5G Network Security

An Overview & Survey of New Vulnerabilities and Modern Defense Strategies

The 5G Core: A New Service-Based Architecture

5G's Service-Based Architecture (SBA) is a fundamental shift, using cloud-native Network Functions (NFs) that communicate via APIs. Understanding these core components is the first step to securing the new network paradigm.

AMF

Access & Mobility Management Function. Handles connection, registration, and mobility.

AUSF

Authentication Server Function. Manages authentication, working closely with UDM.

UDM

Unified Data Management. Stores subscriber data, credentials, and security contexts.

SMF

Session Management Function. Establishes and manages user data sessions (e.g., PDU sessions).

PCF

Policy Control Function. Applies network policies for Quality of Service (QoS) and network slicing.

NEF

Network Exposure Function. Securely exposes network capabilities and data to trusted third-party applications.

Key Vulnerability Areas

The flexibility of 5G's virtualized and sliced architecture also introduces new, complex security risks. The survey identifies these critical areas as the most significant threats to 5G deployments.

This highlights that security must be considered at every level, from the virtualized infrastructure (NFV) and network slices to end-user IoT devices and the global supply chain.

Core Security Best Practices

To counter the new threats, a multi-layered defense is required. The survey of best practices identifies these key pillars for building a robust 5G security posture.

A holistic strategy combines modern architectures like Zero Trust (ZTA) with practical security for slicing, infrastructure (NFV), supply chains (NESAS), and active threat hunting with AI/ML.

Spotlight: Zero Trust Architecture (ZTA)

The most critical best practice identified is the adoption of a Zero Trust Architecture (ZTA). This model shifts from the old "trust but verify" mindset to "never trust, always verify," treating every access attempt as a potential threat until proven otherwise.

Pillar 1: Devices (UEs)

Continuously validate device identity and security posture.

Pillar 2: Users (UDM/AUSF)

Strict identity verification and authentication for every user.

Pillar 3: Network (Micro-segmentation)

Isolate network functions and slices to prevent lateral movement.

Pillar 4: Applications (APIs)

Secure all API communications between network functions (NF-to-NF).

Pillar 5: Data (Encryption)

Protect data in transit and at rest with strong encryption.

In 5G, ZTA means continuously authenticating devices, verifying user identity, segmenting the network to limit breach impact, and securing all data and API-driven applications.