Study on Security and Privacy in 5G-Enabled Applications

5G applications face security risks due to the new technology used and the performance requirements of the specific application scenario. This paper analyzes the security requirements and presents hierarchical solutions for stakeholders to build secure 5G applications. First, we summarize the technical characteristics and typical usage scenarios of 5G. Then, we analyze the security and privacy risks faced by 5G applications and related security standards and research work. Next, we give the system reference architecture and overall security and privacy solutions for 5G applications. Based on the three major application scenarios of eMBB, uRLLC, and mMTC, we also provide specific suggestions for coping with security and privacy risks. Finally, we present a use case of industrial terminal access control and make conclusions of this paper.


Introduction
The fifth-generation mobile network (5G) is a new generation mobile network that enables innovations and progressive changes across all vertical industries like smart grids and smart campus [1]. 5G mobile communication technology is based on a new architecture [2]. The 3rd Generation Partnership Project (3GPP) has provided complete system specifications for 5G network architecture (see Figure 1). Components of the core network can be instantiated multiple times to support virtualization technologies and network slicing. The architecture is driven by the motivation to remove the data overlay that has been traditionally used in previous generations of mobile networks [3].
The introduction of new key technologies such as network function virtualization (NFV), software-defined network (SDN), network slicing, multiaccess edge computing (MEC) [5], mm-Wave communication [6], and massive MIMO [7] greatly improves the network's support for various applications. The International Telecommunication Union (ITU) identifies three new usage scenarios of 5G (depicted in Figure 2), which are enhanced mobile broadband (eMBB), ultrareliable and low latency communications (uRLLC), and massive machine type communications (mMTC), and proposes eight key performance indicators (KPI) [7]. Regarding these KPIs, 5G has high performances, reaching 10 times the peak rate of 4G, shortening the transmission latency to milliseconds, and handling a million concurrent connections per square kilometer [8,9]. The rich and diverse 5G applications and their broad development prospects initiate a new era of ubiquitous and intelligent internet. The European Union even predicts that 5G will become the backbone of vital societal and economic functions-such as energy, transport, banking, and health, as well as industrial control systems [10]. According to HIS Markit [11], 5G will generate a global economic output worth $13.2 trillion and create 22.3 million jobs by 2035.
As 5G new technology and the performance requirements of specific application scenarios bring about many security risks, security has become a priority when stakeholders develop 5G vertical applications. This paper makes contributions in the following aspects: (1) Analyzes the technical characteristics of 5G technologies and use cases of 5G applications. Then summarizes typical vertical applications enabled by 5G technologies, involving smart manufacturing, smart traffic, smart grid, and smart campus (2) Analyzes the security and privacy risks faced by 5G applications, including privacy leakage in the eMBB scenario, DDoS attacks in the uRLLC scenario, and remote control in the mMTC scenario (3) Analyzes the existing work for 5G application security, including security standards, security authentication frameworks and protocols, network slicing, and MEC security mechanisms. Particularly, secondary authentications for industry customers and three-factor authentications for mobile lightweight devices are studied (4) Provides the system reference architecture for 5G applications, including the device layer, network layer, platform layer, and service layer, and summarizes security and privacy goals and corresponding solutions layer by layer (5) Summarizes some specific suggestions in typical application scenarios, including secure deployment of edge computing node in the eMBB scenario, preventing application data from tampering/falsification/replay attacks in the uRLLC scenario, and lightweight equipment authentication in the mMTC scenario (6) Provides a use case of industrial terminal access control for 5G application security by triple authentication The abbreviations in Table 1 are applied in this paper.

Applications Enabled by 5G-Related Techniques
5G enables a variety of intelligent applications, including smart manufacturing, smart traffic, smart grids, and smart campus. In Figure 3, the blue points are the typical 5G 2.3. 5G Enabled Smart Grid. Smart grid uses two-way flows of electricity and information to create a widely distributed automated energy delivery network [15]. The use cases of 5G technology in the smart grid industry [16] are listed below.

