5G scenarios and technologies bring new security threats

The virtualization characteristics of 5G networks have changed the status quo in which the protection of functional network elements in traditional networks largely depends on the security isolation of physical devices. The physical environment that was originally considered safe has become unsafe. The controllable and manageable security requirements of the virtualization platform have become an important part of 5G security. For example, security authentication functions may also be placed in the physical environment security. Therefore, 5G security needs to consider the security of 5G infrastructure to ensure that 5G services can run safely in the NFV technology environment.

The development trend of 5G networks, especially new 5G services, new architectures, and new technologies, will pose new challenges to user security and privacy protection. In addition to meeting basic communication security requirements, 5G security mechanisms also need to provide differentiated security services for different business scenarios, adapt to a variety of network access methods and new network architectures, protect user privacy, and support the provision of open security capabilities.

[[231094]]

Compared with the traditional mobile Internet scenario, the main difference between the 5G eMBB scenario is that it provides users with high-speed network speed and high-density capacity, so there will be a large number of small base stations (smallcells, femtocells). The deployment methods, deployment conditions and functions of small base stations are flexible and diverse. The traditional 4G security mechanism does not consider the security threats in this dense networking scenario. Therefore, in addition to the security threats existing in the traditional mobile Internet, there may be security threats of small base station access in this dense networking scenario.

In terms of large-scale IoT scenarios, it is estimated that by 2020, there will be 50 billion connected devices. Terminals include IoT terminals, RFID tags, short-range wireless communication terminals, mobile communication terminals, cameras, and sensor network gateways. Since most IoT terminals have limited resources, dynamically changing topologies, complex network environments, data-centricity, and close relevance to applications, they are more vulnerable to threats and attacks than traditional wireless networks. In this case, in order to ensure the accuracy and validity of information, it is necessary to introduce security mechanisms in machine communications. If each message of each device needs to be authenticated separately, the verification of network-side security signaling will consume a lot of resources. The traditional 4G network authentication mechanism does not take into account this problem of massive authentication signaling. Once the network receives terminal signaling requests that exceed the processing capacity of the network's various signaling resources, it will trigger a signaling storm, causing problems with network services and causing the entire mobile communication system to fail and then collapse.

In terms of low-latency and high-reliability scenarios, especially for delay-sensitive applications such as Internet of Vehicles and remote real-time medical care, the need for low latency and high security has been put forward. In these scenarios, in order to avoid accidents such as vehicle collisions and surgical misoperations, 5G networks are required to provide QoS guarantees with a latency as low as 1ms while ensuring high reliability. However, traditional security protocols such as authentication processes, encryption and decryption processes, etc., were not designed with ultra-high reliability and low latency communication scenarios in mind. This may result in the delay caused by traditional complex security protocols/algorithms being unable to meet the requirements of ultra-low latency. At the same time, the application of ultra-dense deployment technology in 5G makes the coverage of a single access node very small. When terminals such as vehicles move quickly, the network's mobility management process will be very frequent. In order to achieve the goal of low latency, the functional units and processes related to the mobility management of the security context need to be optimized.

In addition, due to the virtualization characteristics of 5G networks, the protection of functional network elements in traditional networks has changed to a large extent, which relies on the security isolation of physical devices. The physical environment that was originally considered safe has become unsafe. The controllable security requirements of the virtualization platform have become an important part of 5G security. For example, security authentication functions may also be placed in the physical environment security. Therefore, 5G security needs to consider the security of 5G infrastructure to ensure that 5G services can run safely in the NFV technology environment.

In addition, the introduction of SDN technology in 5G networks has improved the data transmission efficiency of the network and achieved better resource allocation, but it has also brought new security requirements, that is, it is necessary to consider the secure isolation and management of virtual SDN technology control network elements and forwarding nodes in the 5G environment, as well as the secure deployment and correct execution of SDN technology flow tables.