Leveraging on the convergence of the telecom infrastructure with the open internet through 5G is like stepping into a strange but exciting battleground. Moving from hardware-based infrastructures to software-based mobile networks immediately opens up amazing advancements as well as risks for the organization and its users.
In this article, we look to the Cybersecurity and Infrastructure Security Agency (CISA) and the Groupe Speciale Mobile Association (GSMA), for guidance in harnessing the opportunities of 5G while addressing its highly complex, heterogeneous and volatile environment.
5G Opportunities – Both Good and Bad
5G operates on Network Function Virtualization (NFV) and Software-Defined Networking (SDN) to advance scale, throughput and reliability. SDN and NFV streamline network and service deployment, operations and management of interconnected devices for IoT, eCommerce, eHealth, transportation, and other verticals. Here are some of the advanced capabilities and features of 5G that make it possible to deliver goods and services at the speed of customer demand.
Virtualizing network flows with SDN leads to a simplification of hardware. The central control system, often the hypervisor, acts as the brain of virtualized technologies. As such the protection of this underlying technology should be high. Specific threat modeling for virtualization aware attacks and vulnerabilities should be completed.
2. Cloud Services
Building on virtualized services, the Cloud is a key 5G enabler. Designed to be cloud native as it brings elasticity and scalability, 5G architecture however, can complicate the supply chain and liability chain.
According to Mobile World Live, 5G allows operators to expose rich services through the Cloud and Restful API’s. Secure coding practices should be followed to ensure data is not leaked and the code cannot be used to exploit the cloud provider or operator network.
3. Network Slicing
Network slicing allows the operator to customize the behavior of the network, adapting (slicing) the network to serve specific cases using the same hardware. Different levels of isolation can be created – from a single node of the core network to fully dedicated radio access. Each isolation type must be integrated at design phase. For example a network slice for remote surgery must consider constant mutual identification and authorisation to stop MITM threats, but a slice for AR/VR content management will not require the same level of security.
4. Mobile IoT
Although the IoT is already prevalent in 2G/3G/4G networks, the number of IoT connections is due to increase exponentially in 5G. Bigger doesn’t mean the security controls must change significantly, however they must scale. The IoT needs to be securely coded, deployed and managed throughout its lifecycle. Most IoT services share a common architecture and as such the attacks each service will be subjected to are likely to fit within three common attack scenarios:
- Attacks on the devices (endpoints) via the applications running on the device, remote attacks from the internet and via physical attack.
- Attacks on service platforms (i.e. the cloud)
- Attacks on the communications links (e.g. Cellular, WLAN, BLE air interface etc.)
An eSIM eliminates the need for a removable SIM card on the mobile device, with the data on that card instead being prepared on a remote SIM provisioning platform (SM-DP+) then downloaded in the form of an eSIM Profile via HTTPS into a secure element (eUICC) permanently embedded into the mobile device.
This eUICC, identified by a globally unique EID, is able to store many Profiles, and when a Profile is enabled, the data in that Profile is used to identify and authenticate the subscriber to the mobile network in the same way a removable SIM card would.
The system uses Public Key Infrastructure (PKI) certificates allowing the SM-DP+ and eUICC to mutually authenticate each other. All keys are generated with Perfect Forward Secrecy (PFS).
Management of eSIM Profiles on the eUICC is carried out by the End User in the consumer use case, or a remote sim provisioning platform in the M2M/IoT use case.
6. Artificial Intelligence (AI)
By enabling Machine Learning (ML) and Deep Learning (DL), operators can automate threat and fraud detection to handle volumes of data that 5G networks will generate. AI may be a more feasible way to mitigate previous unknown attacks in real time. AI may also be used for self-healing networks where the system is able to identify issues and take automated action to deliver the fix. However, this technology is also available to the attacker and AI-driven attacks are anticipated.
5G Security Challenges
There’s been an exponential increase in the number of connected devices since the adoption of 5G in 2019. However, more devices plugging into the network means an expanding attack surface for cyber threats. The challenge is – how can we take full advantage of the above-mentioned technologies without compromising the security and integrity of the enterprise. The first step is in recognizing the following downsides:
1. Wide-Scale Breaches
Cloud computing is a type of service that uses virtualization technology consisting of servers, or other physical hardware or data center resources, which can then, in turn, provide numerous services such as infrastructure, software, and platforms. If the cloud layer is breached, all network functions come under direct attack with disastrous consequences.
