Technology continues to advance at a rapid pace, bringing forth numerous benefits alongside critical considerations. Among these, the issue of ensuring user privacy within mobile networks has become increasingly pertinent with the proliferation of connected devices and the evolving 5G infrastructure. Addressing these concerns, the 3rd Generation Partnership Project (3GPP) has implemented significant privacy enhancements in the latest 5G Release 15. However, the widespread adoption of these improvements remains uncertain, particularly as many networks currently operate in 5G Non-Stand Alone (NSA) mode, relying on existing 4G networks.
This underscores the complexity and urgency explored in “Demystifying Privacy in 5G Stand Alone Networks”, a publication authored by Stavros Eleftherakis, Timothy Otim, Giuseppe Santaromita, Almudena Diaz Zayas, Domenico Giustiniano, and Nicolas Kourtellis.
Is 5G advancing too quickly?
Telecommunication companies worldwide have been rapidly releasing 5G technology and have already projected to have billions of active 5G connections based on 3GPP Release 15. 5G is already being used by IoT mobile devices and other connected devices and is estimated to be 30 billion by 2030. Even though the releases have been occurring rapidly, most of the networks rely on 4G Core Networks to operate. Solely relying on 5G NSA technology increases the risk for ensured security and privacy for users regarding user confidentiality, authentication, location privacy, and more. The researchers identify the importance of establishing certain S&P objectives about the confidentiality of the user identity in mobile networks such as identity privacy, location privacy, and untraceability.
Key Highlights of the Study
Attack scenario analysis: The researcher focused on eight top adversarial attacks in pre-5G cellular networks such as IMSI catching, C-RNTI tracking, and TMSI deanonymity to examine the existence and correct implementation of each 5G mitigation mechanisms across the different deployment scenarios.
Experimental & deployment scenarios: The researchers tested their experiments on different 5G testbeds such as the operator’s network testbed, a private 5G SA and NSA network from a large operator in a city in Spain, and the 5G SA in OpenAirInterface (OAI), where three 5G SA networks and one 5G NSA were tested.
Examination of new vulnerabilities of 5G: Two new vulnerabilities were analysed based on the previous measurement studies which involved the GUTI reallocation command attack and the security capabilities bidding-down attack.
Validation of 5G SA for increasing security: Results showed that 5G SA offers higher identity privacy as the SUCI identifier and 5G-GUTI reallocation mechanism are properly supported.
Importance
This study is the first to provide qualitative and experimental comparison between 5G NSA and Stand Alone (SA) in real operator networks. It focuses on privacy enhancements addressing the top eight pre-5G attacks that occurred based on recent academic literature. Another important highlight is that it evaluates the privacy levels of OpenAirInterface (OAI), a leading open-source software for 5G, against real network deployments for the same attacks.
What comes next
These researchers were the first to perform a study on the security aspects of real 5G SA networks in Europe and the second in the world, which establishes the gap in this research as there is room for more studies to be conducted. However, this is a significant leap forward to addressing long-standing privacy concerns as more 5G technologies emerge.
Challenges remain as the study conclusions resulted into two new vulnerabilities being found within privacy measures. Even though it is important that 5G technologies continue to advance, there is still room for more research to be done as privacy must remain a top priority to not compromise user security.