Page 1Huawei Confidential www.huawei.comHUAWEI TECHNOLOGIES CO., LTD.

Security Considerations in 5G

ETSI Security Week

June 12 – 16, 2017

Marcus Wong

Page 2Huawei Confidential

Agenda

� 5G Motivation and Security Drivers

� Flexible Service Architecture

� Trust Model

� Slicing, On-demand, Flexible Policy

� User Plane Security

� Public Key for 5G

� Authentication

� Privacy

� 5G Security Standards Landscape

Page 3Huawei Confidential

5G Security Motivations and Drivers

Evolutionary rather than RevolutionaryEvolutionary rather than RevolutionaryEvolutionary rather than RevolutionaryEvolutionary rather than Revolutionary

Things that worked:

� UE Provisioning: USIM and UICC� Authentication: UE mutual authentication, home operator control (AKA)� Crypto Algorithms: AES, ZUC, public-key algorithms� Security Termination: UP terminating in access network� Domain Security: backhaul, IPsec� Service Security: one-size fits all

Things that need improving:

� UE Provisioning: eUICC� Authentication: protocol enhancements, efficiency, device authentication� Crypto Algorithms: quantum-ready, larger key sizes, expanding use of public-key algorithms� Security Termination: flexibility, application layer security� Domain Security: mid-haul security, end-to-end backhaul security� Forward Security: long term key protection, public-key assisted key derivation� Service Security: on-demand, network slicing, third-party� Privacy: IMSI protection

Page 4Huawei Confidential

SOR: Service Oriented RAN SOC: Service Oriented Core

Flexible Service Oriented Architecture

�1. IOT device

Identity Management

& access security

�2. Unified authentication

framework for different

access technologies�3. Physical

infrastructure security

�4. Virtualization

Security

�5. CP/UP separation

security

�7. On-demand slice security

mechanism for vertical services

�6. Opening for third-party

service security

�Legacy Security

�5G Specific Security

Page 5Huawei Confidential

Trust Model

New Trust Model:New Trust Model:New Trust Model:New Trust Model:

Traditional Trust Model:Traditional Trust Model:Traditional Trust Model:Traditional Trust Model:

UE SN HNauthenticationauthenticationauthenticationauthentication

control/delegatecontrol/delegatecontrol/delegatecontrol/delegate

UESN

HN

retain controlretain controlretain controlretain control

authenticationauthenticationauthenticationauthentication

o Operator to retain more home controlOperator to retain more home controlOperator to retain more home controlOperator to retain more home control

o Reduce reliance on SN trustReduce reliance on SN trustReduce reliance on SN trustReduce reliance on SN trust

o Reduce potential fraud due to unauthorized location updateReduce potential fraud due to unauthorized location updateReduce potential fraud due to unauthorized location updateReduce potential fraud due to unauthorized location update

Page 6Huawei Confidential

Network Slicing

Common Resources/Device not in any slice: globally accessible

？？？？？？？？Network

slice

Not A slice

Isolation Between SlicesProtection from unauthorized network slice access, between slices within and outside of operator network.

Isolation within Slices: Protection from unauthorized access of private data area among UEs within the slice.

Conditional

Access

Permanent

Isolation

Network

slice

Network

slice

Network

slice

Network

slice

Global

Access

Page 7Huawei Confidential

On-Demand Framework & Flexible Security Policy

AuthenticationAuthenticationAuthenticationAuthenticationConfidentiality Confidentiality Confidentiality Confidentiality ProtectionProtectionProtectionProtectionPrivacy Privacy Privacy Privacy ProtectionProtectionProtectionProtection

Extreme MBB

Slice

Massive Sensor

Slice

medium

Isolation Isolation Isolation Isolation Integrity Integrity Integrity Integrity ProtectionProtectionProtectionProtection

Vehicular & Healthcare

Slice

High

medium

medium

medium

On On off

SecurityFeatures

Security Policies Option

Isolation

Privacy

Integrity

Confidentiality

Authentication

between slices

inside slice

Aware of user data

Not aware of user activities

Not aware of user’s ID

Integrity Protection

No integrity Protection

256bit key 128bit keyDedicate cipher

algorithm

Multi-factor authentication

Biometric authentication

Flexible security features

Flexible security policy

medium

High

High

High medium

High

High

none

High Med Low

Page 8Huawei Confidential

User Plane security

� Ciphering (and integrity protection) use common crypto synchronization from LTE PDCP protocols.� Header compression capabilities(e.g. ROHC) support.� In-sequence delivery support.� Traffic-type aware and QoS support� Faster to market � Lawful Intercept support at CN consistent with solutions in LTE

