5G provides new cybersecurity safeguards for networks and customers

5G Americas, the industry trade association and voice of 5G and LTE for the Americas, today announced the publication of The Evolution of Security in 5G, a white paper that explores improvements in 5G technologies that have been developed to address current and emerging cybersecurity threats in commercial wireless networks.

“Security remains a central theme during the initial commercialization of 5G networks worldwide,” said Chris Pearson, President of 5G Americas. “With 23 commercially launched standardized 5G networks already today, the transformational ability of this new technology will impact the way we work, live and play in a hyper-connected society.”

3rd Generation Partnership Project (3GPP), the global wireless industry standards organization of which 5G Americas is a market representation partner, has been working on the standardized development of these critical security requirements. They include measures for encryption, mutual authentication, integrity protection, privacy and network availability of:

• A unified authentication framework that enables seamless mobility across different access technologies and support of concurrent connections
• User privacy protection for vulnerable information often used to identify and track subscribers
• Secure Service-Based Architecture (SBA) and slice isolation optimizing security that prevents threats from spreading to other network slices
• Improving SS7 and Diameter protocols for roaming
• Adding native support for secure steering of roaming (SoR), allowing operators to steer customers to preferred partner networks – improving the customer experience, reducing roaming charges, and preventing roaming fraud
• Improved rogue base station detection and mitigation techniques
• And even more proprietary operator and vendor analytics solutions that offer additional layers of security

Said Sankar Ray, Lead Member of Technical Staff, AT&T and co-leader of the white paper working group, “One aspect that cannot be overlooked in our journey to a secure 5G is the evolution of best common practices, people, processes and tools built on the success of 4G networks.”

5G New Radio (NR) can be “plugged” into a 4G core and co-exist with 4G radios as part of a network to speed deployments. In fact, 5G security improvements have been designed to build on top of, and further enhance, currently strong 4G security controls. Previous security improvements from 3GPP included enhancements that were part of Release 8, which added security/authentication mechanisms via nodes to services capability servers and Release 11, which provided additional capabilities to enable secure access to the core network.

However as networks become more complex with 5G, additional threats and vulnerabilities increase the challenge to security. User devices or equipment, radio access networks, mobility or “edge” threats, network core, secure gateway internet Local Area Network (LAN) firewall, roaming, or air interfaces all represent potential targets for attacks. The Internet of Things (IoT) threat surface is exposed to a large vulnerable area of issues - including service, application, node/platform, network/transport, or the IoT device itself.

Complex 5G networks will replace pre-configured security mechanisms with dynamic, instantiated security measures that are deployed by AI-based systems to respond to a new generation of multi-pronged zero-day attacks.

According to Ray, “We secure our networks today using visibility, segmentation and mitigation controls to make a daunting threat surface made more manageable by applying techniques such as automation, orchestration, distributed network build and operation, policy, analytics and much more.”

The introduction of sophisticated network slicing in 5G also potentially expands the attack surface through which malware can be introduced. However, new 5G safeguards isolate these slices through multiple layers of the network and provide end-to-end security with a common authentication framework. Says Pearson, “Moving to network slicing and Massive IoT, the threat surface becomes broader, requiring even more vigilance with the proliferation of the massive quantity of devices and sensors.”