. Many of the threats encountered
by 4G/3G/2G networks today are mitigated by 5G's built-in security controls. These measures consist
of new mutual authentication capabilities, improved subscriber identity protection, and additional
security mechanisms. 5G gives the mobile industry with an unprecedented chance to improve network
and service security.

Figure.1 5G Threat Landscape.

The 5G network threat scenario for new applications like smart homes, smart cities, smart
transportation, and eHealth is a complicated and multifaceted problem that calls for an all-encompassing
security strategy. The essay that follows discusses the potential threats to 5G networks and the measures
that can be taken to mitigate these dangers. With the widespread implementation of new applications,
network, device, and data security becomes more critical.
The increased attack surface is one of the major hazards to 5G networks. The sheer number of internet-
connected devices increases the likelihood that hackers will obtain access to a network. IoT-based smart
homes, cities, and transportation systems are also vulnerable to IoT-based vulnerabilities, as their
devices, firmware, and software could possibly insecure. 5G networks collect enormous amounts of
data from connected devices, and this data can be misused, posing a privacy risk. In addition, distributed
denial of service (DDoS) attacks can be conducted to bring the entire network down. Another concern
is the physical security of 5G infrastructure and devices, which are susceptible to vandalism, theft, and
tampering.
5G networks must employ a variety of security measures to mitigate these threats. To ensure that only
authorised devices and users have access to the network, authentication and authorization measures
should be implemented. It is essential to encrypt data inorder to prevent unauthorised access to sensitive
information. Network segmentation helps to limit access to sensitive data and contain the effects of any
attacks. Devices should be constructed with security in mind, have firmware and software that can be
updated, and include security mechanisms. To prevent attacks such as man-in-the-middle (MITM)
attacks, secure communication protocols are also crucial. Regular software and firmware updates should
be made available to patch any identified vulnerabilities. Finally, physical security measures should be
implemented to prevent unauthorised access, larceny, and vandalism against 5G infrastructure and
devices.
Mobile networks have evolved significantly over the years, with each generation introducing new
innovations and features that enhance connectivity, speed, and dependability. With each innovation,
however, come new security risks and vulnerabilities that attackers can exploit to obtain unauthorised
network access and steal user data. The most recent generation of mobile networks, 5G, has been
designed with a strong emphasis on security, with several features and mechanisms implemented to
resolve the vulnerabilities that have been exploited in previous generations.
Network slicing is one of the primary security components of 5G networks. Network slicing permits
the creation of multiple virtual networks on a single physical network infrastructure, enabling the
network to be divided into smaller, discrete segments with their own security policies and controls. This
means that even if one slice of the network is compromised, the remaining slices can continue to
function normally, reducing the risk of a pervasive security breach.
Authentication and encryption mechanisms that are more robust are also a key feature of 5G network
security. For instance, 5G networks use certificate-based authentication rather than password-based
authentication, making it more difficult for attackers to gain unauthorised network access. In addition,
5G networks employ more robust encryption algorithms, such as Advanced Encryption Standard (AES),
to safeguard the privacy of user data.
In addition, 5G networks rely significantly on network function virtualization (NFV), which enables
network functions such as firewalls and intrusion detection systems to be implemented as software on
virtualized servers. This facilitates the updating and patching of security software, as well as the
isolation of security incidents. In addition, 5G networks employ Transport Layer Security (TLS) to
secure communications between user devices and the network. TLS encrypts data in transit, preventing
attackers from intercepting and accessing the data.
Lastly, 5G networks are equipped with enhanced SIM card security measures to prevent SIM swapping
attacks. In recent years, SIM swapping attacks have become a common attack vector. 5G SIM cards use
stronger encryption algorithms and have a secure enclave that houses sensitive data, making it harder
for attackers to compromise the SIM card.
5G networks must employ a variety of security measures to mitigate the threats. To ensure that only
authorised devices and users have access to the network, authentication and authorization measures
should be implemented. It is essential to encrypt data to prevent unauthorised access to sensitive
information. Network segmentation helps to limit access to sensitive data and contain the effects of any
attacks. Devices should be constructed with security in mind, have firmware and software that can be
updated, and include security mechanisms. To prevent attacks such as man-in-the-middle (MITM)
attacks, secure communication protocols are also crucial. Regular software and firmware updates should
be made available to patch any identified vulnerabilities. Additionally, physical security measures
should be implemented to prevent unauthorised access, larceny, and vandalism against 5G infrastructure
and devices. When such structures and measure are placed properly, 5G technology can facilitate the
development of smart residences, smart cities, smart transportation, and eHealth applications by
providing high-speed, low-latency connectivity for various Internet of Things (IoT) devices and sensors.
This can enhance the efficiency, safety, and convenience of various aspects of our lives, such as home
automation, traffic management, and healthcare delivery.

