5G promises to be faster and lower latency, enabling multiple new use cases, business models and services. But, asks Kate O’Flaherty, how secure is it really and what’s being done to address vulnerabilities?
5G technology will offer faster speeds and lower latency, enabling a host of mission-critical applications over the coming years. In many ways 5G is more secure than its predecessors 2G, 3G and 4G, but the technology also widens the cyber-attack surface substantially.
This is partly because the risks posed by the technology span multiple vectors, including the network, devices and specific use case verticals. Each of these elements requires its own set of security protocols and approaches that must be adopted by everyone in the 5G ecosystem – not just the mobile operators.
In our 2020 5G readership survey, 57% of respondents think that 5G networks will be ‘much harder’ or ‘moderately harder’ to secure than previous generations.
As one respondent put it, “Because of the nature of 5G in applications for critical infrastructure, the opportunities for serious attack on the networks by hostile players will be huge, and with the potential ramifications of such attacks huge in comparison to 2G, 3G, 4G network issues… securing 5G is the first and foremost important issue that needs to be fully addressed and solved.”
It’s for this reason that 5G security is being taken very seriously, with standards and specifications in the making from the likes of 3GPP, ETSI and the IETF. But it’s also a race against time to secure 5G before the standalone version comes along with mission-critical Internet of Things (IoT) use cases such as connected cars and robotic surgery. There is no doubt the consequences of network failure or interference in these verticals could be, literally, deadly.
It is with this in mind that 5G security is being addressed with urgency at European Union (EU) level. In October, EU member states, supported by the European Commission and the European Agency for Cybersecurity, published a coordinated risk assessment of 5G networks.
By 31 December 2019, the Cooperation Group hoped to agree on a toolbox of mitigating measures to address the identified cybersecurity risks at national and Union level. In the event, it was at the end of January this year the European Commission endorsed a tool set, along with a number of next steps to implement the toolbox.
Many opportunities within 5G add security risks, says Amol Phadke, Global Network Practice Lead, Accenture. “The scale of devices creates a massive opportunity for consumers and businesses – such as IoT use cases and high-speed radio and cellular broadband – but this adds security challenges.”
Among the issues, 5G sees devices diversifying: as well as mobile handsets, the ecosystem will include sensors, modems and home devices. “Each has its own set of operating systems and apps, so there is more potential for vulnerabilities,” says Phadke.
Then there is the network infrastructure itself, which, in contrast to cellular networks of the past, is based on virtualisation. The resulting agility offers benefits, but at the same time, because interfaces are built in software, it’s vulnerable to attacks such as denial of service, where the network is flooded with traffic, rendering it useless.
5G security risks
It gets worse: Researchers at Purdue University and the University of Iowa recently found 11 vulnerabilities in the next-generation cellular networks that could allow real-time location tracking and surveillance, plus spoof emergency alerts to trigger panic.
One vulnerability carried over from 3G and 4G, and which was supposed to be fixed in 5G is the threat from ‘stingrays’, which present themselves as a cell tower to spy on users. Another issue allowed the researchers to get hold of old and new temporary network identifiers for a user’s phone, so they could discover the ‘paging occasion’ and use it to track its location.
But 5G addresses most of the network threats that exist on 2G, 3G and 4G, says Todd Kelly, Chief Security Officer at Cradlepoint. He says potential threats in 5G are across the different layers. “On the device level, sensors or machines can be compromised, or malware could be present. Availability is also a threat through denial of service: if devices are connected to 5G, they could perform a signaling storm and take down a base station.”
Meanwhile, supply chain integrity is also a challenge in 5G. “When you have sensors and networks connected to 5G and things are sourced from multiple suppliers, there is potential for vulnerabilities to get into the supply chain,” says Phadke.
Another risk is posed by the fact that 5G depends on cloud-native software running in containers. “As containers have less isolation than virtual machines [VMs], strong expertise is needed to ensure the security of container platform deployments,” says François Duthilleul, Senior Solutions Architect, Red Hat EMEA Telco Technology Office.
There is also the risk of a so-called ‘man in the middle’ attack where an adversary can snoop on or intercept traffic. “Man in the middle was possible in 2G, 3G and 4G,” says Pavai Ezhirpavai, Vice President, Technology, Altran. “In 5G things have been done to avoid this, but it can still happen.”
At the same time, says Ezhirpavai, cyber attackers could target connected vehicles, to devastating effect. “Someone could perform a denial of service attack and the car could be prevented from connecting to the network,” she points out.
