Home / Blogs

Reality Check on the 5G Security MAGAverse

By Anthony Rutkowski Principal, Netmagic Associates LLC

As chance has it, the attempt by NTIA to create a fake Trump Open 5G Security Framework MAGAverse as they headed out the door on 15 January is being followed this week by the global meeting of 3GPP SA3 (Security) to advance the industry’s real open 5G security Framework. Designated TSGS3-102e (the 102nd meeting, occurring electronically), it continues the practice of assembling companies, organisations, and agencies from around the world every 8 to 12 weeks to focus on 5G security for current and future releases of 5G infrastructure. Compared to the NTIA exercise in MAGAverse fantasy, the meeting is an inspiring reality check and success story.

TSGS3-102e has 555 input contributions—some of them done jointly—from a total of 42 different companies, agencies, and academic institutions, as shown in the graph.

There are 123 registered participants from 63 different companies, agencies, and academic institutions. Ericsson, Huawei, and Samsung had the largest numbers. The US government and support entities collectively (largely clustered around DOD/NSA) had the most registrants—thirteen—although their actual engagement in the work is still nil, except for NIST passively joining 15 companies in calling for a new false base station detection work item.

The 555 contributions are devoted to the following important components of the global open 5G security framework as follows.

Specifications
1Adapting BEST for use in 5G networks (Rel-17)
13Authentication and key management for applications based on 3GPP credential in 5G (Rel-17)
5Enhancements to User Plane Integrity Protection Support in 5GS (Rel-17)
2eSCAS_5G for Network Slice-Specific Authentication and Authorization Function (NSSAAF) (Rel-17)
3Evolution of Cellular IoT security for the 5G System (Rel-16)
7Integration of GBA into 5GC (Rel-17)
3Mission critical security enhancements phase 2 (Rel-17)
6Security Aspects of 3GPP support for Advanced V2X Services (Rel-16)
27Security aspects of 5G System - Phase 1 (Rel-15)
7Security aspects of Enhancement of Network Slicing (Rel-16)
15Security Aspects of the 5G Service Based Architecture (Rel-16)
15Security Assurance Specification Enhancements for 5G (Rel-17)
7Security Assurance Specification for 5G (Rel-16)
4Security Assurance Specification for 5G NWDAF (Rel-17)
13Security Assurance Specification for IMS (Rel-17)
2Security Assurance Specification for Inter PLMN UP Security (Rel-17)
6Security Assurance Specification for Non-3GPP InterWorking Function (N3IWF) (Rel- 17)
4Security of the Wireless and Wireline Convergence for the 5G system architecture (Rel-16)
Studies
135G security enhancement against false base stations
29authentication enhancements in 5GS
13enhanced Security Aspects of the 5G Service Based Architecture
38enhanced security support for Non-Public Networks
15SECAM and SCAS for 3GPP virtualized network products
24security aspects of enablers for Network Automation (eNA) for the 5G system Phase 2
46Security Aspects of Enhancement for Proximity Based Services in 5GS
29Security Aspects of Enhancement of Support for Edge Computing in 5GC
17Security Aspects of Enhancements for 5G Multicast-Broadcast Services
6security aspects of the 5GMSG Service
4security aspects of the Disaggregated gNB Architecture
18security aspects of Unmanned Aerial Systems
10security for enhanced support of Industrial IoT
2Security for NR Integrated Access and Backhaul
1Security Impacts of Virtualisation
15security of AMF re-allocation
9security of the system enablers for devices having multiple USIMs
23storage and transport of 5GC security parameters for ARPF authentication
16User Consent for 3GPP services
22User Plane Integrity Protection
Other
5New study item proposals
4New work item proposals
32Other work areas (no release restrictions)
18Reports and Liaisons from other Groups

The advancement of the SECAM and SCAS for 3GPP virtualized network products is especially important and essential for effective 5G supply chain security. Seven proposed new study and work items touched upon key emerging needs—some drawing broad support.

New Study Items
  • Security aspects on PAP/CHAP protocols in 5GS (China Telecom, Huawei/HiSilicon)
  • UC3S_SID_revision (Huawei/HiSilicon)
  • Rel17 SID on network slice security (Huawei, HiSilicon, Lenovo, Motorola Mobility, CableLabs, CATT, CAICT, China Unicom, China Mobile, InterDigital, NEC})
New Work Items
  • 5GFBS [False Base Station Detection] (Apple, AT&T, Deutsche Telekom, Charter Communication, China Unicom, NIST, CableLabs, Interdigital, Ericsson, Samsung, CAICT, CATT, Intel, vivo, MITRE, Philips)
  • Supporting NSWO (Nework Slice Orchestrator) in 5G (ATT, Nokia, Nokia Shanghai Bell)
  • 3GPP profiles for cryptographic algorithms and security protocols (Ericsson)
  • AKMA (Authentication and Key Management for Applications) Ua protocol profiles (Qualcomm)

It only harms the nation to create a fake 5G initiative for pandering to Trump to create an insular 5G MAGAverse. We are dealing here with a continuum of globally interconnected communication networks and services that have existed since 1850 pursuant to international treaties. A 5G MAGAverse is a death sentence for the nation’s viability.

The U.S. private sector is actually doing a reasonably good job in participating in the forums working on the real 5G Security Framework. The Federal government just needs to: 1) do a better job supporting the private sector and allies in the participation in the real 5G security work, and 2) bolster the analytical capabilities and tailored programs of the expert national security agencies and facilitate their enhanced participation in venues such as SA3.

By Anthony Rutkowski, Principal, Netmagic Associates LLC

The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

View All Topics