So let's get started by taking a high level look At this 5G security framework and before we do that it becomes paramount that we understand a certain technical term. That is 3GPP access and non 3GPP access, now, the broader meaning of those terms is somewhat beyond our scope right now, but this is what they mean at a very high simplistic level. 3GDP access essentially to the 5G core network Is when a user is trying to access 5G core network over either a 5G public network or a 5G private network, but at the end of the day It is a 5G Rand. So a user trying to access 5G core network Over 5G ran that will be turned In this context. 3GDP access and that is the use case that an overwhelming majority of 5G devices will be asking for However, there is another use case that is non 3GB access. Non 3GDP in this context means a different air interface or wireless technology than 5G such as Wifi. For example, in that the headline is Some users, if not all, may request connectivity to 5G core network while they are connected to a wifi hotspot rather than a 5G will be. Now, before we understand the intricacies, let's first understand why such a use case would arise. Imagine that a certain network operator has deployed a macro cell network in a certain part of the city, but let's say that maybe there is going to be a pop up concert at a certain place or maybe there is a celebrity going to sign the book at a mall. And there is going to be some temporary crowd and that location for which the operator might need extra capacity and extra throughput. Keep in mind that deploying of 5G at such locations for temporary purposes may not be very economically viable. So under such a representative conditions, what the operator might choose to do is the following. Instead of deploying a five G base station, just have a wifi hotspot at that point. And instead of the Wifi hotspot connecting to a third party ISPS network, that hotspot in the end will be connecting to that cellular network operators or 5G core network. So all the users in that particular area, such as the shopping mall, the users particularly of that cellular network operator, the subscribers of that operator will also be able to connect to this Wifi hotspot using the Wifi connection on their 4, not 5G but Wifi connection. But in the end, that connection will go back to a five G core network, thus allowing those subscribers to be able to access all the features of a typical 5G core network over a Wifi access channel rather than a 5G air interface. So that is a quick high level background on non 3GPP access and just one of the representative use cases that it might be deployed under. So given that there could be multiple use cases of deployment, as given over here, how does 5G ensure authentication and security etc? Well the good news is regardless of what their interface the subscriber will be using to access score network, 5G institutes, one common authentication framework for all their interfaces. So no matter how a subscriber connects to the 5G core network, it will have gone through at least a minimum degree of common authentication regardless of its connecting area. So that is a little bit about this unified authentication framework. There is a slight difference in 5G security architecture at least at a high level as compared to legacy technologies in that commonality. First of all, he is most of the security related mechanisms like encryption authentication are hosted within the core network. But in addition there is a slight change to this framework, for one simple reason. We have seen the concept of mobile edge computing where in certain high priority application servers may be located with your core network or even better with your access network such as you are a wealthy services or other real time services. Now if your application server was located here, but your security mechanisms were located in the core network. Then essentially the security mechanisms are the time that it takes to execute those security mechanisms are likely going to be the bottleneck for the whole service. And even though you had your application server located with the access network, it wouldn't exactly provide you the latency benefit that you were hoping at least in most cases. because every subscriber has to ultimately paying the core network for security and other authentication as well as encryption related mechanisms. That problem to certain extent, is alleviated by this new component called security anchor function. At a high level it's basic responsibility is to offload some of the security related responsibilities from the core network and bring those responsibilities towards the edge of the access network. So just like H computing brings an application server from far away near the access network, security anchor function brings some of the security functionalities from the core network closer to the end user in the realm of access network. Now, to what extent operators may deploy that and what are the exact functionalities that the anchor function will accomplish? That remains to be seen in implementation, but 5G framework nonetheless is flexible enough to allow for replicating the edge computing like scenario for security purposes as well. And above everything our security, our level can be adjusted dynamically in the network depending upon the exact needs of the application as well as their scalability. For example, stands to reason that you are LLC or mission critical like application is obviously going to require much tighter security controls as compared to a regular cloud gaming or video streaming application. And 5G Security framework is designed in a manner so as to be versatile in order to accomplish all those objectives by design.
