The fifth-generation technology is called to support the next generation of wireless services and realize the “Internet of Everything” through Machine-Type Communications and Cellular Internet of Things optimizations. As part of these optimizations, Release 15 introduced a new mechanism, known as Early Data Transmission (EDT), that allows the transmission of data during the Random Access procedure. This feature, intended particularly for infrequent and small data transmissions, aims to reduce the latency and the power consumption of user equipments. Nonetheless, despite the importance of this novelty and the general agreement about its effectiveness, there are few papers in the literature that provide insight into its implementation and analyze the advantages and disadvantages of its two different implementation options (Control and User Plane). Moreover, although security is recognized as a crucial aspect for the correct deployment of this technology, we have not found any paper that reviews the security issues and features of this mechanism. As a consequence of such a lack of papers and the complexity of mobile network protocols, there is a divide between security experts and EDT researchers, that prevents the easy development of security schemes. To overcome this important gap, this paper offers a tutorial of EDT and its security, analyzing its main vulnerabilities and concluding with a set of recommendations for researchers and manufacturers. In particular, due to the simplifications in the protocols done by EDT, vulnerabilities such as packet injection, replay attacks and injection of fake values to disable EDT have been found.

This work was supported in part by the Junta de Andalucía and European Union [European Regional Development Fund (ERDF)] under Grant UMA18-FEDERJA-172, and in part by the European Union-NextGenerationEU within the Framework of the Project ‘‘Massive AI for the Open RadIo b5G/6G Network (MAORI).’’