5G Wireless Network Security and Privacy
Description
An expert presentation of 5G security, privacy, and network performance
In 5G Wireless Network Security and Privacy, a team of veteran engineers delivers a robust and accessible discussion of 5G security solutions, including physical layer security, authentication, and mobility management. In the book, the authors expertly cover the requirements of 5G wireless network security and privacy, with explorations of existing solutions and vulnerabilities from security architecture and mechanism perspectives.
Readers will learn how to enhance the security and network performance of 5G wireless networks in contexts like vehicle-to-vehicle and vehicle-to-infrastructure communications, industrial automation, health services, smart cities, and smart homes. They will develop a comprehensive understanding of 5G wireless network security as they move through the book's 11 insightful chapters, developing in-depth knowledge on the current state of 5G security and coming developments in the field. Readers will also find:
* A thorough introduction to legacy cellular network security, including network performance development from 1G to 4G
* In-depth treatments of 5G network security, including the motivation and objectives of 5G wireless network security
* Comprehensive explorations of wireless security solutions, including cryptographic approaches and physical layer security
* Fulsome discussions of the security architecture of cellular networks, including 3G and 4G security
Perfect for researchers and professionals working in the field of cybersecurity and 5G wireless networks, 5G Wireless Network Security and Privacy will also earn a place in the libraries of engineers, computer scientists, and graduate students studying 5G network security and privacy.
More details
Other editions
Additional editions
Persons
Dongfeng (Phoenix) Fang, PhD, is an Assistant Professor in the Department of Computer Science and Software Engineering at the California Polytechnical State University, San Luis Obispo, USA.
Yi Qian, PhD, is a Professor in the Department of Electrical and Computer Engineering at the University of Nebraska-Lincoln, USA.
Rose Qingyang Hu, PhD, is a Professor in the Electrical and Computer Engineering Department and the Associate Dean for Research of the College of Engineering, Utah State University, USA.
Content
About the Authors ix
Preface xi
Acknowledgments xiii
Introduction xv
1 Introduction to 5G Wireless Systems 1
1.1 Motivations and Objectives of 5G Wireless Networks 1
1.2 Security Drives and Requirements 2
1.3 5GWireless Network Architecture 4
1.3.1 Overview of the 5G Wireless Network Architecture 4
1.3.2 Comparison Between the Legacy Cellular Network and the 5GWireless Network 5
1.4 Conclusion 6
2 Security from Legacy Wireless Systems to 5G Networks 7
2.1 Network Security for Legacy Systems 7
2.2 Security Attacks and Security Services in 5G Wireless Networks 9
2.2.1 Security Attacks 9
2.2.2 Security Services 11
2.2.2.1 Authentication 12
2.2.2.2 Confidentiality 12
2.2.2.3 Availability 13
2.2.2.4 Integrity 14
2.3 The Evolution of Wireless Security Architectures from 3G to 5G 14
2.3.1 3G Security Architecture 14
2.3.2 4G Security Architecture 15
2.3.3 5GWireless Security Architecture 16
2.3.3.1 Overview of the Proposed 5G Wireless Security Architecture 16
2.3.3.2 Security Domains 17
2.4 Summary 18
3 Security Services and Mechanisms in 5G Wireless Systems 19
3.1 Cryptographic Approaches and Physical Layer Security 19
3.2 Authentication 22
3.3 Availability 27
3.4 Data Confidentiality 29
3.5 Key Management 33
3.6 Privacy 35
3.7 Conclusion 36
4 An Efficient Security Solution Based on Physical Layer Security in 5G Wireless Networks 37
4.1 Enhancing 5G Security Through Artificial Noise and Interference Utilization 37
4.2 A HetNet System Model and Security Analysis 38
4.2.1 System Model and Threat Model 38
4.2.2 Security Analysis 40
4.3 Problem Formulation and Analysis 42
4.3.1 Maximum Secrecy Rate 43
4.3.2 The Proposed Algorithm 43
4.4 Numerical and Simulation Results 46
4.5 Conclusion 49
5 Flexible and Efficient Security Schemes for IoT Applications in 5G Wireless Systems 51
5.1 IoT Application Models and Current Security Challenges 51
5.2 A General System Model for IoT Applications Over 5G 52
5.2.1 System Architecture 52
5.2.2 Trust Models 54
5.2.3 Threat Models and Design Objectives 55
5.3 The 5G Authentication and Secure Data Transmission Scheme 56
5.3.1 Overview of the 5G Authentication and Secure Data Transmission Scheme 56
5.3.2 The Detailed Scheme 57
5.3.2.1 Phase 1 -- System Initialization 57
5.3.2.2 Phase 2 -- Authentication and Initial Session Key Agreement 58
5.3.2.3 Phase 3 -- Data Transmission 58
