-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathopinions.html
More file actions
110 lines (106 loc) · 5.44 KB
/
opinions.html
File metadata and controls
110 lines (106 loc) · 5.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Own Opinion & Conclusion – 4G/5G Security</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="style.css" />
<style>
.hero {
padding-bottom: 0rem !important;
}
</style>
</head>
<body>
<header>
<div class="nav-inner">
<div class="logo">4G / 5G Security</div>
<nav>
<ul>
<li><a href="index.html">Introduction</a></li>
<li><a href="mechanisms.html">Security Mechanisms</a></li>
<li><a href="attacks.html">Attacks & Feasibility</a></li>
<li><a href="opinions.html" class="active">Opinion & Conclusion</a></li>
<li><a href="references.html">References</a></li>
</ul>
</nav>
</div>
</header>
<main>
<section class="hero">
<h1>4. My Own Opinion</h1>
<h6>4.1 Is 5G “more secure” than 4G in practice?</h6>
<p>
From a protocol and architectural standpoint, I believe that the security design of 5G is clearly
stronger than that of 4G. Mechanisms such as 5G-AKA / EAP-AKA′, SUPI/SUCI-based subscriber identity protection,
and SBA security through SEPP reflect how lessons from previous generations have been incorporated
into the standard. In my view, mutual authentication, improved key binding to serving networks,
and encrypted subscriber identifiers all raise the bar significantly for many traditional attack scenarios.
</p>
<p>
However, I do not think the question of whether 5G is always more secure for end users today
can be answered simply. Many 5G NSA (Non-Stand-Alone) deployments still rely on 4G attach and
mobility procedures, including pre-authentication signaling and fallback to legacy technologies.
As long as 2G and 3G remain available and enabled on devices, I consider downgrade attacks and
fake base-station threats to remain realistically achievable. Optional protections such as
user-plane integrity are also not consistently enabled in operational networks due to performance or
operational constraints, which further limits practical security.
</p>
<p>
In summary, while I view 5G as providing meaningful architectural improvements,
I think the actual security experienced by users depends far more on legacy coexistence,
configuration choices, and implementation quality than on the standard itself.
</p>
<div class="margin">
<h1>5. Conclusion</h1>
<p>
This project has examined security in 4G and 5G mobile networks from three main
perspectives: the security architecture and mechanisms, the concrete attacks that
target these mechanisms, and the feasibility of those attacks in real deployments.
EPS-AKA, hierarchical key management, NAS/RRC protection, and NDS/IPsec form the
foundation of 4G security, while 5G extends this with 5G-AKA/EAP-AKA′, SUPI/SUCI,
deeper key hierarchies, SBA security, and SEPP for inter-operator protection.
</p>
<p>
The analysis of attacks shows that downgrade and fake base-station attacks, signaling
abuse, paging-based tracking, SBA exploitation, and IoT-driven signaling storms all
remain relevant, but with very different preconditions and impacts. Low-cost SDRs are
sufficient for passive monitoring and some active attacks, whereas exploiting SBA and
slicing generally requires an internal foothold and advanced skills. This leads to
several overarching conclusions.
</p>
<p>
First, security has improved significantly from 4G to 5G, especially in terms of
subscriber identity protection and binding of keys to serving networks. However,
as long as legacy technologies and downgrade paths are present, many of the classic
weaknesses do not disappear.
</p>
<p>
Second, the main issues are rarely failures of the cryptographic algorithms themselves;
they are more often related to partial deployment of available protections, permissive
fallback policies, and configuration errors in complex, cloud-native cores.
</p>
<p>
Third, the move to SBA and virtualization brings mobile core security closer to
mainstream IT and cloud security. Telecom security expertise must now be combined with
robust practices for API security, certificate management, segmentation, and automated
deployment pipelines.
<p>
In conclusion, secure 5G is technically achievable with the mechanisms already defined
in current standards. Achieving it in practice depends on retiring or strictly limiting
insecure legacy technologies, fully activating integrity and confidentiality protections,
hardening SBA and slicing, and maintaining continuous monitoring and updating of both
network and device software. Only by addressing both protocol design and day-to-day
operational security can 4G and 5G networks deliver the level of trust expected from
modern critical communications infrastructure.
</p>
</div>
</section>
</main>
<footer>
<p class="muted">
© 2025 JongYeon Bae — Security in 4G / 5G Mobile Networks.
</p>
</footer>
</body>
</html>