Figure.2 Overview of Security Architecture.

As shown in Figure.2, the 3GPP committee has established the following six security levels: Network
access security (I): The collection of security features that allows user equipment (UE) to securely
authenticate and access services via the network, including 3GPP access and non-3GPP access, and in
particular to defend against assaults on the (radio) interfaces. In addition, the User Equipment (UE)
must receive the access security context from the Serving Network (SN). Network domain security (II):
a collection of security features that enables network nodes to securely exchange signalling data and
user plane data. User domain security (III): the compilation of security features that allow the user to
securely access mobile equipment. Application domain security (IV): the collection of security features
that enables the secure interchange of messages between applications in the user domain and the
provider domain. Service Based Architecture (SBA) domain security (V): The collection of security
features pertinent to SBA security, including network element registration, discovery, and authorization
security aspects, in addition to the protection of service-based interfaces. Visibility and configurability
of security (VI) refers to the collection of features that notify the user if a security feature is enabled or
disabled.
Network access security, network domain security, user domain security, application domain security,
service-based architecture domain security, visibility and configurability of security, are just a few
security issues and deployment guidelines that need to be looked at for 5G technology, according to the
technical specification of the 3GPP. User equipment, access networks, and mobile operator core
networks are the three categories into which the security challenges in the 5G network are divided.
Message insertion, assaults on user data and identity privacy, mobile malware attacks, fake buffer status
reports, and attacks on radio resources and management are all included in these stages. The four main
security issues in the 5G network are availability, privacy, integrity, and authentication. Intrusion
detection, cryptography, and human measures are suggested techniques to reduce security risks. The
access network layer security, application layer security, management security, network security, user
equipment security, virtualization, and infrastructure security are additional divisions of the 5G security
network architecture.
Availability, Authentication, Confidentiality, Integrity, and Non-Repudiation comprised the 5G
security threat. 5G availability is a function of the radio access network, the control plane, and the
support system, and it is asserted that any attack on these systems affects availability, whereas
Authentication is a means of non-Repudiation for device-to-device communication on the network.
Integrity is applicable to user plane integrity protection, and they reported that 5G radio access functions
closely with cloud services whose security threats centre on denial of service (DoS), which affects the
operation of the network slice, and jamming attacks, which affect the operation of the network slice.
5G protection is not complete without key management. The 5G system employs a variety of
cryptographic algorithms to guarantee the confidentiality, integrity, and authenticity of user data and
communication. The process of generating, distributing, and managing the cryptographic keys used in
these algorithms is known as key management. Key management is handled by the 5G-AKA
(Authentication and Key Agreement) protocol.
To address security and privacy issues in the RAN network, 3GPP has defined an AKA protocol and
procedures that support, among other security properties, user authentication, signalling integrity, and
signalling confidentiality. The 3GPP AKA protocol utilises a challenge-and-response authentication
protocol based on a shared symmetric key between the User and the Network.
The 5G-AKA protocol consists of several essential phases. Figure 3 illustrates the AKA process. The
initial stage is authentication, in which the user device sends an authentication request to the 5G
network. The network responds with a test that the device must pass in order to verify its identity.
 Figure.3 5G AKA process.

