A Layered Approach to Threat Modeling for 5G-Based Systems

The rise of 5G networks promises a wide range of cutting-edge services with the aim of achieving high performance and reliability. Cutting-edge applications facilitated by 5G architecture make use of various enabling technologies, which introduce various new and emerging security threats and attacks. Threat modeling is a proactive approach to identify security requirements, as well as potential threats and vulnerabilities, and prioritize remediation methods. In addition, 5G networks are complex and are usually divided into separate layers to foster the understanding and management of different functionalities. The open nature of 5G envisages that multiple vendors and service providers might be working on network deployment and service provisioning; it is therefore necessary to address and categorize the threats at each layer distinctly. This paper presents a threat model for 5G-based systems. It leverages the layered 5G architecture, identifying threat categories and mapping these to corresponding layers. It also analyzes enabling technologies affected by identified threats along with threat actors, entry points, and the impact of threat categories. Through the development of this threat model, we envisage facilitating further research into specific threats and mechanisms to protect against them.