Inheriting the security features of the 4G network, 5G enhances network authentication, protects privacy, and ensures secure data transmission and interconnection. Compared with non-3GPP access networks, such as Wi-Fi and enterprise private networks, 5G provides a wider range of mobility, more robust service security, tighter data protection, and better user privacy.
5G provides a bidirectional authentication capability based on a unified authentication framework, which enables terminals and the network to mutually confirm their validity. In this way, 5G prevents not only fake base stations or hotspots from leaking information, but also prevents unauthorised access. The 5G network provides an end-to-end secure channel to isolate each terminal. Even if a terminal is infected, it is difficult for malware to spread to other terminals spread across the 5G network.
To enhance the security capabilities of a 5G network for different service scenarios and provide users with more comprehensive and flexible network security options, 3GPP is researching and formulating security standards for enhanced service-based architecture (SBA) security, wireless and wireline convergence, non-public network (NPN), NPN-public land mobile network (PLMN) interaction, enhanced cellular IoT, uRLLC services, and authentication and key management of applications based on 3GPP credentials and V2X services.
The traditional consumer internet was designed to be open, which has proved to be a source of network security problems. As the future industrial internet will connect high-value assets in important fields such as finance, energy, industry and transportation, a semi-closed or closed network will be a better choice. 5G network slicing can provide not only network customisation for different service level agreements (SLA), but also secure network isolation capabilities.
Redefined 5G infrastructure
The 5G business ecosystem requires new regulators, business entities and digital assets. When building a diversified and trustworthy 5G ecosystem, and achieving business objectives defined by the ITU-T, the network infrastructure is not merely a traffic bearer. It is redefined by new technologies such as SDN/ NFV and multi-access edge computing (MEC) to provide on-demand network services through slice customisation.
Secure access capability of 5G private networks
With the continuous evolution of the internet from consumption to industry, involving critical infrastructure such as energy, industry and transportation, 5G bears higher business value and more social influence than traditional consumer services. Therefore, the network characteristics are no longer limited to bandwidth and traffic rate but include security and reliability. In the future, 5G will profoundly penetrate our lifestyles, and affect the whole of society, industrial innovation and economic growth. To provide high-value services, a 5G network must be able to provide higher security and reliability than traditional high-grade private networks, as well as further security reinforcement capabilities based on network slicing. In 5G private networks with security requirements for critical infrastructure, the business system can be divided into different regions according to the service value and SLA characteristics. Different regions use different network slices with different security attributes.
Secure guarantee capability for cross-industry assets
5G connects key infrastructure in IoT and vertical industries, and enables the mobile network to evolve from person-to-person connections to machine-to-machine connections, resulting in potential mutual penetration of security threats between the IT and OT (operation technology) domains. The consequences of attacks are exacerbated by the fact that such attacks are often targeted at people, assets and critical infrastructure that connect the physical world. Since the infrastructure is located at the network edge, MEC will be an important choice as well as a barrier for vertical industries. Operators need to take the necessary security measures to protect MEC nodes and customer data assets.
Continuous innovation in security capabilities
On the one hand, with the in-depth integration between networks and businesses, 5G network security capabilities need to be innovated. Based on the business characteristics and security situations of specific industries, new, intelligent detection technologies and defence mechanisms need to be introduced for providing continuous and innovative 5G network security solutions. On the other hand, 5G can expose its own security capabilities to vertical industries, reducing their security development and deployment costs, and improving the efficiency of business innovation.
Diversified security assurance
The integration of the industrial internet and the 5G network will have an impact on the security assurance system. First, the security regulations are diversified. In comparison with telecommunications networks, the financial, energy and industrial networks have different security regulations and standards, data protection norms and security evaluation standards. Second, the assets are diversified. The equipment, platforms and applications in MEC have different owners and users, and might also require an operations and maintenance system across multiple organisations. How 5G adapts to a diversified security assurance system, or whether it is possible to build a unified security assurance system remains to be explored.
Based on ZTE’s white paper, “Security Makes 5G Go Further”, released in May 2019
