Achieve security in mobile networks up to 5G for subscribers, keys, and network providers
5G Protect is the extension for Utimaco's General Purpose HSMs to allow subscriber identity de-concealing, authentication and key agreement in mobile networks within the tamper-proof environment of the Hardware Security Module.
- Compliant with the latest 3GPP security requirements to ensure a secure operational environment
- Safeguard against physical attacks through tamper protection and response mechanisms
- For subscriber identity de-concealing, authentication and key agreement (AKA) in mobile networks
- Easy integration through dedicated interface for AKA use case
Product Type:
FirmwareSupported Platforms:
Key Benefits
Details
The HSM application specially designed to meet the needs of network ele-ment providers in mobile networks
As a network solution vendor your solutions must comply with 3GPP security requirements as defined in Technical Specification 33.501. Therefore, your security architecture as well as related procedures for network elements must foresee a secure environment that protects long-term keys K and Home Net-work Private keys from physical attacks. Functions which process sensitive subscriber data, i.e., subscriber identity de-concealing as well as authentica-tion and key agreement, must also be executed in this secure environment.
5G Protect is an ideal solution to meet these requirements as it provides the unique combination of a certified secure environment and an integration API dedicated to subscriber identity de-concealing, authentication and key agree-ment. 5G Protect enables decryption of concealed subscriber identities in 5G mobile networks, and for key generation according to Authentication and Key Agreement (AKA) protocols in 2G, 3G, 4G and 5G mobile networks.
To provide you with the solution that exactly fits the processing requirements of your network, 5G Protect is available on our u.trust General Purpose HSM Se-Series, which offers entry-level and high-performance models.
Features
Unique product combination
- Certified secure environment
- Integration API dedicated to subscriber identity de-concealing, au-thentication and key agreement
Developed for network element provider
- Specially designed to meet the needs for subscriber identity de-concealing and authentication and key agreement in mobile networks
- Process subscriber data and key generation within a secure and tamper-protected environment
High Performance, Availability, and Scalability
- Processes subscriber data and generates authentication vectors at un-precedented speed
- High availability when running authentication and agreement protocols in a redundant system setup
- Easy extension to support future versions of SIDF Profiles and AKA pro-tocols, including future quantum-safe algorithms
- Customizable to specific requirements of Mobile Network Operators
- Ensures the best fit for existing and future requirements, guaranteeing long-term investment security
For each network size
- Suitable for several performance models
- From the entry level model for mobile networks with low numbers of subscribers and limited dynamics to a high-performance option for large networks with millions of subscribers
Compliant with latest requirements
- Secure environment that protects against physical attacks as re-quired in 3GPP Technical Specification 33.501 “Security architec-ture and procedures for 5G System”
- FIPS 140-2, PCI HSM and Common Criteria proven Hardware Secu-rity Module and cryptographic algorithms
Subscriber identity de-concealing function (SIDF)
- Decrypts the Subscriber Concealed Identifier (SUCI) with Subscriber Identity De-concealing Function (SIDF) in the home network
- Secures storage and usage of the Home Network Private Key to ensure privacy of the permanent identifier SUPI.
- Deconceals the SUCI inside the tamper protected HSM according to Profile A and Profile B.
Key Generation according to AKA protocols
- Support of all relevant 2G, 3G, 4G and 5G Subscriber Authentication and Key Agreement (AKA) protocols
- Derives the key material from the subscriber’s unique key K inside the tamper protected HSM.
Comprehensive API
- MNAUTH API, the C-style application programming interface (API) dedicated for Mobile Network security use cases. Available for C and Java.
- Easy Integration into mobile network functions by using MNAUTH API