Risk Analysis of 5G Applications
3.1. General Risks in 5G Applications. Security risks for general 5G applications mainly come from the device, network, edge, cloud, and centralized security O&M, as seen in Figure 4.    Wireless Communications and Mobile Computing extremely difficult for security devices such as firewalls and intrusion detection systems deployed in existing networks to ensure adequate security protection when it comes to traffic detection, radio coverage, and data storage [17].
(ii) User Privacy Leakage. eMBB services (such as VR/AR) contain a large amount of user privacy information, such as personal information or identification, device identification, and address information, and the openness of 5G networks has increased the probability of leakage of private information [18].

uRLLC
Scenario. uRLLC focuses on services that are extremely sensitive to latency, such as autonomous driving/assisted driving, remote control, and industrial Internet. Low latency and high reliability are the basic requirements. For example, if the internet of vehicles is subject to security threats in communications, it may cause danger of life. Therefore, uRLLC services require high-level security without additional communication delays. The main security risks are as follows: (i) DDoS Attacks. Attackers may use DoS/DDoS attacks to cause network congestion or communication interruptions, causing failure of services (ii) Data Security Risks. Attackers use vulnerabilities in devices and protocols along network data transmission paths (5G air interfaces, core networks, and the Internet) to tamper with/forge/replay application data [14], causing the drop of data transmission reliability and harm to normal application operations 3.2.3. mMTC Scenario. The 5G mMTC scenario supports IoT applications with massive devices being connected, such as smart transportation, smart grids, and smart cities. Due to the low cost, mass deployment, and limited resources (such as processing, storage, and energy) of the Internet of things [19], the following security risks are common to IoT devices: (i) Counterfeit Terminals. The IoT terminal has limited resources and weak processing and computing capabilities. Therefore, it is likely that authentication would not be performed or a simple method has to be adopted [20,21], which brings opportunities for counterfeit terminals, causing confusion for the operation of IoT applications (ii) Data Tampering. Attackers may tamper with application data by exploiting weaknesses of the terminal and cloud/edge platform (iii) Data Eavesdropping. The data collected by IoT terminals deployed in special environments (such as home environments and medical environments) involves user privacy. Weaknesses along data transmission paths may lead to user privacy breaches (iv) Remote Controls. Attackers may remotely access and control IoT terminals through software and hardware interfaces by taking advantage of the simplicity of IoT terminals and weak security protection capabilities, and then use the captured terminals to launch network attacks [22][23][24][25][26].
Based on the above analyses, typical security and privacy risks of use cases in 5G vertical applications are listed in Table 2.

Related Work on Security of 5G Applications
4.1. Security Standards on 5G Applications. For 5G applications, the R16 standard released by 3GPP further enhances the quality and efficiency of 5G applications. For example, for Industrial Internet, new technologies are introduced to support 1 ms synchronization accuracy and 0.5-1 ms air interface delay, which can achieve end-to-end lower latency and higher reliability. For internet of vehicles, it supports the direct connection communication of V2V (vehicle-to-vehicle) and V2I (vehicle-to-infrastructure). By a variety of communication  Figure 4: Risks to 5G applications in an end-to-end view. 5 Wireless Communications and Mobile Computing methods such as multicast and broadcast, as well as technologies such as optimized perception, scheduling and retransmission realize V2X (vehicle-to-everything) to support vehicle networking, semiautomatic driving, epitaxial sensors, remote driving, and other IoV (internet of vehicles) scenarios. For industry applications, the introduction of a variety of 5G air interface positioning technologies improves positioning accuracy by more than ten times and reach meter level.
5G applications involve various roles such as communication network providers, industry application providers, and security regulatory agencies. Currently, standards are mainly developed through collaboration between relevant parties to ensure application security. For 5G application security, major international standards organizations and industry associations have carried out research work, as shown in Table 3 [27-29].

