5G enables new business models, ecosystems, and technologies which will allow enterprises and MNOs to grow their business faster than the traditional wireless market. Inherent in the new architecture is the disappearing perimeter & expanding attack surfaces. Securing the network that is going to touch almost every aspect of our lives is critical. It is paramount that we can provide human and IoT communications services in a secure and trusted environment.
The 5G Core Network(5GC) holds a key role in realizing the full potential of 5G services. Without 5GC, fully-fledged NR services cannot be obtained.
The 5GC has been designed around services that are invoked using a standard API. In 5GC, a Service-Based Architecture(SBA) degign has been in use in the software industry to improve the modularity of products. A software product can be broken down into communicating services. With this approach, the developers can mix and match services from different vendors into a single product. And the SA architecture consisting of 5GC and gNB can provide full 5G services from day one, while the NSA architecture leveraging the existing LTE infrastructure provides limited 5G services.
Also, a cloud native design is introduced to enable flexible scaling and upgrades in 5GC. The fundamental concept of a cloud native 5GC is defined as 'stateless microservices deployed in a container-based architecture’. A Network Function (NF) is comprised of small service units called NF services (i.e., micro-services), and NFs store their state information in a central database called Unstructured Data Storage Function (UDSF), which turns the network function itself, stateless. Stateless NFs can be scaled easily and specific NFs can be isolated in case of failures, which in turn makes an uninterrupted service possible. Each micro-service runs in a container and is independently scalable and re-usable. These design characteristics enable the flexible launch of new services, faster time-to-market, and offers enhanced scalability. As a result, the 5GC functions can be quickly created, deployed, and scaled, using automated lifecycle management.
As shown in the above figure, at the heart of the standalone 5GC is SBA. The following is a non-exhaustive list of topics that are being considered.
♦ Inter-NF Encryption and Integrity protection. (3GPP TS 33.501, TLS, Certificate management.)
♦ Inter-NF Authentication and Authorization. (OAuth)
♦ Signalling Protection (Release 16). i.e. the role of Service Communication Proxy (SECOP). Performing all the above when in communication with its peers (NFs and other SECOPs). Also performing filtering, load-balancing, and protection of signaling traffic (HTTP 2.0).
♦ Exposed Interface Protection. Topics such as network capability exposure (NEF). i.e. NF to NEF (same as above), NEF to 3rd party apps (API security), N33-firewall. Security Edge Protection Proxy (SEPP) and N32 interface.
With the powerful Cloud-native, Standalone and SBA-based 5GC, 5G–specific services combined with other features enable diverse business use cases such as factory automation, smart cities, autonomous driving and healthcare area. In this way, an operator is able to secure new revenue streams. IPLOOK has led 5G deployment from day one and is ready to support any operator's 5G needs.