Professional Documents
Culture Documents
Navigating Security Challenges of 5G: Presented at Cyber Intelligence Forum Indonesia 2021.08
Navigating Security Challenges of 5G: Presented at Cyber Intelligence Forum Indonesia 2021.08
Navigating Security Challenges of 5G: Presented at Cyber Intelligence Forum Indonesia 2021.08
Cloud SDN/NFV AI AI and big data power the in-depth Data processing is more complex and the
mining of information. risk of data leaks is increasing.
Mobile networks and sensors help us The attack surface is larger and
achieve high-density interconnection. vulnerabilities are increasing.
5G IoT
Cyberattacks and Data fraud/theft are among the top 10 Global risks
Source: The World Economic Forum Global Risks Report 2020
4 Huawei Confidential
Key Security Challenges of 5G Networks
The 5G network expands the The SBA and slicing architecture provide The introduction of new technologies,
vertical services of URLLC and flexible service deployment capabilities, such as virtualization and
mMTC from eMBB. Higher security and UPF downsink supports low-latency cloudification, supports fast service
requirements of the industry must services, but also makes the network deployment, but also the core
be met. boundary complex and dynamic. network is layered and decoupled.
5 Huawei Confidential
5G networks bear vertical industries, meeting higher security
requirements
5G Enables Thousands of Industries, and Cyber Security Key Industry Opinion: Security Is the Key Guarantee for
Issues Affect Production and Company Survival 5G Industry Applications
Service evolution:
1. Industry applications are carried over 5G networks, and enterprise
networks and carrier networks are converged.
2. Diversified vertical service applications and differentiated industry
requirements
Media live Intelligent Smart industry 3. The UPF is deployed at the edge to connect to the enterprise network
broadcast control to carry enterprise applications and meet low latency requirements.
Enterprise
5G base
station
MEC Applications and 5GC
Data
6 Huawei Confidential
5G network software and deployment architecture change,
introducing new interfaces and boundaries
The new architecture of SBA and slicing needs to adapt to 5GC UP supports downsink deployment, and MEC
new security security capabilities need to be built
7 Huawei Confidential
5G network introduces virtualization/cloudification technologies, and
core network NEs are decoupled by layer
Legacy NFV 1
Infrastructure resource sharing
• Traditional physical security boundaries are
3
broken: resource sharing, unauthorized
MANO resource preemption, application-layer
IMS EPC IMS EPC 5G NFVO data access, and image tampering, etc.
8 Huawei Confidential
5G Network Threats Analysis
External Network
O&M Clients
4
eMBB Operator's Network PAM EMS
5GC FW
VPLMN
8 3
1
URLLC 6 Slices
SBA
5 SecGW
Switch/Router AMF UDM SMF
RAN
mMTC 7 NFVI 9 2 Internet
MEC UPF MEP APP1 APP2 APP3
Hardware + Cloud OS 9
9 Huawei Confidential
目录
Contents
5G E2E Network
01 5G Cyber Security
Challenges
02 Security Solution 03 Summary
10 Huawei Confidential
5G E2E Cyber Security: Layered Models Become Industry Consensus
IEC62443 IACS,
APPs ISO/IEC 27034
Operator
L2: Network Security + O&M security (The vendor provides
(Secure deployment, O&M security, network protection) capability)
NIST CSF,
NCSC CAF,
3GPP
Vendor
AAU
BBU
Router
ISO19600, NIST SSDF,
Base Station Core
NIST SP800-160, 3GPP,
L1: NE Security
(Standard Compliance, SDL security development lifecycle, NE protection) NESAS/SCAS
The 3-layer security model is widely accepted in telecom industry including 3GPP, 5GPPP etc.
5G security requires ”shared responsibility” among different stake holders.
11 Huawei Confidential
Build E2E cyber security solutions for 5G network scenarios
Enabling Industry
L3 Security
Terminal access security Data security Border security
support
Northbound interface
Single-domain
User management Security alarms/logs Security configuration check Zero trust in O&M MANO security
management (EMS layer)
L2 Network Networking Security Three-plane isolation Secure transmission RAN Sharing Security Slicing security
Security
NE Security System
Trusted environment Data security System security hardening
Security
L1
Standard 256-bit encryption User plane User privacy Flexible Unified Roaming
Security algorithm integrity protection protection Security Policy authentication security
12 Huawei Confidential
5G Enhances Network Security Capabilities Based on 4G
• The 4G network is based on a series of security solutions and has not been attacked in a large scale in the past 10 years.
