David Bird MBCS CITP looks at the potential of 5G, and some of the security considerations that will need to be taken into account.

The internet of things (IoT) has been described as a paradigm and heralded as the third wave of internet access - in effect the next step in the connectivity revolution.

The IoT has been described as changing the perception of the intangible cyberspace dimension by providing the ability to conjoin sensor data and generating insights from more tangible physical devices used in our reality.

It is estimated that globally 99 per cent of such devices are still not internet-enabled but this presents an opportunity for the IoT paradigm where 20 to 50 billion devices could be connected by the 2020s.

Connectivity cacophony

However in order for ‘the things’ to remotely connect to the internet bearer, these devices require a communications conduit. Examples are device accesses through various short, intermediate and longer-range wireless networks to interface with ISPs or interoperability with cellular operator gateways.

Wire-line data-rates have been dramatically increasing over the years. In 20 odd years speed has progressed from dial-up 56kbit/s to cable at 152Mbit/s. Contrastingly cellular communications have been restricted by the limitations placed upon mobile infrastructures dating back to the 2G infrastructures originally built for digitalised voice; 4G devices still rely on legacy voice infrastructures for traditional cellular voice and therefore separate technology infrastructure tiers were required for 2.5G+ data.

What 5G could potentially offer IoT

Typically data downstream speeds were around 384Kbit/s for 3G (UMTS) and up to 84Mbit/s for 3.75G (UMTS HSPA+) with latency around 150ms and 50ms respectively. Today’s 4G long term evolution (LTE), which is in effect 3.9G, formulated under the 3G Partnership Project technical specifications, provides a speed increase up to 100Mbit/s for downloads and latency of ~10ms.

In 2008 it was identified that 4G would not be enough for the UK’s future smart cities vision. Although LTE-Advanced is the next step for 4G potentially reaching 1Gbit/s, there is a necessity for an essential shift in mobile networking approaches for the next generation - under the 5G Public-Private Partnership - to achieve more desirable download data-rates of greater than 10Gbit/s with sub-1ms latency.

Traditionally 4G and below has been limited to bands below the 5GHz frequency range. 5G heterogeneous networking could be used to outstrip current wired, wireless and UMTS terrestrial radio access network (UTRAN) and evolved UTRAN (eUTRAN) counterparts. But higher frequencies with greater bandwidth are required within the bounds of smart device battery power limitations.

Cell densification is the answer for 5G all spectrum radio access network (ASRAN) approaches by increasing the number of cells with shorter-range coverage in order to migrate to the 20-60GHz wave bands.

Technical aspects of such an approach provides the following benefits: (1) a greater adoption of hand-off approaches to 5G femto repeater cells in areas of limited cell coverage, (2) the aspiration of peer-to-peer or device-to-device (D2D) connectivity between 5G devices as a transparent hop onto the nearest 5G cell, and (3) modernising mobile operator infrastructures for software-defined-radio (SDR) and software-defined-network (SDN) capabilities.

Existing security considerations

Today’s mobile radio devices have dedicated hardware defined radios and antennae for 2G, 3G and 4G bands. Mobile device communications have relied upon the legacy A3 authentication and A8 cypher key generation security measures with A5 privacy cryptographic algorithm; the more modern 3G KASUMI block cypher with the UEA1 confidentiality and UIA1 integrity algorithms.

4G employs SNOW3G stream cypher and the IEA2 confidentiality and UIA2 integrity algorithms. The current subscriber interface modules (SIM) are not only used to prove the consumer’s legitimacy against location registers to connect to the mobile networks but contain algorithms to encrypt communications in transit across the UTRAN/eUTRAN to the basestations. But note that present femtocell technologies do not provide similar encryption mechanisms.

Existing 2.5G through to 4G technologies rely on various GSM packet radio service tunneling protocols (GTP) across the mobile networks: (1) GTP for charging, (2) GTP-U for user data and (3) GTP-C for signaling; unfortunately GTP is unauthenticated within the network and is used for session establishment, data forwarding, and mobility protection for internet-facing connections.

