5G Security Requirements
Security Architecture
Network Access Security
SBA Domain Security
5G Security Architecture
The 5G security architecture consists of different components. As can be seen in the image you have the different networks and environments. You also have 3GPP AN and Non-3GPP AN. These two are both Access Networks, but the Non-3GPP is an access network which does not follow 3GPP specifications.
- ME: Mobile entity
- HE: Home environment
- SN: Serving network
- AN: Access network
- USIM: User subscription identity module
In the image you can see the SN which is the 5G Core and the ME which is the User Equipment. The HE is the home environment, so the 5G entity to which the SN provides services to. How these components should communicate is defined by the 3GPP and those are to ensure security in the network. We will explain Network Access Security (I) and SBA domain security (V) in more depth, but first lets see what they all do:
The most important one, which is also used to most, is Network Access Security (I) in the picture. In the words of the 3GPP it is defined as:
- Network Access Security (I): the set of security features that enable a UE to authenticate and access services via the network securely, including the 3GPP access and Non-3GPP access, and in particularly, to protect against attacks on the (radio) interfaces. In addition, it includes the security context delivery from SN to AN for the access security.
- Network domain security (II): the set of security features that enable network nodes to securely exchange signalling data and user plane data.
- User domain security (III): the set of security features that secure the user access to mobile equipment.
- Application domain security (IV): the set of security features that enable applications in the user domain and in the provider domain to exchange messages securely. Application domain security is out of scope of the present document.
Then you also have the SBA domain security (V) which is used in the communication with the SN and the HE. This security implementation is also important as it defines in what why NFs should communicate with each other inside the SN but also to other network domains. It is defined by the 3GPP as follows:
- SBA domain security (V): the set of security features that enables network functions of the SBA architecture to securely communicate within the serving network domain and with other network domains . Such features include network function registration, discovery, and authorisation security aspects, as well as the protection for the service-based interfaces.
Application domain security (IV) is not shown on the image, and the reason for this is that (IV) is the communication between User Application and Server Application, which is the high level, but what happens underneath is what is interesting and those are the things we see in the image shown. For the full specifications, click here.