• 5G reuses the 4G security architecture and further enhances security for some known risks.
5G
Unified
Stronger Better Stronger Flexible Enhanced
User authentication
cryptographic algorithm Air interface security User privacy protection Security Policy Roaming security
experience
256-bits encryption User Plane Integrity User privacy protection Subscriber-level Unified Roaming security
algorithm (after R18) Protection SUCI security policy authentication SEPP
LTE
e.g.
IPX hSEPP
L=256 vSEPP
5G CP
L=256
Wi-Fi
VPLMN HPLMN
L=128
4G
No Separate Plaintext
128 bits Plaintext Network-level
integrity protection for UP Different authentication for transmission of roaming
encryption transmission of IMSI security policy
different access subscriber data
13 Huawei Confidential
5G standard evolution: The network architecture is finalized in R15
and functions are continuously enhanced in later versions
2017 2018 2019 2020 2021 2022 -
5G Basic Security Architecture and Vertical industry security enhancement Continuous evolution of security Future-oriented security
eMBB Security Functions functions evolution
• URLLC security: dual-path transmission • Security Capability Exposure:
• Integrity protection for air security AKMA Authentication and Key • 256-bit key algorithm (anti-
interface user plane • mMTC (cIoT) Security: Lightweight Small Management Based on 3GPP quantum attack and higher
Packet Transmission Security Credentials security)
• Subscriber-level security policies
• Slice security: Defines NSSAAF slice • Enhanced slice security: ID • Fake base station (FBS)
(finer granularity) authentication NEs and supports slice broadcast privacy protection detection
• Enhanced air interface encryption secondary authentication. • MEC security (Support for Edge • Automatic 5GC virtual NE
protection for user IDs • Non-public network (NPN) security: Computing in 5GC): interface certificate management
• SEPP Protection Inter-PLMN EAP-based non-public network security, client authentication
authentication and authorization
Roaming Messages
Security authentication
• SBA Security Security authentication Secure authentication • SCAS Evolution
• Unified authentication • SCAS 1.0 • SCAS 2.0
eMBB
eMBB URLLC, mMTC URLLC, mMTC (enhanced) Future-oriented evolution
14 Huawei Confidential
Cyber Security is a Shared Global Challenge Requiring Standards and
Verification Based Approach, Multi-party Collaboration
15 Huawei Confidential
Nation 5G Security Standard System Proposal
Cyber Security Standard and Certification System National Cyber Security Governance Fundamental Principles
Critical Information Cyber Security and privacy Data security and privacy
Infrastructure Cyber Security clauses in related fields protection
Application Security Standards and Certification 1. End user: Mindset and culture 1. Public law 1. Data security, data protection,
(Vertical/Application Provider) 2. Criminal law
2. Service provider: Application and cross-border legal and
3. Civil Procedure Law
security
Network Security Standards and Certification 4. Business Law secure flow of data,
3. Network Operator: Operation
(Operator) 5. Banking Law
security, deployment security 2. Enterprise Information
6. Stock Exchange Act
4. Equipment vendor
Product Security Standards and Certification 7. Civil Code Protection: Legal Compliance
(Equipment Vendor) 5. 3rd party security certification 8. Payment method
3. Personal privacy protection
labs 9. Patent Law
10. Others 4. Others
Cyber Security Management
Standards and Certification system
6. Ecosystem partners
(Organizations such as enterprises and institutions)
National Cyber Security Management Standards system:
Cyber Security Governance Foundation Law
ISO/IEC 27000/1, ISO 28000,supply chain security standard and etc.
(Government) Indonesia Indeks KAMI
National Cyber Security Laws
16 Huawei Confidential
目录
Contents
Company Overview
01 5G Cyber Security
Challenges
02 5G E2E Network
Security Solution
03 Summary
17 Huawei Confidential
Closing Thoughts: Threat Will Never Stop, We Never Stop
For the past 30 years, Huawei has served more than 3 billion people, supported more than 1,500
carrier networks, and earned the trust of ten thousands of customers in over 170 countries
Cybersecurity and user privacy protection are of utmost importance as top priority
Huge investment in people and resources to manage risk effectively, steeped in standards and
best practices, separation of duties, and independent verification
Both trust and distrust should be based on facts, not feelings. Facts must be verifiable, and
verification must be based on unified standards.
18 Huawei Confidential
In the Digital Intelligent World, Business Success cannot go without Cyber Security, Trustworthiness and Privacy Protection