Tactical Mapping: 4G/5G Radio Interface Security (M.2012 / M.2150)

🏗️ 1. IMT-2020 (5G) New Radio (NR) Security Features

The 5G NR interface (M.2150) introduces significant security enhancements over legacy systems.

🛡️ SUPI / SUCI Privacy (The "Fake eNodeB" Fix)

• Mandate: The user's permanent identity (SUPI) must never be sent in cleartext over the air.
• Mechanism: The UE (User Equipment) encrypts the SUPI with the home network's public key, creating a SUCI (Subscription Concealed Identifier).
• Vulnerability: Rogue Base Stations attempting to capture the IMSI (IMSI-Catching) fail because they only see the encrypted SUCI.
• M.2150 Alignment: Secure identifier framework (3GPP TS 33.501).

🛡️ RRC Integrity Protection for User Plane (UP-IP)

• Mandate: 5G allows for optional integrity protection of user data (User Plane).
• Mechanism: NIA1/NIA2/NIA3 algorithms applied at the PDCP (Packet Data Convergence Protocol) layer.
• Vulnerability: Prevention of "Bidding Down" or "A5/1-style" packet modification.
• M.2150 Alignment: PDCP security requirements.

🏗️ 2. IMT-Advanced (4G) LTE Security (M.2012)

4G LTE remains a critical fallback for most global networks.

🛡️ AS / NAS Security Separation

• Mechanism: Separation of Access Stratum (AS) security (UE-to-eNodeB) and Non-Access Stratum (NAS) security (UE-to-MPE).
• Vulnerability: Compromise of an eNodeB (Physical access) does not allow decryption of the NAS signaling core traffic.
• M.2012 Alignment: Secure key layering and hierarchy.

📡 3. Physical Layer Attack (PLA) Vector Matrix

🧪 Operational Audit Reference

• 5G NR Audit Portfolio: For auditing core-to-radio signaling.
• 4G Radio Audit Checklist: For tactical field assessments of legacy eNodeB security.

Generated by TelcoSec-ITU-Navigator Logic Engine.