Authentications in 5G
Applications. Security authentications face higher requirements in 5G applications. On the one hand, in order to protect the application data of power, industry, finance, and other important fields carried by 5G network, the concept of secondary authentication is proposed, that is, the authentication to establish data channel for accessing specific business after user authentication for access network. On the other hand, with the rapid development of 5G applications, mobile lightweight devices including laptops, smartphones, smartwatch, and other wearable devices are increasingly popular. It is necessary to concern the authentication for mobile lightweight devices and guarantee user privacy.

Secondary Authentications for Industry Customers.
In the implementation scheme based on the 3GPP standard [28], the protocol stack between the user terminal and the AAA (authentication, authorization, and audit) server is shown in Figure 5. The secondary authentication protocol between the UE and the AAA server is carried by EAP (Extensible Authentication Protocol). During the interaction of the secondary authentication protocol, AN (access network), AMF (Access and Mobility Management Function), SMF (Session Management Function), UPF (User Plane Function), and other network elements will not parse the secondary authentication protocol and can realize end-toend secondary certification of users in enterprise and industry.
Generally, industry customers deploying 5G applications can directly complete the secondary authentication by algorithms and protocols provided by telecommunication operators. 3GPP [28] defines a series of standard secondary authentication protocols, including PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), PPP (Point-to-Point Protocol), AKA (Authentication and Key Agreement), and TLS (Transport Layer Security). PAP and CHAP use a relatively simple authentication mechanism. AKA and TLS are based on cryptographic algorithms and have designed a relatively blameless protocol to achieve user access authentication. In addition, based on the openness of 5G network capabilities, the AKMA [29] mechanism was proposed. The mechanism can provide authentication and session key negotiation services for third-party applications based on the access authentication system of the USIM card and carrier network and establish secure transmission channels from terminals to applications.
Users with high-security requirements can also take advantage of the openness of 5G network capabilities and the industry-oriented feature and use customized secondary authentication algorithms and protocols to realize the selfcontrollable secondary identity authentication of the enterprise or industry. Chen et al. [30] proposed a customized secondary authentication protocol, mainly using mobile terminals to collect biometric information such as fingerprints and irises of users and combined with the challenge-response identity authentication mechanism for identity authentication. Li et al. [31] proposed a secondary authentication protocol based on a symmetric cryptosystem that improves existing protocols such as AKA and provides user identity information protection, message integrity protection, and two-way authentication. Liu et al. [32] proposed an online identification technique with biological characteristic authentication and multimedia signal fast encoding over 5G to deal with the explosive growth in mobile data generated by huge equipment connections and a large number of new business and application scenarios. Mobile lightweight devices can conveniently access cloud servers for online payment, video chatting, e-commerce, etc. At the same time, the openness of wireless network communication will also bring risks to the security and privacy of user data, so authentication for mobile light devices should be considered. Authentication and Key Agreement (AKA) protocols based on public key technology provide a secure communication mechanism for 5G application environments. It is essential to establish an AKA protocol to protect the conversation between mobile lightweight devices and remote servers. In 2018, Wang et al. [33] described the identity-based AKA protocols for privacy preserving of mobile devices and pointed out corresponding challenges. Moreover, Xiao et al. [34] proposed an improved AKA protocol based on chaotic maps and then a series of AKA protocols based on chaotic maps [35][36][37] have been proposed.
In addition, it is generally believed that the three-factor AKA protocol has better security performance than singlefactor and two-factor protocols. Since the existing three-factor AKA protocol cannot meet all the security requirements, it has become a research focus in recent years. Biometrics including fingerprint, face, iris, and others are invariable physiological characteristics that people own, and nowadays more and more mobile lightweight devices have the function of biometric recognition. In the face of stringent security requirements, the combination of traditional AKA protocol and the third authentication factor (i.e., biometrics) can achieve higher security [38,39]. In order to solve the common security problems in the existing three-factor AKA protocol, Qiu et al. [40] designed a new three-factor AKA protocol by combining biometrics with chaotic mapping, using "Fuzzy Verifiers" and "Honeywords," which can achieve semantic security and meet the security evaluation criteria. Finally, it is proved that the new three-factor AKA protocol is more practical on mobile lightweight devices.