5.3.2.4 Phase 4 -- Data Receiving 59
5.3.2.5 Phase 5 -- T2 IoT Devices Authentication and Initial Session Key Agreement 59
5.4 Security Analysis 60
5.4.1 Protocol Verification 61
5.4.2 Security Objectives 61
5.4.2.1 Mutual Authentication 61
5.4.2.2 Initial Session Key Agreement 62
5.4.2.3 Data Confidentiality and Integrity 62
5.4.2.4 Contextual Privacy 62
5.4.2.5 Forward Security 62
5.4.2.6 End-to-End Security 63
5.4.2.7 Key Escrow Resilience 63
5.5 Performance Evaluation 63
5.5.1 Security Services 63
5.5.2 Computational Overhead 63
5.5.3 Communication Overhead 66
5.6 Conclusion 67
6 Secure and Efficient Mobility Management in 5G Wireless Networks 71
6.1 Handover Issues and Requirements Over 5G Wireless Networks 71
6.2 A 5G CN Model and HetNet System Model 72
6.3 5G Handover Scenarios and Procedures 75
6.3.1 Handover Scenarios 75
6.3.2 Handover Procedures 76
6.4 A New Authentication Protocol for 5G Networks 79
6.4.1 Assumptions 80
6.4.2 Pre-Authentication 80
6.4.3 Full Authentication 81
6.4.4 Fast Authentication 83
6.4.4.1 Handover Between APs 83
6.4.4.2 Handover Between BSs 84
6.5 Security Analysis of the New 5G Authentication Protocols 84
6.6 Performance Evaluations 85
6.6.1 Communication Overhead 86
6.6.2 Computation Overhead 86
6.7 Conclusion 87
7 Open Issues and Future Research Directions for Security and Privacy in 5G Networks 89
7.1 New Trust Models 89
7.2 New Security Attack Models 90
7.3 Privacy Protection 90
7.4 Unified Security Management 91
References 93
Index 103
1
Introduction to 5G Wireless Systems
Fifth-generation wireless networks, or 5G, are the fifth-generation mobile wireless telecommunications beyond the current 4G/International Mobile Telecommunications (IMT)-Advanced Systems [Panwar et al., 2016]. 5G wireless network is not only an evolution of the legacy 4G cellular networks but also a new communication system that can support many new service capabilities [Fang et al., 2017a]. In this chapter, we will introduce a general background of 5G wireless networks and 5G security, including motivations and objectives, security drives and requirements, and a general 5G wireless network architecture.
1.1 Motivations and Objectives of 5G Wireless Networks
The research and development of 5G technology is focused on achieving advanced features such as enhanced capacity to support a greater number of users at faster speeds than 4G, increased density of mobile broadband users to improve coverage [Xu et al., 2021], and supporting device-to-device (D2D) communications and massive machine-type communications [NGMN Alliance, 2015]. 5G planning also aims to provide better network performance at lower latency and lower energy consumption to better support the implementation of the Internet of Things (IoT) [Andrews et al., 2014]. More specifically, there are eight advanced features of 5G wireless systems as follows [Warren and Dewar, 2014]:
- Data rate: 1-10 Gbps connections to endpoints in the field;
- Low latency: 1-ms latency;
- Bandwidth: 1000 bandwidth per unit area;
- Connectivity: 10-100 number of connected devices;
- Availability: 99.999% availability;
- Coverage: 100% coverage;
- Network energy efficiency: 90% reduction of network energy usage;
- Device energy efficiency: Up to 10 years of battery life for low-power devices.
To achieve these eight advanced network performance features, various technologies [Agiwal et al., 2016] are applied to 5G systems, such as heterogeneous networks (HetNet), massive multiple-input multiple-output (MIMO), millimeter wave (mmWave) [Qiao et al., 2015], D2D communications [Wei et al., 2016], software-defined network (SDN) [Dabbagh et al., 2015], network functions virtualization (NFV) [Zhang et al., 2015], and networking slicing [NGMN Alliance, 2016]. The standardization process for 5G wireless systems has been carried out. Figure 1.1 illustrates a generic 5G wireless systems.
5G wireless systems can provide not only traditional voice and data communications but also many new use cases [Xu et al., 2022, Wang et al., 2021b], new industry applications, and a multitude of devices and applications to connect the society at large [AB Ericsson, 2018] as shown in Figure 1.1. Different 5G use cases are specified, such as vehicle-to-vehicle and vehicle-to-infrastructure communications [Fang et al., 2019b], industrial automation, health services, smart cities, and smart homes [Global Mobile Suppliers Association, 2015]. It is believed that 5G wireless systems can enhance mobile broadband with critical services and massive IoT applications [Qualcomm, 2016]. With the new architecture, technologies, and use cases in 5G wireless systems, it will face new challenges to provide security and privacy protections [Huawei, 2015].
