Security For 5G Mobile Wireless Networks: Dongfeng Fang, Yi Qian, and Rose Qingyang Hu

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2017.2779146, IEEE
Access
SUBMITTED TO IEEE ACCESS, AUGUST 2017 1
Security for 5G Mobile Wireless Networks

Dongfeng Fang, Yi Qian, and Rose Qingyang Hu
Abstract—The advanced features of 5G mobile wireless net- up to ten years battery life for low power devices [5]. To
work systems yield new security requirements and challenges. achieve these performance requirements, various technologies
This paper presents a comprehensive survey on security of 5G [6] are applied to 5G systems, such as heterogenous net-
wireless network systems compared to the traditional cellular
networks. The paper starts with a review on 5G wireless networks works (HetNet), massive multiple-input multiple-output (MI-
particularities as well as on the new requirements and motiva- MO), millimeter wave (mmWave) [7], D2D communications
tions of 5G wireless security. The potential attacks and security [8], software defined network (SDN) [9], network functions
services with the consideration of new service requirements and visualization (NFV) [10] and networking slicing [11]. The
new use cases in 5G wireless networks are then summarized. The standardization process for 5G wireless systems is just at
recent development and the existing schemes for the 5G wireless
security are presented based on the corresponding security ser- the very beginning. Fig. 1 illustrates a generic architecture
vices including authentication, availability, data confidentiality, of 5G wireless systems. 5G wireless systems can provide not
key management and privacy. The paper further discusses the only traditional voice and data communications, but also many
new security features involving different technologies applied new use cases, new industry applications, and a multitude
to 5G such as heterogeneous networks, device-to-device com- of devices and applications to connect society at large [12].
munications, massive multiple-input multiple-output, software
defined networks and Internet of Things. Motivated by these Different 5G use cases are specified such as vehicle-to-vehicle
security research and development activities, we propose a new and vehicle-to-infrastructure communications, industrial au-
5G wireless security architecture, based on which the analysis tomation, health services, smart cities, smart homes and so
of identity management and flexible authentication is provided. on [13]. It is believed that 5G wireless systems can enhance
As a case study, we explore a handover procedure as well as mobile broadband with critical services and massive IoT [14].
a signaling load scheme to show the advantage of the proposed
security architecture. The challenges and future directions of 5G The new architecture, new technologies, and new use cases in
wireless security are finally summarized. 5G wireless systems will bring new challenges to security and
privacy protection [15].
Index Terms—5G wireless network systems, security, authen-
tication, availability, confidentiality, key management, privacy, Due to the broadcast nature and the limited bandwidth of
heterogenous networks, device-to-device communications, mas- wireless communications, it is possible but difficult to provide
sive multiple-input multiple-output, software defined networks, security features such as authentication, integrity and confi-
Internet of Things, 5G wireless security architecture. dentiality. There are various security issues in current cellular
networks at media access control layer (MAC) and physical
I. I NTRODUCTION layer (PHY) in terms of possible attacks, vulnerabilities and
privacy concerns [16]. The security protections of voice and
5 TH generation wireless systems, or 5G, are the next gen-

eration mobile wireless telecommunications beyond the
current 4G/International Mobile Telecommunications (IMT)-
data are provided based on traditional security architectures
with security features as user identity management, mutual
authentications between the network and user equipment (UE),
Advanced Systems [1]. 5G wireless system is not only an securing communication channel and so on. In the legacy
evolution of the legacy 4G cellular networks, but also a system cellular networks - Long Term Evolution (LTE), a high level
with many new service capabilities [2]. 5G research and devel- of security and trustworthiness for users and network operators
opment aim at various advanced characteristics, such as higher are provided [12]. Besides encryption of user traffic, mutual
capacity than current 4G, higher density of mobile broadband authentication is achieved between a UE and a base station. In
users, and supporting device-to-device (D2D) communications addition, the security of the access and the mobility manage-
and massive machine-type communications [3]. 5G planning ment of LTE are ensured by a key hierarchy and handover key
also aims at lower latency and lower energy consumption, management mechanism [17]. There are also research work on
for better implementation of Internet of Things (IoT) [4]. security related to the technologies applied to LTE [18] [19].
More specifically, there are eight advanced features of 5G However, new security requirements are needed to support a
wireless systems, 1-10 Gbps connections to end points in the variety of new use cases and the new networking paradigms
field, 1 millisecond latency, 1000x bandwidth per unit area, [20]. The security mechanisms are needed to comply with the
10-100x number of connected devices, 99.999% availability, overall 5G advanced features such as low latency and high
100% coverage, 90% reduction of network energy usage and energy efficiency (EE) [20]. The Next Generation Mobile Net-
works (NGMN) Alliance highlights the security requirements
This work was supported by the National Science Foundation under the
grants ECCS-1307580, ECCS-1308006, EARS-1547312, and EARS-1547330. of 5G wireless networks shown in Table. I. Moreover, unlike
D. Fang, and Y. Qian are with the Department of Electrical and Computer the legacy cellular networks, 5G wireless networks are going
Engineering, University of Nebraska-Lincoln, Omaha, NE 68182. E-mail: to be service-oriented which has a special emphasis on security
dongfeng.fang@huskers.unl.edu; yqian2@unl.edu.
R. Q. Hu is with the Department of Electrical and Computer Engineering, and privacy requirements from the perspective of services [15].
Utah State University, Logan, UT 84321. E-mail: rose.hu@usu.edu. Fig. 2 illustrates the main drives for 5G wireless security.
2169-3536 (c) 2017 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2017.2779146, IEEE
Access
Cloud
Backbone Link Smart
Wireless Connection Building
mmWave
Macrocell
MIMO
Smart
Communities Healthcare
Networks
D2D
Communications
Vehicular
High
Networks
Speed
Mobile
Networks Industry M2M
Communications
Fig. 1: A generic architecture for 5G wireless systems
TABLE I: Security requirements for 5G wireless networks [21]

Improve resilience and availability of the network against signaling based threats
including overload caused maliciously or unexpectedly
Requirements respect to 4G Specific security design for use cases which require extremely low latency
Comply with security requirements defined in 4G 3GPP standards.
Need to apply especially to a virtualized implementation of the network
Provide Public Safety and Mission Critical Communications (resilience and high
availability)
Requirements Improve system robustness against smart jamming attacks
from radio access perspective Improve security for 5G small cell nodes
4G Network 5G Network
New use cases
New technologies Service
Supreme Built-in-Security New networking paradigms Services
Flexible Security Mechanisms New threats Server
New trust models Trust Trust
User User Network

Network
Automation
Changing ecosystem Fig. 3: Trust model of 4G and 5G wireless networks
Growing need for dependability
Fig. 2: Major drives for 5G wireless security spectral efficient and energy efficiency. It is also considered
as a valuable technique against passive eavesdropping [25].
Furthermore, SDN and NFV in 5G will support new service
delivery models and thus require new security aspects [26]
The new use cases can have a variety of specific requirements [27]. With the advent of 5G networking paradigms, new
such as ultra-low latency in the user communications. New security architecture is needed [28]. To address these issues,
technologies not only yield advanced service capabilities but security must be considered as an integral part of the overall
also open door to vulnerabilities and thus impose new security architecture and should be integrated into the system design at
requirements in 5G [22][23]. In HetNet, different access tech- the very beginning. To support various use cases and new trust
nologies may have different security requirements, and multi- models in an optimal way, flexible security mechanisms are
network environment may need high frequent authentications needed. The trust models of the legacy cellular networks and
with stringent delay constraints [24]. Massive MIMO has 5G wireless networks are presented in Fig. 3 [15]. Authenti-
been deemed an important 5G technique to achieve higher cations are required not only between subscribers and the two
Access
operators (the home and serving networks) but also among ser- Authentication/authorization; Key agreement
vice parties in 5G wireless networks. Moreover, for the vertical Security negotiation;
industries use case, the security demands can be significantly Key hierarchy; NFV/SDN security;
different among different applications. For instance, mobile Enhanced control plane;
Robustness;
Network slicing
security
devices require lightweight security mechanisms as its power Enhance subscriber privacy
resource constraint, while high-speed services require efficient
security services with low latency. Therefore, the general flex- Edge Cloud Central Cloud
ibility for 5G security mechanisms is another key requirement Server
[29]. The authentication management in 5G is more complex

due to various types of and a massive number of devices Security management and
Crypto algorithms; orchestration;
connected. For different applications, different authentication Physical layer Security assurance for NFV
models can be implemented. In Fig. 3, user authentication can security;
Jamming protection
environments;
Self-adaptive, intelligent
be done by the network provider, or by the service provider, or security controls
by both. Besides the flexibility requirement of 5G security, se-
curity automation is also a key element. It combines automated Fig. 4: Elements in a 5G security architecture [20]
holistic security management with automated and intelligent
security controls [20]. Since more personal information is
used in various applications such as surveillance applied over on strictly positive secrecy capacity in the 1970s and 1980s,
5G wireless networks, privacy concerns escalate. Moreover, the application of PLS has been hampered. At that time,
various services in 5G can be tied closer than before. As an most contemporary security schemes adopted the public-key
example, the fixed telephone line, internet access, and TV cryptography [32]. The interest on using PLS quickly mounted
service can be terminated simultaneously due to the outage after [33] proved that it is still possible for a legitimate user
of a major network [15]. Therefore, security automation is with a worse channel than the eavesdropper to generate a secret
needed to make the 5G system robust against various security key over an insecure public channel. There have been extensive
attacks. PLS research done recently in 5G wireless systems. Unlike
Security attacks can be classified into two types, namely, conventional approaches that provide security mainly through
passive attacks and active attacks [30]. For a passive attack, cryptographic techniques, PLS is identified as a promising
attackers attempt to learn or make use of the information security strategy to provide secure wireless transmissions by
from the legitimate users but do not intend to attack the exploiting the unique wireless physical layer medium features
communication itself. The popular passive attacks in a cel- [34]. Compared to cryptography, PLS demonstrates advantages
lular network are two kinds, i.e., eavesdropping and traffic in two aspects, namely, low computational complexity and
analysis. Passive attacks aim to violate data confidentiality high scalability, which make PLS an ideal candidate technique
and user privacy. Unlike passive attacks, active attacks can for cryptographic key distribution in 5G wireless networks.
involve modification of the data or interruption of legitimate In [31], authors summarized the existing PLS techniques
communications. Typical active attacks include man-in-the- and grouped them into five major categories based on their
middle attack (MITM), replay attack, denial of service (DoS) theoretical security capacity, power, code, channel, and signal
attack, and distributed denial of service (DDoS) attack. approaches.
The mechanisms used to tackle security attacks can be Besides PLS and cryptographic techniques, there have been
mainly divided into two categories: cryptographic approaches some research work on security architecture [35], vulnerability
with new networking protocols and physical layer security assessment mechanisms [36], and intrusion detection mecha-
(PLS) approaches. The cryptographic techniques are the most nisms based on data analysis [37]. These security mechanisms
commonly used security mechanisms, which are normally need to comply with the 5G performance requirements such as
deployed at the upper layers of the 5G wireless networks with extremely low latency and high degree of EE. The 5G security
new networking protocols. The modern cryptography consists requirements thus need to consider the legacy security features,
of symmetric-key cryptography and public-key cryptography. new use cases, and new networking paradigms altogether. Fig.
Symmetric-key cryptography refers to the encryption methods 4 presents the typical elements in a 5G security architecture.
in which a secret key is shared between a sender and a receiver. Edge cloud is applied to improve the network performance
Public-key cryptography or asymmetric cryptography uses two by reducing the communication delay. Central cloud is used
different keys, one is used as the public key for encryption to connect the edge clouds for data sharing and centralized
and the other one is used as the secret key for decryption. control.
The performance of a security service depends on the key The main contributions of this paper are summarized as
length and computational complexity of the algorithms. The follows. We first discuss various attacks as well as the state-of-
management and distribution of the symmetric keys are well the-art solutions in 5G wireless networks based on security ser-
protected in the traditional cellular networks. Due to more vices. The new security concerns on the technologies applied
complex protocols and heterogeneous network architectures in to 5G wireless network systems are then presented. Motivated
5G, the management and distribution of symmetric keys may by these security research and development activities, we
encounter new challenges [31]. further propose a new 5G wireless security architecture, based
Due to the limited progress on practical wiretap codes and on which the analysis of identity management and flexible
Access
authentication is provided. As a case study, we examine a to the quick escalation of computing power and booming of
handover procedure as well as a signaling load scheme to advanced data analysis technologies, eavesdropper can take
show the advantage of the proposed security architecture. the advantage of the new technologies in theirs attacks. The
The challenges and future directions of 5G wireless network existing mechanisms to tackle eavesdropping face a big chal-
security are finally summarized. lenge as many of them assume a small number of simultaneous
The rest of this paper is organized as follows. The attacks eavesdroppers with low computing capability and low data
and security services in 5G wireless networks are introduced analysis capability. Moreover, some technologies applied to
in section II. In section III, recent development and current 5G wireless networks such as HetNet may further increase
solutions in 5G wireless security are discussed. In section the difficulty to fight against eavesdroppers. In general the
IV, security issues for different technologies applied to 5G new characteristics of 5G wireless networks lead to many
are elaborated. In section V, we propose a 5G wireless more complicated scenarios to cope with eavesdroppers, for
security architecture. The analysis of identity management and example, in [38], eavesdroppers with multiple antennas are
flexible authentication based on the new security architecture is considered. As cryptographic methods to tackle eavesdropping
presented. A handover procedure and signaling load analysis have been extensively investigated in the past and are con-
are studied to show the advantage of the proposed security sidered rather mature, most recently, PLS research to tackle
architecture. In section VI, challenges and future directions for eavesdropping has been paid more and more attentions.
5G wireless security are introduced. In section VII, conclusion 2) Jamming: Unlike eavesdropping and traffic analysis,
is presented. jamming can completely disrupt the communications between
legitimate users. Fig. 5b is an example for jamming attack.
II. ATTACKS AND S ECURITY S ERVICES IN 5G W IRELESS The malicious node can generate intentional interference that
N ETWORKS can disrupt the data communications between legitimate users.
Due to the broadcast nature of the wireless medium, wire- Jamming can also prevent authorized users from accessing
less information transmission is vulnerable to various mali- radio resources. The solutions for active attacks are normally
cious threats. In this section, we discuss four types of attacks, detection based.
i.e., eavesdropping and traffic analysis, jamming, DoS and Spread spectrum techniques such as direct sequence spread
DDoS, and MITM, in 5G wireless networks. We also introduce spectrum (DSSS) and frequency hopping spread spectrum
four security services including authentication, confidentiality, (FHSS) are widely used as a secure communication method
availability, and integrity. to fight against jamming at the PHY layer by spreading the
signals over a wider spectral bandwidth. However, DSSS and
FHSS based anti-jamming schemes may not fit into some
A. Attacks in 5G Wireless Networks applications in 5G wireless networks. In [39], a pseudorandom
Fig. 5 illustrates all four attacks, each of which is individu- time hopping anti-jamming scheme is proposed for cognitive
ally discussed in the following three aspects, type of the attack users to improve the performance compared to FHSS. Due to
(passive or active), security services provided to fight against the characteristics of jamming, detection is possible. In [40],
this attack, and the corresponding methods applied to avoid or a resource allocation strategy is proposed between a fusion
prevent this attack. We focus on security attacks at the PHY center and a jammer. Resource allocation is applied to improve
layer and MAC layer, where the key difference on security the detection to achieve a better error rate performance.
between wireless and wire-line networks occur. 3) DoS and DDoS: DoS attacks can exhaust the network
1) Eavesdropping and Traffic Analysis: Eavesdropping is resources by an adversary. DoS is a security attack violation
an attack that is used by an unintended receiver to intercept of the availability of the networks. Jamming can be used
a message from others. Eavesdropping is a passive attack as to launch a DoS attack. DDoS can be formed when more
the normal communication is not affected by eavesdropping, than one distributed adversary exists. Fig.5c shows a DDoS
as shown in Fig. 5a. Due to the passive nature, eavesdropping model. DoS and DDoS are both active attacks that can be
is hard to detect. Encryption of the signals over the radio link applied at different layers. Currently, detection is mostly used
is most commonly applied to fight against the eavesdropping to recognize DoS and DDoS attacks. With a high penetration
attack. The eavesdropper can not intercept the received signal of massive devices in 5G wireless networks, DoS and DDoS
directly due to the encryption. Traffic analysis is another will likely become a serious threat for operators [21]. DoS
passive attack that an unintended receiver uses to intercept in- and DDoS attacks in 5G wireless networks can attack the
formation such as location and identity of the communication access network via a very large number of connected devices.
parties by analyzing the traffic of the received signal without Based on the attacking target, a DoS attack can be identified
understanding the content of the signal itself. In other word, either as a network infrastructure DoS attack or a device/user
even the signal is encrypted, traffic analysis can still be used DoS attack [21]. A DoS attack against the network infrastruc-
to reveal the patterns of the communication parties. Traffic ture can strike the signaling plane, user plane, management
analysis attack does not impact the legitimate communications plane, support systems, radio resources, logical and physical
either. resources [21]. A DoS attack against device/user can target on
Encryption method used to prevent eavesdropping is heavily battery, memory, disk, CPU, radio, actuator and sensors [21].
dependent on the strength of the encryption algorithm and 4) MITM: In MITM attack, the attacker secretly takes con-
also on the computing capability of the eavesdropper. Due trol of the communication channel between two legitimate par-
Access
Sender Receiver Sender Receiver
Receiver
Server Server
Server Server
Server
Server
Jammer
Eavesdropper
(a) (b)
Attacker
Server Sender Receiver
Server Server
...
Server
Server Server Server
Server
Sender Receiver Attacker

