And again about 5G network security
The capabilities of the 5G network go beyond the fastest ever mobile internet connection speed. The new mobile communication standard can become a universal infrastructure for interaction between people, smart devices, organizations and even sectors of the economy.
There is a dark side to such total connectivity, as emerging cyberthreats grow in importance. This article discusses current 5G network security threats and the basics to ensure their protection.
How to use 5G?
Unlike previous generations of mobile networks intended for mass consumption (voice communication services, mobile Internet access), the 5G standard is being created primarily for the benefit of the corporate and public sectors. The three main usage scenarios for 5G networks include:
1. Enhanced Mobile Broadband (eMBB) with peak data rates of up to 25 Gbps. Application: 4K live streaming, AR/VR services, cloud gaming and other high traffic services.
2. Ultra-Reliable Low Latency Communication (URLLC.) Data transmission latency reduced to 1ms. Application: autonomous vehicles, remote technologies (e.g. robotic surgery).
3. Massive Machine Type Communication (mMTC) supporting up to 1 million base station connections per km2. Application: Consumer and industrial IoT development (power supply, manufacturing, safe city, etc.).
Security Threat Architecture and Landscape
Let’s review the key architectural features of 5G networks and the associated security challenges.
1. The Radio Access Network (RAN) is based on the new 5G NR (New Radio) standard which makes it possible to achieve the characteristics necessary for a given scenario: bandwidth, minimum latency or massive connections. According to the concept of converged architecture, the other radio access networks (4G-LTE, Wi-Fi) must be connected to a single core of the 5G network.
Possible risks: A large number of connections and high bandwidth increase the attack surface. IoT devices are less resistant to hacking.
2. The back-end architecture (network core or 5G Core) is based on cloud technologies and network function virtualization (NFV, SDN), which allows to create many independent segments and support services with a different set of characteristics. Segmentation also allows vendors to offer network infrastructure as a service to organizations.
Possible risks: Increased impacts of failure or abuse due to the extent of use.
3. 5G involves the active use of mobile edge computing (MEC) technology. These may include enterprise applications running on the service provider’s networks: intelligent services, financial services, multimedia, etc. Note that in this case, the 5G provider’s networks are integrated into the company’s infrastructure.
Possible risks: New opportunities to enter corporate networks, placement of MEC equipment outside of an organization’s protected perimeter.
4. Centralized network management (O&M) infrastructure becomes more complex as it supports many service segments at once.
Possible risks: More serious consequences of resource abuse and/or O&M misconfigurations.
Among the most significant threats to each of the major components of the 5G network are the following:
|Threats to RAN||Threats to backbone network and operator services||Threats to MEC||Threats to 5G infrastructure posed by external networks|
|DDoS traffic generated by endpoints.||Software and hardware failures of basic elements, misconfiguration.||An attacker’s physical access to the equipment.||DDoS attacks originating from the Internet|
|Introduction of fake base stations.||Malicious code Infections or exploitation of vulnerabilities in infrastructure components.||Fake or vulnerable third-party apps.||Unauthorized access to service provider APIs.|
|Attacks on wireless interfaces: interception of user data, impersonation.||Segment isolation violation, unauthorized access.||Infiltration into corporate or provider networks via MEC nodes.||Unauthorized access to the control panel.|
Based on current versions of the 5G standard, as well as international experience in developing complex security solutions, let me determine what measures will be needed to counter the threats inherent in 5G networks:
1. Standard Level Protection
- Division of data transfer protocol layers into three planes: control plane, user plane, management plane. Isolation, encryption, and plan integrity monitoring.
- Encryption of subscriber traffic and signaling.
- Increased traffic encryption key size from 128-bit to 256-bit.
- Introduction of Unified Subscriber Authentication mechanism for various types of wireless communication.
- Support for flexible security policies for segments.
2. Protection at the level of solutions, equipment and network infrastructure
- Multi-layered isolation and integrity protection of SDN and VNF components, including hypervisor, VMs, OS, and containers.
- Ensure high availability of virtual machines for rapid recovery after various attacks.
- Authentication of MEC applications.
- Authorization of API requests.
- Use of multi-factor authentication when accessing the corporate network.
- Use of device and service whitelisting.
- Protected communication channels between a base station, MEC and corporate networks.
- Trusted hardware environment, secure device boot.
- Real-time attack detection targeting network nodes and virtual infrastructure components using AI algorithms
3. Protection at the network management level
- Multi-factor authentication and segment access delimitation by O&M.
- Fake base station detection tools that take advantage of service event monitoring.
- Secure handling of user data, as well as provider analysis and service data: encryption, anonymization, secure storage and deletion.
- Centralized vulnerability and information security policy management, big data analysis for anomaly detection and early attack response.
The security of 5G networks is not limited to technical protection measures. It should encompass the joint efforts of parties who trust each other, including standards developers, regulators, vendors and service providers.
The introduction of a new mobile cybersecurity program is underway. The GSMA and 3GPP are jointly developing it with a range of cybersecurity regulators, including NESAS/SCAS (Network Equipment Security Assurance Scheme/Security Assurance Specifications).
NESAS / SCAS offers the following advantages:
· Protection from the most specialized industrial access points and associated security threats related to air interface, NAS, web security, etc.
· Unified, measurable, readily available, comparable, understandable and applicable specifications.
· Reduce fragmentation of security requirements and reduce unnecessary vendor costs.
Suppliers, by using these solutions, save time and money when evaluating suppliers. They will be able to define strict and uniform security standards and ensure a high level of security.
In conclusion of this article, it is worth promoting the idea of creating joint innovative projects (supplier – supplier – OTT supplier – B2B and B2G customers) aimed at testing how commercial products for 5G networks would use cybersecurity standards and best practices. Projects like these can also demonstrate how 5G security features can be properly used and improved.