Figure 1.1 A generic architecture for 5G wireless systems.
1.2 Security Drives and Requirements
To accomplish the objectives of 5G wireless networks, several fundamental security drivers and requirements are necessary. Figure 1.2 illustrates the main drives for 5G wireless security as supreme built-in security, flexible security mechanisms, and automation. Supreme built-in security is needed since, in 5G, new use cases, new technologies, and new networking paradigms are introduced. The other use cases can introduce specific requirements, such as ultra-low latency in user communications, which will require improving the performance of the current security mechanisms. New technologies not only yield advanced service capabilities but also open the door to vulnerabilities and thus impose new security requirements in 5G [Liyanage et al., 2016]. In HetNet, different access technologies may have different security requirements, and a multi-network environment may need highly frequent authentications with stringent delay constraints [Wang et al., 2016b]. Massive MIMO has been deemed a critical 5G technique to achieve higher spectral efficiency and energy efficiency. It is also considered a valuable technique against passive eavesdropping [Deng et al., 2015]. Furthermore, SDN and NFV in 5G will support new service delivery models and thus require new security aspects [Chen et al., 2016b, Tian et al., 2017]. With the advent of 5G networking paradigms, a new security architecture is needed. To address these issues, security must be considered an integral part of the overall architecture and should initially be integrated into the system design.
Figure 1.2 Security drives and requirements for 5G wireless security.
To support various use cases, new technologies, new networking paradigms, new threats, new trust models in an optimal way, and flexible security mechanisms are needed with changing ecosystem and growing need for dependability. Based on the current research on 5G wireless networks, security services on 5G wireless networks have more specific requirements due to the advanced features that 5G wireless networks have, such as low latency, and high energy efficiency. With various applications on 5G wireless networks and their network performances, flexible security mechanisms are desired with better efficiency performance [Xu et al., 2019].
Figure 1.3 Trust model of 4G and 5G wireless networks.
The trust models of the legacy cellular networks and 5G wireless networks are presented in Figure 1.3 [Huawei, 2015]. Not only full trust but also semi-trust or not trust are considered. Authentications are required not only between subscribers and the two operators (the home and serving networks) but also among service parties in 5G wireless networks. Moreover, for the use case of vertical industries, the security demands vary significantly among different applications. For instance, mobile devices require lightweight security mechanisms as their power resource constraint, while high-speed services require efficient security services with low latency. Therefore, the general flexibility for 5G security mechanisms is another critical requirement [Schneider and Horn, 2015]. Authentication management in 5G is more complex due to various types of and a massive number of devices connected. For different applications, different authentication models can be implemented. In Figure 1.3, user authentication can be done by the network provider, service provider, or both.
Besides the supreme built-in security and flexibility security mechanisms, security automation is also a key element. It combines automated holistic security management with automated and intelligent security controls [NOKIA, 2017]. Since more personal information is used in various applications, such as surveillance applied over 5G wireless networks, privacy concerns escalate. Moreover, various services in 5G can be tied closer than before. For example, the fixed telephone line, internet access, and TV service can be terminated simultaneously due to the outage of a major network [Huawei, 2015]. Therefore, security automation is needed to make the 5G system robust against various security attacks.
1.3 5G Wireless Network Architecture
1.3.1 Overview of the 5G Wireless Network Architecture
The 5G wireless network architecture is introduced here. As shown in Figure 1.4, the illustrated general 5G wireless network architecture includes a user interface, a cloud-based heterogeneous radio access network, a next-generation core, distributed edge cloud, and a central cloud. The cloud-based heterogeneous radio access network can combine virtualization, centralization, and coordination techniques for efficient and flexible resource allocation. Based on different use cases, 3GPP classifies more than 70 different use cases into four different groups such as massive IoT, critical communications, network operation, and enhanced mobile broadband. In the cloud-based heterogeneous access network, besides the 3GPP access and non-3GPP access, other new radio technologies will be added for more efficient spectrum utilization. In the first stage of 5G, the legacy evolved packet core (EPC) will still be valid. Network slicing enables different parameter configurations for the next-generation core according to different use cases. New flexible service-oriented EPC based on network slicing, SDN, and NFV will be used in the next-generation core as virtual evolved packet core (VEPC) shown in Figure 1.4. The VEPC is composed of modularized network functions. Based on different use cases, the network functions applied to each VEPC can be various. In the VEPC, the control plane and user plane are separated for the flexibility and scalability of the next-generation core. Edge cloud is distributed...