(c) (d)
Fig. 5: Attacks in 5G wireless networks (a). Eavesdropping; (b). Jamming; (c). DDoS; (d). MITM
ties. The MITM attacker can intercept, modify, and replace the Since the trust model differs from that used in the traditional
communication messages between the two legitimate parties. cellular networks, hybrid and flexible authentication manage-
Fig. 5d shows a MITM attack model. MITM is an active attack ment is needed in 5G. The hybrid and flexible authentication of
that can be launched in different layers. In particular, MITM UE can be implemented in three different ways: authentication
attacks aim to compromise data confidentiality, integrity, and by network only, authentication by service provider only, and
availability. Based on the Verizon’s data investigation report authentication by both network and service provider [15].
[41], MITM attack is one of the most common security attacks. Due to the very high speed data rate and extremely low
In the legacy cellular network, false base station based MITM latency requirement in 5G wireless networks, authentication
is an attack that the attacker forces a legitimate user to create in 5G is expected to be much faster than ever. Moreover, the
a connection with a fake base transceiver station [42]. Mutual multi-tier architecture of the 5G may encounter very frequent
authentication between the mobile device and the base station handovers and authentications between different tiers in 5G.
is normally used to prevent the false base station based MITM. In [43], to overcome the difficulties of key management in
HetNets and to reduce the unnecessary latency caused by
frequent handovers and authentications between different tiers,
B. Security Services in 5G Wireless Networks
a SDN enabled fast authentication scheme using weighted
The new architecture, new technologies, and use cases in 5G secure-context-information transfer is proposed to improve the
wireless networks bring in new features and requirements of efficiency of authentication during handovers and to meet 5G
security services. In this section, we primarily introduce four latency requirement. To provide more security services in 5G
types of security services: authentication (entity authentication, wireless networks, in [44][45], a public-key based AKA is
message authentication), confidentiality (data confidentiality, proposed.
privacy), availability, and integrity.
With the various new applications in 5G wireless net-
1) Authentication: There are two kinds of authentications,
works, message authentication becomes increasingly impor-
namely, entity authentication and message authentication. Both
tant. Moreover, with the more strict requirements on latency,
entity authentication and message authentication are important
spectrum efficiency (SE), and EE in 5G, message authenti-
in 5G wireless networks to tackle the previous mentioned
cation is facing new challenges. In [46] an efficient Cyclic
attacks. Entity authentication is used to ensure the communi-
Redundancy Check (CRC) based message authentication for
cating entity is the one that it claims to be. In the legacy cel-
5G is proposed to enable the detection of both random and
lular networks, mutual authentication between user equipment
malicious error without increasing bandwidth.
(UE) and mobility management entity (MME) is implemented
before the two parties communicating to each other. The 2) Confidentiality: Confidentiality consists of two aspects,
mutual authentications between UE and MME is the most i.e., data confidentiality and privacy. Data confidentiality pro-
important security feature in the traditional cellular security tects data transmission from passive attacks by limiting the
framework. The authentication and key agreement (AKA) in data access to intended users only and preventing the access
4G LTE cellular networks is symmetric-key based. However, from or disclosure to unauthorized users. Privacy prevents
5G requires authentication not only between UE and MME controlling and influencing the information related to legiti-
but also between other third parties such as service providers. mate users, for example, privacy protects traffic flows from
Access
any analysis of an attacker. The traffic patterns can be used cognitive radio paradigm to improve the SE in 5G. In [39], the
to diagnose sensitive information, such as senders/receivers authors pointed out that FHSS can cause bad performance with
location, etc. With various applications in 5G, there exist the jamming attack. A pseudorandom time hopping spread
massive data related to user privacy, e.g., vehicle routing data, spectrum is proposed to improve the performance on jam-
health monitoring data, and so on. ming probability, switching probability, and error probability.
Data encryption has been widely used to secure the data Resource allocation is adopted to improve the detection of the
confidentiality by preventing unauthorized users from extract- availability violation [40].
ing any useful information from the broadcast information. 4) Integrity: Although message authentication provides the
Symmetric key encryption technique can be applied to encrypt corroboration of the source of the message, there is no pro-
and decrypt data with one private key shared between the tection provided against the duplication or modification of the
sender and the receiver. To share a key between the sender message. 5G aims to provide connectivity anytime, anywhere,
and the receiver, a secure key distribution method is required. and anyhow, and to support applications closely related to
Conventional cryptography method is designed based on the human being daily life such as metering for the quality of
assumption that attackers have limited computing capabilities. the drinking water and scheduling of the transportation. The
Thus it is hard to fight against attackers who are equipped with integrity of data is one of the key security requirements in
powerful computing capabilities. Rather than relying solely certain applications.
upon generic higher-layer cryptographic mechanisms, PLS Integrity prevents information from being modified or al-
can support confidentiality service [47] against jamming and tered by active attacks from unauthorized entities. Data integri-
eavesdropping attacks. Besides the data services of 5G, users ty can be violated by insider malicious attacks such as message
start to realize the importance of privacy protection service. injection or data modification. Since the insider attackers have
Privacy service in 5G deserves much more attention than in the valid identities, it is difficult to detect these attacks. In use
legacy cellular networks due to the massive data connections cases such as smart meters in smart grid [50], data integrity
[12]. Anonymity service is a basic security requirement in service needs to be provided against manipulation. Compared
many user cases. In many cases, privacy leakage can cause to voice communications, data can be more easily attacked
serious consequences. For examples, health monitoring data and modified [51]. Integrity services can be provided by using
reveals the sensitive personal health information [45]; vehicle mutual authentication, which can generate an integrity key.
routing data can expose the location privacy [44]. 5G wireless The integrity service of personal health information is required
networks raise serious concerns on privacy leakage. In Het- [45]. Message integrity can be provided in the authentication
Nets, due to the high density of small cells, the association schemes [44].
algorithm can reveal the location privacy of users. In [48],
a differential private algorithm is proposed to protect the III. S TATE - OF - THE -A RT IN 5G W IRELESS S ECURITY
location privacy. In [49], the privacy in group communications
is secured by the proposed protocol. In [44], cryptographic In this section, we summarize the state-of-the-arts including
mechanisms and schemes are proposed to provide secure and recent development and current solutions for security in 5G
privacy-aware real-time video reporting service in vehicular wireless network systems. As indicated in the previous section,
networks. cryptography and PLS are two major security solutions.
3) Availability: Availability is defined as the degree to Many new PHY technologies in 5G wireless networks
which a service is accessible and usable to any legitimate users launched considerable research work in PLS. Most PLS
whenever and wherever it is requested. Availability evaluates research work are based on resource allocation. In [52] a
how robust the system is when facing various attacks and it is security-oriented resource allocation scheme is considered in
a key performance metric in 5G. Availability attack is a typical ultra-dense networks (UDNs). The authors presented several
active attack. One of the major attacks on availability is DoS resource dimensions with the influence of security transmis-
attack, which can cause service access denial to legitimate sion. The main resource dimensions mentioned are power al-
users. Jamming or interference can disrupt the communication location, relay selection, frequency allocation, time allocation,
links between legitimate users by interfering the radio signals. and beamforming. The open issues and future directions in
With massive unsecured IoT nodes, 5G wireless networks face PLS are discussed, including interference management, substi-
a big challenge on preventing jamming and DDoS attacks to tute for dedicated jammer, security over mobility management,
ensure the availability service. and handing the heterogeneity. A case study for cross layer
For the availability at PHY, DSSS and FHSS are two cooperation scheme in HetNet is presented when considering
classical PLS solutions. DSSS was first applied to the military multiple users and SBSs in UDNs. For better understanding the
in 1940s. A pseudo noise spreading code is multiplied with the PLS, two metrics used to evaluate the security performance are
spectrum of the original data signal in DSSS. Without knowl- introduced as secrecy capacity and secrecy outage probability.
edge on the pseudo noise spreading code, a jammer needs The secrecy capacity Cs is defined as:
a much higher power to disrupt the legitimate transmission. Cs = Cm Ce ; (1)
For FHSS, a signal is transmitted by rapidly switching among
many frequency channels using a pseudorandom sequence where the Cm is the main channel capacity of the legitimate
generated by a key shared between transmitter and receiver. user, and the Ce is the channel capacity of the eavesdropper.
Dynamic spectrum is applied to D2D communications and The secrecy outage probability is defined as the instantaneous
Access
secrecy capacity is less than a target secrecy rate Rt , where

