Security and privacy in 5G mobile networks – MobiS5

For 20 years, 3rd and 4th generation mobile networks have allowed users to receive service anywhere, at any time. The dawning and visionary 5th generation mobile network (5G) aims to create a highly-decentralised architecture, including a massive Internet of Things (mIoT) and a non-federated core network, making telecommunications ubiquitous.

The 3rd Generation Partnership Project (3GPP) has published the following four documents as the cornerstones of the 5G world: (i) TR 22.861, describing the integration of a mIoT in 5G networks; (ii) TR 22.862, regarding critical communications; (iii) TR 22.863, presenting an enhanced mobile broadband; (iv) TR 22.864, describing the security and privacy guarantees required in 5G network operations. These documents suggest that the most important cryptographic challenges for future mobile communications, unanswered by current 3G/4G solutions today, are: securely integrating resource-constrained, attack-prone IoT devices into 5G networks; the security of a decentralised core-network architecture; and direct device-to-device communication, with no input from the operator.

An important difference between current and future mobile architectures is the variety of devices for which security solutions must be found. Current mobile phones are vulnerable to many attacks, including malware, Denial-of-Service (DoS), tracking, and cryptographic attacks. However, addressing existing attacks is not enough. Future mobile networks will include IoT devices, which are even more attack-prone, and can be used as “tools” in cyber-attacks, e.g. to exacerbate the scale of Denial of Service. The transition to 5G networks is expected to not only combine, but to compound risks to all types of devices.

MobiS5 will aim to foresee and counter the threats posed in 5G architectures by the architectural modifications suggested in TR 22.861-22.864. Concretely, we will provide a provably-secure cryptographic toolbox for 5G networks, validated formally and experimentally, responding to the needs of 5G architectures at three levels:

* Challenge 1: security in the network infrastructure and end points: including core network security and attack detection and prevention;
* Challenge 2: cryptographic primitives and protocols, notably : a selection of basic primitives, an authenticated key-exchange protocol, tools to compute on encrypted data, and post-quantum cryptographic countermeasures
* Challenge 3: mobile applications, specifically in the use-case of a secure server that aids or processes outsourced computation; and the example of a smart home.

We will adopt a comprehensive and multi-tiered approach to answering these challenges. In particular, for all our challenges we will use the combined approaches of provable security, secure implementations, and experimental validation. We will start by identifying the security and privacy requirements for each challenge, and then fully formalizing them using computational and formal-methods approaches . Each cryptographic tool we will propose is to be validated in three different ways. Primitives such as symmetric ciphers, for which provable security yields limited guarantees, will undergo extensive cryptanalysis. For remaining primitives and protocols, security proofs will be provided in the models defined beforehand. Finally, all our tools will be implemented and subjected to both extensive experimental validation and to side-channel analysis. This three-pronged approach explicitly aims to bridge the gap between the limited modelling capacities of provable-security methodologies and real-world security.