4G vs 5G Security, The Key Differences
5G security is built firmly on the foundations supplied by 4G security, albeit with significant enhancements. Here we’ll look at what’s stayed the same and where the differences are in how security is implemented in 4G and 5G. A deeper dive into this topic is available in our 5G Security course.
5G - an evolution not a complete change
5G can be viewed as an evolution of 4G rather than as completely new technology with many 5G features being enhancements, improvements or extensions of the equivalent 4G features.
This principle can be seen quite clearly in the area of 5G network security which is built firmly on the foundations supplied by 4G security, but with important and necessary enhancements.
What stays the same?
Security in cellular networks is divided into several key areas, including:
- Network access security - protecting the connections between mobile devices and base stations, between neighbouring base stations and between the base stations and the core network, and
- Network domain security - protecting core network elements and the connections between them
The key components of network access security remain largely unchanged from the 4G version. The keys employed to protect the 5G air interface operate in much the same way apart from the decision to implement optional user plane integrity protection.
The security measures applied to protect the access network and RAN transmission interfaces are also broadly similar to 4G. The exceptions are additional security features designed to protect the distributed base station designs that are supported in 5G.
Where are the changes in 5G security?
The biggest changes have been applied to the Authentication mechanism. Here two new nodes have been employed on the path between the mobile device and the network security database.
These nodes, the Authentication Server Function and the Security Anchor Function, are designed to provide more separation between the network that is currently serving a subscriber and their home network. This makes it harder to spoof authentication messages to the core network.
There are also changes in the way sensitive subscriber information is transmitted back to the home network.
Previously a mobile device would have sent its IMSI via the serving network in an unencrypted format. This would potentially allow the IMSI to be intercepted on the air interface and the movements of the subscriber to be tracked.
In 5G the subscriber identifier is now encrypted before it is transmitted using a public-private pair key that can only be decrypted by the home network. This effectively obscures the subscriber’s identity and makes them harder to track.
A final area of difference between 4G security and 5G security is in the nature of the communications in the core network. Legacy core networks have sometimes used a patchwork of signalling protocols. In a situation like this different systems are used for different purposes and each has their own security processes.
By contrast, in 5G all communication between core network nodes employs the same set of protocols within what’s known as the 5G Service Based Architecture. They therefore all employ the same security processes.
Finally, 5G core network security revolves around the use of HTTP/2 between nodes, with the connections protected by TLS (Transmission Layer Security) which brings 5G core network communications into line with the most commonly used Internet security methods.
About the Author
Joe Hoy has worked for a number of leading telecoms and IT companies including British Telecom, NCR, AT&T and Lucent. He started his career as a network engineer then worked on a variety of front- and back-office systems and the networking and telecoms systems linking them.
In his technical training career Joe has presented courses for our customers in many locations around the world. He specializes in GSM, UMTS and LTE and in IP-based media and signalling technologies. He also runs several strands of work in parallel to his training career including as a mobile telecoms forensic expert witness, a 3G Network Support Engineer specializing in RAN network elements and as a Technical Authority for a start-up VoIP-based telecoms provider.
Joe has an HND in Telecommunications and a range of company qualifications achieved during his time with BT, NCR, AT&T and Lucent. He is also a Cisco Certified Network Associate (CCNA) and is a member of the Institution of Engineering and Technology (IET).