Rt > 0, and: SDN Controller
Pout (Rs ) = P (Cs < Rt ); (2)
Besides these two metrics, with the consumed power, in [53], 2. Secure context transfer
secrecy EE is defined as the ratio between the system achiev-
3. Fast authentication
able secrecy rate and the corresponding consumed power.
The new development and solutions in cryptography have
mainly targeted at new applications. There have been develop- 1. Full authentication
ment and proposed solutions on the security services including AP
Small cell
AP
Small cell
authentication, availability, confidentiality, and key manage-
ment. Due to the escalated privacy concerns in 5G wireless
networks, we further separate the confidentiality solutions into
data confidentiality based and privacy based.
BS
Pico-cell BS
A. Authentication Pico-cell
Authentication is one of the most important security services
in 5G wireless networks. In the legacy cellular networks, Fig. 6: A SDN enabled authentication model [43]
an authentication scheme is normally symmetric-key based.
The implementation of the authentication scheme can deliver
several security requirements. In the third generation (3G) model using priority queuing is proposed. The arriving traffic
cellular networks, the mutual authentication is implemented is modeled as a Pareto distribution. Authentication delay is
between a mobile station and the network. Following the compared among different network utilization scenarios. The
authentication, a cipher key and an integrity key are generated proposed fast authentication protocol includes full authenti-
to ensure both data confidentiality and integrity between the cation and weighted SCI transfer based fast authentication.
mobile station and the base station. As shown in Fig. 6, after the first full authentication in one
Due to the low latency requirement of 5G networks, au- cell, it can be readily applied in other cells with MAC address
thentication schemes are required to be more efficient in 5G verification, which only needs local processing. Moreover, full
than ever before. To leverage the advantages of SDN, in [43], authentication can even be done without disrupting the user
a fast authentication scheme in SDN is proposed, which uses communication. A valid time duration parameter is used to
weighed secure-context-information (SCI) transfer as a non- flexibly adjust the secure level requirement. The simulation
cryptographic security technique to improve authentication results compared the delay performance between the SDN
efficiency during high frequent handovers in a HetNet in enabled fast authentication and the conventional cryptographic
order to address the the latency requirement. Compared with authentication method. The SDN enabled fast authentication
the digital cryptographic authentication methods, the proposed has a better delay performance owing to SDN flexibility and
method is hard to be totally compromised since it is based on programmability in 5G networks.
the user-inherent physical layer attributes. There are more than To address the issues caused by the lack of a security
one physical layer characteristics used in SCI to improve the infrastructure for D2D communications, in [54], a security-
authentication reliability for applications requiring a high level scoring based on continuous authenticity is developed to
of security. The SDN enabled authentication model is shown in evaluate and improve the security of D2D wireless systems.
Fig. 6. The SDN controller implements an authentication mod- The principle of legitimacy patterns is proposed to implement
el to monitor and predict the user location in order to prepare continuous authenticity, which enables attack detection and
the relevant cells before the user arrival. This helps achieve system security scoring measurement. For the legitimacy pat-
seamless handover authentication. Physical layer attributes are tern, a redundant sequence of bits is inserted into a packet
used to provide unique fingerprints of the user and to simplify to enable the attack detection. The simulation results show
authentication procedure. Three kinds of fingerprints are used the feasibility of implementing the proposed security scoring
as the user-specific physical layer attributes. The validated using legitimacy patterns. The authors pointed out that legit-
original attributes are obtained after a full authentication. imacy patterns considering technical perspectives and human
The observations are collected through constantly sampling behaviors could improve the performance.
multiple physical layer attributes from the received packets Combining the high security and utmost efficiency in band-
at the SDN controller. Both the original file and observation width utilization and energy consumption in 5G, in [46], the
results contain the mean value of the attributes and variance of authors proposed a new cyclic redundancy check (CRC)-based
the chosen attributes. Then the mean attribute offset can be cal- message authentication which can detect any double-bit errors
culated based on the validated original attributes and observed in a single message. The CRC codes based cryptographic
attributes. If the attribute offset is less than a pre-determined hash functions are defined. A linear feedback shift register
threshold, the user equipment is considered legitimate. The (LFSR) is used to efficiently implement the CRC encoding
detection probability is presented in the paper. To evaluate and decoding. The message authentication algorithm outputs
the performance of the proposed method, a SDN network an authentication tag based on a secret key and the message.
Access
Sever: HFD, Reader: PNG Tag: PNG, HF, IDS, 𝐼𝐷𝑖 , Wireless body area
𝑜𝑙𝑑 𝑛𝑒𝑤 network client
(𝐼𝐷𝑆, 𝐼𝐷𝑖 [𝐾𝑖,𝑗 , 𝐾𝑖,𝑗 ]) (𝐾𝑖,1 , … , 𝐾𝑖,𝑚 )
Medical service
Network provider
manager (Physician)
Initialization process: 𝑞, 𝑟1
... Key
S
Forward 𝐼𝐷𝑆, 𝑟2 , 𝐻(𝐼𝐷𝑖 ||𝑟1 ||𝑟2 ), generator
R
center
𝐼𝐷𝑆, 𝑟2 , 𝐻(𝐼𝐷𝑖 ||𝑟1 ||𝑟2 ), 𝐻(𝐾𝑖,𝑗 ||𝑟1 ||𝑟2 ), 𝐹 R
R
𝐻(𝐾𝑖,𝑗 ||𝑟1 ||𝑟2 ), 𝐹
R R
i-th tag identity Fig. 8: A m-health system model [45]

verified, session stop
or revocation complete
𝐻(𝐼𝐷𝑖 ||𝐾𝑖,𝑗 ||𝑟1 ||𝑟2 )

Forward the proposed scheme has a higher level of security and the
𝐻(𝐼𝐷𝑖 ||𝐾𝑖,𝑗 ||𝑟1 ||𝑟2 )
same level of complexity compared with existing ones.
Considering the open nature of D2D communications be-
tween medical sensors and the high privacy requirements of
Fig. 7: The authentication process of the RFID secure appli- the medical data, in [45], by utilizing certificate-less gener-
cation revocation scheme [55] alized signcryption (CLGSC) technique, the authors proposed
a light-weight and robust security-aware (LRSA) D2D-assist
data transmission protocol in a m-health system. The m-health
It is assumed that the adversary has the family of hash system is modeled in Fig. 8, where S indicates the source
functions but not the particular polynomial g(x) and the node, and R represents the relay node. The anonymous and
pad s that are used to generate the authentication tag. The mutual authentication is implemented between the client and
generator polynomial is changed periodically at the beginning the physician in a wireless body area network to protect the
of each session and pad s is changed for every message. The privacy of both the data source and the intended destination.
new family of cryptographic hash functions based on CRC The signcryption of the message µS and encryption of its
codes with generator polynomials in g(x) = (1 + x)p(x) identity eSH are applied to the source client to authenticate the
are introduced, where p(x) is a primitive polynomial. The physician. A certificated-less signature algorithm is applied to
proposed CRC retains most of the implementation simplicity the source client data before it is sent out. The source data
of cryptographically non-secure CRCs. However, the applied identity can only be recovered by the intended physician who
LFSR requires re-programmable connections. has the private key (xH , zH ). The cipher text µS should be
Radio frequency identification (RFID) has been widely decrypted after the source identity is recovered with the right
applied and a single RFID tag can integrate multiple appli- session key. Therefore, even the private key is leaked out,
cations. Due to various limitations in low-cost RFID tags, the without the session key, the ciphertext is still safe. On the
encryption algorithms and authentication mechanisms applied other hand, by verifying the signcryption µS , the physician
to RFID systems need to be very efficient. Thus simple can authenticate the source client. The relay nodes can verify
and fast hash function are considered for the authentication the signature and then forward the data with their own sig-
mechanisms. Moreover, with multiple applications of single natures. The computational and communication overheads of
RFID, the revocation should be taken consideration into the the proposed CLGSC are compared with other four schemes.
authentication scheme. In [55], the authors proposed a revo- Simulation results show that the proposed CLGSC scheme has
cation method in the RFID secure authentication scheme in a lower computational overhead than the other four schemes.
5G use cases. A hash function and a random number are Compared to IEEE 802.11p and the legacy cellular net-
used to generate the corresponding module through a typical works, 5G is a promising solution to provide real-time services
challenge-response mechanism. Fig. 7 shows the authentica- for vehicular networks. However, the security and privacy need
tion process of the RFID secure application revocation scheme. to be enhanced in order to ensure the safety of transportation.
The reader contains a pseudo-random number generator (PNG) In [44], a reliable, secure, and privacy-aware 5G vehicular
and the sever holds a hash function and a database (HFD). network supporting real-time video services is presented. The
The server establishes a tag record for each legitimate tag as system architecture is shown in Fig. 9, which includes a mobile
(IDS, IDi ) and a group of corresponding application records core network (MCN), a trusted authority (TA), a department of
as (Ki,j
old now
, Ki,j ). q is the authentication request generated by motor vehicles (DMV), and a law enforcement agency (LEA).
the reader. r1 is the first random number generated by the D2D communications and mmWave techniques are adopted
PNG in reader. After receiving the authentication request, the in the 5G vehicular communications. As shown in Fig. 9,
tag generates the second random number r2 and calculates HetNet is applied to expand network capacity and achieve
two hash authentication messages ML 1 , M2 , and value of XOR high user data rates. The cloud platform provides massive s-
authentication information F = E Ki,j , where E is the torage and ubiquitous data access. The proposed cryptographic
current value of the status flag information, which is used to mechanisms include a pseudonymous authentication scheme,
determine whether to revoke or to certify the application. The a public key encryption with keyword search, a ciphertext-
security and complexity results are presented, which show that policy attribute-based encryption, and threshold schemes based
Access
Cloud Platform Transmitter Side Receiver Side
Channel Assignment Channel Assignment

Channel
Slot Assignment Slot Assignment
Data centre
Servers
Private Key Pre-shared Key
Fig. 10: A pseudorandom time hopping system block diagram

[39]
TA
MCN
BS
proposed for cognitive users in 5G to countermeasure jamming
DMV LEA
` attacks. The impact of spectrum dynamics on the performance
`
of mobile cognitive users is modeled with the presence of
`
D2D Link a cognitive jammer with limited resources. The analytical
5G mmWave solutions of jamming probability, switching rate, and error
probability are presented. The jamming probability relates to
Fig. 9: A 5G-enabled vehicular network [44] delay performance and error probability. The jamming proba-
bility is low when the jammer lacks the access opportunities.
Switching probability of time-hopping system outperforms the
on secret sharing. The pseudonymous authentication scheme frequency-hopping system. With the same average symbol
with strong privacy preservation [56] is applied to optimize the energy per joule, time-hopping has a lower error probability
certification revocation list size, which is in a linear form with than frequency-hopping, and the performance gain saturates
respect to the number of revoked vehicles so that certification at a certain symbol energy level. The authors pointed out that
verification overhead is the lowest. The authentication require- the proposed time-hopping technique is a strong candidate for
ments include vehicle authentication and message integrity, D2D links in 5G wireless networks due to its good EE and
where vehicle authentication allows the LEA and official SE performance as well as its capability in providing jamming
vehicles to check the sender authenticity. The authentication resilience with a small communication overhead. However, a
is achieved by using a public-key-based digital signature that pre-shared key is required for the time-hopping anti-jamming
binds an encrypted traffic accident video to a pseudonym and technique. The pseudorandom time hopping system block
to the real identity of the sender. The pseudonymous authen- diagram is shown in Fig. 10. Both frequency hopping and time
tication technique can achieve the conditional anonymity and hopping require a pre-shared key to determine the hopping
privacy of the sender. sequence.
Considering the limited computational capabilities at certain

B. Availability
nodes, in [40], a fusion center is used to defend these nodes
Availability is a key metric to ensure the ultra-reliable from a malicious radio jamming attack over 5G wireless
communications in 5G. However, by emitting wireless noise network. A noncooperative Colonel Blotto game is formulated
signals randomly, a jammer can degrade the performance of between the jammer and the fusion center as an exercise
the mobile users significantly and can even block the avail- in strategic resource distribution. Fig. 11 shows the resource
ability of services. Jamming is one of the typical mechanisms allocation model between fusion center and the malicious
used by DoS attacks. Most of the anti-jamming schemes use jammer. The jammer aims to jeopardize the network without
the frequency-hopping technique, in which users hop over getting detected by distributing its power among the nodes
multiple channels to avoid the jamming attack and to ensure intelligently. On the other hand, the fusion center as a defender
the availability of services. aims to detect such an attack by a decentralized detection
In [57], the authors proposed a secret adaptive frequency scheme at a certain set of nodes. The fusion center can allocate
hopping scheme as a possible 5G technique against DoS based more bits to these nodes for reporting the measured inter-
on a software defined radio platform. The proposed bit error ference. A hierarchal degree is assigned to each node based
rate (BER) estimator based on physical layer information is on its betweenness centrality. Once the attack is detected,
applied to decide frequency blacklisting under DoS attack. the fusion center will instruct the target node to increase
Since the frequency hopping technique requires that users have its transmit power to maintain a proper SINR for normal
access to multiple channels, it may not work efficiently for communications. The simulation results show that error rate
dynamic spectrum access users due to the high switching rate performance improves significantly with the fusion center
and high probability of jamming. having more bits to allocate among the nodes. The proposed
To reduce the switching rate and probability of jamming, in resource allocation mechanism outperforms the mechanism
[39], a pseudorandom time hopping anti-jamming scheme is that allocates the available bits in a random manner.
Access
Fusion Center Bandwidth Allocation applied between Alice and John. The problem is formulated
Detected feedback to maximize the achievable secrecy rates for both Alice and
Interference John as follows [58]
Server
Ca = max (Rajb Rae ), (3)
s.t.Pj + Pjb  PJ ; (4)
Cj = max (Rjab Rje ), (5)
s.t.Pa + Pab  PA , (6)
where Ca and Cj represent the secrecy rates of Alice and John
Server respectively. Rajb and Rjab are the achievable rates of Alice
and John respectively with helping to relay data for each other.
Jammer Rae and Rje are the achievable rates of eavesdropper from
Alice and from John respectively. Eq. 4 and Eq. 6 represent
Fig. 11: The resource allocation model [40] the transmit power limitation of the two legitimate senders.
Two cooperation scenarios are considered, namely cooperation
Relay or cooperator with relay and cooperation without relay. In the cooperation
...
Receiver with relay scenario, Alice and John can help relay data of
Server each other using the shared bi-directional link. In cooperation
...
Server without relay, Alice and John coordinate their respective trans-
... mission power to maximize the secrecy rate of the other one.
Server
The optimization problem of noncooperation scenario is also
presented for comparison. The distance between the legitimate
transmitter and the eavesdropper is given a constraint to avoid
Eavesdropper distance attacks as the eavesdropper may have a better received
Sender
...
signal quality on the transmitted message than the legitimate
Server Legitimate Link receiver. Simulation results show that achievable secrecy rates
of Alice and John are improved by relaying data for each
Eavesdropping Link
other. With the increase of distance between the transmitter
and the receiver, the benefit from cooperation decreases and
Fig. 12: A general system model with eavesdropping attacks at some point non-cooperation could become more beneficial
to the legitimate transmitter.
With no relay or cooperation, based only on power control
C. Data Confidentiality and channel access, in [59], the authors developed a Stack-
elberg game framework for analyzing the achieved rate of
Data confidentiality service is commonly required to tack- cellular users and the secrecy rate of D2D users in 5G by
le eavesdropping attacks. The general system model with using PLS. The system model includes one base station (BS), a
eavesdropping attacks is shown in Fig.12. The specific sys- number of cellular users, one D2D link, and one eavesdropper,
tem models can be different in the number of transmit- as shown in Fig. 13. The utility function of cellular user
ter/receiver/eavesdropper antennas and in the number of eaves- achieved rates and D2D user secrecy rates are expressed as
droppers/relays/cooperators. The relays or cooperators are functions of channel information and transmission power [59]:
optional in the system. In this subsection, we discuss data
confidentiality based on power control, relay, artificial noise, uc,i = log2 (1 + SIN Rc,i ) + ↵ PD hdc , (7)
signal processing, and cryptographic methods.
ud = [log2 (1+SIN Rd ) log2 (1+SIN Re )] ↵PD hdc , (8)
1) Power Control: Power control for security aims to con-
trol the transmit power to ensure that the eavesdropper can not where ↵ is the price factor and is the scale factor. The first
recover the signal. Based on the most simple eavesdropping term in uc,i represents the data rate of the ith cellular user, and
attack model with a single eavesdropper armed with a single the second term compensates the interference from the D2D
antenna, in [58], the authors proposed a distributed algorithm link, where PD is the transmit power of the D2D user and hdc
to secure D2D communications in 5G, which allows two is the channel gain from the D2D user to cellular users. The
legitimate senders to select whether to cooperate or not and utility function of D2D user includes the secrecy data rate and
to adapt their optimal power allocation based on the selected the payment for the interference to cellular users. The game
cooperation framework. Fig. 12 shows a general system model strategy of cellular users depends on the price factor ↵ and
with eavesdropping attacks. In the system model in [58], game strategy of D2D user depends on the transmission power
the sender, relay or cooperator, receiver, and eavesdropper PD . The Stackelberg game is formed to maximize cellular
are named as Alice, John, Bob, and Eve, respectively. Each utility function at the first stage and then the utility function
user has a single antenna. A shared bi-directional link is of D2D user at the second stage.
Access
Eavesdropper To tackle the complexity issue of relay selection in 5G large-

