5G signalling security and other 5G updates from 3GPP perspective

Standardisation of 5G “Phase 1” is almost finished, and it is time to review which security enhancements made it from the study into the standard. The first part of this talk will briefly revisit these aspects from last year’s outlook in TSD17 and report their outcome: • network slicing • authentication schemes • enhanced user identity privacy • security termination points in the architecture • resistance against key leakage A major paradigm shift in 5G is the move away from “signalling” interfaces and protocols (SS7, Diameter) towards a modern “Service Based Architecture” (SBA). Core network functions in SBA will offer REST APIs (with information elements in JSON objects), both internally and externally. Network architects hope to reap benefits like efficiency, scalability, modularity, and flexibility from using modern web techniques – but security experts fear that this also brings new weaknesses, while existing inter-operator issues remain unsolved. The second part of this talk explains SBA security aspects: • legacy signalling – and how to improve security in 5G • trust model input (IPX) • requirements from architecture and protocol design • design goals for SBA security standardisation • authentication and authorisation • non-standard security measures (network design, filtering)