Nebulous directives from the 3GPP don’t help enforce strong security according to a highly critical blog
The rush to build 5G networks could leave these new service-oriented architectures fatally exposed, warns an IEEE Communications Society blog, which outlines five major areas of concern.
The five main security risks are posed by interoperability with 2G-4G Networks, data protections and privacy issues, re-routing of sensitive data, network slicing and cyberattacks and politically motivated activity, like Chinese government surveillance.
By December 2021, 481 operators in 144 countries had invested in 5G, according to the Global mobile Suppliers Association (GSA), which says 189 operators have launched 3GPP-compliant 5G services.
In a June 2020 in an article commissioned by Mobile Europe, Kate O’Flaherty warned that some aspects of the new technology were actually less secure than previous network designs.
The article outlined how 3GPP standards could make 5G secure with new authentication procedures, tighter subscriber privacy against fake base stations (stingrays) and user plane integrity protection.
However, it warned that the burden is on the network builders, some of whom may be driven by different necessities. The IEEE Communications Society blog implies that the situation has not improved.
How to secure a 5G network
As 5G network building activity rises at 40 per cent annually, IEEE blog author Alan Weisberger has warned of the security exposure that could be caused by thinly spread resources and haste-driven decisions over policy.
The warnings of “significant security risks” follow in the wake of an expose by Heavy Reading which charted the differences between obligations and recommendations in imposing 5G security settings.
In the rush to provide a “cloud native” service-based architecture, many fine details may be overlooked in setting up security keys. Any single overlooked detail - out of thousands of variables needing to be locked down - could provide the chink in the armour that a ‘bad actor’ needs.
3GPP is too vague
The blog implies that though the 3GPP warnings are technically specific, the instructions for action are too vague and too much is left up to the operators or cloud service providers to interpret.
While 5G NSA network security uses 4G security mechanisms and the 4G core network’s evolved packet core, 5G SA network security is very different. For the busy network engineers who must secure it, this involves learning about the newish concepts of 5G core network serviced base architecture and the new 5G security mechanisms defined by 3GPP.
Many engineers, in their haste to meet targets, might be pressurised into misinterpreting these new diktats first time around, warns the IEEE blog.
Point to point and service interfaces?
Essential details, such as the key exchange protocol, could be overlooked as mobile operators rush through the radical shift involved in moving from point-to-point interfaces between network function to service-based interfaces (SBIs).
The degree of work involved in adopting a service based architecture is being overlooked, says IEEE blog author Alan Weisberger. The 5G network consists of nine network functions (NFs) responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting user equipment to the Internet using a base station.
Devil is in the detail – why aren’t you?
When it’s mandatory for vendors to support features but using them is optional, that causes inconsistencies, said Ericsson’s head of security, Scott Poretsky. “Some countries did not want these security features implemented by their national telecoms due to these security features also providing privacy,” said Poretsky.
Don’t let criminals start network slicing
The causes of breaches ranged from the unsophisticated, such as the use of outmoded Diameter Signaling, through crude tactics like denial of service attacks to more sophisticated scams such as Man-in-the-Middle (MITM) schemes. When these tactics are used in state sponsored attacks, the consequences could be unthinkable.
Though 3GPP has introduced more robust encryption algorithms and user gadget identifiers it has not submitted its 5G core network architecture or 5G security specifications to ITU-T, which is responsible for all 5G (IMT 2020) non-radio standards.
“An end-to-end security framework across all layers and all domains would be essential,” concludes the IEEE blog.