By Chris Pearson, President, 5G Americas (July 2020)
In a recent series of new online events, Ericsson President and CEO Börje Ekholm highlighted the need for connectivity during the COVID-19 crisis. He said, “While 4G gave us the app economy, 5G will be the greatest open innovation platform ever.” It’s a bold statement – and, if true, heralds an immense era of change for the world.
Let’s parse out that statement a bit. We all know about how successful 4G LTE has been in re-shaping businesses with the app economy. Companies like Uber, AirBnB, DoorDash, Fiverr, and TaskRabbit all owe their existence to the power of being able to deliver data over mobile devices. Many of these companies might have begun in the 3G era, but the deployment of 4G made mobile communications and these companies’ pervasive successes.
In other blog posts, I’ve talked a lot about how 5G technology is really bigger than you think and is poised to unleash trillions of dollars of economic activity, as it acts as an enabler of other technologies like AI, VR, and the Internet of Things (IoT). Indeed, revenue alone for IoT operator billed connections will reach $8.0 B by 2024, up from $525 M in 2020, according to Juniper Research. For artificial intelligence, Technavio reports the global market size was USD $20.67 Billion in 2018 and is projected to reach USD $202.57 billion by 2026, exhibiting a CAGR of 33.1%.
The second part of Mr. Ekholm’s statement includes the phrase “open innovation platform.” It’s true that the impact of 5G will be simply huge. 5G will usher in a new age of connectivity and data sharing, but with that promise comes the enormous responsibility of the industry to continue to improve security capabilities as we connect people to people, people to things and machines to machines.
But if 5G is going to be an “open innovation platform,” the price of open innovation is ensuring that every single part of the network continues to improve security. Security in wireless cellular networks continues to improve both as an evolution and a revolution. New security techniques and capabilities will continue to keep data safe and cyber-attacks thwarted even as our mobile communications innovation bonanza opens more threat surfaces.
Some key features of 5G, which enable the open innovation platform, such as network slicing, open and interoperable radio access networks, migration to cloud-native architectures, software-defined networking, and adoption of service-based network architectures will require new security protocols. In 5G Americas’ latest white paper, entitled “Security Considerations for the 5G Era,” we highlight some these key features of the fifth generation of cellular wireless networks and what security challenges they pose in ensuring a complete, end-to-end secure experience for a wireless customer.
5G wireless technology significantly differs from previous wireless generations. Once fully deployed, 5G will comprehensively connect people, services, and the Internet of Things. The entire network is being re-architected to use software-defined networking for adaptability, network function virtualization for new services with enhanced capabilities, and cloud-native architectures for scalability of resources. Under 5G non-standalone (5G NSA), new network infrastructure separates control planes and user planes, and as 5G stand-alone (5G SA) networks emerge, network slicing will begin to take hold, even as new enhancements to multi-access edge computing (MEC) will ultimately lead to a service-based architecture (SBA) model that proactively anticipates producer-consumer demand, rather than merely addressing response requests.
One key aspect is understanding how 5G wireless networks are moving away from a “monolithic” architecture towards one that is “disaggregated”. Think of it this way, under previous generations of wireless, you had a world-class chef who was able to create amazing dishes – but it was the same dish for every customer. In a 5G world, you break down the best recipes into their component parts, allowing each part of the recipe to be held up on its own, improved upon, and parceled out differently to different customers based on their needs or desires.
Under the disaggregated architecture, network functions are separated from the underlying hardware. While this approach can generate some amazing results from an innovation standpoint, it represents some new challenges from a security standpoint. Under a monolithic architecture, the ‘surface area’ for attacks are built around the moats of the software-hardware fortress. In a disaggregated architecture, each of the parts must have security built into them, even as they run on standardized COTS “commercial off the shelf” components – and each point of interaction with the other parts can potentially be its own security vulnerability.
