5G安全技术与标准

doi:10.11959/j.issn.1000-0801.2020317

Abstract

Abstract:

From 4G to 5G,as the result of network evolution and service promotion,the concepts and principles of security in design were deeply integrated,the security capabilities were enhanced.The root of 5G security design-building secure networks and services in the open environment were analyzed.Furthermore,according to the understanding of the 5G security specifications designed by 3GPP,ITU and GSMA,the security framework and these new technologies were analyzed in detail from three aspects:network security assurance,service security capabilities and security assessment methodologies.The overview of 5G security trends and the key works in the long run were summarized.

Key words: 5G security, security specification, network security, security capability, security assessment

CLC Number:

TP393

Zhiqiang YANG,Li SU,Minpeng QI,Bo YANG. Overview and prospect of 5G security[J]. Telecommunications Science, 2020, 36(12): 1-19.

Figures/Tables 15

	安全测评方法论
TR33.805	Study on security assurance methodology for 3GPP network products	网络产品安全保障方法研究与选择
TR33.916	Security assurance methodology (SCAS) for 3GPP network products	网络产品安全保障方法论
TR33.926	Security assurance specification (SCAS) threats and critical assets in 3GPP network product classes	3GPP网元产品威胁和重要资产
	通用安全要求
TS33.117	Catalogue of general security assurance requirements	网络产品通用安全保障要求及测试用例
	5G设备特定安全要求
TS33.511	5G security assurance specification; NR node B (gNB) network product class	5G基站gNB安全评估标准
TS33.512	5G security assurance specification; access and mobility management function (AMF) network product class	AMF网元（接入鉴权和移动性管理控制功能）安全评估标准
TS33.513	5G security assurance specification; user plane function (UPF) network product class	UPF网元（用户面功能，执行用户面数据转发等功能）安全评估标准
TS33.514	5G security assurance specification for the unified data management (UDM) network product class	UDM网元（统一数据库，存放用户的签约数据等）安全评估标准
TS33.515	5G security assurance specification; session management function (SMF) network product class	SMF网元（会话管理网络功能）安全评估标准
TS33.516	5G security assurance specification; authentication server function (AUSF) network product class	AUSF网元（鉴权网络功能）安全评估标准
TS33.517	5G security assurance specification for the security edge protection proxy (SEPP) network product class	SEPP网元（安全代理，漫游场景下链接HPLMN和VPLMN）安全评估标准
TS33.518	5G security assurance specification for the network repository function (NRF) network product class	NRF网元（服务注册、发现、授权等功能）安全评估标准
TS33.519	5G security assurance specification for the network exposure function (NEF) network product class	NEF网元（对外开放网络能力和服务）安全评估标准

