Thales Blog

Fast and Safe Protection for 5G Subscriber Privacy and Authentication

October 22, 2021

Chen Arbel Chen Arbel | Associate Vice President, Business Development, 5G More About This Author >

The protection and authenticity of subscriber authentication and privacy in 5G networks is equally important to requirements for increased reliability and low latency. Thales 5G Luna Hardware Security Module (HSM) ensures the protection of cryptographic keys used for device identification and authentication while offering superb performance.

Building the case

The introduction of 5G presents Network Equipment Providers (NEPs) and Mobile Network Operators (MNOs) with the need to provide wider bandwidth, higher capacity, multi-Gbps throughput, more reliability and lower latency. One of the key components of a trusted 5G network is the integrity of the virtualized infrastructure and the confidentiality of the data flowing inside it.

The protection and authenticity of subscriber authentication and privacy presents various challenges, including:

  • the complexity of the infrastructure
  • the distributed nature of the 5G networks
  • the astounding number of devices, including the growth in the Internet of Things (IoT)
  • the use of open source platforms and multi-vendor networks
  • cloud adoption
  • the evolution from 3G and 4G networks

How Thales addresses these challenges

To help NEPs and MNOs address security challenges, Thales has introduced the 5G Luna Hardware Security Module (HSM). 5G Luna HSM offers up to 1,660 transactions per second (tps) for Profile A Decrypt 25519, and a PKI hardware-based root of trust, allowing for fast and secure scaling from the data center to the edge. All crypto operations and storing, generating, and managing of encryption keys are performed within the secure confines of the 5G Luna HSM ensuring the protection of subscriber identities including the Subscription Concealed Identifier (SUPI), user equipment, radio area networks (RANs), and their core network infrastructure.

subscriber privacy and av generation

Figure 1: 5G Core – Subscriber Privacy and AV Generation

5G RAN and core networks rely heavily on authentication, authorization, and encryption. Verifying the identity of the subscriber and encrypting communications relies on trusting the private keys being used. In 5G networks, HSMs act as trust anchors that protect the cryptographic infrastructure used to establish identities across the network.

A strong foundation of trust for your 5G infrastructure means all devices, data, transactions and users are protected without compromising agility, usability or scalability. Hence NEPs and MNOs can meet the high demands of industry regulations and audit requirements in addition to achieving your business and revenue goals.

The Luna HSM offers to enhance subscriber privacy and authentication by offering a secure mechanism for the Subscription Identifier De-concealing Function (SIDF), Authentication Credential Repository and Processing Function (ARPF), Authentication Server Function (AUSF), Unified Data Manager (UDM), and Unified Data Repository (UDR) to ensure that the encryption keys are always protected.

Performance of 5G Luna HSM

Thales 5G Luna HSMs specifically address the throughput needs required by NEPs and MNOs for 5G.

Offering up to three times the performance offered by competitive solutions, NEPs and MNOs can now:

  • Meet the high throughput and efficiency requirements to satisfy demanding requirements for 5G.
  • Easily scale to satisfy service level agreements.
  • Experience reduced total cost of ownership (TCO) with one HSM offering 1,660 tps for Profile A Decrypt 25519. Less hardware means less to set up, update, configure and manage.
  • Offer low latency with fast response times.
  • Meet performance while maintaining high assurance security posture.

Benefits of 5G Luna HSM

Besides the exceptional performance, Thales 5G Luna HSM offers many benefits to NEPs and MNOs, including:

  • Strong cryptographic key protection by generating, managing, and storing them in a hardware root of trust by default. Keys are isolated inside the Luna HSM tamper-resistant hardware and never leave the HSM.
  • Crypto agility to mitigate all cryptographic threats by implementing quantum safe algorithms, securing your organization's users and data today and into the future.
  • Customized code deployment within the secure confines of the HSM.
  • Compliance with a wide array of regulations including GDPR, eIDAS, PCI DSS and CCPA.
  • Centralized management and monitoring.

Meet us at the MWC Los Angeles 2021

If you want to see the 5G Luna HSM in action, come and visit the Thales stands at the MWC Los Angeles 2021, between 26 – 28 October. You can meet us at Hall South Stand 1153MR and Hall South Stand 1150MR. Set up a meeting with me to learn how to quickly adapt your infrastructure to meet 5G performance, scalability, speed, cost and privacy requirements for 5G, and establish a root of trust for your critical infrastructure.