Security Analysis Of 5G Mobile Networks (2019)

By Tao Wan, CableLabs; Mansour Ganji, Rogers Communications

Cellular mobile networks have evolved from 2G to 5G over the past three decades. Mobile services offered by 2G, 3G, and 4G networks have always been voice calls and data network access. The introduction of 5G has changed this protocol by providing the communication technologies for many more use-cases tailored for each specific requirement. More specifically, 5G will provide network connectivity not only for human-to-human communications but also for human-to-machine, and machine to-machine communications. 5G user equipment will fall into a broad range of devices where at one end they are fully-fledged computers, and at the other end they are single-purpose and resource-constrained IoT devices.

Because of the potentially significant impact on our society by 5G, its security is of critical importance and must be treated systematically. Researchers from both industry and academia have been working on improving security in 5G for a while. For example, the 3GPP SA3 working group has been studying and defining security specifications for 5G systems since 2017. Academic researchers are also helping to identify flaws in 5G specifications and are proposing enhancements. In this paper, we conduct a summary of security threats to 5G and prior generations of mobile networks and discuss how some of these threats are being addressed by the 3GPP 5G security standard.

Threats against cellular mobile networks can be generally classified into three categories: threats against user equipment or subscribers, threats against radio access networks, and threats against mobile core networks. In this paper, we focus on threats against subscribers. More specifically, we consider how subscriber security can be attacked by exploiting design constraints or flaws in control channels including broadcasting, paging and dedicated unicasting channels.

Due to the fact that neither broadcasting nor paging messages are authenticated in 5G (release 15) and prior generations, they are subject to spoofing, enabling many of the attacks against subscribers.

Unicasting messages may or may not be security protected. Unprotected unicasting messages are also subject to spoofing and can be exploited to attack subscribers.

Through a summary of security threats against and defenses by 5G networks, we hope that a realistic understanding of expected 5G security can be established across the networking community, and hopefully among the general public as well.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Authentication in 5G Wireline and Wireless Convergence
By Tao Wan & Max Pala, CableLabs; Yildirim Sahin, Charter Communications
SD-WAN Security and SASE
By Charuhas Ghatge, Nuage Networks by Nokia
Cable and Mobile Convergence: A Vision from the Cable Communities Around the World
By Jennifer Andréoli-Fang, PhD, CableLabs; John T. Chapman, Ian Campbell, & Mark Grayson, Cisco; Ahmed Bencheikh, Praveen Srivastava & Vikas Sarawat, Charter Communications; Drew Davis & Paul Blaser, Cox Communications; Damian Poltz & Dave Morley, Shaw Communications; Eduardo Panciera, Telecom Argentina; Philippe Perron, Sylvain Archambault, Eric Menu, Géraldine Trouillard & David Lagacé, Videotron; Gavin Young & Bruno Cornaglia, Vodafone
Comparative Technical Analysis for 5G Fixed Wireless Access Rural Networks (2.6, 3.7 and 6.4 GHz)
By Dorin Viorel, CableLabs; Ruoyu Sun, CableLabs; Sanjay Patel, CableLabs; George Hart, Rogers Communications
Case Studies From 5G Wireless Private Networks in the Mining Sector
By Andy Striegler, Rogers Communications Inc.; Kamaljit Bal, Rogers Communications Inc.
Convergence With 5G Applications and Use Case Monetization
By Amitabh Chhabra, Rogers Communications Inc.
5G Security & Protection Framework
By Vasu Dalal & Patrick Nta, NOKIA
FWA, The Promise of Broadband Everywhere Lessons Learned & Best Practices
By Ahmed Jafri, Rogers Communications Inc.; Osama Bazan, Rogers Communications Inc.; Rizwan Butt, Rogers Communications Inc.; Mahmoud ElMeligui, Rogers Communications Inc.; Carlos Moco, Rogers Communications Inc.
Hybrid Cloud to Power Private 5G Networks: Industrial Worker Safety Use Case
By Mohamed Daoud, Charter Communications; Ammar Latif, Amazon Web Services (AWS)
Real-World Performance of 5G
By Dave Morley, Shaw Communications Inc./Freedom Mobile
More Results >>