During the key agreement phase, the network and device exchange messages to establish a shared secret
key for communication. This key is generated using the Diffie-Hellman key exchange algorithm, which
allows the network and device to determine a shared secret without transmitting the key over the
network. In the third stage, key derivation, the shared secret key is used to derive other keys for specific
purposes, including encryption and integrity protection. The 5G-AKA protocol concludes with key
distribution. This phase involves distributing the derived keys to the user device and network elements
that require them for secure communication. To prevent unauthorised access or manipulation, the
distribution of keys is conducted via secure and authenticated channels. This step ensures that only
authorised users and devices can access the 5G network and that their communications are protected
and secure. The 5G-AKA protocol also includes mechanisms for key refreshment and revocation,
ensuring that keys are frequently updated and compromised keys can be revoked to prevent
unauthorised system access. The 5G-AKA protocol provides a robust and reliable mechanism for
generating, distributing, and managing cryptographic keys. Key management is a crucial aspect of 5G
security.
The 5G services will require new networking, service deployment, storage, and processing
technologies. Cloud computing enables administrators to maintain data, services, and applications
without possessing the required infrastructure. Consequently, mobile clouds that employ the same
principles will unite technologically diverse systems into a single domain on which numerous services
can be deployed to achieve a greater level of flexibility and availability while incurring fewer capital
expenditures and operational expenditures. Software Defined Networking (SDN), which separates the
network control and data forwarding planes, enables the virtualization of network functions. On the one
hand, SDN facilitates networking innovation via abstraction, while on the other, it streamlines network
management. Utilising Network Function Virtualization (NFV), which permits the placement of distinct
network functions in various network perimeters based on demand, reduces the need for function- or
service-specific hardware. SDN and NFV complement one another to increase network elasticity,
simplify network administration and management, and eliminate vendor-specific proprietary solutions;
consequently, they are considered essential for future networks. Since the inception of wireless
communication systems, security vulnerabilities have existed. Mobile phones and wireless channels in
wireless networks of the first generation (1G) were susceptible to unauthorised duplication and
masquerade. During the second generation (2G) of wireless networks, message flooding became
widespread, not only for pervasive attacks but also for inserting incorrect information or propagating
unsolicited marketing materials. IP-based communication has benefited third-generation (3G) wireless
networks by transferring Internet security faults and problems to wireless domains. As the demand for
IP-based communication increased, fourth generation (4G) mobile networks enabled the proliferation
of intelligent devices, multimedia traffic, and innovative services in the mobile space. This evolution
has caused the threat landscape to become more complex and dynamic. Fifth-generation (5G) wireless
networks will bring with them an increase in security risk vectors and privacy concerns. Consequently,
it is necessary to emphasise the security risks posed by both prospective 5G technology and the wireless
nature of mobile networks.

Figure.4 Security Challenges and Attacks in 5G.

The emergence of 5G supporting technologies such as Software-Defined Radio (SDR), Network

Function Virtualization (NFV), and Multi-access Edge Computing (MEC) introduces new security
threats as well as opportunities. The networking industry will benefit significantly from the introduction
of SDN. Concepts from software-defined networking (SDN) like logically centralised intelligence,
programmability, and network abstraction will make it easier to communicate in the future.
Centralization and programmability have the potential to bring about significant improvements in
network security; nevertheless, they also have the potential to attract a new level of threats and attacks.
Within the framework of the SDN paradigm, it is necessary for all layers, sublayers, and components
to communicate in a manner that is compliant with severe security regulations. by determining the
critical components of the SDN architecture that are required to guarantee the functionality and
interoperability of the network. Because they could be the target of assaults, these assets are the primary
focus of threat analysis conducted with the intention of safeguarding software-defined networks
(SDNs).
The figure 5 shows threats to different SDN planes

Figure.5 Threats to Different SDN planes.

The attacks are as follows: Data forging, Traffic diversion, Side channel attack, Flooding attack,
Software/firmware exploits, Denial of Service (DOS), Identity Spoofing, API exploitation, Memory
scraping, Remote application exploitation and Traffic sniffing.

Threats Description
Data Forging Compromises an SDN component (e.g., controller, router,
switch) to forge network data and launch additional attacks
(e.g., Denial of Service).
Traffic Diversion This attack demands compromising a network component to
redirect traffic and enable eavesdropping.

Side channel attack This threat involves the extraction of information on active
flow rules employed by network elements.

Flooding attack Specific to SDN are amplification flooding attacks, in which

a small stream of requests with a spoofed sender generates a
massive inundation of responses.

Software/Firmware exploits This threat entails exploiting software/firmware

vulnerabilities to cause a malfunction, reduction, or disruption
of service, to eavesdrop on data or to destroy/compromise
data.

Denial of Service (DOS) The attack consists of generating many requests or traffic in
such a manner that the network becomes unavailable to
authentic users, either partially or entirely.

Identity Spoofing Occurs when a malicious actor effectively determines the

identity of a legitimate entity and then launches attacks while
posing as the legitimate entity.
 API exploitation Using APIs, a programmer makes a request to the operating
system. Any computer component's Application Programme
Interface (APIs) may be susceptible to a hacker's ability to
conduct an unauthorised data release.

Memory Scraping When an attacker searches through the physical memory of a

software component in order to retrieve sensitive data that the
component was not authorised to hold, this threat is created.

