5G is a platform that goes beyond current IT approaches and will be far more decoupled from specific hardware and physical control of the network. 5G is a key economic driver for the EU especially when it comes to the new business it will enable. However, for this to happen it is necessary for the 5G architecture to be secured from the start, and also for 5G secure systems to be enabled.
The needs of 5G are mainly characterised in terms of manageability, usability, trust and privacy. Identity management and privacy-preserving mechanisms are treated as key enablers and anchored against a common security architecture to increase assurance and confidence in 5G networks. Trust will therefore influence development, adoption and business potential.
5G-ENSURE defines and delivers a 5G reference security architecture, shared and agreed with various 5G stakeholders, and support its use by providing a useful and useable initial set of security enablers addressing core concerns. The focus lies on a logical and functional architecture and omits (most) aspects related to physical/deployment architecture. This focus is motivated by general trends such as network de-perimetrization as well as 5G systems' strong dependency on software defined networking and virtualization in general.
The core of the 5G-ENSURE architecture for 5G networks extends and revises the 3GPP security architecture from TS 33.401 to integrate key features and the domain concept from 3GPP TS 23.101 to support trust models for a 5G vision beyond “telecom” and “mobile broadband”.
- Infrastructure domains and tenant domains to capture the physical and logical aspects.
- Management domains to capture orchestration and security management.
- Identity Management (IM) domains to re-use existing industrial AAA for device authentication.
- Internet Protocol (IP) domains to model external IP networks.
- Slice domains to capture network slicing, application domains transversal to others.
The logical "dimension" of the 5G-ENSURE architecture captures first of all security aspects associated with the various domains that are involved in delivering services over 5G networks. This part is therefore also strongly associated with the project's trust model. Additionally, the logical part captures security aspects associated with network layers and/or special types of network traffic.
This is in the 5G-ENSURE architecture associated with different strata. The functional “dimension” of our architecture comprises a set of security capabilities required to protect and uphold the security of the various domains and strata.
5G-ENSURE introduces an additional stratum, namely the Management Stratum to capture the protocol aspects related to network management. The management stratum and the management domains enable modelling trust and security issues when management of the network is outsourced.
For more information see Deliverable D2.4.