Other Research Focuses.
As for the security architecture of 5G application, GTI (Global TD-LTE Initiative) released the security reference architecture of 5G smart city [41]. Zhou et al. [42] proposed the service architecture, PKI architecture, and multi-PKI mutual trust mechanism for 5G V2X communication security. Wang and Liu [43] analyzed 5G applications for special industries with high security levels and the security enhancement requirements and proposed a design scheme of security architecture based on special industry slices.
4.3.1. MEC. As for key security technologies of 5G application, MEC is the technology most closely related to 5G applications. According to ETSI [44], MEC architecture is divided into system level and host level. There is a remarkable resemblance of risks between MEC and cloud infrastructure, so their security measures are also similar. He et al. [45] proposed to enhance the isolation and access control by standardizing the configuration of infrastructure and application system, so as to improve the security protection ability of MEC nodes. At the same time, strengthen the security control of MEC applications. Zhuang et al. [46] analyzed the security threats, protection framework, and scheme of MEC from aspects of infrastructure, MEC platform, ME app, MEC scheduling and management system, and gateway of data plane.

Network Slicing.
Network slicing is another important technology of 5G. Zhou [47] proposed four network slicing Table 3: Security standards on 5G applications.
Organization Technical standards and reports 3GPP 3GPP TS 22.261 service requirements for the 5G system: (i) R15 focuses on supporting eMBB services and basic uRLLC services (ii) R16 enhances the ability and efficiency of network to support eMBB (iii) R16 focuses on improving support for vertical industry applications, especially uRLLC and mMTC services. 3GPP TS 33.501 security architecture and procedures for 5G system: (i) The application layer access authentication and secure channel establishment in the IoT (ii) The solution of authentication and session key management for upper-layer applications provided by 5G security certificate. 3GPP TR 33.819 study on security enhancements of 5GS for vertical and local area network (LAN) services: (i) The security requirements and solutions of the 5G vertical industry. 3GPP TR 33.814 study on the security of the enhancement to the 5GC (5G core network) location services (LCS): (i) The security threats and requirements and solutions of 5GC LCS. 3GPP TR 33.836 study on security aspects of 3GPP support for advanced V2X services: (i) The security threats and requirements and solutions of IOV. 3GPP TR 33.825 study on the security of ultrareliable low-latency communication (URLLC) for 5GS (i) The security requirements and solutions of the uRLLC scenarios.
ITU ITU-T X.1373 secure software update capability for intelligent transportation system communication devices: (i) The software security update between the remote update server and the vehicle couplet (ii) The process and content recommendations for security update.

ISO
Criteria for the assessment of information security of connected vehicles based on ISO/IEC 15408: (i) The security threats and security goals faced by connected vehicles (ii) The security requirements and security function components. 7 Wireless Communications and Mobile Computing deployment schemes according to different requirements of cost, QoS, security levels, and network topology flexibility. Liu et al. [48] elaborated the existing risks of network slicing from the framework, management model, and implementation technology of network slicing and provided differentiated security services for 5G network slicing by establishing a security model. Chen et al. [49] proposed technical solutions to the security threats caused by the introduction of 5G into network slicing and proposed the security isolation of network slices, the secure access of terminal access slices, the security construction of network slices, and the security communication within the slices. The thesis [50] proposes 5G-SSAAC (5G Slice-Specific AAC), which enables 5G networks to provide various AAC mechanisms to the 3rd parties according to their security requirements.

Security and Privacy Solutions in a Systematic View
5G applications can be modelled into the terminal layer, network layer, platform layer, and service layer [51], as shown in Figure 6.
Each layer has corresponding security goals and solutions, as shown in Table 4.