References 42

[1]	ITU-R. IMT vision-framework and overall objectives of the future development of IMT for 2020 and beyond:M.2083-0[S]. Geneva:ITU, 2015.
[2]	李正茂, 王晓云, 张同须 ,等. 5G+:5G如何改变社会[M]. 北京: 中信出版社, 2019.
	LI Z M , WANG X Y , ZHANG T X ,et al. 5G+:how 5G will change society[M]. Beijing: CITIC Publishing HousePress, 2019.
[3]	The White House,US. National strategy to secure 5G of the United States of America[S]. 2020.
[4]	3GPP.Security architecture and procedures for 5G system:TS33.501 V16.3.0[S]. 2020.
[5]	3GPP.System architecture for the 5G system:TS23.501 V16.3.0[S]. 2019.
[6]	RUPPRECHT D , KOHLS K , HOLZ T ,et al. Breaking LTE on layer two[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2019.
[7]	3GPP.Study on enhancements to the service-based architecture:TR23.742 V16.0.1[R]. 2018.
[8]	3GPP.System architecture for the 5G system; stage 2:TS23.501 V16.1.0[S]. 2019.
[9]	3GPP.Authentication and key management for applications (AKMA) based on 3GPP credentials in the 5G system(5GS):TS33.535[S]. 2020.
[10]	GSMA. Network equipment security assurance scheme-overview:FS.13 V1.0[S]. 2019.
[11]	3GPP.3GPP system architecture evolution (SAE)-security architecture:TS33.401 V15.6.0[S]. 2018.
[12]	IETF. Improved extensible authentication protocol method for 3rd generation authentication and key agreement (EAP-AKA’):RFC5448[S]. 2009.
[13]	3GPP.Security architecture and procedures for 5G system:TS33.501 V16.0.0[S]. 2019.
[14]	3GPP.Study on the security of ultra-reliable low-latency communication (uRLLC) for the 5G system(5GS):TR33.825[S]. 2020.
[15]	3GPP.Network domain security-IP network layer security:TS33.210 V16.3.0[S]. 2020.
[16]	3GPP.Study on security aspects of the 5G service based architecture (SBA):TR33.855 V1.9.0[R]. 2019.
[17]	ETSI. Network functions virtualisation (NFV); architectural framework:GS NFV 002 V1.2.1[S]. 2014.
[18]	ONF. Software-defined networking:the new norm for networks[R]. 2012.
[19]	3GPP.Study on security impacts of virtualization in 5G:TR33.848 V0.5.0[R]. 2020.
[20]	3GPP.Security assurance methodology (SECAM) and security assurance specification:TR33.818 V0.6.0[R]. 2019.
[21]	粟栗, 杨波, 王珂 ,等. 面向垂直行业的5G网络切片安全白皮书[R]. 2018.
	SU L , YANG B , WANG K ,et al. 5G network slicing security white paper for vertical industries[R]. 2018.
[22]	3GPP.Study on security aspects of 5G network slicing management:TR33.811[R]. 2019.
[23]	3GPP.Study on authentication and key management for applications based on 3GPP credential in 5G:TR33.845 V16.1.0[R]. 2019.
[24]	ISO/IEC. Common criteria for information technology security evaluation part 1:introduction and general model version 2.3[S]. 2005.
[25]	3GPP.Study on security assurance methodology for 3GPP network products:TR33.805[R]. 2019.
[26]	3GPP.Security assurance methodology (SCAS) for 3GPP network products:TR33.916[R]. 2019.
[27]	3GPP.Security assurance methodology (SCAS) threats and critical assets in 3GPP network product classes:TR33.926[R]. 2019.
[28]	3GPP.Catalogue of general security assurance requirement:TS33.117[S]. 2019.
[29]	3GPP.5G security assurance specification; NR node B (gNB) network product class:TS33.511[S]. 2019.
[30]	3GPP.5G security assurance specification; access and mobility management function (AMF) network product class:TS33.512[S]. 2019.
[31]	3GPP.5G security assurance specification; user plane function (UPF) network product class:TS33.513[S]. 2019.
[32]	3GPP.5G security assurance specification for the unified data management (UDM) network product class:TS33.514[S]. 2019.
[33]	3GPP.5G security assurance specification; session management function (SMF) network product class:TS33.515[S]. 2019.
[34]	3GPP.5G security assurance specification; authentication server function (AUSF) network product class:TS33.516[S]. 2019.
[35]	3GPP.5G security assurance specification for the security edge protection proxy (SEPP) network product clas:TS33.517[S]. 2019.
[36]	3GPP.5G security assurance specification for the network repository function (NRF) network product class:TS33.518[S]. 2019.
[37]	3GPP.5G security assurance specification for the network exposure function (NEF) network product class:TS33.519[S]. 2019.
[38]	GSMA. Network equipment security assurance scheme- overview:FS.13[S]. 2019.
[39]	GSMA. Network equipment security assurance scheme-security test laboratory accreditation requirements and process:FS.14[S]. 2019.
[40]	GSMA. Network equipment security assurance scheme-productdevelopment and lifecycle accreditation methodology:FS.15[S]. 2019.
[41]	Network equipment security assurance scheme-vendor development and product lifecycle security requirements:FS.16. 16[S]. 2019.
[42]	杨志强, 粟栗, 杨波 ,等. 5G 安全技术与标准[M]. 北京: 人民邮电出版社, 2020.
	YANG Z Q , SU L , YANG B ,et al. 5G security technologies and standards[M]. Beijing: Posts ＆ Telecom PressPress, 2020.

