Smart ID - Identities for 5G networks

Tackle the security challenges of 5G

As mobile network operators around the world develop and roll out their 5G networks, enabling more and better connectivity and facilitating the IoT, there are several security aspects to consider.

CONTACT US  SOLUTION BRIEF

5G networks

Do you recognize these challenges

The enhanced security that 5G provides, puts additional requirements on the MNOs:

  • Protection of the closely placed base stations from threats like device tracking, call interception, frequency jamming, physical base station attacks, and flooding.
  • Implementation of the TLS-based mutual authentication and transport security between the Network Functions (NFs) in the Service-Based Architecture (SBA) as prescribed by 3GPP 5G specification.
  • Automation of the certificate lifecycle management for the NFs to cope with the frequent updates imposed by continuous deployment strategies
  • Securing Customer Premises Equipment (CPE), e.g. broadband routers
  • PKI for virtualization platforms requirements
  • PKI for Open RAN (O-RAN) Security

Backhaul protection

In 5G mobile networks, base stations and small cells are deployed in an unsecured area, mandating a secured connection to the backbone network to ensure confidentiality and integrity in order to prevent malicious exploit of an unprotected communication link.

The network elements communicating over an unsecure network are using strong public key authentication based on machine certificates. The certificates are regularly requested and renewed from the Certificate Authority (CA) of the corporate PKI typically using standard protocols Simple Certificate Enrolment Protocol (SCEP) and Certificate Management Protocol (CMP).

 

Secure NF communication

As per 3GPP Rel-15 (TS 33.501), the NFs in the 5G Core (5GC) Service-Based Architecture (SBA) communicate with each other based on TLS based mutual authentication and transport security and OAuth 2.0 token-based authorization. This relies on the use of a Public-Key Infrastructure (PKI) in place in the network, where a Certificate Authority (CA) issues certificates to each of the communication endpoints.

5GC microservice architecture with continuous deployment and updates and the overall use of TLS for connections between the NFs furthermore constitutes a need for a highly automated process to issue and manage certificates.

 

 

Secure NMS Communication

Network Management Systems (NMS) facilitate the secure management of telecommunications networks, including base stations. These systems enable efficient monitoring, configuration, and troubleshooting. To ensure robust security, NMS solutions establish secure connections between management platforms (e.g., Ericsson NMS, Nokia NetAct) and network elements.

Certificates issued by an external Certificate Authority (CA), adhering to 3GPP Rel-15 standards, play a crucial role in facilitating this secure communication. Complying with Telecom regulatory standards and industry norms, our PKI solution provides a trusted foundation, ensuring NMS integrity and reliability.



Open RAN (O-RAN) Security

The 5G Open RAN concept is for a more open radio access network architecture.

3GPP prescribes Open RAN zero-trust architecture, with IPSec/DTLS on E1, Xn, midhaul (F1) and open fronthaul (M-Plane) interfaces. Mandatory support for TLS 1.2+ and Public Key Infrastructure X. 509 (PKIX) for mutual authentication is also required.

How does it work?

Nexus Smart ID Certificate Manager can issue and manage the lifecycle of trusted identities based on PKI certificates through standard certificate management protocols, including ACME, SCEP, EST and CMP.

Nexus SmartID and the GO IoT service offered based on it, are based on mature, scalable, highly reliable, continuously tested and maintained products. The multi-CA and multitenancy solution helps you adapt the PKI hierarchy, administration, and reporting, to your needs. Nexus' solution offers automation features and a solid track record.

READ MORE ON DOCS

5G networks how it works

Why Nexus

Nexus’ platform for 5G PKI has the following key benefits:

Proven worldwide

Is used in critical, large-scale installations by several of the biggest mobile operators world-wide.

High security

Offers proven high security as Nexus’ quality-assured PKI platform is being certified according to Common Criteria EAL4+, and Nexus’ organization comply with ISO 27001 and TISAX.

Offered as a service

Is offered as a service, with guaranteed SLA and capacity as you grow. 

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At Technology Nexus Secured Business Solutions AB, corp. ID no. 556258-0414, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.