Security issues for migration to 5G and security issues for 5g migration
This article will introduce 3GPP's recent achievements in 5g, further discuss the security of 5g migration, and finally introduce the 3GPP specifications for non-independent or 4g-5g dual-connection.
Recent achievements of 3GPP
5g architecture and wireless specifications have been released as planned in December 2017. One of the achievements of 3GPP is the completion of the 4G-5g dual-Connection Specification. devices can connect to 4G and 5g base stations at the same time, the 5g base station is connected to the 4G core network. This dual-connection solution enables 5g to enter the market as soon as possible and can be used as a path for migrating from 4G to 5g. Of course, there are other ways to migrate to 5g.
Migration security issues
Further Thoughts on the security of migrating to 5G and the 3GPP security specifications for non-independent/4g-5G dual-connection are as follows: on the one hand, throughout the global mobile communication market, operators can not only migrate from 4G to 5G, it can also be migrated from 3G to 5G, or even from 2G to 5G. Therefore, 5g migration occurs in different types of systems.
At a higher level, security issues that need to be considered from the perspective of migration include:
(1) deploy a secure 5G Network, which includes secure Network design, security assurance of Network functions, provision of security monitoring, and security operation center (see the figure on Network Guardian ). Network Design security should include interaction with traditional systems, which will provide a pure 5G environment.
(2) A number of existing databases will need to be migrated to the new system, so appropriate security considerations should be taken for these databases. Pay special attention to databases related to user authentication and billing.
(3) The security related to 0SS, BSS, and O & M also needs to be fully considered.
(4) migrating to 5G will also lead to an increase in virtualization deployment. Based on the company's strategy and national regulations, shared or dedicated virtualization infrastructure may be used. Therefore, cloud and virtualization security considerations need to be taken into account.
(5) It should also provide security for new services and open APIs that 5G will bring, and traditional networks must be considered for this security.
Non-independent/4g-5g dual-Connection Security
Now let's take a look at the security of the 4g-5g dual-connection (non-independent) specification discussed earlier in this article. From a security perspective, mobile devices First connect to 4G networks, authorize 5G mobile devices to access 5G networks, and then the key should be derived for 5g secure communication. For more details, see: for example, the main eNodeB (MeNB), the 4G base station connected to the mobile device, and verify whether the device is authorized to access the 5G service. Once verification is completed, MeNB exports and sends the key to be used by the secondary gNB (SgNB), that is, 5g base station. Mobile devices also obtain the same key. User Data Communication and orders occur between mobile devices and SgNB. Therefore, the keys sent to SgNB are used to export more keys.
(A) secret keys used for user data and
(B) confidentiality and integrity keys used for signaling.
Integrity keys are exported to provide integrity for the user data of the complete 5g system (that is, non-Dual-connection.