Sign in Subscribe

3GPP 5GC Security Specification: Key Requirements and Architecture

Last updated on 
3GPP 5GC Security Specification: Key Requirements and Architecture
3GPP 5GC Security Specification: Key Requirements and Architecture
5G & 6G Prime Membership Telecom

The 5G Core (5GC), shaped by the 3rd Generation Partnership Project (3GPP), signifies a major progression in mobile network design. With cutting-edge features like network slicing, a cloud-native structure, a service-based architecture (SBA), and API-driven exposure, security is a top priority.

The diagram provided illustrates the end-to-end security framework of the 5GC, which safeguards user equipment (UE), access networks, control plane functions, APIs, and communications between operators.

Let’s dive into the key components of the 3GPP 5GC security specifications.

🔐 1. Network Access Security (N1 & N2 Interfaces)

Access security is all about making sure that 5G User Equipment (UE) connects safely to the 5G network.

Key Features:

Mutual Authentication: Between UE and the network using 5G-AKA or EAP-AKA’.

Confidentiality & Integrity: Signaling messages over N1 (from UE to AMF) and N2 (from UE via gNB to AMF) are both encrypted and protected.

Key Hierarchy: Root keys are generated from the Subscription Permanent Identifier (SUPI) and stored in the Unified Data Management (UDM) and the Authentication Server Function (AUSF).

SUPI Privacy: This is exchanged safely through SUCI (Subscription Concealed Identifier) to keep permanent identities secure.

✅ This ensures that only authorized devices can access the network, guarding against IMSI catching, replay attacks, and spoofing.

🔗 2. NF-NF Communication Security (N4, Nnrf, Namf, etc.)

5G Core utilizes a Service-Based Architecture (SBA), allowing Network Functions (NFs) to communicate via APIs.

Security Measures:

TLS 1.2/1.3 encryption is used for all NF-to-NF interactions.

OAuth 2.0 / TLS certificates are implemented for authenticating and authorizing NFs.

N4 Security: Between SMF (Session Management Function) and UPF (User Plane Function), safeguarding session management and traffic control.

The NRF (Network Repository Function) checks NF identities and aids in secure service discovery.

✅ This guarantees confidentiality, integrity, and authentication in control plane signaling exchanges.

🛡️ 3. Identity and Authorization

Managing identity and subscriber authorization are vital for maintaining 5G trust domains.

Key Components:

AUSF: Responsible for authenticating UE.

UDM (Unified Data Management): Keeps track of subscriber data, identifiers, and policies.

UDR (User Data Repository): Provides backend storage for the UDM.

PCF (Policy Control Function): Implements subscriber-specific policies.

Features:

Role-based access control (RBAC) for NFs.

Handling of SUPI/SUCI to maintain privacy.

Authorization tokens are given by AUSF for NF interactions.

✅ This prevents unauthorized access to services, fraud, and identity theft within 5G networks.

🖧 4. Network Slice Security

One impressive aspect of 5G is network slicing, which creates multiple logical networks on a single physical setup.

Security Considerations:

Slice Isolation: Ensures traffic from one slice doesn’t affect another.

Slice-specific Authentication & Authorization using NSSF (Network Slice Selection Function).

Custom Policies & Encryption Keys for each slice to guarantee end-to-end separation.

✅ This means sectors like healthcare, IoT, and autonomous driving can function on their own secure networks.

🌍 5. Inter-PLMN Security (N32, N9 Interfaces)

When roaming between different Public Land Mobile Networks (PLMNs), security is critical.

Security Measures:

SEPP (Security Edge Protection Proxy) ensures mutual authentication, integrity, and confidentiality on N32 (for inter-operator control plane interface).

N9 Security protects user plane data between UPFs in different PLMNs.

Strict Roaming Agreements align with 3GPP security standards.

✅ This protects roaming users from threats while navigating untrusted networks.

🌐 6. Network Exposure API Security (N33 Interface)

The Network Exposure Function (NEF) and the CAPIF (Common API Framework) make it possible for external applications to engage securely with 5G services.

Security Features:

Protection for the API Gateway includes authentication, rate limiting, and monitoring.

Uses OAuth2.0 / API tokens for secure access rights.

Ensures confidentiality and integrity of API requests/responses through TLS.

CAPIF Standardization guarantees a secure and consistent developer interface.

✅ This helps to thwart API abuse, data leaks, and denial-of-service (DoS) attacks, opening doors for innovation in IoT and enterprise applications.

📊 Quick Look at 5GC Security Specs

Security Domain Interfaces Key Functions & Components Protection Mechanisms Network Access SecurityN1, N2UE, gNB, AMF, AUSF, UDM5G-AKA, encryption, SUPI protection NF-NF CommunicationN4, Na mf, Nnrf SMF, UPF, NRF, AMFTLS 1.3, OAuth2.0, mutual authentication Identity & Authorization Nausf, Nudm, Npcf AUSF, UDM, UDR, PCF Token-based auth, RBAC, SUPI/SUCI Network Slice Security Nnss fNSSF, AMF, SMF Slice isolation, per-slice keys Inter-PLMN SecurityN32, N9SEPP, UPF Mutual auth, IPsec/TLS tunneling API Exposure SecurityN33NEF, CAPIF, External Apps API gateway protection, TLS, OAuth

📌 5GC Security Checklist for Telecom Professionals

Here’s a handy checklist inspired by 3GPP’s 5GC Security Specification:

✅ Network Access Security

Use 5G-AKA / EAP-AKA’ for authentication.

Make sure SUPI → SUCI encryption is in place to safeguard permanent IDs.

Implement end-to-end integrity & confidentiality for both N1 and N2.

✅ NF-NF Communication Security

Require TLS 1.3 with mutual authentication for NF interfaces.

Utilize OAuth 2.0 / certificates for NF discovery and authorization.

Secure N4 (SMF-UPF) signaling using IPsec/TLS.

✅ Identity & Authorization

Set up role-based access control (RBAC) for NFs.

Rely on AUSF-issued tokens for communication between NFs.

Encrypt subscriber profiles within UDM/UDR.

✅ Network Slice Security

Ensure slice isolation with separate encryption keys.

Apply slice-aware authentication/authorization methods.

Keep an eye on attempts for cross-slice data leakage.

✅ Inter-PLMN Security

Implement SEPP on N32 to secure roaming signaling.

Encrypt N9 UPF tunnels for added protection.

Enforce roaming compliance policies between PLMNs.

✅ API Exposure Security

Lock down APIs through CAPIF & NEF gateways.

Use OAuth 2.0 tokens + TLS for external application access.

Set up API throttling, monitoring & anomaly detection.

🏆 Conclusion

The 3GPP 5GC security specification is fundamental for building trust in 5G networks. It covers everything—from device access and control plane signaling to network slicing, inter-operator roaming, and API exposure.

By enforcing robust measures like mutual authentication, encryption, slice-specific security, SEPP-protected roaming, and secure API frameworks, 5G networks are set to offer the reliability, confidentiality, and resilience that businesses, governments, and users need.

As we look ahead to 6G, these security building blocks will support scalable and future-ready connectivity in an increasingly interconnected world.