Vienna (TSG#74), December 2016
Adrian Scrase (AS): Could you start by telling us what is happening within 3GPP’s security group and what are your latest achievements?
Anand R. Prasad (AP): Let me start with LTE, or 4G standards for security. When we came to SAE/LTE or 4G we came to a system which is completely packet switched with higher data rates. We secured that, then we moved on to new technologies on the security side. We have IOPS – where the core network may not be required - we have proximity based services where the devices can talk to each other directly, even without coverage and then we have IoT solutions. We are now touching V2X, moving towards 5G.
AS: So, these new scenarios all pose new security requirements which are being addressed in the 3GPP Security committee?
AP: Exactly yes, all of them have their specific requirements.
AS: If we look at V2V or device-to-device communications, maybe the amount of bits transmitted is very small, therefore the security overhead has to be proportionate with the amount of data transmitted. How is that being approached?
AP: When we talk about device-to-device, that specification is done but we haven’t touched the low number of bits sent. On the IoT side, there are certain studies on that – especially as we move to 5G.
On the V2X side we haven’t touched on the low number of bits, but the requirement in V2X is that you have a resource issue and one of those resources is time, a car may have an accident due to communications issues and you cannot have that.
AS: Where are we in the security analysis for the 5G system?
AP: In all of our work, what we do is to find out what the threats are, what are the requirements and what would be the potential solutions, so that we have the key issues – that is how we work.
What we have done – with 5G being such a huge area – we have defined security areas inside that; architecture, authentication, slicing, authorization, RAN security…there are many of them! At the moment we have identified threats & requirements and we have initial security solutions for most of the areas. We work hand-in-hand with the architecture group – SA2 and with the RAN group as well.
AS: The radio has not been defined yet, nor has the future core network, but your security analysis is starting even before we have defined the system itself, is that unusual?
AP: In 3GPP we always start with security from the beginning, many things are not yet defined, but SA3 has started work on many of the potential security issues.
AS: To what extent do you have to take in to account the threat of quantum computers hacking in to the network?
AP: Cryptographic algorithms should be quantum safe. That is the requirement we have in our study already, so we are trying to come up with solutions that are quantum safe as we move to 5G specifications.
AS: Privacy is an important issue, to what extent are you looking at privacy issues in future design?
AP: Privacy becomes extremely important and there are regulations for that. If our systems come out, then the regulatory requirements should be fulfilled. We do take care of that from the very beginning.
V2X – as an example – we have a privacy requirement that other devices cannot know what the previous vehicle was doing. On the service side also, people should not know what a given vehicle is doing – there is a privacy issue there. At the same time – I think that there are privacy requirements that the operator should not know what the given vehicle is doing… there are many more requirements on privacy and then we have to do that as a relation to Lawful Interception.
AS: Of course, from the very outset, Lawful Interception must be enabled for 4 and 5G networks.
AS: Given the vast amount of work, are you confident that 3GPP will have all of the security standards that are needed for early launch in 2018?
AP: I am sure!