Reality Check on the 5G Security MAGAverse

CircleID CircleID: As chance has it, the attempt by NTIA to create a fake Trump Open 5G Security Framework MAGAverse as they headed out the door on 15 January is being followed this week by the global meeting of 3GPP SA3 (Security) to advance the industry’s real open 5G security Framework. Designated TSGS3-102e (the 102nd meeting, occurring electronically), it continues the practice of assembling companies, organisations, and agencies from around the world every 8 to 12 weeks to focus on 5G security for current and future releases of 5G infrastructure. Compared to the NTIA exercise in MAGAverse fantasy, the meeting is an inspiring reality check and success story.

TSGS3-102e has 555 input contributions — some of them done jointly — from a total of 42 different companies, agencies, and academic institutions, as shown in the graph.

There are 123 registered participants from 63 different companies, agencies, and academic institutions. Ericsson, Huawei, and Samsung had the largest numbers. The US government and support entities collectively (largely clustered around DOD/NSA) had the most registrants — thirteen — although their actual engagement in the work is still nil, except for NIST passively joining 15 companies in calling for a new false base station detection work item.

The 555 contributions are devoted to the following important components of the global open 5G security framework as follows.

Specifications1Adapting BEST for use in 5G networks (Rel-17)13Authentication and key management for applications based on 3GPP credential in 5G (Rel-17)5Enhancements to User Plane Integrity Protection Support in 5GS (Rel-17)2eSCAS_5G for Network Slice-Specific Authentication and Authorization Function (NSSAAF) (Rel-17)3Evolution of Cellular IoT security for the 5G System (Rel-16)7Integration of GBA into 5GC (Rel-17)3Mission critical security enhancements phase 2 (Rel-17)6Security Aspects of 3GPP support for Advanced V2X Services (Rel-16)27Security aspects of 5G System – Phase 1 (Rel-15)7Security aspects of Enhancement of Network Slicing (Rel-16)15Security Aspects of the 5G Service Based Architecture (Rel-16)15Security Assurance Specification Enhancements for 5G (Rel-17)7Security Assurance Specification for 5G (Rel-16)4Security Assurance Specification for 5G NWDAF (Rel-17)13Security Assurance Specification for IMS (Rel-17)2Security Assurance Specification for Inter PLMN UP Security (Rel-17)6Security Assurance Specification for Non-3GPP InterWorking Function (N3IWF) (Rel- 17)4Security of the Wireless and Wireline Convergence for the 5G system architecture (Rel-16)Studies135G security enhancement against false base stations29authentication enhancements in 5GS13enhanced Security Aspects of the 5G Service Based Architecture38enhanced security support for Non-Public Networks15SECAM and SCAS for 3GPP virtualized network products24security aspects of enablers for Network Automation (eNA) for the 5G system Phase 246Security Aspects of Enhancement for Proximity Based Services in 5GS29Security Aspects of Enhancement of Support for Edge Computing in 5GC17Security Aspects of Enhancements for 5G Multicast-Broadcast Services6security aspects of the 5GMSG Service4security aspects of the Disaggregated gNB Architecture18security aspects of Unmanned Aerial Systems10security for enhanced support of Industrial IoT2Security for NR Integrated Access and Backhaul1Security Impacts of Virtualisation15security of AMF re-allocation9security of the system enablers for devices having multiple USIMs23storage and transport of 5GC security parameters for ARPF authentication16User Consent for 3GPP services22User Plane Integrity ProtectionOther5New study item proposals4New work item proposals32Other work areas (no release restrictions)18Reports and Liaisons from other Groups

The advancement of the SECAM and SCAS for 3GPP virtualized network products is especially important and essential for effective 5G supply chain security. Seven proposed new study and work items touched upon key emerging needs — some drawing broad support.

New Study Items
Security aspects on PAP/CHAP protocols in 5GS (China Telecom, Huawei/HiSilicon)
UC3S_SID_revision (Huawei/HiSilicon)
Rel17 SID on network slice security (Huawei, HiSilicon, Lenovo, Motorola Mobility, CableLabs, CATT, CAICT, China Unicom, China Mobile, InterDigital, NEC})
New Work Items
5GFBS [False Base Station Detection] (Apple, AT&T, Deutsche Telekom, Charter Communication, China Unicom, NIST, CableLabs, Interdigital, Ericsson, Samsung, CAICT, CATT, Intel, vivo, MITRE, Philips)
Supporting NSWO (Nework Slice Orchestrator) in 5G (ATT, Nokia, Nokia Shanghai Bell)
3GPP profiles for cryptographic algorithms and security protocols (Ericsson)
AKMA (Authentication and Key Management for Applications) Ua protocol profiles (Qualcomm)

It only harms the nation to create a fake 5G initiative for pandering to Trump to create an insular 5G MAGAverse. We are dealing here with a continuum of globally interconnected communication networks and services that have existed since 1850 pursuant to international treaties. A 5G MAGAverse is a death sentence for the nation’s viability.

The U.S. private sector is actually doing a reasonably good job in participating in the forums working on the real 5G Security Framework. The Federal government just needs to: 1) do a better job supporting the private sector and allies in the participation in the real 5G security work, and 2) bolster the analytical capabilities and tailored programs of the expert national security agencies and facilitate their enhanced participation in venues such as SA3.
Written by Anthony Rutkowski, Principal, Netmagic Associates LLCFollow CircleID on TwitterMore under: Cybersecurity, Internet Governance, Policy & Regulation, Telecom, Wireless

The post Reality Check on the 5G Security MAGAverse appeared first on iGoldRush Domain News and Resources.

Original source: https://www.igoldrush.com/newsfeed/ig966370

Leave a Comment