5G is the next generation of mobile technology and offers new technical capabilities through its higher data rates, ultra-reliable and low latency (minimal time lag) communications, and massive machine-to-machine communications. Taken together these properties give 5G the potential to generate significant economic and social benefits across the digital economy [1], including enabling advanced applications such as Industry 4.0 and smart manufacturing.

The 5G DRIVE (Diversified oRAN Integration & Vendor Evaluation) project is trialling a new secure network connection capability for integrating private and public networks to form a network of networks. A key element of diversification is helping private networks integrate into Mobile Network Operators (MNO’s) networks. This is accomplished via the new multi-level Security Edge Protection Proxy (SEPP) using the N32 roaming interface, a novel architecture for Advanced Private & Public Networks [3]. A SEPP extends the security boundary by including the PRINS application-level security protocol.

Figure 1: PRINS Protocol Schematic [3].

After an initial exchange of keys using the N32c protocol the verified SEPP components can interact and communicate using a key protected HTTP2 protocol. Routing modifications can be made by intermediate devices, but the content of messages passed between sending and receiving SEPPs remain encrypted.

Transitioning this research into operational systems requires an in-depth assessment and modelling of the security requirements. A 5G network SEPP that interacts between the public (PLMN) and private networks provides messaging capabilities that unlock the value of 5G, including edge computing and services for these networks. However, the fact that the SEPP plays a key mediating role in interoperability also requires security. Public networks could potentially be exposed to the risks presented from the private networks, whereas enterprises that invest in 5G connectivity do not want to be exposed to risks inherited from interfacing with the public networks. The SEPP acts as an intelligent firewall and proxy that facilitates the safe exchange of messages to protect the participants from cybersecurity threats.

To manage the messaging necessary to connect 5G NPN’s to Network Functions for edge computing and cloud services requires the interfaces between the Enterprise, Home and Visited public networks to implement measures to ensure the Confidentiality, Integrity and Availability of information. This can be achieved by using encryption and hashing, and by utilising identity roaming techniques to scale the provision for large scale adoption.

Research into the design of carrier grade security into a new component like the SEPP is being undertaken at WMG, at the University of Warwick, a consortium member of the 5G DRIVE project. A process of Security by Design and Security by Default is being used to build the security capabilities into the design from the ground up. This includes the use of secured services and system modelling to ensure that the solution is scalable, securable and auditable. This allows the transition from testbed to factory to be managed so that the SEPP can perform as a reliable component of the trusted platform infrastructure offered by main network operators.

The development and diversification of 5G networks is important for the development of the UK’s advanced manufacturing capabilities, and comes with a host of side benefits, enabling use cases to be realised that can revolutionise industry processes, A short YouTube video is included to give some background on this innovative and exciting project

…and you can follow their progress on the @5g_drive Twitter account or use the hashtag #5GDRIVE to learn more.

[1] https://www.gov.uk/government/publications/5g-supply-chain-diversification-strategy/annex-5g-networks-overview–2

[2] https://news.virginmediao2.co.uk/dcms-supported-5g-drive-consortium-successfully-trials-new-secure-ran-connections-for-tier-two-vendors/

[3] ETSI 3rd Generation Partnership Project (3GPP). (2020). 5G; Security architecture and procedures for 5G System (3GPP TS 133.501 version 15.5.0 Release 15).