Solutions on Terminal Layer.
A large number of 5G terminals have low power consumption, as well as limited computing and storage resources, which makes the deployment of complex security policies and control over the software difficult. Consequently, these limitations make the terminals become easy and likely targets to be hacked [24].

Prevent and Defend against DDOS Attacks.
DDoS attacks may be initiated by hacked terminals or unintentionally caused by software defects or network faults. It is recommended that security defense mechanisms to be built at the network level for attack detection and self-protection to ensure that any DDoS attacks can be detected in time. Besides, active preventive measures are recommended in terminal exception handling and signaling registration.

Prevent Various Damage Caused by Exploited Terminals.
For the prevention of risks brought by terminal hacking, it is recommended that certain security capabilities such as SSH security login, TLS transmission encryption, and built-in security chip are being built in terminals in terms of access  Figure 5: End-to-end protocol stack for secondary authentication [28].   Wireless Communications and Mobile Computing authentication [25,26] on the management and O&M plane as well as encryption protection on the signaling/data plane.

Solutions on Network
Layer. From the perspective of network components, the noteworthy aspects of network layer security include security in the RAN base station air interfaces [56], MECs, 5G Core, bearer networks, and 5G slices.

Base Station Air Interface Security.
To prevent user data eavesdropping and tampering, SUCI and air-interface PDCP data packets encryption can be enabled. Besides, a DDoS detection and defense system and a unified rogue base station detection system can be deployed to avoid malicious attacks and interference.

MEC Security.
To avoid physical attacks and crossnetwork penetration and infection of network, 5G networks need to focus not only on the physical security control of MEC but also on the isolation between enterprise networks and operator networks. Security facilities such as firewalls and IPS are recommended for network boundary protection [57][58][59][60][61][62][63].  [55] needs to be protected by isolation between slices. Besides,  [52,53] on the operation and maintenance side (ii) encryption protection on the signaling/data plane

Network layer
Base station air interface security (i) Defense eavesdropping and tampering of user data (ii) defense DDOS attack from air interface (iii) pseudo base station detection [54] MEC security (i) Physical environment security control (ii) enterprise and operator network isolation 5GC security (i) Manage operation and maintenance plane security (ii) network north-south border security (iii) east-west security within the network (iv) cloud-based security of the core network Bearer network security (i) Network redundant design (ii) account authority management and access authentication (iii) increase security measures on control protocols (iv) user plane security encryption 5G slice security [55] (i) Isolation between slices (ii) secure access and use of slices (iii) privacy protection

Platform layer
The security of communications interfaces.
(i) Routine maintenance of various account passwords (ii) encryption of communication interfaces The security of platform data.
(i) Data availability, integrity, and privacy

Service layer
Software security of the application (i) Vulnerability scanning of the software (ii) software operation logging (iii) highly available disaster recovery of software systems O&M security of the application (i) Security constraints and controls for application system (ii) physical security control (personal access control) of O&M operations office/machine room, etc. 9 Wireless Communications and Mobile Computing secure access and use of slices are also recommended. Access to a corresponding 5G network slice requires dual authentications and authorizations by the slice user (such as a government agency or an industrial mining enterprise) and the operator, ensuring legal access and use of slice resources. Moreover, the privacy protection of Network Slice Selection Assistance Information (NSSAI) needs to be provided.

Solutions on Platform
Layer. The platform layer covers various intelligent analysis and processing AI platforms, big data platforms, and IT middle ground [68,69]. The security of this layer includes the following aspects.

The Security of Communications
Interfaces. In general, communication interface security at the platform layer mainly focuses on the routine maintenance and management of various accounts and passwords, such as regular password changes and password complexity requirements and the encryption of communications interfaces such as TLS.

The
Security of Platform Data. The security of data at the platform layer involves the security of various basic data collected and stored by the big data platform, including data availability, integrity, and privacy. Availability is guaranteed by technologies such as data redundancy. Integrity is guaranteed by technologies such as data verification. For privacy, as the data amount is usually huge, more effective access control and security audit are required.

