5G Phase 1 brings several enhancements to 4G security, some of the key points are presented in this short article. Details of the 5G Phase 1 specification [1] from all aspects will be published in the Journal of ICT Standardization [2] this month. A summary of the 5G Phase 1 specification is available in NEC whitepaper [3] as well.


Key enhancements in 5G security compared to 4G:

  • Primary authentication: Network and device mutual authentication in 5G is based on primary authentication. The authentication mechanism has in-built home control allowing the home operator to know whether the device is in given network and to take final call of authentication. The mandatory authentication options are 5G Authentication and Key Agreement (AKA) and Extensible Authentication Protocol (EAP)-AKA’, i.e. EAP-AKA’. Optionally other EAP based authentication mechanisms are also allowed in 5G for specific cases such as private networks. Also, primary authentication is radio access technology independent thus it can run over non-3GPP technology such as WiFi. 
  • Credential storage: Security credentials can be stored not only in UICC but other specified secure hardware storage platform.
  • Secondary authentication: Secondary authentication in 5G is meant for authentication with data networks outside mobile operator domain. For this purpose different EAP based authentication methods and associated credentials can be used.
  • Inter-operator security: 5G Phase 1 provides Inter-operator security, this should prevent security issues present in SS7 or Diameter.
  • Privacy: Home network public key is used to provide subscriber identity privacy thus IMSI related issues is not possible in 5G.
  • Service based architecture (SBA): 5G core network is based on SBA for which adequate security is provided. 
  • Central Unit (CU) – Distributed Unit (DU): In 5G the base station is split in CU and DU with a interface between them. Security is provisioned for the CU-DU interface.
  • Key hierarchy: It is obvious from security perspective to have a different key hierarchy, compared to 4G, due to the changes in system architecture.
  • Mobility: Although mobility in 5G is similar to 4G, the difference in 5G is the assumption that mobility anchor in the core network is not in secure location. Thus secure mobility between mobility anchor points is also provisioned in 5G.


[1] 3GPP TS 33.501 Security architecture and procedures for 5G System
[2] River Publishers, Journal of ICT Standardization
[3] NEC Corporation, Making 5G a Reality

Print Friendly, PDF & Email
CEO and Founder at wenovator LLC

Dr. Anand R. Prasad is a global leader and expert in information and cyber security who has delivered security solutions for 5G, 4G, virtualization, SOC, Wi-Fi, mobile devices, enterprise and built GRC processes from scratch.

Anand is Founder and CEO of wenovator LLC, a global provider of cybersecurity services and consulting with top-tier clients right across the telecommunications industry.  Dr. Prasad is also a Senior Security Advisor of NTT DOCOMO, providing advise on all aspects of cybersecurity for the company, Advisor to CTIF and Advisory to GuardRails. Prior to which he was Chief Information Security Officer of Rakuten Mobile,  the world's leading MNO with the very first cloud-native 4G / 5G network implementation. As CISO of Rakuten Mobile Anand led all aspects of enterprise and mobile network security from design, deployment to operations.

With over 20 years of experience, Anand has also held key roles in NEC, Genista, Lucent Technologies and Uniden. He is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books and over 50 peer reviewed publications. Anand was the Chairman of 3GPP SA3 where he led the standardization of 5G security. He did his ir (MScEE) and PhD from Delft University of Technology, The Netherlands. He is a Fellow of IET, Fellow of IETE and CISSP. Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder & Co-Editor of Cybersecurity Magazine.

Leave a Reply

Your email address will not be published. Required fields are marked *