Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Dr Silke Holtmanns, head of 5G security research at AdaptiveMobile Security, looks at some of the unique security challenges associated with 5G.
5G networks are at a critical stage in their design and roll out. Touted to be the bedrock of the communications economy of the future, 5G is expected to deliver bandwidth and capacity never before seen and to unite key parts of countries’ critical national infrastructure.
Many of the new business opportunities that 5G brings come from partnering with companies from sectors different from the classic telecommunication customers. Those sectors see 5G as an enabler to take their business to a new level. It should therefore be little surprise that security has become a key consideration in ensuring that these new use cases – many of which can be considered critical in terms of sensitivity – will be protected.
While in the past 2G, 3G and 4G security was not a key topic, many potential business partners and governments have concerns now about 5G security. They know that if they use 5G as a foundation for their communications, then a potential security incident could cause havoc and immense damage. This public and governmental awareness of 5G security is a real step change from the 3G and 4G networks in the past. Where security was very once much a secondary topic, today it is fundamental to the design, build and operation of the core network.
However, while operators are investing in 5G security features to gain the trust of their valued vertical business partners, in many cases their vendor partners are giving them a false sense of security. The stark reality is that here are still multiple security risks derived from the approach the industry is taking to the migration from 4G to 5G.
New threats, old weaknesses
The huge increase of more sensitive and valuable data in the 5G core network brings with it a corresponding increase in the interest of fraudsters, hackers and nation states in getting access to this data, as well as a growing concern around attacks impacting subscribers and networks.
Attackers already have a toolbox of attacks available for 2G, 3G and 4G networks. For them, a new generation of mobile is simply a new technology that not only shares many of the same concepts but also the same targets as previous cellular networks they have attacked.
To secure 5G – and in particular the protracted network migration from 4G to 5G – it is therefore important to correlate intelligence between different network protocols as attackers will probe different networks for a suitable attack path to their target.
A network is only as secure as its weakest point.
There are over 190 countries in the world, most with several Mobile Operators and a large number of MVNOs. In addition, there are IPX providers, value added service providers, and roaming hubs who are also part of the IPX ecosystem. In total, the estimate is that there are over 2000 interconnecting members in the IPX ecosystem – all of which are of differing backgrounds, sizes and markets, and contain a mix and match of technology generations from 2G to 5G.
As if this picture wasn’t complicated enough, mobile operators will each migrate at different speeds and in different ways, depending on their markets and needs, in most cases while still running their 2G, 3G and 4G networks. The reasons for legacy support are diverse, such as coverage of sparsely populated areas, interconnecting legacy roaming partners or interworking with business partners with legacy infrastructure. This means, that there are many interfaces in the mobile core network which will use legacy protocols and support interworking with legacy technology. Even in the just started 3GPP Release 17, work related to 5G support for legacy 2G, 3G and 4G charging and policy is still ongoing. Often, it is these legacy protocols that a hacker will use as the entry point into an operator’s core network.
Due to the high investments in 5G, the migration path from a legacy network to 5G is strongly influenced by where the investments would give the best return. We see that in the fact that the first deployments of 5G have been taking place in densely populated areas or at specific customer sites.
So, while today many 5G networks are islands of high-bandwidth connectivity with little or no core network roaming or interconnect, the legacy networks that operators are still running continue to present a potential route into the new 5G critical national infrastructure.
Standalone, but together
To accelerate time to market with new 5G services, many operators are deploying a Non-Standalone network as an overlay to their existing 4G core network. However, to fully exploit the potential of 5G in terms of bandwidth, performance and speed for a large range of use cases, the core network also needs to be 5G.
But a 5G SA core network requires large investment and rollouts will be gradual. The question therefore remains: how to migrate safely from a 4G to a 5G core? It is crucial that migration should not leave “old doors open” during what will be for most operators an extended process.
The following general security principles can be applied to all core network migration scenarios:
- All protocols that are accessible by partners have to be filtered and protected
- Attackers care about a target not about a protocol. Use attack correlation to enable early detection of attacks to avoid firewall bypassing
- Attackers change tactics frequently when encountering obstacles; the latest real-life Cyber Threat Intelligence (CTI) for signalling attacks and dynamic rule adjustments are essential
- In-depth analysis and control of 4G and 5G signalling, which follows the principles of ‘least privilege’ and defence in depth
- Not only do incoming messages need to be monitored, but also outgoing messages, to avoid attacking partners and causing liabilities
Vulnerable 5G core networks will come under attack, and attackers are at their strongest while we’re looking the other way; as the complexities of migration are dealt with, security must not be overlooked. A strong security defence with a live cyber threat intelligence system and attack correlation between generations is critical in keeping 5G oeprators up-to-date and protected against the latest attacks.
Dr. Silke Holtmanns is Head of 5G Security Research at AdaptiveMobile Security. Dr. Holtmanns has made significant industry contributions on mobile security, actively supporting the evolution of 5G interconnection security and development of GSMA 5G security standards. She has been contributing to mobile communication security for over 20 years. She served as a subject matter expert for US FCC and EU ENISA.