Question

What tasks and deliverables are needed to implement "User Domain" risk mitigation recommendations?

Answer 1

This section addresses the high level security design principles for the architecture and recommendations as to how to proceed. We take as our basis the set of security building blocks needed to meet the security objectives, not only in terms of the 5G architecture enforcement but also to address explicit requirements and also building blocks related to common best practice.

These three basic concepts confidentiality, integrity, and availability, commonly referred to as the CIA-triad are key aspects in design of secure systems. Though there are other concepts such as authentication, non- Repudiation which are also important characteristics of secure system design.

The project’s 5G security architecture builds on, extends (and in our opinion clarifies) the current 3GPP security architecture. The logical “dimension” of our architecture captures first of all security aspects associated with the various domains that are involved in delivering services over 5G networks. This part is therefore also strongly associated with the project’s trust model. Additionally, the logical part captures Security aspects associated with network layers and/or special types of network traffic. This is in our architecture associated with different strata. The functional “dimension” of our architecture comprises a set of security capabilities required to protect and uphold the security of the various domains and strata. In the functional dimension, we build on the 3GPP defined security feature groups. We also here extend and refine to adapt to a 5G context.

A goal of the architecture work within 5G-ENSURE has been to clearly provide rationale for the architecture’s structure and features, i.e. instead of staring from detailed security requirements, we seek to motivate which high level security problem is relevant in a 5G context, and then break that down into a manageable set of security objectives for 5G.