ACE O-Auth

Security standard for constrained IoT devices

Network security standards

Ericsson joins with leading players across sectors such as ICT, transport, media, and academia, to drive and develop an industry-wide framework of common standards and together provide a strong baseline for seamless interoperability and secure evolution of the world’s mobile networks.

Security Core Network

#standardization

From transport to healthcare, commerce to education – new industries and innovations are connecting to mobile networks on an unprecedented scale. With increased value at stake, the need to ensure trustworthiness in mobile networks has never been more critical.

As a leading contributor to the network security standards forums, Ericsson continues to play a definitive role in developing the security standards of this next industrial age.

City in the dawn with stadium, harbor, and water areas

Ever since the second generation (GSM), mobile network technologies have developed according to agreed global standards. The standardization mechanisms ensure a baseline of best-practice solutions which are consensually agreed, tested, and verified by industry experts.

In the standardization process, industry stakeholders agree on a common structure to ensure interoperability with maintained security. This structure is then used to develop, test and verify key security system properties such as interface definitions, security protocols, key lengths and cryptographic algorithms. Standards are open for anyone to review which adds transparency and confidence in the security features specified.

Standardizationis one pillar to achieve the overall security for users. The holistic approach to security also includes the other pillars: product development, deployment and operation of the network .

Standardization

Security standardization is a multilateral effort comprising several worldwide standards organizations and a diverse set of stakeholders from industry, government and academia. Given the scale of the 5G ecosystem and the increasing complexity of the security challenges, we believe it is more important than ever to ensure a holistic, collective approach to standardization across all stakeholders and standards organizations.

Five guiding principles

Learn about key elements of security standardization.

Read the blogpost

3GPP

The 3rd Generation Partnership Project (3GPP), the main mobile network standards organization, is driving security architecture standards through its SA3 working group. This also comprises security solutions from several other partners and standards organizations such as IETF, ETSI and NIST.

IETF

The Internet Engineering Task Force (IETF) defines protocols and best-practice solutions for the global internet. As part of this, the organization defines security protocols such as IPsec, EAP and TLS. Several of these protocols are incorporated by 3GPP in the 5G security architecture.

ETSI

A 5G network is built using cloud and virtualization technologies. The European Telecommunications Standards Institute (ETSI), developing standards for ICT systems and services defines security standards for the network’s cloud and virtualization technologies through it’s Industry Specification Group for network functions virtualization (ISG NFV).

NIST, GSMA, and others

The US National Institute of Standards and Technology (NIST) defines, among other things, security standards for cryptography solutions, such as the Advanced Encryption Standard (AES). GSMA works on several mobile network security related topics such as the eSIM specifications and interconnect security between operators. The recently approved NESAS framework for security assurance is a joint effort between 3GPP SA3 and GSMA.

eSIM standard for constrained IoT

eSIM is a remote SIM provisioning technology replacing plastic SIM cards for consumer devices and large IoT devices, such as cars. So far, the use of eSIM has not been possible for constrained IoT devices, which have limitations in network, memory, power, UI, CPU, and so on.

Ericsson has worked with GSMA on the new eSIM standard for constrained IoT that was released in May 2023.

The new standard optimizes data exchange and enables subscription provisioning over low power wide area (LPWA) networks using protocols such as CoAP over UDP, without reliance on TCP and SMS. The remote subscription management is also simpler and enables new use cases, where the eSIM IoT remote manager (eIM) can easily interact with, or even be embedded into, the IoT device and data management platform. Such an embedded eIM does not need costly and complex certifications.

In the new standard, there is no mandatory factory binding of a subscription manager to the eUICC, like there is in the eSIM M2M standard. Instead, the eIM can be configured and changed easily in the eUICC at any lifecycle state of the device, which makes it possible to manufacture large batches of devices without pre-customizations or bindings. The standard is also compatible with the provisioning server (SM-DP+) of the consumer eSIM standard, so the existing eSIM ecosystem can be readily used.

Non-constrained IoT devices may also benefit from the new standard.

The work with test specification, compliance, and certification for the new standard is expected to be ready during 2024/H1.

The SNOW crypto

SNOW 3G is the result of a very successful technology transfer from the academic world to the industry. The SNOW cipher was developed by Lund University in the beginning of the 2000s as a pure academic work. SNOW is a classic stream cipher which generates a pseudo-random key stream given a secret key and a public initial vector as input. The key stream is then xor:ed to the bits in the plain text to encrypt the data.

Ericsson has a long-standing relationship with the crypto researchers at Lund University and SNOW was picked up by Ericsson and as a first step it was submitted as an ISO standard (ISO/IEC 18033-4:2005) in 2004.

Not long after, ETSI Security Algorithms Group of Experts (SAGE) needed a new algorithm for the air interface protection in the 3GPP mobile network system. SAGE took SNOW and enhanced it with a larger internal state to mitigate a newly discovered potential weakness. SAGE's modified version was given the name SNOW 3G and was incorporated into the 3GPP specifications as one of the air interface encryption and integrity protection core algorithms. SNOW 3G has been part of the 3GPP standardized algorithms since 3G and is still part of the air interface protection in 5G.

5G Release 17: Overview of new RAN security features

Security by design for Internet of Things

While standardization provides a strong pillar for overall network security, it is not the final destination.

Some standards are mandatory, while others are optional. This allows vendors and service providers to tailor a security solution fit to meet the demands of their given deployment scenario – while still ensuring a secure base.

At Ericsson, we incorporate the many various standards frameworks within our wider, comprehensive approach to network security. Beyond standards, our broad security portfolio comprises features, functions and products according to our Security Reliability Model (SRM). This enables us to deliver the necessary privacy, security assurance, resilience, communication security and identity management through each stage of network implementation, deployment, configuration and operation.

We believe this is the only way to truly secure and enable the large-scale, security-sensitive communication systems of the new industrial age.

Ericsson’s security story

Security in 5G RAN and core deployments

Some 3GPP standards are flexible by design, such as the separation of RAN and Core network functions. Find out why this is and the challenges it can pose for security stakeholders.

How to enable trust in 5G

When developing a new G, security threats need to be weighed against the cost of them materializing and the cost of countermeasures. Read how 3GPP achieves this together with other standards organizations.

Securing all things, all the time

The world is changing. So is telecom security. Learn how Ericsson’s security solutions are designed to stand up to the challenges of tomorrow’s enterprise.

Ericsson security

High voltage power substation drone view

Large-scale cryptography-breaking quantum computers that can break algorithms used today for public-key encryption, key exchange, and digital signatures might not be built anytime soon, or even at all. But it is a potential threat that needs to be taken seriously, so it’s important to plan for migration to post-quantum cryptography.

The US National Institute of Standards and Technology (NIST) have announced that they intend to standardize the key encapsulation mechanism Kyber and the three signature algorithms Dilithium, Falcon, and SPHINCS+. This is a result of many years of work by hundreds of researchers globally. The US National Security Agency has announced anticipated timelines for when US national security systems are expected to have migrated to new algorithms for TOP SECRET information.

Even if mobile networks are not national security systems, they are considered critical infrastructure that needs to be protected and secured against future attacks. Therefore, the new algorithms should be brought to mobile networks too. Future 5G releases will initiate this migration and 6G will be fully quantum-resistant from the start.

Post-quantum cryptography