Solutions on Service
Layer. The security of the service layer consists of various application system software security and secure O&M of application systems.

Software Security of the Application.
Application system software security mainly involves scans for vulnerabilities and the improvement of software security (including the application software itself, OS databases, and other software systems), software operation logging, and software system high availability (HA) disaster recovery deployment (such as dual-host backup).

5.4.2.
O&M Security of the Application. Secure O&M of application systems focus more on the operation and use of application systems and the security constraints and control of information on the operation management personnel, for example, application system login accounts and passwords, multifactor authentication for important and sensitive operations, permission-based operation access control, and physical security control of personnel access of O&M operations offices and equipment rooms.

Countermeasures against Security and Privacy Risks in 5G Applications
Based on the systematic security and privacy solutions proposed above, the following specific security measures are recommended for 5G application service developers and providers in different application scenarios [70][71][72]. The related layers in the reference architecture to deploy these countermeasures are also suggested (see Table 5).
6.1. eMBB Scenario. Security risks in the eMBB scenario mainly include failure of effective monitoring means and user privacy leakage, and the countermeasures are as follows:  [63] nodes, suspension of high-risk services in specific cases (i) Network layer User privacy leakage risk (i) Perform secondary identity authentication and authorization between the terminal and the eMBB application service platform (ii) negotiate and manage the service layer key to encrypt and protect user data (iii) physical isolation or encryption (iv) network slicing [55] [52,53,73], simple and efficient security protocols to implement two-way authentication (i) Terminal layer Data tampering and eavesdropping (i) Encrypt and protect the integrity of sensitive application data generated by IoT terminals [18] (i) Terminal layer Remote control (i) Deploy security monitoring methods [68,69] to timely detect and prevent massive IoT devices from being controlled (i) Terminal layer 10 Wireless Communications and Mobile Computing (i) Deploy application traffic monitoring at edge computing [63] nodes and support the suspension of high-risk services in specific cases (ii) The secondary authentication and key management mechanism are used to perform secondary identity authentication and authorization between the terminal and the eMBB application service platform to ensure the authenticity of the terminal and platform identity and the legality of the application. At the same time, negotiate and manage the service layer key between the two sides to encrypt and protect user data, thus preventing attackers from eavesdropping (iii) In applications with high-security requirements, the user plane of the 5G network can be protected by physical isolation or encryption to ensure the security of user data transmission between network functions (iv) The network slicing or data dedicated line is used between the operator's 5G core network and the eMBB application service platform to establish a secure data transmission channel to ensure the security of user business data transmission 6.2. uRLLC Scenario. Security risks in the uRLLC scenario mainly include the DDoS attack and the data security risk, and the corresponding countermeasures are as follows: (i) Establish a two-way identity authentication mechanism between the user terminal and the application server to prevent fake users from establishing connections (ii) Deploy anti-DDoS capabilities to prevent network congestion, wireless interference, and communication link disruptions (iii) Through the security capabilities deployed at edge computing, as well as data integrity protection, timestamp, serial number, and other mechanisms, to prevent application data from being tampered/falsified/replayed and ensure the reliability of data transmission [60] 6.3. mMTC Scenario. Security risks in the mMTC scenario mainly include the counterfeit terminal, data tampering and eavesdropping, and remote control, and the corresponding countermeasures are as follows: (i) Using lightweight security algorithms, simple and efficient security protocols to implement two-way authentication between IoT terminals and the network to ensure that the access terminals are secure and reliable (ii) Encrypt and protect the integrity of sensitive application data generated by IoT terminals to prevent attackers from eavesdropping, tampering, forging, and replaying business data on the transmission path (iii) Deploy security monitoring methods [68,69]