Metrics

Recommended 0

No Suggested Reading articles found!

	实体可信				链路安全
	终端对网络	网络对终端	运营商与业务服务商之间	运营商之间	空口数据传输	运营商内部数据传输	运营商之间数据传输
1G	信任	信任	—	—	—	—	—
2G	信任	非信任	信任	信任	非信任	信任	信任
3G	非信任	非信任	部分信任	信任	非信任	部分信任	非信任
4G	非信任	非信任	非信任	部分信任	非信任	部分信任	非信任
5G	非信任	非信任	非信任	部分信任	非信任	非信任	非信任

资产	威胁	安全对象	需求
? 源代码	? 流氓开发者	? 代码变更控制	? 设计安全
? 软件包	? 源代码漏洞	? 无漏洞的软件	? 版本控制安全
? 成品	? 第三方代码漏洞	? 漏洞处理	? 变更跟踪
? 安全文件	? 安全设计缺陷	? 敏感文档不被泄露	? 源代码审查
? 在运营的产品	? 非正版发布	? 建立受保护的环境	? 软件安全测试
? 产品开发支持系统	? 包含漏洞的老旧版本	? 软件完整性保护	? 员工教育
	? 篡改编译环境	? 软件版本识别	? 漏洞修补流程
	? 错误的文件	? 产品安全修复知识	? 漏洞修补措施独立性
	? 客户无人负责安全事件处理	? 安全设计	? 信息安全管理系统
		? 安全测试	? ...
		? 员工教育	? 安全联络点
		? 客户文档
		? 第三方组件漏洞检测

Overview and prospect of 5G security

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 42

Related Articles 15

Metrics

Recommended 0

[1]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[2]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[3]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[4]	Yunyi LIU, Jianmin ZHANG, Xiaoli FENG, Liwei ZHANG. 5G MEC system security capability deployment scheme [J]. Telecommunications Science, 2022, 38(11): 143-152.
[5]	Li SU, Li LU, Xing ZHANG, Chang LIU. Graph database based security protection mechanism of 5G network data flow [J]. Telecommunications Science, 2021, 37(4): 28-36.
[6]	Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning [J]. Telecommunications Science, 2021, 37(3): 105-113.
[7]	Ming GAO,Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING. A differential feedback scheduling decision algorithm based on mimic defense [J]. Telecommunications Science, 2020, 36(5): 73-82.
[8]	Yuanying XIAO,Yaodong YOU,Lixi XIANG. Causes and optimization of the false alarm rate of code review system [J]. Telecommunications Science, 2020, 36(12): 155-162.
[9]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[10]	Ping XIE,Xiaosong LIU. Security of the deployment of SDN-based IoT using blockchain [J]. Telecommunications Science, 2020, 36(12): 139-146.
[11]	Hang YU,Shuai WANG,Huamin JIN. RASP based Web security detection method [J]. Telecommunications Science, 2020, 36(11): 113-120.
[12]	Junwen WANG. Technical requirement of future industrial internet [J]. Telecommunications Science, 2019, 35(8): 26-38.
[13]	Cong LI, Bo LEI, Chongfeng XIE, Yunhe LI. Trustworthy network based on blockchain technology [J]. Telecommunications Science, 2019, 35(10): 60-68.
[14]	Jianquan WANG,Zhangchao MA,Xinzhong LI,Lei SUN,Changwei HU. Quantum secure communication network architecture and mobile application solution [J]. Telecommunications Science, 2018, 34(9): 10-19.
[15]	. Interestmeasurement and system construction of personal information protectionLI Meiyan [J]. Telecommunications Science, 2018, 34(8): 160-166.