5G Security
What is 5G Security?
5G SecurityThe security architecture for 5G mobile networks, defined in 3GPP TS 33.501, covering subscriber privacy, mutual authentication, and protection of signalling and user-plane traffic.
5G security, specified in 3GPP TS 33.501, builds on but significantly hardens the LTE model. Primary authentication uses 5G-AKA or EAP-AKA' with the home network's Authentication Server Function (AUSF) and Unified Data Management (UDM), achieving mutual authentication and a hierarchical key tree (KAUSF, KSEAF, KAMF, KgNB). To prevent IMSI catchers, the long-term identifier (SUPI) is never sent in the clear: instead, the UE encrypts it with the home operator's public key into a SUCI using ECIES (Curve25519 or P-256). User-plane traffic between UE and gNB can be ciphered and integrity-protected with NEA1/2/3 (SNOW 3G, AES-128, ZUC). Service-Based Architecture between network functions is protected by TLS 1.3 and OAuth 2.0 access tokens.
● Examples
- 01
A 5G phone sending its SUCI (ECIES-encrypted SUPI) during initial registration with a roaming visited network.
- 02
Two 5G core network functions authenticating each other via mTLS and exchanging OAuth 2.0 access tokens at the SBI.
● Frequently asked questions
What is 5G Security?
The security architecture for 5G mobile networks, defined in 3GPP TS 33.501, covering subscriber privacy, mutual authentication, and protection of signalling and user-plane traffic. It belongs to the Network Security category of cybersecurity.
What does 5G Security mean?
The security architecture for 5G mobile networks, defined in 3GPP TS 33.501, covering subscriber privacy, mutual authentication, and protection of signalling and user-plane traffic.
How does 5G Security work?
5G security, specified in 3GPP TS 33.501, builds on but significantly hardens the LTE model. Primary authentication uses 5G-AKA or EAP-AKA' with the home network's Authentication Server Function (AUSF) and Unified Data Management (UDM), achieving mutual authentication and a hierarchical key tree (KAUSF, KSEAF, KAMF, KgNB). To prevent IMSI catchers, the long-term identifier (SUPI) is never sent in the clear: instead, the UE encrypts it with the home operator's public key into a SUCI using ECIES (Curve25519 or P-256). User-plane traffic between UE and gNB can be ciphered and integrity-protected with NEA1/2/3 (SNOW 3G, AES-128, ZUC). Service-Based Architecture between network functions is protected by TLS 1.3 and OAuth 2.0 access tokens.
How do you defend against 5G Security?
Defences for 5G Security typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for 5G Security?
Common alternative names include: 5G AKA, SUCI, TS 33.501.
● Related terms
- network-security№ 635
LTE Security
The security architecture for 4G/LTE mobile networks, defined in 3GPP TS 33.401, covering EPS-AKA authentication and ciphering of RRC, NAS, and user-plane traffic.
- network-security№ 314
Diameter Protocol
An AAA (authentication, authorisation, accounting) protocol standardised in RFC 6733 that replaced RADIUS in IMS, LTE EPC, and roaming/IPX networks.
- network-security№ 1211
VoLTE Security
Voice-over-LTE security: the set of IMS authentication, signalling, and media protections that secure voice calls carried as SIP/RTP over 4G or 5G data bearers.
- attacks№ 521
IMSI Catcher
A fake cell-site that tricks nearby phones into revealing their IMSI/IMEI and, on weak networks, intercepting calls and SMS.