Cellular User scale secure two-way relay amplify-and-forward (TWR-AF)
systems with massive relays and eavesdroppers, in [62], the
authors proposed a distributed relay selection criterion that
does not require the information of sources SNR, channel
estimation, or the knowledge of relay eavesdropper links. The
Cellular User proposed relay selection is done based on the received power
D2D User D2D User of relays and knowledge of the average channel information
BS
between the source and the eavesdropper. The system model
Cellular link
includes two source nodes, a number of legitimate relay nodes
Interference and multiple passive eavesdroppers. Each node has a single
D2D link antenna. The cooperation of eavesdroppers is considered. In
Eavesdropping link TWR-AF, the received signals from the two sources at the
eavesdropper in each time slot are overlapped, where one
Fig. 13: The system model with D2D link and an eavesdropper source’s signal acts as the jamming noise. The analytical
[59] results show that the number of eavesdroppers has a severe im-
pact on the secrecy performance. The simulation results show
that the performance of the proposed low-complexity criterion
is very close to that of the optimal selection counterpart.
Power control is also one of the normally used mechanisms Considering eavesdroppers and relay with both single and
to improve the EE of the network. In [60], the authors studied multiple antennas, in [63], the transmission design for secure
the trade-off between PLS and EE of massive MIMO in an relay communications in 5G networks is studied by assuming
HetNet. An optimization model is presented to minimize the no knowledge on the number or the locations of eavesdroppers.
total power consumption of the network while satisfying the The locations of eavesdroppers form a homogeneous Poisson
security level against eavesdroppers by assuming that the BS Point Process. A randomize-and-forward relay strategy is
has imperfect channel knowledge on the eavesdroppers. The proposed to secure multi-hop communications. Secrecy outage
simulation results show that a highly dense network topology probability of the two-hop transmission is derived. A secrecy
can be an effective solution to achieve high capacity, high rate maximization problem is formulated with a secrecy outage
cellular EE, and reliable and secure communication channels. probability constraint. It gives the optimal power allocation
2) Relay: As shown in Fig.12, cooperation with relay can and codeword rate. Simulation results show that the secrecy
be used to help the sender to secure the signal transmis- outage probability can be improved by equipping each relay
sion. In [61], two relay selection protocols, namely optimal with multiple antennas. The secrecy throughput is enhanced
relay selection (ORS) and partial relay selection (PRS), are and secure coverage is extended by appropriately using relay-
proposed to secure an energy harvesting relay system in 5G ing strategies.
wireless networks. The system model is shown in Fig. 12, 3) Artificial Noise: Artificial noise can be introduced to se-
which consists of multiple relay nodes and assumes there cure the intended signal transmission. With the artificial-noise-
is no direct link between sender and receiver. The power aided multi-antenna secure transmission under a stochastic ge-
beacon is armed with multiple antennas, which can be used ometry framework, in [24], the authors proposed an association
to strengthen the energy harvested. The ORS chooses the policy that uses an access threshold for each user to associate
aiding relay to maximize the secrecy capacity of the system with the BS so that the truncated average received signal power
by assuming the source has full knowledge of channel state beyond the threshold is maximized and it can tackle randomly
information (CSI) on each link. The PRS selects the helping located eavesdroppers in a heterogeneous cellular network.
relay based on partial CSI. The system includes a power The tractable expression of connection probability and se-
beacon with multiple antennas, several relays, a destination crecy probability for a randomly located legitimate user are
node and an eavesdropper with a single antenna. Two energy investigated. Under the constraints of connection and secrecy
harvesting scenarios that aim to maximize energy harvesting probabilities, the network secrecy throughput and minimum
for source and selected relay are investigated. The analytical secrecy throughput of each user are presented. Numerical
and asymptotic expressions of secrecy outage probability for results are presented to verify the analytical accuracy.
both relay selections protocols are presented. The numerical Assuming the sender is armed with multiple antennas, in
results show that ORS can significantly enhance the security [64], an artificial noise transmission strategy is proposed to
of the proposed system model and can achieve full secrecy secure the transmission against an eavesdropper with a single
diversity order while PRS can only achieve unit secrecy antenna in millimeter wave systems. Millimeter wave channel
diversity order regardless of the energy harvest strategies. PRS is modeled with a ray cluster based spatial channel model. The
that maximizes energy harvesting for relay strategy has a better sender has partial CSI knowledge on the eavesdropper. The
secrecy performance than the one based on the maximizing proposed transmission strategy depends on directions of the
energy harvesting for source. Moreover, the results show that destination and the propagation paths of the eavesdropper. The
the secrecy performance of the considered system is impacted secrecy outage probability is used to analyze the transmission
significantly by the duration of energy harvest process. scheme. An optimization problem based on minimizing the
Access
secrecy outage probability with a secrecy rate constraint is The proposed CoMP scheme has a better performance to resist
presented. To solve the optimization problem, a closed-form more eavesdroppers than the no-CoMP scheme.
optimal power allocation between the information signal and In [25], massive MIMO is applied to HetNets to secure the
artificial noise is derived. The secrecy performance of the data confidentiality in the presence of multiple eavesdroppers.
millimeter wave system is significantly influenced by the The tractable upper bound expressions for the secrecy outage
relationship between the propagation paths of destination and probability of HetNet users are derived, which show that mas-
eavesdropper. The numerical results show that the secrecy sive MIMO can significantly improve the secrecy performance.
outage is mostly occurred if the common paths are large or The relationship between the density of picocell base station
the eavesdropper is close to the transmitter. and the secrecy outage probability of the HetNet users is
To improve EE of the security method using artificial noise, discussed.
in [53], an optimization problem is formulated to maximize 5) Cryptographic Methods: Besides the PLS solutions in-
the secrecy EE by assuming imperfect CSI of eavesdropper troduced above, cryptographic methods are also used for
at transmitter. The system is modeled with one legitimate implementing data confidentiality by encrypting data with
transmitter with multiple antennas, and one legitimate receiver secret keys. Asymmetric cryptography can be applied to key
and one eavesdropper, each with a single antenna. Artificial distributions. To reduce the cost of encryption, symmetric
noise is used at the transmitter. Resource allocation algorithms cryptography is adopted for data encryption.
are used to solve the optimization problem with correlation In [44], a participating vehicle can send its random sym-
between transmit antennas. With the combination of fractional metric key, which is encrypted using TA’s public key. The
programming and sequential convex optimization, the first- symmetric key is used to encrypt the message between TA,
order optimal solutions are computed with a polynomial DMV, and participating vehicles. A one-time encryption key is
complexity. also encrypted by a public key. The one-time encryption key is
4) Signal Processing: Besides the three methods above to used to encrypt the video. In [45], an initial symmetric session
provide data confidentiality, in [38], the authors proposed an key is negotiated between the client and a physician after they
original symbol phase rotated (OSPR) secure transmission establish the client/server relationship. The symmetric key is
scheme to defend against eavesdroppers armed with unlimited then used for the data transmission between the client and the
number of antennas in a single cell. Perfect CSI and perfect physician.
channel estimation are assumed. The BS randomly rotates the
phase of original symbols before they are sent to legitimate
user terminals. The eavesdropper can not intercept signals, D. Key Management
only the legitimate users are able to infer the correct phase Key management is the procedure or technique that supports
rotations recover the original symbols. Symbol error rate of the the establishment and maintenance of keying relationships
eavesdropper is studied, which proves that the eavesdropper between authorized parties, where the keying relationship
can not intercept the signal properly as long as the base station is the way common data is shared between communication
is equipped with a sufficient number of antennas. entities. The common data can be public or secret keys,
Considering multiple eavesdroppers in [65], the authors initialization values, and other non-secret parameters.
analyzed the secure performance on a large-scale downlink To provide flexible security, in [67], three novel key ex-
system using non-orthogonal multiple access (NOMA). The change protocols, which have different levels of computational
system considered contains one BS, M NOMA users and time, computational complexity, and security, for D2D com-
eavesdroppers randomly deployed in an finite zone. A pro- munications are proposed based on the Diffie-Hellman (DH)
tected zone around the source node is adopted for enhancing scheme. Details of the key exchange schemes are shown in
the security of the random network. Channel statistics for Fig. 14. The threat analysis of all three proposed protocols
legitimate receivers and eavesdroppers and secrecy outage under common brute force and MITM attacks is presented.
probability are presented. User pair technique is adopted Performance study is provided for the proposed protocols to
among the NOMA users. Analytical results show that the evaluate the confidentiality, integrity, authentication, and non-
secrecy outage probability of NOMA pairs is determined by repudiation of security services based on theoretical analysis.
the NOMA users with poorer channel conditions. Simulation The analysis proves that the proposed protocols are feasible
results show that secrecy outage probability decreases when with reasonable communication overhead and computational
the radius of the protected zone increases and secrecy outage time.
probability can be improved by reducing the scope of the user For D2D group use cases, in [49], a group key management
zone as the path loss decreases. (GKM) mechanism to secure the exchanged D2D message
In [66], the authors proposed a dynamic coordinated mul- during the discovery and communication phases is proposed.
tipoint transmission (CoMP) scheme for BS selection to en- There are five security requirements in the proposed GKM,
hance secure coverage. Considering co-channel interference namely forward secrecy (users that have left the group should
and eavesdroppers, analysis of the secure coverage probability not have access to the future key), backward secrecy (new
is presented. Both analytical and simulation results show that users joining the session should not have access to the old
utilizing CoMP with a proper BS selection threshold the key), collusion freedom (fraudulent users could not deduce
secure coverage performance can be improved, while secure the current traffic encryption), key independence (keys in
coverage probability decreases with the excessive cooperation. one group should not be able to discover keys in another
Access
User 1 User 2 eNodeB User 1 User 2 eNodeB User 1 User 2 eNodeB

