5G/NR Security

Security

5G Security mechanism is not completely new design comparing to 4G Security mechanism. But there are some differences and improvement in 5G in terms of security protection mechanism. 5G offers several improvements over 4G in terms of security, including stronger encryption, better authentication, and more flexibility in terms of network slicing and virtualization. However, as with any new technology, there are also new security risks that need to be addressed.

4G vs 5G Security
5G Authentication Process
Key Hierarchy and Distribution
AS Security Mode Command
NAS Security Mode Command
User Plane Security
Key Handling in Handover

What is the problem with Previous Technology ?

It seems there is some degree of improvement in every new neneration of cellular communication. The improvement usually comes from compensating the issues in previous technology. I thought it would be good to briefly summarize on what kind of issues were there in previous technology.

2G:

Lack of mutual authentication: In 2G networks, Authentication is applied unilaterally. Network authenticate UE, but UE does not authenticate UE. So as long as network accept UE, UE does not complain anything and continue communication. In this case, it would be so each to use fake network to snatch UE.
Weak encryption:: The encryption algorithm used in 2G networks is known as the A5/1 algorithm, which is susceptible to eavesdropping and interception attacks.
Vulnerability to attacks:: 2G networks are vulnerable to attacks such as denial-of-service(DoS) attacks, man-in-the-middle attacks, and SMS interception. ==> for example, by using non-authenticated device you can do various types of DoS attack like Signaling Storm, SMS Flooding, Resource Starvation)

3G:

Vulnerability to attacks:: 3G networks are also vulnerable to denial-of-service attacks, man-in-the-middle attacks, and SMS interception.
Weaknesses in encryption:: 3G networks use the KASUMI encryption algorithm, which has been found to have vulnerabilities that can be exploited by attackers.
No NAS Integrity: : As far as I recall, in 3G we only have protections for RRC message via RRC Security Mode Command, but no NAS integrity protection.

NOTE : As you know, in 3G bilateral authentication is introduced and solved the issue of 'Lack of mutual authentication' problem in 2G.

4G:

Vulnerability to attacks: 4G networks are vulnerable to attacks such as denial-of-service attacks, man-in-the-middle attacks, and SMS interception.
Lack of end-to-end encryption: 4G networks use stronger encryption algorithms than previous generations but they do not provide end-to-end encryption, which means that data can still be intercepted by attackers.
Security of signaling messages: The signaling messages used in 4G networks are not always authenticated, which leaves the network vulnerable to attacks such as fake base station attacks.
NOTE : As you know, in 4G NAS integrity is introduced and resolved the issue of 'No NAS Integrity'.
NOTE : Example of Vulnearbility (Source : Why 5G Can Be More Secure Than 4G ) - When a 4G phone connects to a base station, it authenticates the users identity, but does so without encrypting the information, leaving it vulnerable to attack. So although any subsequent calls or texts are encrypted in 4G, the users identity and location are not (encrypted). 5G uses 256-bit encryption, a substantial improvement on the 128-bit standard used by 4G.. With 5G, the users identity and location are encrypted, making them impossible to identify or locate from the moment they get on the network.