5G Security: What You Need to Know
Network implementation is a risky business. A company may be anxious to roll out a 5G infrastructure, or a user may jump at the chance to get a new 5G device. But one should never throw caution to the wind when adopting a new technology. Before diving in, it's important to know how deep the water is. Plus, the security threats associated with 5G wireless could be overwhelming for the unprepared.
A New Network Architecture
Those of you who are familiar with 4G know that it is made up of both core and radio access networks. The LTE core network is called the Evolved Packet Core (EPC), also known as System Architecture Evolution (SAE). The core contains the MME, S-GW, P-GW, HSS, and PCRF. On the radio side, the e-UTRAN holds the eNodeBs and the user equipment (UE). These devices are connected through various interfaces, such as Uu, X2, S1, S11, S5, S6, and S8.
5G takes the evolution further. The architecture is still divided between the core and radio parts, but the focus has changed. As in all of telecommunications, the evolution has gone beyond the hardware and connectivity and onto software applications. That's the gist behind the name for the new 5G core network: Service-Based Architecture (SBA).
All those functions that were executed by physical devices in 4G are now handled by cloud-based microservices in 5G. You still have the radio side, with a device now called the gNodeB. But the 5G core is a dramatic move toward a virtualized infrastructure, while allowing for interoperability with current 4G networks.
New Threat Surfaces
These changes bring new challenges. Along with the difficulties related to getting the new 5G infrastructure in place and operational, 5G vendors and carriers have to worry about a whole new array of security threats. The move to a virtualized environment leads to the same vulnerabilities suffered by any software installation. Malware, data manipulation, privilege misuse — all of the exploits that hackers attempt with online applications are likely to plague 5G networks without adequate security.
Another reality in the virtual world is a concept known as multitenancy. Cloud users are allocated resources that are dynamically shared with others. Not only are they using the same underlying physical devices, they may be running their applications on the same software instance as other users. Whether the term multitenancy is generally applied to 5G users or not, it's clear that they will be using the same Service-Based Architecture. 5G solutions will rely on something called network slicing. That's where portions of a provider's network are dedicated to specific customer use cases. But how can the provider keep those network slices isolated from each other?
5G uses distributed networking to meet the needs of its users. That means that there are processes, threads, and agents that hold everything together despite the use of a wide array of resources. And while we are trying to hold everything together in a new network, hackers and bad guys are always looking for chinks in the armor. It won't be easy.
5G Identity and Authentication
Keeping out intruders is at the heart of any defense system. But to block unwanted visitors, first you need to know who is allowed to come in. To enter any secure military base, for example, you will need to provide some identification that demonstrates your authority to enter. And some very secure places, like data centers, require biometric verification to authenticate your identity.
Protecting virtual areas also requires authentication. In the 5G network, there are currently three authentication methods. The Authentication and Key Agreement (AKA) protocol, defined by 3GPP, uses a symmetric key shared by both the subscriber and a home network. EAP-AKA is a variation of AKA. EAP-TLS takes advantage of the trust relationship between the UE and the 5G network through the public-key infrastructure.
It can seem a little confusing, but it may help to know that in 5G, just like in 4G, there are various identifiers used in authentication. Here are some of them:
SUPI: Subscription Permanent Identifier
PEI: Permanent Equipment Identifier
GUTI: Globally Unique Temporary Identifier
GUAMI: Globally Unique AMF Identifier
SUCI: Subscription Concealed Identifier
SUPI is the new name for what was called the IMSI in previous generations. The PEI was known as IMSI in 4G. The SUCI contains the mobile country code and the mobile network code. Space won't permit a full discussion here of how all these identifiers and protocols work together to authenticate your mobile phone to the network. But you should know that 5G introduces Secure Anchor Function (SEAF), which makes it easier to move between networks. And 5G networks are authentication agnostic, allowing for authentication with non-5G networks (such as Wi-Fi) using the same methods.
Another complicated but important aspect of 5G security is how encryption keys are managed. Just as you wouldn't want keys to your house to be handed to strangers, 5G devices have strict protocols for using public and private keys.
5G uses 128-bit encryption to secure messages as they pass between devices. The scheme takes advantage of key derivation function (KDF), which uses a secret value (such as a master key) to generate multiple secret keys. The complexity of this technology is beyond the scope of this article.
3GPP 5G Security Standards
With Release 15 in 2018 we had the first true 5G New Radio (NR) standards. We are awaiting Release 16, which should include the final 5G specifications. 5G security standards generally fall within the TS 33 series. Check these out if you want to go straight to the source on 5G security. But be prepared. These documents dig deep into technical issues.
It's all part of IMT-2020, a vision for a 2020 rollout of 5G networks. We are getting close, but keep in mind that any 5G rollouts taking place in 2019 are happening without the benefit of the full set of 5G standards.
Any 5G security strategy must take into account all that we have already learned about protecting mobile data networks. Any network element, for instance, can become the target of a planned DDoS attack. Thinking about 5G security means imagining worst-case scenarios and including them in comprehensive disaster preparedness plan. Don't forget, severe weather events can have just as much impact on a telephone network as any malicious intruder.
We should also mention here a very sensitive issue that has been in the news. As the global political tensions ebb and flow, governments may become leery of the influence of other nations in the technology space. As the U.S. seeks to prevent any possible espionage from Chinese telecom equipment manufacturers, the markets react. National security issues are a big part of the current 5G security landscape.
As IoT devices come online, the risks become greater. End-to-end security is also an important part of 5G security strategies. But while the dangers increase, the lower latency and greater flexibility of 5G allows for a more customizable approach to security management of the myriad of IoT devices on the network.
Being Prepared is Key
5G developers are thinking long and hard about all the possible security issues that may come our way. But unfortunately they can't think of everything. There are so many variables, so many possible targets. Everyone from network managers to smartphone users should remain on guard, and everyone needs to learn how to do their part.
The good thing is that 5G will be extremely powerful and flexible, allowing for different programmable security defenses. But the threats are already out there — and growing. The best approach to 5G security is to be prepared for anything.