Chapter 5 - 5G

Question 1

What are the envisioned profiles in 5G?

Answer 1

• enhanced Mobile Broadband (eMBB): end-user
• massive Machine Type Communication (mMTC): IoT devices
• Ultra-reliable and Low Latency (URLLC): Autonomous driving and industry

Question 2

What are some of the use-cases for 5G?

Answer 2

• Smart cities
• Autonomous driving
• Smart manufacturing

Question 3

What is the fundamental architecture approach in 5G?

Answer 3

Service-based architecture:
- Elements are defined as network functions
- Can be used by any other function via defined interface
- Can be discover using Network Repository Functions (NRF)

• Allows for complete virtualization

Question 4

What are the network functions offered by the 5G home network?

Answer 4

• Universal data management (UDM) function: Provide subscription data
• Authentication server function (AUSF): Provide authentication services
• Policy control function (PCF): Subscriber specific policies

If home routed:
- Data network (DN)
- Session management (SMF)
- User plane function (UPF)

Question 5

What are the network functions offered by the serving 5G network?

Answer 5

• Network slice selection (NSSF)
• Access control and mobility management (AMF)

If local breakout:
- Data network (DN)
- Session management (SMF)
- User plane function (UPF)

Question 6

What are the security-related changes of 5G?

Answer 6

• Allow other authentication methods (e.g. EAP)
• New 5G AKA
• Enhanced identity privacy with public key of home network
• Enhanced paging privacy

Question 7

What are the security related network functions in 5G and what do they do?

Answer 7

AMF:
- Contains Security Anchor Function (SEAF):
- Holds the root key for the serving network

AUSF:
- Assists in subscriber authentication

Authentication credential repository and processing function (ARPF):
- Comparable to AuC in 4G

Unified Data Repository:
- Comparable to HLR

UDM:
- Generates authentication vector
- Subscriber Identifier De-conceiling Function (SIDF)

Question 8

How is the subscriber identity protected in 5G?

Answer 8

Subscriber Permanent Identifier (SUPI) - like IMSI:
- consists of home network identifier and subscriber identifier
- when transmitted over air, subscriber identity is encrypted using pre-shared public key from home network

Subscriber Concealed Identifier (SUCI):
- encrypted identifier

Globally Unique Temporary Identifier (GUTI) - like TMSI:
- Assigned in encrypted fashion by serving network

Question 9

How does the 5G AKA work and what additional security does it provide?

Answer 9

• User identification (SUCI/ SUPI)
• Request from SEAF to AUSF
• Request from AUSF to UDM/ ARF
• UDM generates 5G authentication vector: RAND, AUTN, XRES and K_ASF
• AUSF generates HXRES from XRES and stores XRES
• AUSF sends RAND, AUTN, HXRES to SEAF
• SEAF sends RAND, AUTN to UE
• SEAF computes HRES from RES and compares to HXRES
• SEAF sends RES to AUSF
• AUSF compares RES to HRES
• AUSF sends K_ASF to SEAF
• Protection against replay attack: Home network knows UE is in serving network, because RES is not sent and cannot be computed from HRES