1 1 1
2 2 2
3 3 3
4 4 4
5 5 5
6 5
6
6
7
8 7
8
8 8
Protocol 1 Protocol 2
10
11
Public channel 12
Encrypted dedicated channel 12
1. User 1 send its DH key k1, the received key by user 2 as k1' Protocol 3
2. User 1 send its DH public key k2, the received key by user 1 as k2'
3. ACK of DH key mutual exchange Protocol 3
4. Start to authentication 5. Random key K, user 1 and user 2 generate K1
Protocol 1 Protocol 2 and K2 respectively
5. Random key K, check function 5. Random key K, the received 6. Check value HMAC(k1',k2,K)
Ck(k1',k2) key by user 1 is K 7. Check value HMAC(k1,k2',K)
6. Forward the key K and Ck 6. Check value Ck(k1',k2), K 8. K2
7. Accept, if Ck(k1',k2)=Ck(k1,k2'), 7. Check value Ck(k1,k2'), K 9. If HMAC(k1,k2',K)=HMAC(k1',k2,K), send accept
otherwise reject 8. If K=K and ACK to eNodeB
8. Forward accept or reject Ck(k1,k2)=Ck(k1,k2'), accept ACK, 10. If accept ACK was send in 9, send K1 to user 2
else refuse ACk 11. If HMAC(k1',k2,K)=HMAC(k1,k2',K), send accept
ACK to eNodeB
12. Accept ACK/reject ACK
Fig. 14: Three key exchange schemes in [67]
group), and trust relationship (do not reveal the keys to any been research work considering location privacy and identity
other part in the same domain or any part in a differen- privacy.
t domain). ID-based cryptography (IBC) scheme based on Regarding location privacy, in [48], to protect the location
Elliptic Curve Cryptography (ECC) for securing multicast and preferences of users that can be revealed with associated
group communications is presented. The steps of the proposed algorithms in HetNets, a decentralized algorithm for access
protocol include secret key generation, elliptic curve digital point selection is proposed based on a matching game frame-
signature algorithm, signature verification, group formation work, which is established to measure the preferences of
procedure, key generation, join process, and leave process. The mobile users and base stations with physical layer system
master key and private key generations are based on IBC and parameters. Differentially private Gale-Shapley matching al-
ECC schemes. The overhead for communications, re-keying gorithm is developed based on differential privacy. Utilities of
message, and key storage are assessed. The weakness of the mobile users and access points are proposed based on packet
IBC scheme and the ways of creating and using GKM are success rate. Simulation results show that the differentially
compared. The overall performance comparisons show that private algorithm can protect location privacy with a good
the proposed GKM has an enhancement in both the protocol quality of service based on utility of the mobile users. In
complexity and security level compared with other works. [37], a location-aware mobile intrusion prevention system
ECC is also adopted for the proposed LRSA protocol in (mIPS) architecture with privacy enhancement is proposed.
[45]. The network manager generates a partially private and The authors presented the mIPS requirements, possible privacy
partially public key for the client and the physician after the leakage from managed security services.
registration. And once the client and the physician establish
the client/server relationship, an initial systematic session key In [45], contextual privacy is defined as the privacy of data
can be set up for the data transmission. source and destination. The identity of the source client is
encrypted by a pseudo identity of the source client with the
public key of the physician using certificateless encryption
E. Privacy mode. Meanwhile, the identity of the intended physician is
As discussed in the previous sections, 5G wireless networks also encrypted with the public key of the network manager.
raise serious concerns on privacy leakage when supporting Through these two encryption steps, the contextual privacy can
more and more vertical industries such as m-health care and be achieved. For the proposed reporting service in [44], privacy
smart transportation [15]. The data flows in 5G wireless is an essential requirement to gain acceptance and participation
networks carry extensive personal privacy information such as of people. The identity and location information of a vehicle
identity, position, and private contents. In some cases, privacy should be preserved against illegal tracing. Meanwhile, a
leakage may cause serious consequences. Depending on the reporting vehicle should be able to reveal its identity to
privacy requirements of the applications, privacy protection is the authorities for special circumstances. The pseudonymous
a big challenge in 5G wireless networks. There have already authentication schemes are applied to achieve the conditional
Access
anonymity and privacy. Due to the high density of small cells, the knowledge of the
cell an user is associated with can easily reveal the location
information of that user. In [48], the authors investigated the
IV. S ECURITY FOR T ECHNOLOGIES A PPLIED TO 5G
location privacy based on physical layer of association algo-
W IRELESS N ETWORK S YSTEMS
rithms in 5G. A differential private Gale-Shapley algorithm is
In this section, we present the security research activities proposed to prevent the leakage of location information with
from the perspectives of technologies applied to 5G. First certain QoS for users. The evaluation of the algorithm based
we briefly introduce the technologies applied to 5G. Then on different privacy levels is presented with the influence on
the security activities of each technology are presented. The utility of users.
technologies applied to 5G wireless networks discussed in this The intrusion detection based approach is considered as
section are HetNet, massive MIMO, D2D, SDN, and IoT. one way to provide secure communications. In [68], intrusion
detection techniques for mobile cloud computing in hetero-
geneous 5G are introduced. Several detection methodologies
A. HetNet
are studied as signature-based detection, anomaly-based detec-
HetNet is a promising technique to provide blanket wireless tion, specification-based detection, stateful protocol analysis,
coverage and high throughput in 5G wireless networks. It hybrid intrusion detections with principles of these approach-
is a multi-tier system in which nodes in different tier have es. Traditional password-based authentication and biometric
different characteristics such as transmission power, coverage authentication are discussed for providing different levels of
size, and radio access technologies. With the heterogeneous security.
characteristics, HetNet achieves higher capacity, wider cover-
age and better performance in EE and SE. However, HetNet B. D2D
architecture, compared to single-tier cellular network, makes In D2D communications, devices can communicate with
UE more vulnerable to eavesdropping [24]. Moreover, with each other without going through BSs. D2D communications
the high density of small cells in HetNet, traditional handover enable efficient spectrum usage in 5G. Moreover, D2D com-
mechanisms could face significant performance issues due munications can effectively offload traffic from BSs. However,
to too frequent handovers between different cells [43]. The the lack of a D2D security infrastructure makes the D2D
privacy issue in HetNet also faces a big challenge. Location communications less secure than the device to network com-
information becomes more vulnerable due to the high density munications [54][69]. To improve the SE, dynamic spectrum
of small cells. The conventional association mechanism can access is usually adopted for D2D links, which can yield
disclose the location privacy information [48]. security threats such as jamming [39]. The security issue
To tackle the eavesdropping attacks in HetNet, a secret becomes a major concern for direct radio communications and
mobile association policy is proposed based on the maxi- large-scale deployment of D2D groups [49].
mum truncated average received signal power (ARSP). The Cooperation between D2D nodes is a popular way to
maximum ARSP should be higher than a pre-set access secure the D2D communications against eavesdroppers. The
threshold in order for mobile to keep active. Otherwise, the legitimate transmitters with a common receiver can improve
mobile device remains idle. In [24], the authors analyzed their reliable transmission rate through cooperation. In [58],
the user connection and secrecy probability of the artificial- the authors proposed a cooperation scheme to secure D2D
noise-aided secure transmission with the proposed association communications considering distance. Before the cooperation,
policy, which is based on an access threshold. The secrecy devices can check the distance to test whether cooperation
throughput performance can be significantly enhanced with a can improve the security of the communications. The distance
proper access threshold used in the association policy. constraints can be used to determine cooperation jointly,
For enhancing communication coverage in HetNet, coordi- cooperation from one side, or no cooperation to maximize the
nated multipoint transmission (CoMP) can be applied [66]. achievable secrecy rate. With no specific requirements for the
However, CoMP can increase the risk of being eavesdropped D2D communications, the proposed scheme can be applied to
for the legitimate users. In [66], multiple BSs are selected all D2D communications scenarios.
to transmit the message. A dynamic BS selection scheme is Besides cooperation, power control and channel access are
proposed based on the secure coverage probability. Based on also considered in securing D2D communications. In [59],
the theoretical and simulation results, the authors concluded optimal power control and channel access of D2D link are
that the proper BS selection threshold for CoMP can improve proposed to maximize the achievable rate of cellular users
the secure coverage performance. and the physical layer secrecy rate of D2D links. The system
Security-based resource management has been used to im- model is shown in Fig. 13. The utility function of a single
plement security in HetNet. In [52], the authors studied a case D2D user is modeled by considering PLS requirement and
to improve the existing jamming and relaying mechanisms by payment of interference from other D2D users. A Stackelberg
proposing a cross-layer cooperation scheme with the aid of game approach is used, where the price from cellular users are
SBSs for protecting the confidentiality of macro cell user com- leaders and transmission power of D2D users are followers.
munications. The SBSs are motivated by monetary or resource The channel access problem of D2D links is discussed to
bonus to become jammers to assist the secure communications maximize the achievable secrecy rate of D2D links and to
under the constraints of the QoS of their own users. minimize the interference to the cellular users.
Access
To provide a measurement for security level, continuous the security of communications. In [25] the authors considered
authenticity with legitimacy patterns is proposed in [54] to PLS for a downlink K-tier HetNet system with multiple eaves-
enable wireless security scoring. Security scoring based on droppers. Each MBS is armed with large antenna arrays using
probability of attack detection is applied to prevent, react, and linear zero-forcing beamforming. Both theoretical analysis and
detect attacks. The continuous legitimacy pattern is inserted simulation results show that massive MIMO can significantly
into packets to authenticate the integrity and authenticity of enhance the secrecy outage probability of the macrocell users.
transmissions. However, eavesdropper can utilize massive MIMO to attack
Considering the assistance of the network, in [67], key the legitimate communications. In the system model [38],
exchange protocols involved with the two D2D users and the authors considered massive MIMO at both BS and the
eNodeB are proposed. Two scenarios are considered. For the eavesdropper. The antenna arrays of the eavesdropper are far
traffic offload scenario, D2D users are connected to the same more powerful. The OSPR approach is introduced. Theoretical
eNodeB. For the social networking scenario, D2D link is and simulation analysis shows that the antenna number at the
required for the applications in each D2D user. Public channel BS can significantly impact the security performance. With
and encrypted dedicated channel are applied to the process the number of antennas at the BS is sufficiently high, the
of key exchange. The eNodeB is involved in the initial key massive MIMO eavesdropper fails to decode the majority of
exchange and mutual authentication of the D2D users. Based the original symbols while the legitimate users are able to
on the role of eNodeB in the authentication process, three recover the original symbols with only a limited number of
different key exchange protocols are proposed with different antennas. Compared to other approaches involved in jamming,
computational time and complexity. the proposed method has a higher EE.
The security algorithms and solutions for public cellular
systems are not adapted to the short radio range D2D com-
D. SDN
munications. The security issues in both proximity service
discovery and communication phases for D2D communica- By decoupling the control plane from the data plane,
tions are presented and addressed by proposing a group key SDN enables centralized control of the network and brings
management mechanism using IBC [49]. Key distributions and promising methods to make the network management simpler,
key revocations are two problems in group key management more programmable, and more elastic [9]. Information can
(GKM). Five security requirements of GKM are defined and be shared between cells by using SDN. SDN can provide
corresponding solutions are provided. A key graph is applied three key attributes, namely logically centralized intelligence,
by dividing a group of members into subgroups to reduce the programmability, and abstraction [70] so that scalability and
complexity of join process and leave process. flexibility of the network can be greatly improved and cost
With the development of D2D technique, m-health ap- can be significantly reduced. A survey of software-defined
plications are adopted to improve efficiency and quality of mobile network (SDMN) and its related security problems are
healthcare services. The security requirements for D2D com- provided in [26].
munications used in m-health system are analyzed in [45]. In [9], the authors discussed the pros and cons of the SDN
The protocol needs to secure the data that is not accessed security. The pros of SDN security over traditional networks
by relays and to achieve mutual authentication between the are shown in Table. II. Besides the pros of the SDN brought
source and the intended physician without interaction. It to 5G wireless networks, the new security issues caused
also requires light weight for mobile terminals with energy by SDN are presented in Table. III, together with possible
and storage constraints and needs to be robust enough to countermeasures.
fight against threats as part of the keys can be exposed. A In [22], the authors discussed the limitations in present
certificateless public key cryptography is applied to achieve the mobile networks. A SDMN architecture consisting of an
security requirements. The private key of a user is generated application, control plane, and data plane is proposed, which
by both key generator center and the user, which makes integrates SDN, NFV and cloud computing. The security
the key generator center unaware about user’s private key. mechanisms in legacy cellular networks are presented with
Authentication is achieved by recognizing the public key. their limitations. The expected security advantages of SDMN
Security objectives of m-health network are defined as data are introduced. The security perspectives that can be improved
confidentiality and integrity, mutual authentication, anonymity through SDMN are listed. Besides the advantages of SDMN,
to anyone except intended physician, unlinkability, forward threat vectors for SDMN architecture are also presented. In
security and contextual privacy. [35], the open issues of 5G security and trust based on NFV
and SDN are elaborated. Corresponding security and trust
frameworks are proposed, which use NFV Trust Platform as
C. Massive MIMO a service, security function as a service and trust functions as
By utilizing a large number of antennas at BSs, massive a service.
MIMO can provide high EE and SE to support more users To address the threats in SDMN, in [36], security attack
simultaneously. The large number of antennas at BSs can vectors of SDN are presented. The authors modeled the net-
significantly improve the throughput, EE performance, and work attacks by using attack graph. Analytic hierarchy process
shift the most of signal processing and computation from user and technique are applied to calculate the node minimal effort
terminals to BSs [38]. Moreover, massive MIMO can improve for SDMN. A case study based on MobileFow architecture
Access
TABLE II: The pros of SDN security over traditional networks [9]
SDN characteristic Attributed to Security use
Network-wide intrusion detection
Centralization
Global network view Detection of switch’s malicious behavior
Traffic statistics collection
Network forensics
Self-healing Conditional rules Reactive packet dropping
mechanisms Traffic statistics collection Reactive packet redirection
Increased control
Flow-based forwarding scheme Access control
capabilities
TABLE III: New security issues that SDN networks are exposed to along with possible countermeasures [9]
Targeted level Malicious behavior Caused by Possible countermeansures
Proactive rule caching
Limited forwarding table storage capacity
Rule aggregation
Switch DoS Enormous number of flows
Forwarding plane Increasing switchs buffering capacity
Limited switchs buffering capacity
Decreasing switch-controller communication delay
Packet encryption
Invisible header fields Packet type classification based on traffic analysis
and tunnel bypassing
Centralization Controller replication
DDoS attack Limited forwarding table storage capacity Dynamic master controller assignment
Control plane
Enormous number of flows Efficient controller placement
Controller replication with diversity
Compromised controller attacks Centralization
Efficient controller assignments
Communication message sent in clear Encryption
MITM attacks
Forwarding-control Link Lack of authentication Use of digital signatures
Communication message sent in clear Encryption
Replay attacks
Lack of time stamping Time stamp inclusion in encrypted messages
is presented as an example to test the proposed vulnerability A certain level threshold and aggregated received interference
assessment mechanism. power level are used to determine whether a jamming attack
Due to the high density of small cells in 5G, key manage- exists or not. The authors assumed that the jammer knows
ment is difficult with user frequently joining and leaving the the topology of the network and correspondingly allocates
small cells. Moreover, speeding up the authentication process certain interference power to the IoT nodes to decrease their
is essential to ensure the low latency requirement in 5G. In SINR. The fusion center can also allocate bandwidth to certain
[43], SDN is introduced into the system model to enable the nodes to measure the interference level in order to detect the
coordination between different heterogeneous cells. A SDN jammer attack. Therefore, a non-cooperative Colonel Blotto
controller is used to monitor and predict the user locations. The game between the jammer and the fusion center is formed as
multiple physical layer characteristics are constantly sampled a resource distribution problem.
by the SDN controller to show the performance of the multiple In [63], the security of relay communications in IoT net-
SCI combination. The weighted SCI design and decision rules works is introduced by considering power allocation and
are proposed. The SDN mode uses the priority queuing and codeword rate design over two-hop transmission against ran-
arriving traffic is modeled as a Pareto distribution. The latency domly distributed eavesdroppers. The problem is formulated to
performance of the SDN based authentication is shown to maximize the secrecy rate. Both single- and multiple-antenna
be better than the performance of traditional cryptographic cases at relays and eavesdroppers are considered. It is shown
methods based on different load situations. By pre-shared SCI that proper relay transmission can extend secure coverage and
over SDN, security framework can have a higher tolerance the increase of the number of antennas at relay nodes can
level to deal with failures of the network. improve the security level.
RFID is an automatic identification and data capture tech-
nology widely used in IoT networks. In [55], a RFID secure
E. IoT
application revocation scheme is proposed to efficiently and
Due to the limited computation capability of IoT nodes, securely use multi-application RFID and revoke applications in
security services in 5G IoT devices need to be efficient and the tag. Based on theoretical analysis, the proposed scheme can
lightweight. Relaying has been considered as an effective achieve a higher level of security than other existing schemes.
mechanism in IoT networks to save the power of IoT nodes
and also to extend the transmission coverage.
V. P ROPOSED 5G W IRELESS S ECURITY A RCHITECTURE
In [40], a fusion center is used to protect IoT nodes with
limited computation power from jammer. Each IoT node In this section, we present the proposed 5G wireless net-
is equipped with a sensor to detect the interference. The work security architecture. First we illustrate a 5G wireless
betweenness centrality of each IoT node is taken consideration network architecture, based on which we further propose a
to measure the importance of the node over the network. The corresponding security architecture. Identity management and
decentralized interference measurements are collected at the flexible authentication based on the proposed 5G security
fusion center in regular intervals on a common control channel. architecture are analyzed. A handover procedure and signaling
Access
load analysis are studied to illustrate the advantages of the B. 5G Wireless Security Architecture
proposed 5G wireless security architecture. Based on the illustrated 5G wireless network architecture,
A. 5G Wireless Network Architecture we propose a 5G wireless security architecture as shown in
Fig. 16. With the new characteristics of the next generation
In this subsection, we introduce a 5G wireless network core, a separation of data plane and control plane of VEPC is
architecture. As shown in Fig. 15, the illustrated general proposed, where the data plane can be programmable for its
5G wireless network architecture includes a user interface, flexibility. The major network functions in the control plane
a cloud-based heterogeneous radio access network, a next of the next generation core are identified in TR 23.799, which
generation core, distributed edge cloud and central cloud. The are utilized in our proposed security architecture as follows:
cloud-based heterogeneous radio access network can combine
• Access and mobility management function (AMF): The
virtualization, centralization and coordination techniques for
efficient and flexible resource allocation. Based on different function is applied to manage access control and mobility,
use cases, 3GPP classifies more than 70 different use cases which is implemented in MME for legacy cellular net-
into four different groups such as massive IoT, critical commu- work. This can be vary with different use cases. Mobility
nications, network operation, and enhanced mobile broadband management function is not necessary for fixed access
[71]. In the cloud-based heterogeneous access network, be- applications.
• Session management function (SMF): Based on network
sides the 3GPP access and non-3GPP access, other new radio
technologies will be added for more efficient spectrum utiliza- policy, this function can set up and manage sessions. For
tion. In the first stage of 5G, the legacy evolved packet core a single AMF, multiple SMF can be assigned to manage
(EPC) will still be valid. Network slicing is applied to enable different sessions of a single user.
• Unified data management (UDM): UDM manages sub-
different parameter configurations for the next generation core
according different use cases. New flexible service-oriented scriber data and profiles (such as authentication data
EPC based on network slicing, SDN, and NFV will be used of users) for both fixed and mobile access in the next
in the next generation core as virtual EPC (VEPC) shown in generation core.
• Policy control function (PCF): This function provides
the Fig .15. The VEPC is composed of modularized network
functions. Based on different use cases, the network functions roaming and mobility management, quality of service,
applied to each VEPC can be various. In the VEPC, control and network slicing. AMF and SMF are controlled by
plane and user plane are separated for flexibility and scalability PCF. Differentiated security can be provided with PCF.
of the next generation core. Edge cloud is distributed to AMF and SMF are integrated in the legacy cellular networks
improve the service quality. Central cloud can implement as MME. The separation of AMF and SMF can support a
global data share and centralized control. more flexible and scalable architecture. In the network function
Compared with the legacy cellular networks, 5G wireless based control plane, different network functions can be applied
networks introduce some new perspectives and changes. (1) to different use cases.
User equipment and services are not limited to regular mobile Similar to the legacy cellular networks, four security do-
phone and regular voice and data services. Based on different mains are defined in Fig. 16 as A, B, C, D. The details of
use cases and requirements, user interfaces are classified into these security domains are introduced as follows.
four different groups such as massive IoT, critical communi- Network access security (A). The set of security features
cations, network operation, and enhanced mobile broadband. that provide the user interface to access the next generation
Every use case can affect the radio access selection and VEPC core securely and protect against various attacks on the radio
functions. (2) In addition to 3GPP access and non-3GPP access access link. The new physical layer technologies applied to
in the cloud-based heterogeneous radio access network, 5G the radio access network including massive MIMO, HetNet,
access network includes other new radios, which build the D2D communications and mmWave bring new challenges and
foundation of wireless standards for the next generation mobile opportunities in network access security. This level has securi-
networks for higher spectrum utilization. The new radios can ty mechanisms such as confidentiality and integrity protection
support the performance and connectivity requirements of between the user interface and radio access network. Current
various use cases in 5G wireless networks. Moreover, there are researches on network access security focus on providing user
many technologies applied to the access network to improve identity and location confidentiality, user data and signaling
the network performance, such as massive MIMO, HetNet, data confidentiality, and entity authentication.
and D2D communications. (3) The next generation core will Network domain security (B): The set of security features
be based on cloud using network slicing, SDN and NFV to that protect against attacks in the wire line networks and enable
handle different use cases. The flexible service-oriented VEPC different entities and functions to exchange signaling data and
will be applied. With network slicing, SDN and NFV, different user data in a secure manner. As we can see in Fig. 16, this
network functions can be applied to the service-oriented VEPC level security exists between access network and next genera-
for different use cases. The next generation core is expected to tion core, control plane and user plane. Since new technologies
be access-independent. Separation of control and user plane is such as cloud technique, network slicing and NFV are applied
important to achieve an access-agnostic, flexible and scalable to 5G core and radio access network, new vulnerabilities in this
architecture. (4) Edge cloud is applied to 5G wireless network level need to be addressed. However, with the separation of
to improve the performance of the network, such as latency. control plane and user plane, the amount of signaling data will
Access
LTE Evolved packet core

