In this report, the authors assert that 5G security design must be an all-encompassing one to provide adequate security protection for the everything-connected world. One of the main features of the 5G technology is that it will not be confined to individual customers, as with 2G, 3G and 4G. It is not simply about having a faster mobile network or richer functions in smartphones. 5G will also serve vertical industries, from which a great diversity of new services will stem. As vertical industries are thriving the Internet of Things (IoT), connected vehicles, augmented and virtual reality, to name but a few they will all demand fast, ubiquitous network access. The rise of new business, new architecture and new technologies through 5G will present significant challenges for security and privacy protection.
In the context of vertical industries, security demands could vary greatly among services. For instance, mobile IoT devices only require lightweight security, while high-speed mobile services demand highly-efficient mobile security. As IoT gains momentum, more people will be able to remotely operate or «talk» to networked devices, for instance in instructing facilities in smart homes. There is a need, therefore, for a more stringent authentication method, e.g. biometrics, to prevent unauthorised access to IoT devices.
Security and privacy features for such a vast, global system as 5G must be built into the system design right from the start. Security and privacy requirements are often seen as obstacles or burdens in the system design, but ignoring them in the beginning is not cost-efficient in the long run. Adding features afterwards is less effective and often more costly than including proper mechanisms from the beginning.
The time is right to take the security of 5G infrastructures into consideration, as «virtual» new technologies, such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV), take over. Another consideration for security designers is building security architecture suitable for different access technologies. IoT devices have many choices in the way they access networks. For instance, they may connect to networks directly, or via a gateway, or in Device-to-Device (D2D) or relay fashion. Networks will also have to be able to sense what type of service a user is using, but sensing the service type may involve user privacy. With all these factors added together, privacy protection in 5G also becomes more challenging.