U

P

C

P

UE

ANCN

Page 9Huawei Confidential

Use of Public Key

3G and 4G use of public key:3G and 4G use of public key:3G and 4G use of public key:3G and 4G use of public key:

o certificates and certificate enrolment certificates and certificate enrolment certificates and certificate enrolment certificates and certificate enrolment

o security between network entities (e.g. security between network entities (e.g. security between network entities (e.g. security between network entities (e.g.

establishment of establishment of establishment of establishment of IPsecIPsecIPsecIPsec))))

o ProSeProSeProSeProSe/V2X application security/V2X application security/V2X application security/V2X application security

o EAPEAPEAPEAP----TLS, Internet browser securityTLS, Internet browser securityTLS, Internet browser securityTLS, Internet browser security

New 5G potential Public Key use cases:New 5G potential Public Key use cases:New 5G potential Public Key use cases:New 5G potential Public Key use cases:

o certificates requiring PKI and publiccertificates requiring PKI and publiccertificates requiring PKI and publiccertificates requiring PKI and public----

private key pairs without PKI private key pairs without PKI private key pairs without PKI private key pairs without PKI

o device authenticationdevice authenticationdevice authenticationdevice authentication

o overoveroverover----thethethethe----air signaling protectionair signaling protectionair signaling protectionair signaling protection

o IMSI and privacy protectionIMSI and privacy protectionIMSI and privacy protectionIMSI and privacy protection

o remote provisioningremote provisioningremote provisioningremote provisioning

o long term key protectionlong term key protectionlong term key protectionlong term key protection

Page 10Huawei Confidential

Authenticationo Network Access AuthenticationNetwork Access AuthenticationNetwork Access AuthenticationNetwork Access Authentication

o Support backward compatibilitySupport backward compatibilitySupport backward compatibilitySupport backward compatibility

o EPSEPSEPSEPS----AKA*+AKA*+AKA*+AKA*+

o Support EAP authentication Support EAP authentication Support EAP authentication Support EAP authentication

FrameworkFrameworkFrameworkFramework

o EAPEAPEAPEAP----AKA’AKA’AKA’AKA’

o Device authenticationDevice authenticationDevice authenticationDevice authentication

o device publicdevice publicdevice publicdevice public----key/certificatekey/certificatekey/certificatekey/certificate

o Slice authenticationSlice authenticationSlice authenticationSlice authentication

o service authenticationservice authenticationservice authenticationservice authentication

o Authentication to external networksAuthentication to external networksAuthentication to external networksAuthentication to external networks

o secondary / thirdsecondary / thirdsecondary / thirdsecondary / third----party authenticationparty authenticationparty authenticationparty authentication

o alternative credential alternative credential alternative credential alternative credential

Page 11Huawei Confidential

Privacy

o IMSI Privacyo UE tracking

o IMSI Leakage

o initial authentication protection

o Use of privacy enhancing technology

o Pseudonym

o access token

o encrypted IMSI (using public key or shared key)

o temporary identities

o Need to support lawful interception in the serving network

o Serving Network can get target identity from Home network

o Serving Network can get target identity from UE

o Need to be done consistently (based on operator policy) for all UEs to avoid detectability

Page 12Huawei Confidential

“Option 3”

o Non-standalone 5G deploymento 5G UE + 4G AN + 5G AN + 4G CN

o Support faster deployment while migrating to full 5G CN gradually

o Security of “Option 3”

o modelled after dual-connectivity in LTE where UE connects to two eNBs simultaneously

o anchored via eNB (i.e. MeNB)

o gNB access by UE is considered as secondary (i.e. SgNB)

o RRC signalling support between UE and gNB reusing PDCP security

o

Page 13Huawei Confidential

�SA3#83

�07

�SA3 Release14

�Phase 1

�05 �11 �05�09 �2017.02 �08 �11

�SA3 Release15

�TR

�SA3#84

�SA3#85

�SA3#86

�45% done

�SA3#87

�SA3#88

�SA3#89

�2016. 03

5G Security Standards: Current Landscape

Key 3GPP Working Groups

SA1: 5G requirements RAN: 5G access network

SA2: 5G architecture CT: 5G core and terminal

SA3: 5G security

�Phase1 considerations key points•Security Architecture

• Unified Authentication Framework

• Key Hierarchy

• UE/Network Authorization

• Slicing Security

�Phase2 considerations key points• low latency

• IoT

• Small Data

• Slicing security enhancement

• etc.

Thank youwww.huawei.com

Copyright©2012 Huawei Technologies Co., Ltd. All Rights Reserved.

The information in this document may contain predictive statements including, without limitation, statements regarding the future financial

and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and

developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for

reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.