2. Resource Sharing
A single physical server may run several different tenants’ virtual machines which might be distributed across several physical servers. Multi-tenancy resource sharing and the breaking of physical boundaries introduce the risks of data leaks, data residue and attacks.
3. Use of Open Source
The increasing use of open-source software introduces a new set of security challenges in terms of keeping a consistent and coherent approach to security-by-design and the prevention of deliberate security flaws.
4. Multi-Vendor Environment
It’s difficult to coordinate a unified security strategy across a multi-vendor environment. Policies and determine responsibility for security problems and require more effective network security monitoring capabilities.
5. Supply Chain
A complex supply chain introduces risks such as malicious software and hardware, counterfeit components, poor designs, manufacturing processes and maintenance procedures. This may result in negative consequences, such as data and intellectual property theft, loss of confidence in the integrity of the 5G network, or exploitation to cause system and network failure.
5G Security Best Practices
The 5G standard already has inherently strong security capabilities, such as user authentication, privacy, traffic encryption, and protection of signaling traffic. While it is a suitable grounding for an organization’s digital transformation initiative, these features could only get so far as they aren’t designed to identify and stop advanced threats. Here are security approaches that organizations may adopt to address the above challenges.
1. Design Algorithms to Scale and Adapt
5G networks build on the capabilities of NFV to automatically scale resources and workloads based on operational requirements. Thus, security compliance mechanisms such as data logging, monitoring, and verification, should work in tandem with the dynamics of 5G network services. Novel algorithms should be developed to control the content and meet data accuracy objectives while minimizing the impact on the overall performance of the system.
2. Promote Multi-Party Security Management
There are many stakeholders involved in security operations, including but not limited to NFVI providers, network function vendors, and IT service providers. They have the shared responsibility to deliver and manage different NFV components with different application layers which are controlled by different administrative domains. Their policies and efforts must align to ensure compliance across the environment.
For example, when it comes to verifying the access control compliance for a network function, different security compliance checks might be required from the NFVI provider (for example, computing and networking isolation between different customers). In this context, standardization will play an important and possibly an accelerator role.
3. Enforce Continuous Proactive Compliance
The dynamic runtime modifications to the virtual infrastructure and its configuration brought by NFV and SDN may affect security compliance status. Therefore, logging and monitoring mechanisms should adapt to compliance-related events and metrics. Followed by a thorough check on the security posture after an incident.
New approaches must be conceived to adapt to the rate of change and lessen the burden of verifying compliance from scratch. For example, an event-based program can trigger compliance verification in time. Other proactive techniques that use machine learning may enable efficient identification and advance checking of system changes to minimize delays.
4. Design Privacy Preserving Systems
Security logging and monitoring mechanisms should preserve the privacy of data through the 5G networks. Anonymization might not be enough. While it helps in protecting data, specific attributes may be lost, making it impossible to effectively analyze the data. Therefore, there is a need for new customizable privacy-preserving approaches that correctly protect data across different domains and different network slices while preserving relevant information for analysis.
To leverage the advantages of evolving telecom networks like 5G, business leaders must first establish a culture of security and compliance across the organization. At UDT, we believe that advanced technologies coupled with consistent and thoughtful human governance, is optimal for achieving operational excellence.
Management and Security Compliance
We help businesses move toward adaptability, scalability and privacy-enhanced technology while providing continuous proactive security, multi-party management, and compliance orchestration. These solutions are supported by monitoring, verification, and enforcement mechanisms integrated into the network function of a fully virtualized environment.
Understanding Your Unique Security Needs
Our security experts will help you assess operational maturity and draw a roadmap towards your ideal security posture. By mapping out your organization’s unique vulnerabilities, we can help you establish what technology, practices, policies, and procedures need to be implemented to secure your infrastructure and applications.
Reduced compliance burdens with improved accountability
Our managed security services and risk management interface will give you in-depth visibility of your security controls, events, and levels of service. With radical transparency of your environment, you’ll be able to meet compliance requirements easier and immediately remediate any issues.