Back to blogs

Does more elastic mean unshielded?

Dec 17, 2018

The network perimeter is expanding like an elastic to include high-speed (4G/5G and LTE) networks, wireless access points, branch/home offices, roaming users, cloud services, and third parties accessing the data and applications to perform services. These changes to the size, scope and surface of the network can lead to misconfiguration or change control errors that could lead to security breaches; thus increasing the need for security solutions that are to be consistently deployed at each device or point of infrastructure, and a central management to keep on top of the dynamics of this elastic infrastructure and the various layers of security at each endpoint.

Not simply to be another medium of communication but as a catalyst for minimizing the boundary between the digital world and the physical world, the 5G era is on its way to serve vertical industries like Vehicle Network, Internet of Things (IoT), AR/VR, and many more that demand fast yet all-pervasive network.  When it comes to serving vertical industries, security requirements may vary from one service to another. As the IoT continues to gain momentum, more people will be able to remotely operate networked devices and this will surely call for the deployment of a stricter user-authentication method to prevent unauthorized access to IoT devices. For example, biometric identification systems can be installed in smart homes.

Security is a necessary enabler for the continuity of business.  As network users, we’ve already realized the importance of

security and privacy, are we’re aware of the security levels provided based on the experience with earlier generations.  To provide continuity of perceived security, it is important that security and privacy features that exist in earlier generations are also present in 5G, although the actual technical security mechanisms may be different.  Yet, it wouldn’t suffice just to provide the same security features as in the legacy systems because there may be new security requirements and challenges.  Yes, 5G systems are going to be service-oriented, which implies there will be a special emphasis on security and privacy requirements that stem from the angle of services.

Different services would require different security mechanisms that would rely on flexible security architecture to support end-to-end protection. For example, lightweight security can suit the requirements of IoT while remote healthcare services will demand resilient security.  In cloud environment, where multiple vendors provide software and equipment for network infrastructure, security concerns may get more complicated. This scenario can be addressed by building an E2E data security chain that would not only reduce dependence on individual link security but would also streamline security management.

The 5G network is one that runs over multiple types of network. User data may traverse various access networks and network functional entities supplied by different vendors. As a result, it’s possible that user privacy information could exist in any corner of the networks. With data mining technologies, a 3rd-party may be able to derive detailed user privacy information through analysis on the disperse user privacy data. Therefore, it’s time to have privacy information exposure risks thoroughly considered in the 5G network.

Networks can offer security systems as a service to vertical industries; they may choose to validate service access and send back the authorization result to vertical industries. The network may decide whether it would implement the security service on a cloud platform or deploy it in a virtual network slice of the industry that has paid for the security service.  It is important for networks to separate virtual network slices to protect the confidentiality of information and prevent one user’s resources from being accessed by other users in other slices. For example, one network company may choose to block other companies from using its resources even though similar virtual network slices are serving the needs of these companies.

A large number of vertical industries will be served by 5G networks and hence, information security and user privacy would become crucial to the success of 5G networks. Progress in data mining technologies has eased the process of retrieval of user privacy information, which is why additional care should be taken to protect user information in 5G networks. Data breach can lead to severe consequences. 5G networks should

promote efficient usage management practices to protect user data. 5G networks function by sensing the service features of users and providing customized network services. However, this sensing process may promote the utilization of users’ confidential information. Therefore, 5G networks should abide by a service sensing rule that should define how networks should use privacy information and how it should handle that information after using it.

Characteristics of 5G Security:

The drivers for 5G mobile network security can be grouped into four characteristics of 5G networks and their usage, each with implications for privacy and security.  These characteristics are: new trust models, new service delivery models, an evolved threat landscape, and increased privacy concerns.

New Trust Models

Trust models change over time. As a simple example, consider the bring-your-own-device trend in enterprises. Previously, all user devices could be assumed to be trustworthy, as they were all of the same type, all issued and managed by the corporate IT department. Today, users want to use their personal devices instead, posing threats as potential Trojan horses behind corporate firewalls. For current mobile

systems, the trust model is rather straightforward, involving a subscriber (and their terminal) and two operators (the home and serving networks). The new types of devices will span an extremely wide range of security requirements and will at the same time have very different security postures: industry automation control devices, shipping containers, vehicles forming entire capillary networks, tiny climate monitoring sensors and, next-generation tablets and smartphones.  To ensure that 5G can support the needs of new business models, and ensure sufficient security, the trust model map must be redrawn. As such, this does not necessarily mean completely redesigning security. However, it is crucial to identify any significant shortcomings. This must begin by defining a new trust model.

Security for new service delivery models

The use of clouds and virtualization emphasizes the dependency on secure software, and leads to other effects on security. Current 3GPP-defined systems are based on functional node specifications and abstract interfaces (reference points) between them, and as such provide a good starting point for virtualization. Until now, however, dedicated/proprietary hardware has still often been used for these nodes and interfaces. Decoupling software and hardware means that telecom software can no longer rely on the specific security attributes of a dedicated telecom hardware platform.  When operators host third-party applications in their telecom clouds, executing on the same hardware as native telecom services, there are increased demands on virtualization with strong isolation properties.

Increased privacy concerns 

There have been several recent news stories related to allegations like tracking users in major cities, and of extracting personal data without user knowledge. In security terms, particularly sensitive asset is the user identifier(s). Ever since 2G, user privacy has been an important consideration. However, the benefits of full International Mobile Subscriber Identity (IMSI) protection have so far not seemed to outweigh the complexity of implementing it.

Evolved threat landscape

The ubiquity of 5G devices and connectivity will not only affect the technological attack surface; the exposure to social engineering attacks will also increase. People claiming to be colleagues or repair technicians, for instance, may contact an individual and request various kinds of access – not only to the individual’s information, but also to their devices.  This leads to a need to strengthen certain security functional areas:  the new threats would emphasize the need for measurable security assurance and compliance; in other words, verifying the presence, correctness and sufficiency of the security functions.

 

References:

https://www.huawei.com/minisite/5g/img/5G_Security_Whitepaper_en.pdf

https://www.ericsson.com/assets/local/publications/white-papers/wp-5g-security.pdf

5G Security Challenges and Ways to Overcome Them