A Use Case of Industrial Terminal
Access Control 7.1. Introduction and Security Requirements. This is a case of industrial terminal access control, as shown in Figure 7. The services include industrial machine vision for quality inspection that requires high bandwidth, automatic robot control, crane remote control, and unmanned transportation with real-time control requirement. Considering that the campus coverage area does not need to be large and high security is required when data cannot be transmitted out of the campus, the UPF and MEC are deployed at the local edge, and different service networks are isolated. This case involves several security requirements on terminal access controls.
(i) Prevent terminals such as 5G CPE, AGV, and gantry crane being attacked or illegally controlled (ii) Prevent CPEs being accessed by fake terminals, so that legal terminals (such as PLC) and the central control system would not be attacked (iii) Prevent the SIM card from being removed from the legal terminal and inserted into a malicious terminal 7.2. Terminal Access Control Solutions. With the purpose that only authorized terminals can access the enterprise private network, the carrier and enterprise jointly provide triple authentication, as shown in Figure 8. First, carriers enable 5G AKA-based bidirectional authentications on the RAN side, leading the bidirectional authentication and encryption (5G AKA standard) between the 5G CPE/5G camera and the 5G network to prevent the fake terminals from accessing. Legacy cameras also must pass AAA authentication before accessing the CPE. Besides, configure the terminal whitelist and device-card binding on the core network to prevent unauthorized terminals and legal SIM card abusing. 5G CPE configured with MAC address list that allows access of traditional cameras. Then, the core network binds the network slice to the terminal identity and the physical location that the terminal can access and also restricts access of specific terminals to slices. The mapping between IMSI and slice S-NSSAI is configured on the 5GC. Only terminals in the campus IMSI list can access slices. Mapping between the TAI (Tracking Area Identifier) list and campus slice S-NSSAI configured on the 5GC, and only authorized terminals can access the enterprise private network within the campus.
Second, enterprises deploy the AAA system in the security service zone to provide secondary authentication for  terminals accessing the slice in Username-Password mode. By using AAA system and security SIM card technology, terminals and applications that have high-security requirements can improve secondary authentication strength. Here, the security SIM card is a USIM-based card with a built-in USB key function. It is based on the PKI digital certificate system.
The key is stored in the security chip of the SIM card and cannot be copied, repudiated, or tampered with. Third, the enterprise can deploy the multiservice access gateway (MSCG) at the intranet border. The MSCG grants the access rights of terminals to the enterprise private network only after the terminals pass the second authentication.
With the implementation of the above schemes, the factory campus has denied 10412 access queries from untrusted terminals during the past 6 months.

Conclusions
5G is deeply integrated with social life and vertical industries, and the security and privacy of the 5G ecosystem are largely influenced by application developers and service providers, as well as network operators and equipment suppliers. The achievement of security and privacy in 5G applications requires a comprehensive and systematic design, as well as the deployment of proper security measures according to the specific application scenarios and the needs of the industry.
This paper makes contributions in the research of security and privacy in 5G-enabled applications, as shown in Table 6. In view of numerous 5G applications, such as smart manufacturing, smart transportation, smart grid, and smart campus, this paper analyzes general security risks from devices, networks, edges, and other aspects, as well as specific risks in typical usage scenarios. As a result, readers will have a more comprehensive grasp of security risks in 5G applications. Besides, the existing related work for 5G application security is analyzed, including security standards, authentications, network slicing, and MEC. In particular, secondary authentications for industry customers and three-factor authentications for mobile lightweight devices are researched. After that, the reference architecture of 5G applications is analyzed, and security solutions are summarized in a systematic view. In addition, we also analyze the security and privacy risks for 5G applications in eMBB, uRLLC, and mMTC scenarios and summarize corresponding countermeasures. Finally, a use case of industrial terminal access control is studied, which enhances readers' understanding of specific 5G application security risks and solutions. On the whole, this paper conducts a comprehensive study on security and privacy in 5G applications, which strengthens readers' risk awareness and security capabilities and generates a positive impact on the healthy and sustainable development of various applications in 5G era.

Data Availability
The data used to support the findings of this study are included within the article.

Conflicts of Interest
The authors declare no conflicts of interest.