By Tao Wan, CableLabs; Mansour Ganji, Rogers Communications
Cellular mobile networks have evolved from 2G to 5G over the past three decades. Mobile services offered by 2G, 3G, and 4G networks have always been voice calls and data network access. The introduction of 5G has changed this protocol by providing the communication technologies for many more use-cases tailored for each specific requirement. More specifically, 5G will provide network connectivity not only for human-to-human communications but also for human-to-machine, and machine to-machine communications. 5G user equipment will fall into a broad range of devices where at one end they are fully-fledged computers, and at the other end they are single-purpose and resource-constrained IoT devices.
Because of the potentially significant impact on our society by 5G, its security is of critical importance and must be treated systematically. Researchers from both industry and academia have been working on improving security in 5G for a while. For example, the 3GPP SA3 working group has been studying and defining security specifications for 5G systems since 2017. Academic researchers are also helping to identify flaws in 5G specifications and are proposing enhancements. In this paper, we conduct a summary of security threats to 5G and prior generations of mobile networks and discuss how some of these threats are being addressed by the 3GPP 5G security standard.
Threats against cellular mobile networks can be generally classified into three categories: threats against user equipment or subscribers, threats against radio access networks, and threats against mobile core networks. In this paper, we focus on threats against subscribers. More specifically, we consider how subscriber security can be attacked by exploiting design constraints or flaws in control channels including broadcasting, paging and dedicated unicasting channels.
Due to the fact that neither broadcasting nor paging messages are authenticated in 5G (release 15) and prior generations, they are subject to spoofing, enabling many of the attacks against subscribers.
Unicasting messages may or may not be security protected. Unprotected unicasting messages are also subject to spoofing and can be exploited to attack subscribers.
Through a summary of security threats against and defenses by 5G networks, we hope that a realistic understanding of expected 5G security can be established across the networking community, and hopefully among the general public as well.