Use Use Edge Cloud
case 1 case n
VEPC_Massive IoT case 1
New Radio
...
Massive IoT
VEPC_Massive IoT case n
Latency Availability
case Reliability case
case VEPC_Critical
Critical Communications 3GPP Access Communication_latency
...
Use Use VEPC_Critical
case 1 case n Communication_reliability Central Cloud
Network Operation VEPC_Critical

Non-3GPP Access Communication_Availability
High High
data mobility VEPC_Network Operation case 1
rates High case
Density
...
case
case
Cloud-based VEPC_Network Operation case n
Enhanced Mobile Broadband
Heterogeneous
User Interface Radio Access Network VEPC_EMB_high date rates case
...
VEPC_EMB_high mobility case
Edge Cloud
Next Generation Core
Fig. 15: A general 5G wireless network architecture
User Application
UDM ...
User Interface AMF PCF Network

Operator
SMF
Application
Network Function based

Control Plane
New Radio
3GPP Access
Service Provider Application
Non-3GPP Access Programmable Data Plane
Cloud-based Heterogeneous Application Layer

Next Generation Core
Radio Access Network
Fig. 16: The proposed 5G wireless network security architecture
be significantly reduced. The network function based control between user and service provider. Moreover, different service
plane also reduces the required signaling overhead for data providers may need to authenticate each other to share the
synchronization. Entity authentication, data confidentiality and same user identity management. Compared to the device-based
data integrity are the main security services in this level. With identity management in legacy cellular networks, new identity
the independent characteristics of access technologies of AMF, management methods are needed to improve the security
the network domain security performance can be simplified performance.
and improved. Application domain security (D): The set of security fea-
User domain security (C): The set of security features that tures that ensure the security message exchange between
provide mutual authentication between the user interface and applications on the interfaces, between user interface and
the next generation core before the control plane access to the service provider, as well as between user and network operator.
user interface. Authentication is the main focus in this level.
Based on the use case, the authentication may be needed for C. 5G Wireless Security Services
more than two parties. For example, the authentication can In this subsection, we first analyze the identity management
be required between user and network operator as well as and flexible authentication based on the proposed 5G wireless
Access
UDM User equipment

USIM Trust Model
1. Device-based identity management Access technique
2. User-based identity management Authentication
Device-based 3. Device and service identity Service requirement Mechanism Selection
identity Cryptographic function
management
management 4. Used-based and service identity Security requirement
management
5. Federated identity management
Fig. 18: Authentication mechanism selection
Fig. 17: Identity management in 5G wireless networks
architecture, AMF can handle the authentication independent
of the access technologies. In other words, a full authentication
security architecture. An analysis on the handover procedure
is not required when a user changes its access technology.
and signaling load based on the proposed security architecture
Moreover, based on PCF, AMF can perform different authen-
are presented.
tication schemes for different service requirements.
1) Identity management: In the legacy cellular networks,
Flexible authentication is required in 5G wireless networks
the identity management relies on the universal subscriber
to ensure the security while satisfying the quality of services
identity module (USIM) cards. However, in 5G wireless net-
requirements. The input and output of the authentication mech-
works, there are many equipment such as smart home devices,
anism selection are shown in Fig. 18. The input information
sensors and vehicles that are supported without USIM card. As
can be included in PCF, which can control AMF to perform
shown in Fig. 16, UDM will handle the identity management
the authentication procedure.
based on cloud. Moreover, anonymity service is required
in many use cases in 5G wireless networks. Therefore, the
identity management will be different in 5G wireless networks D. Handover Procedure and Signaling Load Analysis
compared with that in the legacy cellular networks. New In this subsection, analysis on handover procedure and
identity management is required. signaling load are presented based on the proposed security
With the massive connected devices and applications, effi- architecture for a HetNet with different access technologies
ciently managing massive identities is significantly important including 5G new radio, 3GPP access and Non-3GPP access.
to ensure the service performance. In the legacy cellular The system model is shown in Fig. 19, where a user A
networks, the identity management is device-based. For a currently associates with 3GPP access point MBS. Assume
certain new use case such as smart home, one user can have that SBSs have different access technologies compared with
multiple devices needed to access the network and services. MBS. When user A is moving, it may need to connect with
User-based identity management will be more efficient to let a new radio access point (NRAP), in which case handover is
the user determine what devices are allowed to access the needed in the legacy cellular networks. In our proposed se-
network and services. One user may have multiple device curity architecture, AMF is independent from different access
identities. Except only considering the device identity, service technologies. User A can connect with the same AMF through
identity can be added with device identity as device and service different access technologies. The first time user A associates
identity management. The device identity is unique and service with an access point, a general authentication procedure is
identity can be assigned by service providers in certain session. needed. Assume that the same authentication scheme is applied
With service identity, revocation process will be simplified. to the proposed 5G wireless network security architecture and
Moreover, for the trusted service providers, federated iden- the legacy security architecture. The authentication of first time
tity management can be applied to simplify the identity man- access to the network for user A based on different security
agement and also improve the user experience. The identity architectures is shown in Fig. 20. Since AMF and UDM are
management in 5G wireless networks is not unified for all use both in the control plane, the cost for information exchange
cases. Based on the characteristics of the use case, different between AMF and UDM is less than that between different
identity management can be applied as shown in the Fig. 17. entities such as MME and HSS. Based on the legacy security
2) Flexible authentication: As discussed in the previous architecture, the authentication vector is generated at HSS
section, in the legacy cellular networks, mutual authentication and is then transmitted to MME. However, in our proposed
is applied between a user and the network. However, the security architecture, authentication vector can be generated
authentication between a user and the services provider is not at AMF to reduce the overhead of communications and to
implemented by the network. In 5G wireless network systems, reduce the risk to expose the KASME and XRES. With the
some use cases may require both the service provider and flexibility of network functions, AMF and UDM can be widely
network provider to carry out authentication with the users. distributed to handle the authentication of a massive number
In the legacy cellular networks, for 3GPP access, the AKA is of user devices. Nevertheless, due to the coupled control plane
applied between a user equipment and a mobile management and user plane, MME and HSS have limited scalability.
entity. For non-3GPP access, AKA is applied between a user Once user A changes its access point using another access
equipment and an authentication authorization and accounting technology in legacy cellular networks, the same authenti-
(AAA) server. Full authentication is required once a user cation as shown in Fig. 20b is needed for each handover,
changes its access technology. Based on our proposed security which not only increases latency and communication overhead
Access
User A AMF Control Plane SMFs User A MME HSS
1. Register, ID 1. Register, ID 2. Authentication data

2. Authentication data request
request
3. (XRES, AUTN, RAND,
3. K and sequence KASME)
number
Generate and save Save KASME and