One other area of possible challenge is that many early implementations of 5G networks are 5G non-standalone (NSA), which can introduce some security challenges. What does that mean? A wireless cellular network is made up of two major parts: the core network and the radio access network (RAN). Under a non-standalone implementation, 5G networks operate with a 5G RAN on top of a 4G LTE core or “evolved packet core” (EPC). As of the mid-way through 2020, operators are moving aggressively to migrate to 5G standalone networks (SA), which are 5G in the RAN and in the core network.
5G non-standalone networks, therefore, could still be vulnerable to many of the same attacks which plagued previous generations, which the industry has successfully combated for years. These include, 2G/3G downgrade attacks that force LTE connected devices to use less secure 2G or 3G protocols, international mobile subscriber identity (IMSI) tracking, man-in-the-middle attacks between a server and a piece of user equipment, and LTE roaming dependent on SS7 and diameter protocols between operator networks.
Additionally, new security protocols will be needed as 5G networks move towards Service-Based Architecture (SBN), Software-Defined Networking (SDN), and Network Function Virtualization (NFV). The key here is realizing that when network functions now become separated from the underlying hardware, security must now be embedded into programmable software modules to limit the potential of unauthorized intrusion. Some of those critical network functions include the verification system itself, which is critical to the authentication of users to prevent unauthorized access.
Moreover, as open-source possibly gains prominence in the RAN ecosystem, managing the integrity of virtualized functions becomes increasingly critical with the adoption of open-source software and API’s. These will no longer be the “walled gardens” of past generations, but rather dynamic open networks with equipment from multiple vendors, running on commercial off the shelf hardware without all the security bells and whistles that may be more common with completely bespoke solutions.
Cloud and edge networks add another layer of challenge into the conversation. The Public Cloud and Hybrid Cloud models cause a shift in the threat landscape, increasing security risk by introducing a 3rd-party Hybrid Cloud Platform (HCP) to the ecosystem. Private LTE and 5G networks may also add their own security challenges if the network management is not as sophisticated as that operated by MNO’s. Multi-access edge computing architecture may also introduce new security risks with the use of open-source code, containerization, more interfaces and new APIs, shared hardware resources that could be cross-contaminated, as well as higher data usage, especially with microservice applications, increasing vulnerability to attacks.
Fortunately, the strengths of 5G network enhancements also extend into their security. One of the greatest strengths of open source software is the ability of the crowd to quickly develop fixes, generate improvements, and identify gaps for additional work. Another goal of 5G networks is in establishing zero-trust security models, which ensures that security is in place from untrusted domains (e.g., supply chain, Internet, user devices, other operators and partners) to and from within trusted domains (operator networks).
Security in 5G introduces solid protection controls. For instance, 5G introduces an improved encryption process which improves anti-tracking and spoofing features, making it difficult to monitor and track connected devices. Another example is the introduction of software and cloud-focused solutions that quickly detect and mitigate threats.
5G is also the first generation of wireless cellular to build in additional protocols, based upon sophisticated threat intelligence. 5G networks may implement a variety of threat responses, involving unsupervised and supervised machine learning, behavior and heuristics analysis, malware signatures, and threat reputation lists of domains and IP addresses. Prior to 5G, mobile architecture also did not have a trust model using integrity protection at the user plane – 5G networks may now implement that model, providing sophisticated defensive mechanisms to assess the threat level of any user.
5G networks also exhibit enhanced authentication for better identity protection and home-network control, as well as threat mitigation for 5G short message service (SMS), and will provide protection against “bidding down” between architectures that allow attackers to connect to 2G or 3G legacy systems. 5G private network security is also greatly improved over 4G LTE with several new enhancements. Finally, current 5G specifications are consistently improving on security for network slicing, with additional optimizations and safeguards for enterprise access control.
Overall, security in wireless cellular networks continues to improve gradually over time. No system is ever 100% perfectly secure but requires constant enhancement and vigilance to stay ahead of the threats. 5G is no different, but even as the challenges increase, the rewards, capabilities, and tools for protection become ever greater. Every age brings with it new mountains to scale and new horizons to conquer.
Full steam ahead on Security in the 5G Era!