Time to Rethink 5G Security Approach

Article By : Nitin Dahad

Planning for security in 5G networks requires a whole new approach compared to previous-generation networks to protect network infrastructure...

LONDON — Planning for security in 5G networks requires a whole new approach compared to previous-generation networks to protect network infrastructure, according to a new technical report on 5G architecture and security published by the U.K. government.

With 5G rollouts planned in some form or another around the world this year, the very fact that the architecture opens up opportunities for multiple players to operate on the network (rather than just a single network operator) could significantly increase the attack surface for connected devices, autonomous vehicles, and other use cases flagged up for 5G. Hence, the report suggests that a whole new mobile security strategy is needed and makes four significant security-based recommendations that the authors believe will protect vital infrastructure.

"Since the age of 2G, mobile networks have been some of the most secure things on the planet, helped by the fact that each one is controlled by a single network operator," said Peter Claydon, project director of AutoAir, one of the 5G testbeds in the U.K. that contributed to the report. "5G opens up mobile networks, allowing network operators to provide 'slices' of their networks to customers. Also, customers’ data can be offloaded and processed at the edge of the network without going through the secure network core. This report is a timely reminder of the security challenges that these new features raise."

Regius Professor Rahim Tafazolli, founding director of the 5G Innovation Centre at the University of Surrey, added, 'Performance risk in such a complex network means that we need to reconsider many of our digital security processes."

The report was produced as part of the U.K.’s 5G Testbed and Trials program, a government initiative to ensure that the U.K. plays a key role in 5G development. Three of the six 5G testbeds contributed to the report, along with the University of Surrey’s 5G Innovation Centre. The three testbeds were AutoAir, which is testing transport use cases; 5G RuralFirst, which is testing the use of 5G to enhance rural communities, and the Worcestershire 5G Testbed, which is testing industrial use cases of 5G.

Key highlights are the challenges and inevitable trade-offs between cost, security, and performance in the development and deployment of 5G. In a new environment of multiple use cases, each with different performance requirements, along with the expected introduction of new market players, alignment and cooperation between parties will be essential. In addition, systems will need to be "secure by design," and new approaches, including the use of artificial intelligence (AI), will be required.

New ways will be required to predict and pre-validate 5G network connections, leveraging mobile AI-based autonomous network technologies — from mobile phones and smart industrial machines to health-monitoring devices and smart home consumer devices. The networks will need to quickly and efficiently recognize these devices and confirm that they are secure without compromising user experience and performance. The paper also recommends:

A cross-layered process that will allow end-to-end security for critical services such as the transport and logistics, health and social care, Industry 4.0, and rural connectivity solutions.
An organization that is tasked to help monitor and encourage good security-by-design practice and set out and document an approach to designing secure 5G networks, applications, and services.
Further testing of standards and security capability using existing U.K. test beds.

Managing Secure Connectivity

The report highlights the scale of the challenge. The International Telecommunication Union (ITU) vision for 5G outlines use cases with very diverse technical performance and system requirements, requiring mobile networks to interconnect with different non-3GPP network technologies. It says that this cannot be achieved by a single network operator in their own domain, and hence, secured and trusted network-to-network interoperability is essential.

The 3GPP’s 5G specifications define interfaces for inter-network communications, but further work is necessary to evolve interface functionality, performance, and security. To realize seamless interoperability, effective partnerships will be necessary between different network operators and equipment owners, such as transport companies, rural and local communities and authorities, and publicly funded organizations. To achieve end-to-end security, network boundaries need to be secured across all borders.

Adding to the complexity are interconnection of 3GPP and non-3GPP networks, new 5G use cases with diverse requirements, and new 5G technologies, including evolutionary approaches in the mobile network. This adds new security vulnerabilities with a significantly larger attack surface, making it essential to thoroughly evaluate the risks and vulnerabilities and identify work items to alleviate them.

The various challenges to deploy secure 5G networks while meeting the requirements of different 5G use cases also creates a trade-off challenge between network performance and security. The combination of increased network-to-network complexity, end-to-end cross-layer system security, and critical applications will mean that conventional security methods will not be feasible.

Hence, new technology will be required to meet these challenges to prevent conventional security approaches compromising the required 5G performance. Context-aware networks and AI can process context transfer patterns and correlate them with user, device, application, and security context metadata to make predictive decisions. This will assist the network to make sure that the system setup is one step ahead of the dynamics of the user equipment behavior and context, therefore predicting and pre-validating the required end-to-end security and connection in advance of the device requesting the service.

— Nitin Dahad is a European correspondent for EE Times

Leave a comment