Key Points of 5G Security

5G Phase 1 brings several enhancements to 4G security, some of the key points are presented in this short article. Details of the 5G Phase 1 specification [1] from all aspects will be published in the Journal of ICT Standardization [2] this month. A summary of the 5G Phase 1 specification is available in NEC whitepaper [3] as well.


Key enhancements in 5G security compared to 4G:

  • Primary authentication: Network and device mutual authentication in 5G is based on primary authentication. The authentication mechanism has in-built home control allowing the home operator to know whether the device is in given network and to take final call of authentication. The mandatory authentication options are 5G Authentication and Key Agreement (AKA) and Extensible Authentication Protocol (EAP)-AKA’, i.e. EAP-AKA’. Optionally other EAP based authentication mechanisms are also allowed in 5G for specific cases such as private networks. Also, primary authentication is radio access technology independent thus it can run over non-3GPP technology such as WiFi. 
  • Credential storage: Security credentials can be stored not only in UICC but other specified secure hardware storage platform.
  • Secondary authentication: Secondary authentication in 5G is meant for authentication with data networks outside mobile operator domain. For this purpose different EAP based authentication methods and associated credentials can be used.
  • Inter-operator security: 5G Phase 1 provides Inter-operator security, this should prevent security issues present in SS7 or Diameter.
  • Privacy: Home network public key is used to provide subscriber identity privacy thus IMSI related issues is not possible in 5G.
  • Service based architecture (SBA): 5G core network is based on SBA for which adequate security is provided. 
  • Central Unit (CU) – Distributed Unit (DU): In 5G the base station is split in CU and DU with a interface between them. Security is provisioned for the CU-DU interface.
  • Key hierarchy: It is obvious from security perspective to have a different key hierarchy, compared to 4G, due to the changes in system architecture.
  • Mobility: Although mobility in 5G is similar to 4G, the difference in 5G is the assumption that mobility anchor in the core network is not in secure location. Thus secure mobility between mobility anchor points is also provisioned in 5G.


[1] 3GPP TS 33.501 Security architecture and procedures for 5G System 
[2] River Publishers, Journal of ICT Standardization
[3] NEC Corporation, Making 5G a Reality

Anand R. Prasad
Chief Information Security Officer at Rakuten Mobile Network | LinkedIn Profile

Anand is Chief Information Security Officer of Rakuten Mobile Network responsible of 4G, 5G and network security. Prior to joining Rakuten, Anand has over 20 years of experience in the mobile and wireless networking industry with key roles in NEC Corporation, NTT DOCOMO, Genista Corporation, Lucent Technologies and Uniden Corporation. Anand is an innovator with over 50 patents, a recognized keynote speaker (RSA, Global Wireless Summit (GWS), MWC, ICT etc.) and a prolific writer with 6 books & over 50 peer reviewed publications.

Anand is the Chairman of 3GPP SA3 -the mobile communications security and privacy group-, was governing council member of TSDSI, governing body member of GISFI, Fellow of IET, Fellow of IETE and Certified Information Systems Security Professional (CISSP).

Leave a Reply

Your email address will not be published. Required fields are marked *