5G Security Architecture

The security architecture builds on the current 3GPP security architecture (TS 33.401) where the network and its security functionalities are represented in terms of domains, strata and security feature groups. These building blocks have been revised in terms of concept and extended to capture the characteristics of 5G system such as the strong dependency on software defined networking and virtualisation and the need to support multi domains and vertical use cases. Therefore the concept of domain has been revised to distinguish between infrastructure domains, related to physical network aspects, and tenant domains, reflecting the logical network aspects. These domains are strongly connected to the 5G trust model as many of the domains will typically be coupled to administration/ownership. The strata concept has been extended to characterise the different functional aspects related to the provisioning of a service. Finally, the security feature groups concept that comprise the set of security capabilities required to protect and uphold the security of the various domains and strata have been replaced by Security Realms and Security Control Classes to better capture “Where” Security is needed and “What” type of Security is needed.

With the draft architecture in place, each of the 5G-ENSURE enablers has been linked to the major building blocks of the architecture showing the enhancements in terms of security and where these are needed.