SESSION ID: MBS-W11 Demystifying 5G Security Through Threat Modeling Zhijun (William) Zhang Lead Security Architect The World Bank Group @zwilliamz #RSAC What is 5G ? #RSAC Officially named as IMT-2020 – International Mobile Telecommunications (standards by ITU) Provides far more enhanced capabilities than IMT2000(3G) and beyond IMT-Advanced(4G) – 4G is called LTE, Long Term Evolution – 5G, or IMT-2020, is called NR, New Radio 2 #RSAC Generations of Mobile Technologies Generation (name) Availa bility Characteristics Speed 1G 1980 Analog, Voice only 14.4kbps 2G 1990 Digital, Data along Voice, MMS, Web browsing 56-115 kbps 3G 2000 Video calling Wireless internet 5.8-14.4 mbps 4G 2012 HD streaming High speed wireless internet 100mbps1gbps 5G 2020 New convergence services 20 gbps (IMT-2000) (IMT-Advanced) (IMT-2020) (Source: GSMA 2018) #RSAC 5G Features - Performance Minimum Requirements for 5G (IMT-2020) Comparison to 4G (IMT-Advanced) Peak data transmission rate Downlink peak data rate: 20 Gbps 20 times faster Latency 1 millisecond, for ultra reliable communications 1/10 the latency of LTE Connection density 1,000,000 devices per square kilometer 10 times the devices High bandwidth, low latency 5G Performance Brings in New Use Cases Highly reliable  From “connecting people” to “connecting things”  Real-time broadcasting F1 race with a driver’s view & experience  Mission-critical services like autonomous vehicle & remote surgery 4 #RSAC 5G Features – Technology Revolution Beam forming Massive MIMO Antenna (64T/64R) Edge5G Core Computing General H/W Backhaul General H/W SDN/NFV General H/W mmWave, Ultra Wideband Dynamic TDD General H/W Small Cell Deployment General H/W Network Slicing • mmWave (millimeter Wave, e.g. 24.25-27.5GHz, 27.5-29.5GHz) • MIMO (Multiple Input, Multiple Output), TDD (Time Division Duplexing) • SDN (Software Defined Network), NFV (Network Functions Virtualization) 5 #RSAC 5G becomes an invisible infrastructure for all #RSAC 5G-Enabled Economy Smart factories Smart homes 5G is an invisible infrastructure for all Smart City #RSAC The 5G Vision (Source: ITU-R IMT 2020) Supported by Network Slicing and Virtualization #RSAC Concurrent deployment of multiple logical networks on the same physical network infrastructure #RSAC What about security? 5G Security – Radio Access Network Components that connect mobile devices to the core network mmWave radio frequencies – Shorter wavelengths and narrower beams, which can provide better security for data transmission MIMO (multiple-input, multiple-output) and beamforming – More opportunities for masquerading Mutual authentication between devices and base stations Better protection of subscriber identity #RSAC 5G Security – Core Network – Service-based Architecture UE: User Equipment N*: messages NG: Next Generation UDM User Data Management (Credit: Cisco) #RSAC #RSAC 5G Security – Trust Model Visited Network Home Network SEPP: Security Edge Protection Proxy PLMN: Public Land Mobile Network 5G Security – Multi-Access Edge Computing (MEC) Move application hosting from centralized data centers to the network edge (e.g. cellular base stations) vRAN: virtual radio access network vEPC: virtual evolved packet core (Source: 5GAA) #RSAC 5G Security – Key Elements 1. Subscription Concealed Identifier (SUCI) 2. Updated Authentication and Key Agreement (AKA) 3. Stronger data integrity for radio access network 4. Stronger cryptographic algorithm 5. Stronger security for connectivity to other networks 6. Increased home network control 7. Detection of false base stations based on user equipment data #RSAC 5G Security Challenges Increased attack surface – More functionality at the edge of the network – Distributed architecture, multiple layers, multiple vendors – Wide range of devices to connect to the network – Heavy reliance on software and cloud providers Increased role in the overall economy – Support mission-critical applications Security features deemed optional #RSAC #RSAC An effective way to analyze security risks is via threat modeling The Threat Modeling Process #RSAC #RSAC Assets Network side User side Radio access network User equipment Core network User/device identity Multi-access Edge Computing User session Physical infrastructure Application data Virtualization – In storage, on network, in memory APIs 19 #RSA