KASME and XRES XRES
4. AUTN, RAND 4. AUTN, RAND
5. RES 5. RES
Verify UE Verify UE
RES=XRES RES=XRES
a. Based on the proposed 5G security architecture b. Based on legacy security architecture
Fig. 20: Authentication based on different security architecture
3GPP or Non-3GPP
wireless connection User A Control Plane
AMF SMFs
New radio access
1. Signal report
...
... 2. Handover preparing
SBS
Switch SMF
...
... 3. Data update
MBS A 4. Data update
SBS NRAP
SBS
Fig. 21: A handover procedure for access technologies change
MME ... AAA SMF
Fig. 19: A two-tier HetNet model
but also leads to possible connection outage. However, based GW-C ... GW-C
on the proposed security architecture, no authentication will UP ... UP
be needed by switching to different SMF for a new session
GW-U ... GW-U
and a new IP address allocation. The handover based on
the proposed 5G wireless security architecture is presented
Fig. 22: Signaling architecture comparison of legacy cellular
in Fig. 21. The data update from SMF includes the new
network and 5G cellular network
session key and new IP address from the new access point.
The communication latency between AMF and SMF can be
neglected compared to the communication latency from MME
cording to the previous sections, part of the security solutions
to HSS. Moreover, the signaling overhead based on the 5G
used in 4G will be evolved into 5G. However, with extensive
wireless security architecture is much lower because of the
use cases and various integrated technologies applied to 5G,
separation of control plane and user plane as shown in Fig. 22.
security services in 5G face many challenges in order to
To satisfy certain latency requirement, the number of gateway
address 5G advanced features. Several perspectives of the
nodes needs to be increased by a factor of 20 to 30 times of the
challenges and corresponding future directions are discussed
current number [72]. The separation of control and user plane
as follows.
of gateway can also facilitate distributed gateway deployment.
Therefore, for the new core network based on control and
user plane separation, the signaling load can be significantly A. New Trust Models
reduced. With the advanced services offered by 5G wireless net-
works, not only new types of functions are provided to people
VI. C HALLENGES AND F UTURE D IRECTIONS FOR 5G and society, but also new services are applied to vertical
W IRELESS S ECURITY industries, such as smart grid, smart home, vehicular networks
The challenges and future directions for 5G security re- and m-health networks, etc. In the legacy cellular networks,
search and development are presented in this section. Ac- user terminals, home, and serving networks are considered in
Access
the trust model. The trust models vary among different use C. Privacy Protection
cases which can involve new actors in 5G wireless networks With data involved in various new applications in 5G, huge
[12]. The authentication may need to be implemented between volume of sensitive data are being transmitted through the
various actors with multiple trust levels. 5G wireless networks. 5G wireless networks raise serious
There have been research work on trust models for different concerns on privacy leakage due to the open network platforms
use cases. In [44], the authors proposed a system model to [15]. The protection of the privacy is an important requirement
facilitate secure data transmission over 5G wireless networks for implementing different applications. The privacy protection
for vehicular communications. DMV, TA, LEA, and vehicles in different use cases can vary based on the security require-
are included in the proposed system model. The trust model ments, such as location privacy, identity privacy. For example,
between them is more complex than the trust model in the in [45], to secure the privacy of patients, the proposed protocol
legacy cellular networks. With the massive number of devices provides security of data access and mutual authentication
over 5G wireless networks, new trust models are needed to between patients and physician. The location privacy also
improve the performance of security services such as IoT user draws great attention. In [48], a differential private association
cases authentication. However, it lacks a trust model between algorithm is proposed to secure the location information due
devices and fusion center in [40]. For some applications, to the vulnerable location leakage in HetNets. For vehicular
there are various types of devices connected to the same communications, in [44], the privacy protection is considered
network, some of which may be used only to gather data as protection of the identity of a vehicle and the video contents.
and some of which may be used only to access internet. The In order to offer differentiated quality of privacy protection, the
trust requirements of different devices should be different. type of service offered to a user needs to be sensed. However,
For different security demands, the corresponding trust model the service type sensing may also have a chance to leak user
may have different security requirements. As an example, privacy [15].
a high security level demand may require both password The privacy protection is mostly implemented by encryption
and biometric authentication simultaneously [15]. In a m- mechanisms currently. With the massive data, encryption and
health network, in [45] the authors provided the trust model decryption may violate other service requirements of 5G, such
between client, network management and physician based on as latency and efficiency. To efficiently protect privacy is
the privacy requirements. a big challenge, especially when facing the powerful data
In summary, various new trust models for new applications analysis methods such as machine learning. However, data
in 5G are needed. These new trust models will affect the analysis can also be used as a mechanism to help implement
security services. the privacy protection intelligently. For example, before the
data transmission, data analysis can be applied to find out
B. New Security Attack Models
several highly sensitive dimensions to reduce the encryption
Based on the recent research activities on PLS, the most cost with privacy protection. For the identity privacy, new
used attack model consists of a single eavesdropper armed with identity management should be considered instead of using
a single antenna. However, the number of eavesdroppers can only device-based identity management. Location privacy can
be high in 5G wireless networks. Moreover, eavesdroppers can be enhanced if multiple association mechanisms are applied
be armed with massive MIMO technology [38]. In practical to different use cases. Adding all this together makes it more
scenarios, there may exist different types of attacks. By only challenging to provide satisfactory privacy protection in 5G
considering one kind attack, the cooperation of jammer or wireless networks.
eavesdroppers are not considered in PLS, which can make
the security in PHY more complex. Although increasing the
transmission power of the sender can fight against jamming D. Flexibility and Efficiency
attack, it may also increase the risk of eavesdropping attacks. To address different security requirements for different
Moreover, with the new service delivery model applied to applications and dynamic configurations of the 5G architecture
SDN and NFV, there are more vulnerable points exposed [9]. based on virtualization, the security mechanisms must be
Decoupling software from hardware makes the security of flexible [12] [15]. The security setup must be customized
software no longer depending on the specific security attributes and optimized to support each specific application instead
of the hardware platform [12]. Therefore, the demands on of an approach fitting all [20]. Therefore, for each security
strong isolation for virtualization are ever increasing. Network service, different security levels need to be considered for
slicing is introduced in [11] to provide the isolated security. different scenarios. If differentiated security is offered, a
In [36], an effective vulnerability assessment mechanism is flexible security architecture is needed [15]. In our proposed
proposed for SDN based mobile networks using attack graph security architecture, network functions in the control plane are
algorithm. A comprehensive security attack vector map of various depending on the use cases. AMF and SMF provide
SDN is presented. flexible security mechanisms based on the requirements of
The various new attack models in 5G wireless networks PCF. Therefore, the flexibility is not only required in security
based on the new technologies and delivery models make architecture but also in security mechanisms.
the security implementation harder than in the legacy cellular Besides the flexibility of security architecture and mecha-
networks. However, there has been limited work on the new nisms, efficiency of security is another key requirement in 5G
security attack models and corresponding solutions. wireless networks to ensure both the latency requirement and
Access
EE. One of the potential security requirements is to minimize been studied to show the advantage of the proposed security
the security-related signaling overhead to ensure the efficiency architecture. Finally, we have presented the challenges and
[20] [73]. The latency can be reduced by reducing the overhead future directions of 5G wireless security. We expect that this
of security load [74]. Since EE and latency performances of 5G work could address the security concerns from both industry
wireless networks are expected to be improved compared to and academia to provide research directions for implementing
the legacy wireless networks, the security efficiency should be security on 5G wireless networks in the near future.
ensured to secure the performances of 5G wireless networks.
Based on the proposed security architecture, the separation R EFERENCES
of control plane and user plane and network functions inside
the control plane reduce the signaling overhead. For the IoT [1] N. Panwar, S. Sharma and A. K. Singh, “A Suvery on 5G: The Next
Generation of Mobile Communication”, Physical Communication, vol.
applications, the nodes normally have limited computation 18, no. 2, pp. 64-84, 2016.
capability and battery power, efficient security mechanisms [2] “5G Vision”, 5G PPP, February, 2015.
are required. Moreover, distributed authentication nodes need [3] “NGMN 5G WHITE PAPER”, NGMN Alliance, February, 2015.
[4] J. G. Andrews et al., “What Will 5G Be?”, IEEE Journal on Selected
to support the fast network access for massive number of Areas in Communications, vol. 32, no. 6, pp. 1065-1082, 2014.
devices. For the vehicular communications sensitive to laten- [5] “Understanding 5G: Perspectives on future technological advancements
cy, lightweight and efficient security solutions are desirable in mobile”, GSMA Intelligence, December, 2014.
[6] M. Agiwal, A. Roy and N. Saxena, “Next Generation 5G Wireless
[12][15][45]. Moving the control plane closer to the edge of Networks: A Comprehensive Survey”, IEEE Communications Surveys &
the core network can also reduce the communication latency. Tutorials, vol. 18, no. 3, pp. 1617-1655, 2016.
Therefore, to improve the efficiency of 5G wireless networks, [7] J. Qiao, X. S. Shen, J. W. Mark, Q. Shen, Y. He, and L. Lei,
“Enabling Device-to-Device Communications in Millimeter-Wave 5G
both security architecture and security mechanisms need to be Cellular Networks”, IEEE Communications Magazine, vol. 53, no. 1, pp.
improved. 209-215, 2015.
[8] L. Wei, R. Q. Hu, Y. Qian, and G. Wu, “Energy Efficiency and Spectrum
Efficiency of Multihop Device-to-Device Communications Underlaying
E. Unified Security Management Cellular Networks”, IEEE Transactions on Vehicular Technology, vol.
65, no. 1, pp. 367-380, 2016.
Although there are different services, access technologies [9] M. Dabbagn, B. Hu, M. Guizani, and A. Rayes, “Software-Defined
and devices over 5G wireless networks, a security framework Networking Security: Pros and Cons”, IEEE Communications, vol. 53,
with a common and essential set of security features such as no. 6, pp. 73-79, 2015.
[10] J. Zhang, W. Xie, and F. Yang, “An Architecture for 5G Mobile Network
access authentication and confidentiality protection is needed based on SDN and NFV”, 6th International Conference on Wireless,
[74]. The basic features of these security services may be Mobile and Multi-Media (ICWMMN2015), 2015, pp. 87-92.
similar to those in the legacy cellular networks. However, there [11] “5G security recommendations package #2: network slicing”, NGMN
Alliance, April, 2016.
are many new perspectives of these security features in 5G [12] “5G SECURITY”, ERICSSON WHITE PAPER, June, 2015.
wireless networks, such as the security management across [13] “The Road to 5G: Drivers, Applications, Requirements and Technical
heterogeneous access and security management for a large Development”, GSA, November, 2015.
[14] “Leading the world to 5G”, QUALCOMM, February, 2016.
number of devices. As we present in the previous section [15] “5G Security: Forward Thinking Huawei White Paper”, HUAWEI
of the new identity management, flexible authentication and WHITE PAPER, 2015.
the handover between different access technologies based on [16] S. Vij, and A. Jain, “5G: Evolution of a secure mobile technology”,
2016 3rd International Conference on Computing for Sustainable Global
the proposed security architecture, security management across Development (INDIACom), 2015, pp. 2192-2196.
heterogeneous access need to be defined to offer flexibility for [17] J. Cao, M. Ma, H. Li, Y. Zhang, and Z. Luo, “A Survey on Security
all access technologies. Also, for a large number of devices, Aspects for LTE and LTE-A Networks”, IEEE Journals & Magazine, vol.
16, no. 1, pp. 283-302, 2014.
such as IoT applications, security management of burst access [18] A. Zhang, J. Chen, R. Q. Hu, and Y. Qian “SeDS: Secure Data Sharing
behavior need to be studied in order to support the efficient Strategy for D2D Communications in LTE-Advanced Networks”, IEEE
access authentication. Transactions on Vehicular Technology, vol. 65, no. 4, pp. 2659-2672,
2016.
[19] M. J. Wang, Z. Yan, and V. Niemi, “UAKA-D2D: Universal Authenti-
VII. C ONCLUSIONS cation and Key Agreement Protocol in D2D Communications”, Mobile
Networks and Applications, vol. 22, no. 3, pp. 510-525, 2017.
5G wireless networks are expected to provide advanced per- [20] “Security challenges and opportunities for 5G mobile networks”, NOKI-
formance to enable many new applications. In this paper, we A, 2017.
have presented a comprehensive study on recent development [21] “5G security recommendations Package #1”, NGMN Alliance, May,
2016.
of 5G wireless security. The current security solutions mainly [22] M. Liyanage, A. B. Abro, M. Ylianttila, and A. Gurtov, “Opportuni-
based on the security services provided such as authentication, ties and Challenges of Software-Defined Mobile Networks in Network
availability, data confidentiality, key management and privacy Security”, IEEE Security & Privacy, vol. 14, no. 4, pp. 34-44, 2016.
[23] V. G. Vassilakis, I. D. Moscholios, and B. A. Alzahrani, “On the
have been introduced. Many new security aspects in 5G are security of software-defined next-generation cellular networks”, IEICE
expected due to the applications of technologies such as Information and Communication Technology Forum (ICTF), 2016, pp.
HetNet, D2D, massive MIMO, SDN and IoT. The security 61-65.
[24] H. Wang, T. Zheng, J. Yuan, D. Towsley, and M. H. Lee, “Physical
involving these technologies have been summarized. Based Layer Security in Heterogeneous Cellular Networks”, IEEE Transactions
on these studies, we have proposed a 5G wireless security on Communications, vol. 64, no. 3, pp. 1204-1219, 2016.
architecture. The analysis of identity management and flexible [25] Y. Deng, L. Wang, K. K. Wong, A. Nallanathan, M. Elkashlan, and
S. Lambotharan, “Safeguarding Massive MIMO Aided HetNets Using
authentication based on the proposed security architecture have Physical Layer Security”, International Conference on Wireless Commu-
been presented. A handover procedure and performance have nications & Signal Processing (WCSP), 2015, pp. 1-5.
Access
[26] M. Chen, Y. Qian, S. Mao, W. Tang, and X. Yang, “Software-defined [50] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A Survey on Cyber Security
mobile networks security”, Mobile Networks and Applications, vol. 21, for Smart Grid Communications”, IEEE Communications Surveys and
no. 5, pp. 729-743, 2016. Tutorials, vol. 14, no. 4, pp. 998-1010, 2012.
[27] F. Y. Tian, P. Zhang, and Z. Yan, “A Survey on C-RAN Security”, IEEE [51] “An analysis of the security needs of the 5G market”, SIMalliance, 2016.
Access, 2017. vol. 5, no. , pp. 13372-13386, 2017. [52] Y. Wang, Z. Miao, and L. Jiao, “Safeguarding the Ultra-dense Networks
[28] Q. Fang, Z. WeiJie, W. Guojun, and F. Hui, “Unified Security Archi- with the Aid of Physical Layer Security”, IEEE Access, vol. 4, pp. 9082-
tecture Research for 5G Wireless System”, 2014 11th Web Information 9092, 2016.
System and Application Conference, 2014, pp. 91-94 [53] A. Zappone, P. H. Lin, and E. Jorswieck, “Artificial-noise-assisted
[29] P. Schneider, and G. Horn, “Towards 5G Security”, Trust- energy-efficient secure transmission in 5G with imperfect CSIT and anten-
com/BigDataSE/ISPA, 2015, pp. 1165-1170. na correlation”, IEEE 17th International Workshop on Signal Processing
[30] W. Stallings, “Cryptography and Network Security Principles and Prac- Advances in Wireless Communications (SPAWC), 2016, pp. 1-5.
tice Sixth Edition”, PEARSON, 2014. [54] I. Abualhaol, and S. Muegge, “Securing D2D Wireless Links by
[31] Y. S. Shiu, S. Y. Chang, H. C. Wu, S. C. H. Huang, and H. H. Continuous Authenticity with Legitimacy Patterns”, 2016 49th Hawaii
Chen, “Physical layer security in wireless networks: a tutorial”, Wireless International Conference on System Sciences (HICSS), 2016, pp. 5763-
Communications, vol. 18, no. 2, pp. 66-74, 2011. 5771.
[55] K. Fan, Y. Gong, Z. Du, H. Li, and Y. Yang, “RFID Secure Application
[32] M. Bloch, J. Barros, M. R. D. Rodrigues, and S. W. McLaughlin, “Wire-
Revocation for IoT in 5G”, IEEE Trustcom/BigDataSE/ISPA, 2015, pp.
less Information-Theoretic Security”, IEEE Transactions on Information
175-181.
Theory, vol. 54, no. 6, pp. 2515-2534, 2008.
[56] Y. Sun, R. Lu, X. Lin, X. Shen, and J. Su, “An efficient pseudonymous
[33] U. Maurer, “Secret key agreement by public discussion from common authentication scheme with strong privacy preservation for vehicular
information”, IEEE Transactions on Information Theory, vol. 39, no. 3, communications”, IEEE Trans. Veh. Technol., vol. 59, no. 7, pp. 3589-
pp. 733-742, 1993. 3603, 2010.
[34] N. Yang, L. Wang, G. Geraci, M. Elkashlan, J. Yuan, and M. D. Renzo, [57] Y. Li, B. Kaur, and B. Andersen, “Denial of service prevention for 5G”,
“Safeguarding 5G Wireless Communication Network Using Physical Wireless Personal Communications, vol. 57, no. 3, pp. 365-376, 2011.
Layer Security”, IEEE Communications Magazine, vol. 53, no. 4, pp. [58] S. A. M. Ghanem, and M. Ara, “Secure Communications with D2D
20-27, 2015. cooperation”, Communications, Signal Processing, and their Applications
[35] Z. Yan, P. Zhang, and A. V. Vasilakos, “A security and trust framework (ICCSPA), 2015 International Conference on, 2015, pp. 1204-1219.
for virtualized networks and software-defined networking”, Security and [59] Y. Luo, L. Cui, Y. Yang, and B. Gao, “Power control and channel access
Communication Networks, vol. 9, no. 16, 2015. for physical-layer security of D2D underlay communication”, Internation-
[36] S. Luo, J. Wu, J. Li, L. Guo, and Q. Shi, “Toward Vulnerability Assess- al Conference on Wireless Communications & Signal Processing (WCSP),
ment for 5G Mobile Communication Networks”, 2015 IEEE International 2015, pp. 1-5.
Conference on Smart City/SocialCom/SustainCom (SmartCity), 2015, pp. [60] N. I. Bernardo, and F. De Leon, “On the trade-off between physical
72-76. layer security and energy efficiency of massive MIMO with small cells”,
[37] N. Ulltveit-Moe, V. A. Oleshchuk, and G. M. Kien, “Location-aware International Conference on Advanced Technologies for Communications
mobile intrusion detection with enhanced privacy in a 5G context”, (ATC), 2016, pp. 135-140.
Wireless Personal Communications, vol. 57, no. 3, pp. 317-338, 2011. [61] N. P. Nguyen, T. Q. Duong, H. Q. Ngo, Z. H. Velkov, and L. Shu,
[38] B. Chen, C. Zhu, W. Li, J. Wei, V. C. M. Leung, and L. T. Yang, “Secure 5G Wireless Communications: A Joint Relay Selection and
“Original Symbol Phase Rotated Secure Transmission Against Powerful Wireless Power Transfer Approach”, IEEE Access, vol. 4, pp. 3349-3359,
Massive MIMO Eavesdropper”, 2015 IEEE Access, vol. 4, pp. 3016-3025, 2016.
2016. [62] C. Zhang, J. Ge, J. Li, F. Gong, and H. Ding, “Complexity-Aware Relay
[39] N. Adem, B. Hamdaoui, and A. Yavuz, “Pseudorandom Time-Hopping Selection for 5G Large-Scale Secure Two-Way Relay Systems”, IEEE
Anti-Jamming Technique for Mobile Cognitive Users”, 2015 IEEE Globe- Transactions on Vehicular Technology, vol. 66, no. 6, pp. 5461-5465,
com Workshops (GC Wkshps), 2015, pp. 1-6. 2017.
[40] M. Labib, S. Ha, and W. Saad, and J. H. Reed, “A Colonel Blotto [63] Q. Xu, P. Ren, H. Song, and Q. Du, “Security Enhancement for IoT
Game for Anti-jamming in the Internet of Things”, 2015 IEEE Global Communications Exposed to Eavesdroppers With Uncertain Locations”,
Communications Conference (GLOBECOM), 2015, pp. 1-6. IEEE Access, vol. 4, pp. 2840-2853, 2016.
[41] W. Baker et al., “Data breach investigations report”, Methodology, vol. [64] Y. Ju, H. M. Wang, T. X. Zheng, and Q. Yin, “Secure transmission with
36, pp. 1-63, 2011. artificial noise in millimeter wave systems”, IEEE Wireless Communica-
[42] M. Conti, N. Dragoni, and V. Lesyk, “A Survey of Man In The Middle tions and Networking Conference, 2016, pp. 1-6.
Attacks”, IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. [65] Z. Qin, Y. Liu, Z. Ding, Y. Gao, and M. Elkashlan, “Physical Layer Se-
2027-2051, 2016. curity for 5G Non-orthogonal Multiple Access in Large-scale Networks”,
2016 IEEE International Conference on Communications (ICC), 2016,
[43] X. Duan, and X. Wang. Renzo, “Fast Authentication in 5G HetNet
pp. 1-6.
through SDN Enabled Weighted Secure-Context-Information Transfer”,
[66] M. Xu, X. Tao, F. Yang, and H. Wu, “Enhancing secured coverage
2016 IEEE International Conference on Communications (ICC), 2016,
with CoMP transmission in heterogeneous cellular networks”, IEEE
pp. 1-6.
Communications Letters, vol. 20, no. 11, pp. 2272-2275, 2016.
[44] M. H. Eiza, W. Ni, and Q. Shi, “Secure and Privacy-Aware Cloud- [67] R. Sedidi, and A. Kumar, “Key Exchange Protocols for Secure Device-
Assisted Video Reporting Service in 5G Enabled Vehicular Networks”, to-Device (D2D) Communication in 5G”, 2016 Wireless Days (WD),
IEEE Transactions on Vehicular Technology, vol. 65, no. 10, pp. 7868- 2016, pp. 1-6.
7881, 2016. [68] K. Gai, M. Qiu, L. Tao, and Y. Zhu, “Intrusion detection techniques for
[45] A. Zhang, L. Wang, X. Ye, and X. Lin, “Light-weight and Robust mobile cloud computing in heterogeneous 5G”, Security and Communi-
Security-Aware D2D-assist Data Transmission Protocol for Mobile- cation Networks, vol. 9, no. 16, pp. 3049-3058, 2016.
Health Systems”, IEEE Transactions on Information Forensics and Secu- [69] M. J. Wang, Z. Yan “A Survey on Security in D2D Communication-
rity, vol. 12, no. 3, pp. 662-675, 2017. s”,Mobile Networks and Applications, vol. 22, no. 2, pp. 195-208, 2017.
[46] E. Dubrova, M. Naslund, and G. Selander, “CRC-Based Mes- [70] C. Kolias et al., “OpenFlow-Enabled Mobile and Wireless Networks”,
sage Authentication for 5G Mobile Technology”, IEEE Trust- Open Networking Foundation, 2013
com/BigDataSE/ISPA, 2015, pp. 1186-1191. [71] http : //www.3gpp.org/news events/3gpp news/1786
[47] W. Trappe, “The challenges facing physical layer security”, IEEE 5gr eqss a1
Communications Magazine, vol. 53, no. 6, pp. 16-20, 2015. [72] “5G network architecture - a high-level perspective”, HUAWEI WHITE
[48] S. Farhang, Y. Hayel, and Q. Zhu, “PHY-Layer Location Priva- PAPER, July, 2016.
cy Privacy-Preserving Access Point Selection Mechanism in Next- [73] Y. Zou, J. Zhu, X. Wang, and L. Hanzo, “A Survey on Wireless Security:
Generation Wireless Networks”, 2015 IEEE Conference on Communi- Technical Challenges, Recent Advances, and Future Trends”, Proceedings
cations and Network Security (CNS), 2015, pp. 263-271. of the IEEE, vol. 104, no. 9, pp. 1727-1765, 2016.
[49] E. A. Elrahman, H. L. Khedher, and H. Afifi, “D2D Group Communica- [74] “5G scenarios and security design”, HUAWEI, 2016.
tions Security”, 2015 International Conference on Protocol Engineering
(ICPE) and International Conference on New Technologies of Distributed
Systems (NTDS), pp. 1-6, 2015.
Access
Dongfeng Fang received her B.S. degree in Con-