Adding to this, 5G networks are distributed, so it won’t be easy to manage every security aspect, says John Wick, Senior Vice President and General Manager, Head of Global Product at Syniverse. He cites the example of network slicing: “It allows us to create tailored networks for any application, but each of these slices will have its own security requirements, which you need to address, manage and keep track of. The wider the network becomes, the higher the complexity and chance of mismanagement.”
Meanwhile, interconnecting 5G networks is complicated when it comes to security, says Wick. With previous generations, the responsibility for securing and authenticating another connecting network resided at the edge of each core network. A common set of authentication and authorisation procedures would position the two networks to connect.
However, with the new 5G architecture and design, authentication and authorisation will occur between each unique pair of entities that require connectivity between two networks, Wick says. “For example, a 5G S-Gateway communicating with a 5G P-Gateway and home subscriber server (HSS) on another network will require the S-Gateway to authenticate and authorise separately with the P-Gateway and the HSS using unique security credentials.
“Depending on the number of networks interconnected, this can quickly turn into a very large number of unique security associations that must be managed.”
5G’s greater security
Of course, there are risks, but at the same time it’s important to take into account that 5G is in many ways more secure. For example, the 5G standards of user authentication and data encryption are superior to 4G.
“Unlike 4G, 5G doesn’t identify each user through their SIM card,” says Wick. “Instead, it can assign unique identities to each device, whether they are connected to a SIM or not. 5G can also encrypt the identity and location of users when they connect to a base station, while 4G would leave this information exposed.”
Meanwhile, says Kelly, some air interface threats, such as session hijacking, are dealt with in 5G. There are also security improvements in the core network itself, he points out. “5G network architecture has more capabilities in the area of security.”
But 5G in its fullest form – the standalone version – isn’t here yet, as Mikaël Schachne, BICS’ VP of Mobility and IoT, points out. “From an end-user perspective, we can enjoy better speeds, but other benefits won’t be available until the core network migrates towards 5G. Until then it’s similar to 4G.”
However, in the future, 5G will enable more mission critical-applications when the standalone version arrives. “So you need a fully secured environment,” Schachne says. “You need full visibility of what’s going on; you need to monitor all apps at the network level.”
Securing 5G is certainly a complex challenge. So, who is responsible for doing this? The burden of security falls on the ecosystem players, says Phadke. “There is no one single player who can say they take complete care of security.”
It is the responsibility of all the industry to secure the next generation of cloud-based distributed technology, agrees Duthilleul. “Governments need to vet 5G roll-out in their country through cybersecurity agencies. Organisations must develop certification schemes for IoT devices. Technology vendors must implement and demonstrate a secure software supply chain.”
Securing 5G: The future
Standards are also helping to secure 5G. The 3GPP security standard includes new authentication procedures, enhanced subscriber privacy against fake base stations (stingrays), service-based architecture and interconnect security, plus user plane integrity protection. The next release has to be finished by the end of 2020 to be in line with what needs to be done, says Benoit Jouffrey, VP 5G Expertise, Thales.
According to Sanjay Bhatia, Vice President of Solutions Marketing and Strategy, Ribbon Communications, the best way to address 5G security challenges is through “a proactive and reactive approach”.
As part of this, he recommends machine learning technology so that constant monitoring and real time techniques to mitigate attacks are built into the architecture. He says, “You start with your current network, understand the expanding attack surfaces, create a roadmap for new 5G use cases and apps, and partner with innovators in the industry for tools based on machine learning.”
Phadke says securing 5G requires a layered approach addressing the network, data and security and privacy from an end user standpoint – as well as ensuring security across the entire ecosystem.
But mobile operators know they need to secure 5G networks and this is already at the front of their minds as solutions are rolled out. Phadke says operators supporting 5G are ensuring they take measures such as penetration testing and implementing firewall solutions. “As mobile operators start offering 5G solutions for businesses as well as consumers, they have to redefine their security posture.
“Imagine a scenario where 5G is used to create a remote health service – this would be very sensitive data, so security is an area they are doubling down on significantly. They are being compliant with the EU General Update to Data Protection Regulation (GDPR), ensuring data doesn’t leave the geography by having local cloud data centres.”
Securing 5G is certainly a complex task that requires collaboration across the ecosystem to ensure adversaries can’t take advantage of weaknesses in the technology. Phadke concludes, “As networks evolve and scale to enable millions of devices, everyone in the ecosystem must take charge and implement the right security posture and solutions. It’s about keeping ahead of the attackers.”