India Launches Mandatory 5G Security Certification

India
is bolster the security of its telecommunications infrastructure with the
implementation of the Mandatory Security Certification (MSC) for the Session
Management Function (SMF)
of the 5G Core network. The National
Center for Communication Security (NCCS)
has announced that, effective January
1, 2025
, this certification will become mandatory.

What is the Session Management
Function (SMF)?

The
Session Management Function (SMF) is a crucial element within the 5G
Core network. It manages various critical aspects of network operation
including session management, policy enforcement, charging, and IP
address management
. Specifically, the SMF is responsible for:

  • UE IP Address
    Allocation & Management
    : Handles the assignment and
    management of IP addresses for user equipment (UE).
  • DHCP Functions: Implements DHCPv4
    and DHCPv6 roles, both as server and client.
  • UPF Selection and
    Control
    : Selects the User Plane Function (UPF) and
    controls functions such as ARP proxy and IPv6 Neighbor Discovery.
  • Traffic Steering: Configures how
    traffic should be directed at the UPF to ensure proper routing to the
    desired destination.
  • Policy Control
    Integration
    : Terminates interfaces toward policy control functions
    to ensure compliance with network rules.
  • Charging and Lawful
    Interception (LI)
    : Manages the collection and coordination of charging
    data and ensures support for lawful interception where required.

These
functions are vital to ensure a seamless, secure, and effective operation of
the 5G Core network, particularly as the number of connected devices continues
to rise exponentially.

Timeline for Security Certification

The
Mandatory Security
Certification
for the SMF will be required starting January 1, 2025.
However, companies can begin the certification process now, as it is voluntary
until December 31, 2024
. Early certification offers a significant advantage
for manufacturers and operators, allowing them to ensure compliance before the
official enforcement date.

This
proactive approach by the NCCS aims to preempt security vulnerabilities within
5G networks, which are becoming increasingly important in critical
infrastructure, industry, and daily communications.