<center><i class="fa fa-edit"></i> SECURITY ARCHITECTURE </center>

:::warning # <center><i class="fa fa-edit"></i> SECURITY ARCHITECTURE </center> ::: [TOC] ### 4G vs 5G security architecture In 4G/5G technology, five security feature groups can be defined. Each of these groups meets certain threats and accomplishes certain security objectives: - Network access security (I) – the set of features that provide secure access to services and which in particular protect against attacks on the (radio) access link. - Network domain security (II) – the set of features that enable nodes to securely exchange signaling data, user data (between AN (Access Network) and SN (Serving Network) and within AN) and protect against attacks on the wired network. - User domain security (III) – the set of features that secure access to mobile stations. - Application domain security (IV) – the set of features that enable applications in user and in provider domain to securely exchange messages. - Visibility and configurability (V) – the set of features that inform the user whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature. ![](https://i.imgur.com/wyEv31N.png) (ME – Mobile Equipment, HE – Home Equipment, USIM – Universal Subscriber Identity Module) Comparing both security architectures, the following enhancements in 5G can be identified: 1. In case of access network (AN), 3GPP and non–3GPP access networks are treated more equally. 2. In communication between SN and HE, a new interface for Service–based Architecture (SBA) is added. Authentication and key management are fundamental processes to the security of cellular networks because they provide mutual authentication between users and the network and derive cryptographic keys to protect both signalling and user plane data. 5G security is built around 5G AKA (Authentication and Key Agreement) protocol, an enhanced version of the protocol already used by 3G and 4G networks. ### Known weaknesses in 4G EPS–AKA: 1. The authentification of user equipment (UE) is sent over mobile networks without encryption. Although a temporary identifier (GUTI) may be used to hide a user’s long–term identity, it has been shown that GUTI–allocation has two security lacks: GUTIs are not changed often enough as necessary and their allocation can be predicted. More importantly, the UE’s permanent identity may be sent in form of plain text in an authentification response (RES) message when responding to an authentification request message from a network. 2. A HE generates authentication vectors (AV) during communication with a serving network (SN) as a part of UE authentication, but it is not a part of the authentication decision. This decision is made exclusively by the SN. 5G–AKA differs from 4G EPS–AKA in several aspects: - Authentication components are different because of the new SBA. Specifically, the SIDF (Subscription Identifier De–concealing Function) component does not exist in 4G. - In case of 5G, UE uses the public key of the home network to encrypt subscription permanent identifier (SUPI) before it is sent to a network. In 4G, the UE sends its permanent identifier as clear text, allowing it to be stolen by either a malicious network (for instance, fake base station – IMSI catcher) or an attacker over the radio links (if communication is not protected). IMSI catchers work by tricking devices into connecting to them instead of the real base station, exploiting the fact that under GSM (Global System for Mobile Telecommunications) standard, devices prioritize closer and stronger signals. - According to 3GPP specifications, the SUPI should not be transferred in clear text over NG–RAN except routing information (Mobile Country Code (MCC) and Mobile Network Code (MNC). The Packet Data Convergence Protocol (PDCP) can be used for the wireless interface and IPsec for transmission to guarantee the confidentiality and integrity of users' data. - The home network (for example, the authentication server function (AUSF) which does not exist in 4G) makes the final decision on UE authentication in 5G. In addition, results of authentication are also sent to unified data management (UDM) to be logged. In 4G, a home network is contacted during authentication only to generate authentication vectors. It does not make any decisions about the authentication. - Key structure is longer in 5G than in 4G because of the implementation of two additional keys: AUSF (used to derive other keys for authentication and encryption) and AMF (Access and Mobility Management Function). ### 4G and 5G authentication schemes ![](https://i.imgur.com/8QoOmMG.png) ### Major 5G security issues ![](https://i.imgur.com/NWA0rNU.png)