position, and private content). In order to offer |
Ÿ Identity management Both software and hardware |
differentiated quality of service, networks may need to |
infrastructures run in multi-vendor environment. In |
sense what type of service a user is using. The service type |
order to mitigate unauthorized access to network |
sensing may involve user privacy. Add all this together, |
resources, stringent identity management is a possible |
privacy protection in 5G is more challenging. |
need. |
5G Security Blueprint |
Ÿ Data protection Integrity and confidentiality protection |
5G Security Goals |
are provided throughout data transmission to prevent |
As the 5G era is drawing near, the volume of data traffic |
data from being intercepted or re-routed to |
and variety of services will increase to unseen-before |
unauthorized destinations. |
levels. IoT service is just one of the many. When it comes |
5G Security Perspectives |
to 5G, it is not simply about being a medium for |
New Trust Model and Identity Management |
communication. It can be seen as a catalyst for minimizing |
In legacy mobile communications networks, Telecom |
the boundary between the digital world and physical |
networks are responsible for authenticating user for |
world. 5G security design is an all-encompassing one that |
network access only. A trust model with two elements, |
provides security protection for the everything-connected |
between users and networks, is formed. The |
world. |
authentication between user and services are not covered |
E2E Security for Vertical Industries |
by the networks. However, in 5G networks, a trust model |
Ÿ Differentiated security protection |
with an additional element, the vertical service provider, is |
E2E security design caters to different vertical |
favored possible design. Networks may cooperate with |
industries. In that case, the design of security |
service providers to carry out an even secure and more |
protection needs to consider how to fulfils various |
efficient identity management. |
|
security requirements.
Ÿ Flexibility
|
Hybrid Authentication Management
5G networks are open platforms with a plethora of
|
In order to provide better support and rapid response |
services. Smart transport, smart grid, industrial IoT are |
to the vertical industry requirement, it is nice that E2E | |
security capabilities could be rapidly aligned with | |
business changes. In that case. it would request flexible | |
and high efficient E2E security deployment and | |
adaptation. | |
Ÿ Privacy protection | |
5G will see APP services thriving vigorously. Along with | |
this thriving, personal privacy data is growing massively | |
also, including device identifiers, user IDs, and user | |
preference. Considering that, privacy protection could |
some of them. Both networks and service providers face |
be built end to end, leaving no part of the security |
challenges in making access & service authentication |
chain vulnerable to privacy leaks. |
simpler and less costly. Three authentication models would |
Ÿ Security as service |
possibly co-exist in 5G to address needs of different |
In face of convergence of IT and CT, telecom industry is |
businesses. |
seeking to boost their strength and better serve vertical |
Ÿ Authentication by networks only Service authentication |
industries. Tele communications systems have done |
incurs significant amount of costs to service providers. |
well in protecting user privacy, and users have built |
Service providers can pay networks for service |
relatively good level of trust with security strength of |
authentication so users will be able to access multiple |
the communication systems. 5G could continue to |
services once they complete a single authentication. |
extend the user trust by opening up security |
This frees users from the cumbersome task of getting |
capabilities as a service to individual users and vertical |
service grant repeatedly when accessing different |
|
industries.
Secure Infrastructure
Ÿ Diversified system level protection of IT-aware
|
services.
Ÿ Authentication by service providers only On the other hand, networks may rely on the proven authentication
|
infrastructure after IT technologies( e. g. NFV and SDN) |
capabilities from vertical industries and exempt devices |
are put into use, a vast array of system-level protections |
from radio network access authentication, which can |
is in place to defend against distributed denial of |
help the networks lower down operating cost. |
service( DDoS) and other active attacks that may |
Ÿ Authentication by both networks and service providers |
increase. |
For some of the services, a legacy model might be |