Archive | 7:07 pm

5G is here but the challenges are just beginning

21 Aug

The long-awaited 5G roll-out has begun and it seems as if every month brings announcements of accelerated roll-out plans. In the US, AT&T and Verizon were the first to market, with both announcing 5G services in the closing months of 2018 and the remaining two major service providers committing to launches by mid-2019. In Asia, 2019 has seen 5G arrive in South Korea, Japan and China and, around Europe, the first commercial 5G subscriptions are also expected during 2019.

Implementing the full range of 5G capabilities requires significant investments by operators, representing a tricky balancing act as this cash has to be found before 5G revenues start to flow. At the same time, many operators are still building out 4G/LTE networks whilst many are seeing revenues dip as existing services become commoditised.

The path to 5G profitability, therefore, requires a strategic plan, taking account of factors such as the technology roadmap, the evolving regulatory landscape and, of course, local/regional market opportunities. This article reviews some of these factors and looks at how operators are adapting their roll-out plans to balance their investments against 5G revenue streams.

The 5G roll-out is underway

Although in the short term, 5G deployment may pose challenges to mobile operators, market demand and the consequent opportunities are driving an acceleration of global roll-out plans. From a standing start in late 2018, 5G subscription uptake is expected to be faster than any other mobile communication technology so far, with CCS Insight, a UK market research company, forecasting that global 5G connections will reach 2.7 billion by 2025, Figure 1.

Figure 1: Forecast growth in global 5G connections (Source: CCS Insight)

The term 5G Service, however, covers a wide spectrum of network capabilities, as can be seen from the International telecommunication Union’s, (ITU), requirements specification, IMT2020, Figure 2.

Figure 2: 5G performance requirements (Source: NGMN 5G White Paper)

To meet these requirements operators must invest heavily in all network domains, including spectrum, radio access network (RAN) infrastructure, transmission, and core networks. According to a study of one European country by McKinsey & Company[i], a management consultant, network capital expenditure may have to increase by 60% over the period 2020 to 2025, equating to an approximate doubling of the total cost of ownership.

It would not be surprising, given the above, to find most operators adopting an evolutionary approach to 5G roll-out, balancing investments against incremental revenues. The roadmap for global 5G service availability is therefore dependent upon how operators prioritise their investments, based on local regulatory and market conditions.

Regulatory and Technical Factors

As with any wireless networking technology, availability of spectrum is a key enabler of 5G, which will make use of frequencies ranging from 0.4 GHz up to the mmWave frequencies at 30GHz and above. The capabilities offered by 5G services will be based on the transmission frequencies used, with the “holy grail” of fast speeds and high bandwidth being unlocked by mmWave network technologies.

The design and implementation of mmWave networks are both technically challenging and costly to implement; innovative low-power RF amplifiers which can operate efficiently at these frequencies are required, and the transmission characteristics of signals at these frequencies require massive densification of networks.

Recognising these challenges, 3GPP, the global body responsible for developing 5G standards, focused on 5G NR non-Stand-Alone (NSA) technology in its first release covering 5G (Release 15). 5G NSA enables operators to leverage existing 4G/LTE infrastructure to offer services, by upgrading with massive MIMO technology.

A review of roll-out plans around the world would suggest that the majority of operators are following this approach, as illustrated by the sample summarised in Table 1. With the exception of AT&T and Verizon, who are using their mmWave spectrum to offer home broadband services in targeted cities, most other operators appear to be focusing initially on the “mid-range” sub-6 GHz frequencies, the so-called “sweet spot” for MIMO. These operators are initially concentrating on consumer offerings, working with manufacturers of mobile devices to offer faster download speeds. In the UK, EE and Vodafone have also indicated an intent to offer fixed wireless access (FWA) in rural areas.

Operator Frequencies Services
AT&T 39 GHz Home Broadband
Verizon 28/39 GHz Home Broadband
T-Mobile (USA) 600 MHz Consumer, handsets, tablets, etc.
EE 3.4 GHz Consumer, handsets, tablets, etc.
Vodafone 3.4 GHz Consumer, handsets, tablets, etc.
China Unicom 3.5 – 3.6 GHz Consumer, handsets, tablets, etc.
South Korea (all 3 operators) 3.5 GHz Consumer, handsets, tablets, etc.

Table 1: Sample launch plans

These are short-to-mid-term strategies, enabling early market entry and revenue realisation whilst delaying the investments required to build out the full 5G infrastructure. However, even though many countries are currently auctioning spectrum in the mid-range, it is a finite resource and will eventually run out, by 2025, according to McKinsey.

