position , and private content ). In order to offer |
Ÿ Identity management Both software and hardware |
differentiated quality of service , networks may need to |
infrastructures run in multi-vendor environment . In |
sense what type of service a user is using . The service type |
order to mitigate unauthorized access to network |
sensing may involve user privacy . Add all this together , |
resources , stringent identity management is a possible |
privacy protection in 5G is more challenging . |
need . |
5G Security Blueprint |
Ÿ Data protection Integrity and confidentiality protection |
5G Security Goals |
are provided throughout data transmission to prevent |
As the 5G era is drawing near , the volume of data traffic |
data from being intercepted or re-routed to |
and variety of services will increase to unseen-before |
unauthorized destinations . |
levels . IoT service is just one of the many . When it comes |
5G Security Perspectives |
to 5G , it is not simply about being a medium for |
New Trust Model and Identity Management |
communication . It can be seen as a catalyst for minimizing |
In legacy mobile communications networks , Telecom |
the boundary between the digital world and physical |
networks are responsible for authenticating user for |
world . 5G security design is an all-encompassing one that |
network access only . A trust model with two elements , |
provides security protection for the everything-connected |
between users and networks , is formed . The |
world . |
authentication between user and services are not covered |
E2E Security for Vertical Industries |
by the networks . However , in 5G networks , a trust model |
Ÿ Differentiated security protection |
with an additional element , the vertical service provider , is |
E2E security design caters to different vertical |
favored possible design . Networks may cooperate with |
industries . In that case , the design of security |
service providers to carry out an even secure and more |
protection needs to consider how to fulfils various |
efficient identity management . |
|
security requirements .
Ÿ Flexibility
|
Hybrid Authentication Management
5G networks are open platforms with a plethora of
|
In order to provide better support and rapid response |
services . Smart transport , smart grid , industrial IoT are |
to the vertical industry requirement , it is nice that E2E | |
security capabilities could be rapidly aligned with | |
business changes . In that case . it would request flexible | |
and high efficient E2E security deployment and | |
adaptation . | |
Ÿ Privacy protection | |
5G will see APP services thriving vigorously . Along with | |
this thriving , personal privacy data is growing massively | |
also , including device identifiers , user IDs , and user | |
preference . Considering that , privacy protection could |
some of them . Both networks and service providers face |
be built end to end , leaving no part of the security |
challenges in making access & service authentication |
chain vulnerable to privacy leaks . |
simpler and less costly . Three authentication models would |
Ÿ Security as service |
possibly co-exist in 5G to address needs of different |
In face of convergence of IT and CT , telecom industry is |
businesses . |
seeking to boost their strength and better serve vertical |
Ÿ Authentication by networks only Service authentication |
industries . Tele communications systems have done |
incurs significant amount of costs to service providers . |
well in protecting user privacy , and users have built |
Service providers can pay networks for service |
relatively good level of trust with security strength of |
authentication so users will be able to access multiple |
the communication systems . 5G could continue to |
services once they complete a single authentication . |
extend the user trust by opening up security |
This frees users from the cumbersome task of getting |
capabilities as a service to individual users and vertical |
service grant repeatedly when accessing different |
|
industries .
Secure Infrastructure
Ÿ Diversified system level protection of IT-aware
|
services .
Ÿ Authentication by service providers only On the other hand , networks may rely on the proven authentication
|
infrastructure after IT technologies ( e . g . NFV and SDN ) |
capabilities from vertical industries and exempt devices |
are put into use , a vast array of system-level protections |
from radio network access authentication , which can |
is in place to defend against distributed denial of |
help the networks lower down operating cost . |
service ( DDoS ) and other active attacks that may |
Ÿ Authentication by both networks and service providers |
increase . |
For some of the services , a legacy model might be |