What is 5G security?
5G security is the combined protection for the underlying 5G network infrastructure, traffic traversing it and consumers of the network itself.
5G Security Explained
5G security is the combined physical and cyber protection for the underlying 5G network infrastructure including hardware and software, the traffic traversing it and users of the network. Proper administration and execution of 5G security should produce the following five core properties, which contribute to the trustworthiness of the 5G system:
- Communication security
- Identity management
- Security assurance
As 5G standalone infrastructure is deployed, the understanding of 5G security will continue to evolve. However, it’s important to note that security was built into 5G infrastructure from its inception. The following are some of the features the 3rd Generation Partnership Project (3GPP) has specified in a 5G Standalone Network:
- User traffic integrity protection
- Improved subscriber privacy
- Subscriber identity concealment
- Roaming Interface and payload security
- Mutual authentication and encryption of key interfaces
5G security is designed to address the following use case categories:
- Enhanced mobile broadband (eMBB)
- Massive machine-type communication (mMTC)
- Ultra-reliable low-latency communications (URLLC)
When it comes to 5G security, the industry landscape can be segmented into three different consideration areas:
- Carrier networks
- Private 5G networks
- Hybrid 5G networks
While each brings about distinctive security implications, the common denominator is the fundamentally different design of 5G compared to its predecessors. Specifically, previous generations of wireless network technology required enterprises to purchase complete solutions from mobile network operators (MNOs), including hardware.
The network was self-contained, while trust and risk were delegated to the vendor supplying the equipment. 5G network infrastructure and backbones are being built on cloud-based infrastructure, much the same way as web applications running in microservices.
The concept of Open RAN (radio access network) and open environments are significant markers that differentiate 5G from 4G networks. These were proprietary previously. Open RAN is a shift in mobile network architectures, which allow service providers to use nonproprietary subcomponents from multiple vendors.
More standard interfaces, interoperability and openness are driven by the cloud-native architecture of 5G. The change is allowing the telco industry to take advantage of capabilities like microservices or building highly scalable applications specifically for 5G. Given that 5G networks are built in a cloud-native fashion, power and agility are major benefits. However, not without cloud-native security vulnerabilities; a threat profile MNOs have not dealt with historically.
5G standalone networks remain in the rollout process, with complete deployment slated for the end of 2023. Consequently, advanced benefits and use cases like edge computing, low latency, autonomous vehicles or smart cities await. In the meantime, 5G signifies the commencement of a new era in network security.
5G Security Architecture
The security architecture of 5G relies on advanced technologies such as network slicing, virtualization and cloud-based resources. These technologies allow enterprises to take advantage of major performance benefits. However, such changes also introduce new considerations with respect to security.
Mobile Protocol-Level Security
To understand mobile protocol-level security for 5G, it’s important to first understand 3GPP (the 3rd Generation Partnership Project). 3GPP is the body that standardizes mobile protocols. 3GPP’s 5G standards provide security mechanisms based on well-proven 4G security mechanisms. They also incorporate new enhancements for encryption, authentication and user privacy.
Specifically, the main enhancements in the 3GPP 5G security standard include:
- New authentication framework
- Enhanced subscriber privacy
- Service-based architecture and interconnect security
- Integrity protection of the user plane
Infrastructure/Cloud Infrastructure Security
Infrastructure and/or cloud infrastructure security encompasses how 5G protocols are implemented as a system. Consider DISH Network. Dish is building the first 5G cloud-native network entirely on AWS (with the exception of minimal components on the radio access network). In such an environment, simply enhancing mobile protocol security will not protect the cloud network functions. Therefore, enterprises pursuing such deployments must also ensure sufficient cloud security.
- NVFI (network function virtualization; virtualized or cloud-native)
- Distributed clouds and edge computing
- Appliance-based functions
- Mobile edge computing
- Software-defined networking (SDN)
- Network slicing
Network slicing divides an underlying physical network infrastructure into a set of logically isolated, self-contained, independent and secured virtual networks. It's an important feature of a 5G network and targets diverse services with distinct requirements for reliability, high speeds and latency. At a high level, a network slice can be thought of as an implementation of a VLAN across a mobile network.
End-to-end network slicing allows for enterprise security to be provided on a given slice. However, as more end-to-end network slices are portioned out, the number of attack vectors will potentially increase. Network slices can be vulnerable to denial-of-service (DoS) attacks if security features that detect anomalous behavior are not implemented.
It’s essential for organizations that utilize 5G in the future to establish security for:
- Network infrastructure
- Network traffic
- Consumers of the network itself
Secure access service edge (SASE) can be combined with 5G network slicing to ensure aggressive SLAs.
- Network level
- Application-level security
- Internet of things (IoT devices)
Traditionally, telcos haven’t been focused on network traffic. The purpose was to transport network bits more so than to know their contents. With the advent of 5G, this paradigm is changing. When 5G functions to supplant Wi-Fi, or as an adjunct, the security of the traffic traversing the network is very much a concern.
5G Security Risks and Challenges
Improvements have been made to 5G infrastructure compared to previous wireless iterations. However, the implementation of 5G networks introduces a different array of potential security threats.
While 5G protocols can’t be subverted easily, there are other ways 5G networks can be compromised. Side-channel attacks are positioned as a significant threat. Side-channel attacks are implemented by exploiting the underlying infrastructure supporting the network (figure 4).
This attack method was historically difficult to execute. Today, it is becoming more common due to technology advancements, which have afforded malicious actors a deeper understanding of targeted systems. It is reasonably achievable for a bad actor to find a misconfiguration in a cloud computing environment. They can then subvert a virtual machine or container, rather than attacking a 5G protocol directly.
Lack of Visibility and Security Controls
5G networks require all the visibility and security controls of a traditional Wi-Fi network. Established security technologies are being introduced into private 5G networks for the same level of visibility and control the world expects from enterprise networks. Fortunately, these are problems the network security industry is highly experienced with solving.
Increased Attack Surface
Telco networks have never been built on cloud infrastructure using application-level technologies until the entry of 5G. Today, 5G networks are being built upon technologies not unlike the architecture one might find beneath popular consumer services, such as Netflix, for example. The consequence is a much larger attack surface. As networks become more open, flexible and equipped to support modern applications, they also become more vulnerable.
5G technologies enable greater capacity for billions of devices, which certainly opens the door for innovation and new capabilities. However, without reliable controls in place, bad actors can use encrypted channels across networks, not to mention encrypted malware.
Consider a private 5G environment in an enterprise. If a 5G environment is being used to supplant a Wi-Fi network, the network itself is likely encrypted. However, it doesn't necessarily prevent malicious endpoints from joining it. Thus, if a network device is compromised with a network layer exploit, bad actors could gain unauthorized access to the 5G network.
5G Security FAQs
The White House developed the National Strategy to Secure 5G in March 2022. The National Strategy to Secure 5G expands on the National Cyber Strategy.
CISA, the lead federal agency for cybersecurity, is assisting with the rollout of this critical infrastructure. In doing so, CISA will be applying four Lines of Effort as notated in the National Strategy to Secure 5G:
- Facilitate Domestic 5G Rollout
- Assess Risks to and Identify Core Security Principles of 5G Infrastructure
- Address Risks to United States Economic and National Security During Development and Deployment of 5G Infrastructure Worldwide and,
- Promote Responsible Global Development and Deployment of 5G