Two events in 2019 are likely to trigger the next wave of spectrum auctions and investments in 5G networks; In October, at its 4-yearly World Radio Conference (WRC) the ITU will finalise spectrum allocations for 5G and, by December, 3GPP is scheduled to deliver Release 16, completing the 5G specifications including the standards for mmWave 5G.

Market Drivers

Most current 5G roll-out plans can be considered to be targeting the “low-hanging fruit”, addressing consumer demand for more bandwidth whilst minimising the need to make significant network investments. The real revenue opportunities, however, will come when 5G capabilities can unlock the latent demand of a range of applications across multiple verticals. 5G will be a major enabler of digitalisation across industries such as agriculture, retail, automotive, manufacturing and energy and utilities and, according to a recent study by Ericsson and A.D. Little[ii], by enabling the use cases for these applications, operators can expect to see a revenue uplift of as much as 36% by 2026.

Needless to say, however, unlocking these revenues requires investment in the next level of 5G networks. Autonomous vehicles and cloud robotics, for example, will require the levels of latency that can only be achieved through the widespread implementation of edge computing. Likewise, the realisation of smart city applications involving thousands of sensors in a compact geographical area will require network densification. Figure 3 shows a mapping of typical use cases against ease of deployment and go-to-market challenges, proxies for investment requirements.

Figure 3: Application Growth Opportunities (Source: The Guide to Capturing the 5G Industry Digitalisation Business Potential, Ericsson)

Disruption Lies Ahead

The enhanced network performance of 5G, with its step changes in download and upload speeds, as well as ultra-low latencies, promises to be a key driver of industry digitalisation, disrupting many existing business models and creating both opportunities and threats, not just for mobile operators but for players in industries as diverse as gaming and automobiles.

Operators and equipment manufacturers in the telecoms industry are already aligning themselves, forming eco-systems to address emerging demands. The 5GAA association, for example, has evolved to ensure that the requirements of the autonomous automobile market are captured in the evolving 5G specifications. Similarly, OneM2M aims to create standards and solutions for emerging Machine-to-Machine and IoT technologies.

As 5G takes off, successful players will need to survive in and manage eco-systems of increasing complexity. To reap the benefits of industry digitalisation, for example, operators must build go-to-market partnerships with industry specialists, application developers, and systems integrators. Innovative approaches to managing investments will also be required, requiring the concept of sharing of 5G networks to be carefully explored.

As with any emerging, disruptive, technology, there will be winners and losers, with agility, innovation, and collaboration being key enablers of success.


5G services are now available in many countries but, for the most part, are being provided over enhanced LTE networks, using mid-range spectrum in the sub-6 GHz range. Whilst these services enable operators to demonstrate a 5G capability, the real opportunities will only be unlocked when the full 5G network functionality is available, requiring significant investments across all network domains. To unlock the benefits predicted from the digitalisation of industry, operators will need to carefully target investments and work within complex eco-systems to access their chosen market segments.


An overview of the 3GPP 5G security standard

21 Aug

Building the inherently secure 5G system required a holistic effort, rather than focusing on individual parts in isolation. This is why several organizations such as the 3GPP, ETSI, and IETF have worked together to jointly develop the 5G system, each focusing on specific parts. Below, we present the main enhancements in the 3GPP 5G security standard.

Crowd crossing street

These enhancements come in terms of a flexible authentication framework in 5G, allowing the use of different types of credentials besides the SIM cards; enhanced subscriber privacy features putting an end to the IMSI catcher threat; additional higher protocol layer security mechanisms to protect the new service-based interfaces; and integrity protection of user data over the air interface.

Overview: Security architecture in 5G and LTE/4G systems

As shown in the figure below, there are many similarities between LTE/4G and 5G in terms of the network nodes (called functions in 5G) involved in the security features, the communication links to protect, etc. In both systems, the security mechanisms can be grouped into two sets.

  • The first set contains all the so-called network access security mechanisms. These are the security features that provide users with secure access to services through the device (typically a phone) and protect against attacks on the air interface between the device and the radio node (eNB in LTE and gNB in 5G)
  • The second set contains the so-called network domain security mechanisms. This includes the features that enable nodes to securely exchange signaling data and user data for example between radio nodes and core network nodes
Figure 1_Simplified security architectures of LTE and 5G

Figure 1: Simplified security architectures of LTE and 5G showing the grouping of network entities that needs to be secured in the Home Network and Visited Network and all the communication links that must be protected.

New authentication framework

A central security procedure in all generations of 3GPP networks is the access authentication, known as primary authentication in 3GPP 5G security standards. This procedure is typically performed during initial registration (known as initial attach in previous generations), for example when a device is turned on for the first time.