Remote application exploitation In this threat, an adversary gains access to an SDN application
or obtains elevated access privileges by exploiting its software
vulnerabilities.

Traffic sniffing The link between an application on the application plane and
a controller on the control plane is targeted to obtain access to
critical configuration data.

In the past, service provisioning in the telecommunications industry necessitated the deployment of
physical equipment at multiple network locations for each function comprising the service. These
hardware functions are costly and require the management of trained personnel. By decoupling the
software from the hardware, Network Function Virtualization (NFV) enables this burden to be
overcome. The fundamental principle of NFV is to implement network functions in software known as
VNFs and deploy them on high-end servers or cloud platforms as opposed to purpose-built hardware.
It has a significant impact in a very brief period due to the fact that virtualisation technologies offer
numerous advantages, including agility, flexibility, and cost effectiveness. NFV enables the
implementation and dynamic update of security policies, thereby mitigating the risk of attacks.
Network slicing is a characteristic of virtual network architecture that permits the development of many
virtual networks over a common physical infrastructure. NFV will make network slicing possible in
5G, and this will be one of its benefits. The requirements of applications, services, devices, users, and
operators can all be catered to through the further customization of virtual networks. In addition to this,
it will make it easier to utilise a distributed cloud and will contribute to the growth of networks that are
adaptable and programmable in order to meet the needs of the future. Because it makes it easier to
distribute network functions over a number of different locations, NFV results in a network
infrastructure that is more fault tolerant. This contributes to the elimination of single points of failure
and enhances the redundancy of the network.
 Figure .6 NFV Reference Architecture.

Due to the flexibility and efficiency of Orchestration and Management (O&M) in NFV networks,
attacked networks can potentially be abandoned and resources recycled, allowing disasters to be rapidly
isolated, which is unworkable with current networks. It is possible to rapidly redeploy network
functions, network connections, and even entire networks, allowing for rapid recovery from disasters.
However, security challenges have become increasingly diverse.
Because NFV utilises shared infrastructure, VNFs may be susceptible to unauthorised access. Attackers
may exploit infrastructure vulnerabilities to gain unauthorised access to VNFs and pilfer sensitive data.
The virtualization layer serves as the framework for all cloud-native and virtualized network functions
and service applications, providing standard hardware-based unified computing resources to the layers
above. All network functions are directly assaulted if the virtualization layer is compromised, with
catastrophic results. Multiple tenants' virtual resources (such as virtual machines (VMs) or containers)
may be hosted on a single physical server, whereas a single tenant's virtual resources may be distributed
across multiple physical servers. The sharing of resources between multiple tenants and the violation of
physical boundaries increase the likelihood of data breaches, data residue, and assaults. Open-source
software usage will increase. In order to prevent intentional security flaws and maintain a consistent
and coherent approach to security-by-design, there are new security challenges that must be
surmounted. Malicious software, hardware, counterfeit components, subpar designs, manufacturing
processes, and maintenance techniques pose a threat to the supply chain. Theft of data and intellectual
property, a decline in confidence in the 5G network's dependability, or the exploitation of system and
network vulnerabilities could result from this. The integration of Lawful Interception capabilities into
a virtualized environment exposes them to a number of security and visibility issues.
Mobile edge computing (MEC) is the deployment of third-party applications on edge hosts at radio
nodes, aggregation points, or the edge of a mobile network's primary network. MEC provides 5G
operators and applications with new opportunities. First, it enhances the support for low-latency
applications by locating them close to their users, thereby preventing application traffic from
traversing the core network. Second, mobile operators can offer mobile edge services, such as location
and radio information, to third-party mobile edge applications to improve their performance and
responsiveness. MEC also allows for the secure storage and processing of data at the network's edge,
thereby reducing the risk of data breaches.

Figure.7 MEC Architecture.

Mobile Edge Computing enables consumers, enterprise clients, and adjacent industries to deliver
mission-critical applications over the mobile network, thereby facilitating the delivery of services. It
enables a new value chain, new business opportunities, and innumerable new use cases across numerous
industries. As discussed previously for SDN and NFV, MEC also introduces its set of vulnerabilities
and security challenges to both operator and third-party resources Being closer to the end user, edge
computing becomes more susceptible to physical assaults than data center-centric cloud computing.
Edge computing is susceptible to the same types of assaults as cloud computing, but the attack surface
is significantly larger. This also necessitates the development of enhanced security monitoring and
administration capabilities at the network's edge.
The safeguarding of data that is processed and stored at the edge nodes is one of the primary security
concerns for MEC. Encryption is a fundamental method for preventing unauthorised access,
modification, and disclosure of sensitive data. Different levels, such as the network layer, the
application layer, and the data layer, can utilise encryption. For instance, network layer encryption can
secure the communication between edge nodes and the core network, while application layer encryption
can safeguard the data exchanged between edge nodes and end devices. Data layer encryption can be
used to encrypt data stored at edge locations or in the cloud.
The verification of the identity and privileges of the users and devices that access the edge services is
an additional security challenge for MEC. To prevent impersonation, deception, and unauthorised
access, authentication and authorization are crucial. Various mechanisms, such as passwords, tokens,
certificates, biometrics, and blockchain, can be used to implement authentication and authorization. For
instance, passwords can be used to validate the identity of users, while tokens or certificates can be used
to grant access to peripheral services. Biometrics can provide a more secure and convenient method of
user authentication, while blockchain technology can create a decentralised and transparent ledger to
record and verify transactions and interactions at the network's periphery.
The coordination and administration of security policies and mechanisms across multiple edge nodes
and domains is a third security challenge for MEC. periphery security orchestration is a solution that
can automate and optimise the operations and functions of security at the network's periphery. Edge
security orchestration can utilise artificial intelligence, machine learning, and cloud computing to
monitor, analyse, and respond to edge security events and threats. Using techniques such as anomaly
detection, intrusion prevention, and backup and recovery, for instance, edge security orchestration can
detect and mitigate cyberattacks such as denial-of-service, malware, and ransomware. Edge security
orchestration can also alter and update security configurations and rules in response to varying network
conditions and user requirements.

Security Challenge Description

DOS/DDoS and Jamming Service delays and disruptions are caused by maliciously intended
Threats service requests that target radio interface and MEC.

Flaws in PLC/ SCADA The industrial automation system is being exposed by design defects
in these hardware entities.

Phishing/ Masquerading/ Attackers can mimic legitimate users in order to get access, and if
Imposter Dangers and Integrity UEs, access points, and 5G/MEC interfaces are not verified or
Breaches validated, they can steal data.

Energy & Resource Depletion Attackers aim to deplete IoT devices' processing, storage, and
Threats memory resources with the ultimate goal of depleting their energy
supplies.

Scalability Growing number of IoT devices are demanding rapid access to MEC
services.

Compatibility/Inter- The technological diversity inherent to 5G and IoT hinders the

operability incorporation of standardised security measures.

Considering all the advances in technological advancements and security features that 5G technology
offers in comparison to previous generations, it is the future. It can be an ideal solution for current and
future applications where time and speed are of the utmost importance, such as smart cities, homes,
transportation, and eHealth, if deployed with the proper protocols and understanding of the
environment, while considering the threats and implementing the appropriate mitigation. The
aggregation of disparate devices, services, and new networking technologies does increase the security
threat landscape; consequently, we must employ and develop new security solutions to take advantage
of it.
References:

1) ENISA, Marco Lourenço, Louis Marinos, ENISA, ENISA THREAT LANDSCAPE FOR 5G
NETWORKS, NOVEMBER 2019, ISBN: 978-92-9204-306-3, DOI:10.2824/49299
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks

2) Ahmad, Ijaz & Shahabuddin, Shahriar & Kumar, Tanesh & Okwuibe, Jude & Gurtov, Andrei
& Ylianttila, Mika. (2019). Security for 5G and Beyond. Pp 193-197 IEEE Communications
Surveys & Tutorials. PP 1,7,30-31. 10.1109/COMST.2019.2916180.
https://ieeexplore.ieee.org/document/8712553

3) J. Cao et al., "A Survey on Security Aspects for 3GPP 5G Networks," in IEEE Communications
Surveys & Tutorials, vol. 22, no. 1, Firstquarter 2020, doi: 10.1109/COMST.2019.2951818.

4) 5G-ENSURE, “Deliverable D2.7 Security Architecture (Final), pp 17-18, Available at:

https://5gensure.eu/sites/default/files/5G-ENSURE_D2.7_SecurityArchitectureFinal.pdf

5) Salahdine, F, Han, T, Zhang, N. Security in 5G and beyond recent advances and future
challenges. Security and Privacy. 2023; 6(1): e271.pp 7 doi:10.1002/spy2.271