- 5G will deliver greater network security, with end-to-end encryption
- However, full benefits of encryption require extensive standalone 5G deployments
- Operator unity key to overcoming key 5G network security challenges, say NetNumber specialists
The 5G era promises significantly enhanced mobile network security functionality once 5G core systems are widely deployed, but operators need to agree on key processes if they are to take full advantage of 5G’s security potential.
So say experts from signaling system specialist NetNumber, who spoke with TelecomTV during a DSP Leaders Virtual Press Room briefing.
Pieter Veenstra, Senior Manager Product Development – Security and Routing, at NetNumber, says 5G standards have enhanced security specifications baked in, but the benefits can only be fully realized once 5G networks comprise new core systems as well as radio access network (RAN) infrastructure: Initial 5G network rollouts have new RAN technology but rely on core functionality of previous mobile generations.
The coexistence of 5G with 2G/3G/4G will create security challenges for network operators for years to come, he notes: “Currently we have 5G radio access networks with 4G core systems – nothing really has changed in terms of security,” in current 5G networks. “The enhancement will come with a 5G core, and that will take time,” especially as 5G coverage will be limited in many markets for years to come.
Veenstra and his colleague, Senior Security Architect Ewout Pronk, have first-hand experience of mobile network security issues, having both previously worked at Dutch national operator KPN. They are also heavily involved in ongoing security work at industry body the GSMA: Veenstra is Chair of the Roaming and Interconnect Fraud and Security (RIFS) group as well as chairing the GSMA Fraud and Security Group (FASG)’s team focused on signalling firewalls and the working group focused on 5G SEPP functions and the security risks of 5G/4G/3G/2G coexistence; while Pronk is Chair of the Diameter End-to-End Security Subgroup.
This work gives them insight into the current state of network security awareness and planning, and the realization that network operators face a long list of challenges (including the virtualized nature of 5G core systems) before they can take full advantage of what Veenstra describes as “the cornerstone of 5G security – end-to-end encryption.”
He notes: “5G will be the first mobile system that will be truly secure. There are [multiple] enhancements, including better security related to how devices connect to the network.” In 2G-4G, device connections can be intercepted, allowing fake base stations to be set up and hook up to the devices of unknowing users, says the NetNumber man. “In 5G, everything will be secured and the ID of each device will be encrypted and tied to its home network – roaming devices will need to be authenticated by the home network.”
But there’s a lot to be done before operators can take advantage of such benefits. “There are many challenges, one of which is replacing the 4G core – that is a major undertaking. Replacing the control plane has a lot of challenges... It’s not obvious that operators will introduce a 5G core immediately,” says Veenstra.
Roaming in a 5G world is going to bring a tough set of hurdles for operators to overcome. Pronk notes that operator roaming teams aren’t set up for “security by design… we need to introduce automation so that manual mistakes are eliminated,” he notes.
And the interconnect relationship between operators is not that simple – there are many factors in play. “We need to find a trade-off between security needs, operational needs and business needs, and it’s hard to find a balance between those three,” says Pronk.
There’s also the challenge that, currently, the mobile operator world does not have a single, unified approach to how roaming service encryption will be managed. “This is going to be a major challenge because there are more than 800 operators globally – the industry is going to need a parallel infrastructure to make this work,” says Veenstra, who notes that US regulator the FCC is already working on one roadmap, while China has a different model (based on blockchain). “It’s hard to imagine how this will be deployed,” he adds.
This is where the GSMA can try to help broker a global approach, but Pronk notes that it can only make suggestions, offer blueprints and templates, rather than act as the manager and operator of a global encryption key management system. The task here looks daunting.
But the various working groups are doing what they can to help highlight the challenges and opportunities for the operators: Veenstra says a new document on 5G security will be published by the GSMA in the coming weeks, while members of the Fraud and Security Group continue to raise awareness in blogs such as this one by Leonid Burakovskyof Palo Alto Networks.
Tellingly, Burakovsky notes in his article that “as we rush towards new technology, security considerations are an afterthought.” Veenstra and Pronk are among the many industry experts trying to reverse that ‘norm.’
- Ray Le Maistre, Editorial Director, TelecomTV
Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.