A successful run of the authentication procedure leads to the establishment of sessions keys, which are used to protect the communication between the device and the network. The authentication procedure in 3GPP 5G security has been designed as a framework to support the extensible authentication protocol (EAP) – a security protocol specified by the Internet Engineering Task Force (IETF) organization. This protocol is well established and widely used in IT environments.

The advantage of this protocol is that it allows the use of different types of credentials besides the ones commonly used in mobile networks and typically stored in the SIM card, such as certificates, pre-shared keys, and username/password. This authentication method flexibility is a key enabler of 5G for both factory use-cases and other applications outside the telecom industry.

The support of EAP does not stop at the primary authentication procedure, but also applies to another procedure called secondary authentication. This is executed for authorization purposes during the set-up of user plane connections, for example to surf the web or to establish a call. It allows the operator to delegate the authorization to a third party. The typical use case is the so-called sponsored connection, for example towards your favorite streaming or social network site and where other existing credentials (e.g. username/password) can be used to authenticate the user and authorize the connection. The use of EAP allows to cater to the wide variety of credentials types and authentication methods deployed and used by common application and service providers.

Enhanced subscriber privacy

Security in the 3GPP 5G standard significantly enhances protection of subscriber privacy against false base stations, popularly known as IMSI catchers or Stingrays. In summary, it has been made very impractical for false base stations to identify and trace subscribers by using conventional attacks like passive eavesdropping or active probing of permanent and temporary identifiers (SUPI and GUTI in 5G). This is detailed in our earlier blog post about 5G cellular paging security, as well as our earlier post published in June 2017.

In addition, 5G is proactively designed to make it harder for attackers to correlate protocol messages and identify a single subscriber. The design is such that only a limited set of information is sent as cleartext even in initial protocol messages, while the rest is always concealed. Another development is a general framework for detecting false base stations, a major cause for privacy concerns. The detection, which is based on the radio condition information reported by devices on the field, makes it considerably more difficult for false base stations to remain stealthy.

Service based architecture and interconnect security

5G has brought about a paradigm shift in the architecture of mobile networks, from the classical model with point-to-point interfaces between network function to service-based interfaces (SBI). In a service-based architecture (SBA), the different functionalities of a network entity are refactored into services exposed and offered on-demand to other network entities.

The use of SBA has also pushed for protection at higher protocol layers (i.e. transport and application), in addition to protection of the communication between core network entities at the internet protocol (IP) layer (typically by IPsec). Therefore, the 5G core network functions support state-of-the-art security protocols like TLS 1.2 and 1.3 to protect the communication at the transport layer and the OAuth 2.0 framework at the application layer to ensure that only authorized network functions are granted access to a service offered by another function.

The improvement provided by 3GPP SA3 to the interconnect security (i.e. security between different operator networks) consists of three building blocks:

  • Firstly, a new network function called security edge protection proxy (SEPP) was introduced in the 5G architecture (as shown in figure 2). All signaling traffic across operator networks is expected to transit through these security proxies
  • Secondly, authentication between SEPPs is required. This enables effective filtering of traffic coming from the interconnect
  • Thirdly, a new application layer security solution on the N32 interface between the SEPPs was designed to provide protection of sensitive data attributes while still allowing mediation services throughout the interconnect

The main components of SBA security are authentication and transport protection between network functions using TLS, authorization framework using OAuth2, and improved interconnect security using a new security protocol designed by 3GPP.

Figure 2: Simplified service-based architecture for the 5G system in the roaming case

Figure 2: Simplified service-based architecture for the 5G system in the roaming case

Integrity protection of the user plane

In 5G, integrity protection of the user plane (UP) between the device and the gNB, was introduced as a new feature. Like the encryption feature, the support of the integrity protection feature is mandatory on both the devices and the gNB while the use is optional and under the control of the operator.

It is well understood that integrity protection is resource demanding and that not all devices will be able to support it at the full data rate. Therefore, the 5G System allows the negotiation of which rates are suitable for the feature. For example, if the device indicates 64 kbps as its maximum data rate for integrity protected traffic, then the network only turns on integrity protection for UP connections where the data rates are not expected to exceed the 64-kbps limit.

Learn more about security standardization

The security aspects are under the remits of one of the different working groups of 3GPP called SA3. For the 5G system, the security mechanisms are specified by SA3 in TS 33.501. Ericsson has been a key contributor to the specification work and has driven several security enhancements such as flexible authentication, subscriber privacy and integrity protection of user data.

Learn more about our work across network standardization.

Explore the latest trending security content on our telecom security page.


%d bloggers like this: