Security aspects of 5G system

Non - standalone NR security

The NSA architecture utilizes LTE as the master RAT , while NR provides a secondary RAT with UE’s connected to both radios.

Evolution of the trust model

The trust model in the UE is simple : there are two trust domains , the tamper proof of UICC on which the USIM as trust anchor and the ME. The ME and the USIM together form the UE. The RAN is divided into DU and CU. DU and CU together form gNB the 5G base station. The DU does not have any access to customer communications.

In the CN, the AMF serves as termination point for NAS security. AMF is collocated with SEAF that holds the root key for the visited network. AUSF keeps a key for reuse. ARPF keeps the authentication credentials.

Critical communications


The LTE_HRLLC work item gives solutions to support URLLC for LTE having needs as :

  • Semi - static CFI configuration
  • PDSCH repetition
  • UL SPS repetition
  • PDCP packet duplication

PDSCH repetition

To improve the authenticity of the DL data channel, PDSCH repetition can be configured to a UE for a given TTI length.

PDCP packet duplication

PDCP packet duplication is configured for a radio bearer by RRC where two logical channels are configured for the radio bearer. It is assisted in cases such as : SRBs using RLC AM, DRBs using RLC UM or AM.


Wake-up signalling for IDLE mode (FDD)

When a UE is in DRx or eDRx , it must regularly check if a paging message is arriving from the CN. This attribute permits the eNB to send the UE a “wake - up - signal “ to monitor NPDCCH.

Scheduling request

NB-IOT , SR exists only as a higher layer procedure, which triggers a random access procedure to request UL resources to send BSR. The resources are activated and deactivated by dynamic signalling on NPDCCH.

Early data transmission

An idle mode UE is able to transmit data in msg 3 of random access procedure, carrying between 328 and 1000 bits. The eNB can allow the UE to transmit a smaller amount of data than the maximum permitted size in order to decrease the power spent transmitting padding bits.

Quick release of RRC connection

An NB-IOT UE has to wait upto 10 seconds, after the receipt of the RRC connection release message.

System enhancements

CP - UP separation

A new interface E1 , enables interconnecting a gNB-CU-CP and a gNB-CU-UP.

The gNB-CU hosts the RRC, SDAP and PDCP radio protocols, while the gNB-DU hosts the PHY, RRC and MAC radio protocols. The gNB-CU and gNB-DU are connected via the F1 interface.

Architecture deployment scenarios

  • Centralized gNB-CU-CP and gNB-CU-UP
  • Distributed gNB-CU-CP and centralized gNB-CU-UP
  • Centralized gNB-CU-CP and distributed gNB-CU-UP


Quantitative KPI

Connection density : it refers to the number of devices fulfilling specific QoS per unit area (per km2)

Network energy efficiency : the ability is to minimize the RAN energy consumption while providing a much better area traffic capacity.

5G NR Deployments