trol Theory and Control Engineering from Harbin
Institute of Technology, China, in 2009 and her
M.S degree in Control Theory and Control Engi-
neering from Shanghai University, China, in 2013.
She is a Ph.D. student in Department of Electrical
& Computer Engineering, University of Nebraska-
Lincoln, USA. Her current research interests include
energy efficient and green networks, big data, cloud
computing and network security.
Yi Qian is a professor in the Department of

Electrical and Computer Engineering, University of
Nebraska-Lincoln (UNL). Prior to joining UNL,
he worked in the telecommunications industry, a-
cademia, and the government. Some of his previous
professional positions include serving as a senior
member of scientific staff and a technical advisor
at Nortel Networks, a senior systems engineer and
a technical advisor at several start-up companies,
an assistant professor at University of Puerto Rico
at Mayaguez, and a senior researcher at National
Institute of Standards and Technology. His research interests include infor-
mation assurance and network security, network design, network modeling,
simulation and performance analysis for next generation wireless networks,
wireless ad-hoc and sensor networks, vehicular networks, smart grid com-
munication networks, broadband satellite networks, optical networks, high-
speed networks and the Internet. Prof. Yi Qian is a member of ACM and a
senior member of IEEE. He was the Chair of IEEE Communications Society
Technical Committee for Communications and Information Security from
January 1, 2014 to December 31, 2015. He is a Distinguished Lecturer for
IEEE Vehicular Technology Society. He is serving on the editorial boards
for several international journals and magazines, including serving as the
Associate Editor-in-Chief for IEEE Wireless Communications Magazine.
He is the Technical Program Chair for IEEE International Conference on
Communications (ICC) 2018.
Rose Qingyang Hu received B.S. degree from

University of Science and Technology of China,
M.S. degree from New York University, and Ph.D.
degree from the University of Kansas. Currently
she is a full professor with the Department of
Electrical and Computer Engineering at Utah State
University. She also has more than 10 years of
R&D experience with Nortel, Blackberry and Intel
as a technical manager, a senior research scientist,
and a senior wireless system architect. Her current
research interests include next-generation wireless
communications, wireless network design and optimization, green radios, IoT,
cyber-physical systems, wireless system modeling and performance analysis.
She has published extensively and holds numerous patents in her research
areas. Prof. Hu is an IEEE Communications Society Distinguished Lecturer
class 2015-2018 and received the best paper awards from IEEE Globecom
2012, IEEE ICC 2015, IEEE ICC 2016 and IEEE VTC 2016 spring. Prof. Hu
is currently serving on the Editor Boards of IEEE Transactions on Wireless
Communications and IEEE Transactions on Vehicular Technology. She is a
senior member of IEEE and a member of Phi Kappa Phi and Epsilon Pi
Epsilon Honor Societies.

Security For 5G Mobile Wireless Networks: Dongfeng Fang, Yi Qian, and Rose Qingyang Hu

Uploaded by

Copyright:

Available Formats

Security For 5G Mobile Wireless Networks: Dongfeng Fang, Yi Qian, and Rose Qingyang Hu

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security For 5G Mobile Wireless Networks: Dongfeng Fang, Yi Qian, and Rose Qingyang Hu

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

SUBMITTED TO IEEE ACCESS, AUGUST 2017 1

Security for 5G Mobile Wireless Networks

5 TH generation wireless systems, or 5G, are the next gen-

SUBMITTED TO IEEE ACCESS, AUGUST 2017 2

Fig. 1: A generic architecture for 5G wireless systems

TABLE I: Security requirements for 5G wireless networks [21]

Flexible Security Mechanisms New threats Server

New trust models Trust Trust

User User Network

SUBMITTED TO IEEE ACCESS, AUGUST 2017 3

[29]. The authentication management in 5G is more complex

SUBMITTED TO IEEE ACCESS, AUGUST 2017 4

SUBMITTED TO IEEE ACCESS, AUGUST 2017 5

Sender Receiver Sender Receiver

Server Sender Receiver

Server Server Server

Sender Receiver Attacker

SUBMITTED TO IEEE ACCESS, AUGUST 2017 6

SUBMITTED TO IEEE ACCESS, AUGUST 2017 7

secrecy capacity is less than a target secrecy rate Rt , where

SUBMITTED TO IEEE ACCESS, AUGUST 2017 8

i-th tag identity Fig. 8: A m-health system model [45]

𝐻(𝐼𝐷𝑖 ||𝐾𝑖,𝑗 ||𝑟1 ||𝑟2 )

SUBMITTED TO IEEE ACCESS, AUGUST 2017 9

Cloud Platform Transmitter Side Receiver Side

Channel Assignment Channel Assignment

Fig. 10: A pseudorandom time hopping system block diagram

Considering the limited computational capabilities at certain

SUBMITTED TO IEEE ACCESS, AUGUST 2017 10

SUBMITTED TO IEEE ACCESS, AUGUST 2017 11

Eavesdropper To tackle the complexity issue of relay selection in 5G large-

SUBMITTED TO IEEE ACCESS, AUGUST 2017 12

SUBMITTED TO IEEE ACCESS, AUGUST 2017 13

User 1 User 2 eNodeB User 1 User 2 eNodeB User 1 User 2 eNodeB

Fig. 14: Three key exchange schemes in [67]

SUBMITTED TO IEEE ACCESS, AUGUST 2017 14

SUBMITTED TO IEEE ACCESS, AUGUST 2017 15

SUBMITTED TO IEEE ACCESS, AUGUST 2017 16

SUBMITTED TO IEEE ACCESS, AUGUST 2017 17

SUBMITTED TO IEEE ACCESS, AUGUST 2017 18

LTE Evolved packet core

Network Operation VEPC_Critical

Fig. 15: A general 5G wireless network architecture

User Interface AMF PCF Network

Network Function based

Cloud-based Heterogeneous Application Layer

Fig. 16: The proposed 5G wireless network security architecture

SUBMITTED TO IEEE ACCESS, AUGUST 2017 19

UDM User equipment

SUBMITTED TO IEEE ACCESS, AUGUST 2017 20

User A AMF Control Plane SMFs User A MME HSS

1. Register, ID 1. Register, ID 2. Authentication data

Generate and save Save KASME and

a. Based on the proposed 5G security architecture b. Based on legacy security architecture

Fig. 20: Authentication based on different security architecture

MME ... AAA SMF

Fig. 19: A two-tier HetNet model