Following on from a growing 4G IP telephony adoption, sometimes termed voice over LTE, or voice over WiFi where WiFi off-loading is feasible, IP-centric voice communications would simplify the next generation networks.

5G security considerations

5G is purported to fulfill a self-organising network concept using multi-path sensing, but a continued need to achieve authorised access to the basestation is still required; in the 5G dimension this may require different trusted access mechanisms to SIMs - especially for off-loads. A method is not only required to identify a network user, but also their location, mobility tracking and data usage attribution.


SDR could provide a form of ‘application programmable processor’ containing reconfigurable probable universal filtered multi-carrier or massive multiple-input-multiple-output filter bank multi-carrier waveforms rather than orthogonal frequency division multiplexing used in sub-10GHz bands.

The ability to achieve dynamic spectrum access through multi-frequency sensing of any unused spectrum and dynamic data-rate alteration is key to 5G. Spectrum sensing data falsification intelligence would be required for onward hops across any meshed nodes or for hand-off to either D2D or 5G femtocell repeaters.


SDN requires the data plane to be separated from the control plane using collaborative and hierarchical SDN controllers within the mobile operator network domain. Whether SDN compatible devices are roaming between authenticated ASRAN cells, via unauthenticated femtocells, hopping D2D to the next basestation cell, or off-loading to mobile operator SDN compatible wireless access infrastructure, the quality of service and service management is crucial across such a distributed network.

SDN is achievable using OpenFlow intelligent switching across the network infrastructure and would be used to steer traffic to responsible network forwarding virtualisation middle boxes in the mobile network. Controller configuration and flow mapping is conducted using the OpenFLow protocol preferably across secured connections from virtualised network management environments at the higher application centric layer.

Traceable trust would also be required whatever the route to avoid ASRAN node spoofing (or hiding) and data snarfing as consumers move between authenticated ASRAN cells or through hand-off devices or off-load to wireless access infrastructures - this could be achieved through public key infrastructure-based mutual authentication controlled by the mobile network.

Data integrity could be performed through generalised multi-protocol label switching overlay techniques, which is OpenFlow compatible, to assure protection across the mobile network or D2D hand-offs. Consumer mobility exposure within the SDN-based mobile network would be obfuscated using overlay techniques.

An important consideration would also be the use of transparent, low latency and secured tunnelling connectivity for data encryption where 5G devices offer out-of-band connections for off-loading to conduits outside the direct control of a mobile operator; for example the latter would be used for protected remote connectivity from SDN capable wireless access points via dedicated internet-facing gateways back to their own mobile network domain point-to-point.

Consumer IP data could then be onward routed outside the mobile network to internet gateways via the mobile operators’ edge security appliance(s). Voice IP traffic destined for the public switched telephone network gateways would need to be transposed for circuit switching. To ensure the confidentiality and integrity for end-to-end exchanges, whether it is transiting the mobile network or the wider internet, consumers may also elect to use virtual private network connectivity or utilise secure sessions for this purpose.

From a software patching and configuration update perspective both SDR and SDN updates could be deployable across the mobile network. These should be digitally signed so authenticity is verifiable and should only be downloadable from the mobile operator’s software libraries of known provenance.


Although presently hypothetical, the 5G-dimension will be driven by a combination of societal, research and technology drivers, where there will be a greater expectation for communications infrastructures to cope with the growing stresses from media enriched data volumes transiting across a range of internet enabled devices.

Such 5G implementations would require modifications to the existing mobile operator networks and supporting infrastructure nodes to provide the salient SDN infrastructure. Additionally privacy protection point-to-point across 5G infrastructures from a consumer perspective will be as important as the integrity of the charging and signaling data from the mobile operator’s perspective.

Therefore built-in security measures and security wraps will need to be integrated into 5G approaches in order to drive consumer confidence, ubiquitous adoption and consumer traction.