Update 23-07-2020: Read Irene's blog on five 5G security challenges that service providers need to tackle
Update 16-12-2019: Read Ditri Trio's blog on 5G Security and interoprability challenges with 3G/4G Networks
As the world is about to start rolling out 5G networks, the question arises: what will be the key challenges to address the security and privacy concerns ahead of 5G?
5G will deliver an immense increase of speed and bandwidth compared to 4G. But also, a massive number of devices that will be able to connect to the 5G network. Autonomous driving, IoT, AR/VR, high speed railway to name a few, they all need fast but ubiquitous network access to gain new momentum. All these new possibilities will create a next-generation threat landscape that will present 5G security and privacy challenges. Moreover, these are critical challenges that must be overcome, for 5G to be the enabler of business continuity.
The importance of 5G security and privacy perception
Users already realize that security and privacy are important. They could be well-aware of the security and privacy services provided to them. It is believed that the extent and strength of the security mechanisms provided correlate with the perceived level of security. In the 5G context, users may already have some perception of this security level based on previous real experiences. To provide continuity of a certain degree of perceived security, it is important that security and privacy features that existed previously, are also present in 5G. Even though the actual technical security mechanisms may differ from earlier generations. 5G, however, has a different angle to 4G and 3G, as it is based on service-oriented architecture. This implies that there will be a special emphasis on security and privacy requirements.
Traditional security practice
To keep pace with the ever increasing voice and data traffic, mobile communications systems have evolved through wireless technology innovation into 2G, 3G, and 4G. Besides that security mechanisms have developed into much more complex ones and are put in place to safeguard today’s mobile communication systems. For instance, one-way authentication in 2G has been elevated to mutual authentication in 3G & 4G;
Traditional security architectures focus on protecting voice and data (2G, 3G, 4G). They have the following security features in common:
- User identity management based on SIM
- Mutual authentication between networks and users
- Securing the path between communicating parties
The (IoT) security and privacy concerns ahead of 5G
5G enabling new business models
The traditional way of communicating is primarily focussed on the freedom of being able to communicate anywhere on any device at any time. People use text messages, voice/video calls, surf the Internet or use Apps on their smartphones. However, 5G is no longer dedicated to those specific needs or use-cases of individual customers. 5G is not simply about having a faster mobile network or richer features on smartphones anymore. 5G serves vertical industries, from which a diversity of innovative services will be introduced.
In the context of these rising new demands for vertical industries, security demands could vary significantly amongst the different services. E.g. Internet of Things (IoT) devices require relatively lightweight security measures while high-speed mobile services demand highly efficient mobile security solutions. The traditional network-based security approach may not be efficient enough to build differentiated end-to-end (E2E) security for different services. As IoT is gaining momentum, more people will be able to remotely operate to networked devices. Think about use-cases such as turning on the heater at home whilst driving back from work, or business processes that rely on network IoT devices. Therefore, there is a need of a more stringent authentication method to prevent unauthorized access to IoT devices.
SDN/NFV driven Network Architecture
SDN/NFV is being adapted and deployed at many organisations already, including Telcos. This IT driven Network Architecture is commonly seen as what makes 5G more efficient and speeds up the time to market for new service deployment. However new security concerns are also merging in the SDN/NFV domain.
With the network virtualization technology, a network can build different virtual network slices. Each virtual network slice can therefore accommodate a specific service requirement and requires differentiated security capabilities. That’s why within the 5G security domain, design architects need to consider issues of how to isolate, deploy, and manage virtual network slices securely. (Our Network & Security solutions expert Ditri Trio wrote a great blog about why Network Slicing will lead to 5G Readiness)
Securing Privacy in 5G
Mobile Internet offers many advantages. Many vertical industries will embrace the new ‘hyperconnected’ possibilities 5G will offer. As other open network platforms, 5G networks raise serious concerns on privacy leakage though. In many cases, privacy leakage can cause serious consequences.
As the primary method for network accessing, mobile networks carry data and signalling that contains many personal private information such as , identifiable information, location, and private content. In order to offer differentiated quality of service, networks may need to ‘sense’ what type of service a person is using. This service type of sensing may involve user privacy. Add all this together, and privacy protection in 5G becomes even more challenging.
The 5G security goals to achieve
As the 5G revelation is at our doorstep, the volume of data traffic and variety of services will increase to massive levels. IoT service is just one of the many examples. When it comes to 5G, it is not simply about being a medium for communication. 5G can be seen as a catalyst for minimizing the boundary between the digital and physical world. 5G security design is an all-encompassing element that provides security protection for the ‘everything-to-everything connected’ world.
End2End security for Verticals
- Differentiated security protection
E2E security design will apply to different vertical industries. Therefore, a strong consideration of how a security design should protect the different requirements applicable to each vertical industry services, should be fulfilled.
To maximize the speed of time to market of new required services for the vertical industries, it is vital that the end2end security is very flexible and has a high efficiency to support and adapt rapidly to the ever-changing business changes.
- Privacy protection
APP services will take off hugely as soon the 5G transition is completed and 5G has been deployed. Along with this, personal privacy data is growing massively as well. This will include device identifiers, user IDs, user preference and much more. With this in consideration, privacy protection could be built end to end, leaving no part of the security chain vulnerable to privacy leaks.
- Security as a Service
In face of convergence of IT and CT, the telecom industry is seeking to boost their strength and better serve vertical industries.
From internal oriented security to Security as a Service for 5G
Security management is a general request to vertical industries, such as managing identities, performing authentication, DDoS protection, protecting confidentiality and integrity of service traffic. However, perhaps not all industry players have the capabilities to build security management on their own, either due to economic burdens or technical challenges, etc.
Utilizing security service could be a good choice for these players. On the other hand, Telecom networks have a relatively high level of experience and security capabilities. Think of authentication or identity & key management, making them trusted parties for users after years of commiting to their services. This is a great opportunity for networks and ISPs to provide their security capabilities as a service to vertical industries. For instance, networks could authenticate service access and return the authentication result to vertical industries. It is the network provider’s choice to either deploy the security service on a cloud platform or simply built it into a virtual network slice. A virtual network slice of the vertical industry that has bought the security service from networks. In this way, security capabilities can be seamlessly built into business flows of vertical industries.
Building a service-oriented security on end2end security
- Differentiated security for different services
5G is going to be service-oriented. This implies that there will be a special emphasis on security requirements that is viewed from the services. For instance, remote health care requires resilient security while IoT requires lightweight security. So the opportunity here is to offer differentiated security to different services in different verticals.
- Flexible security architecture to support security attributes for different network slices
If differentiated security is offered, then a flexible security architecture is needed to support E2E protection for different services. This can be done based on a network slicing architecture. The network manages different E2E security capabilities, ways to derive and negotiate secret keys and mechanisms for protecting confidentiality, privacy and integrity. Within a virtual network slice, security capabilities could be further distributed.
- A uniform security management framework for a multi-vendor environment
In the cloud environment, network infrastructure software and hardware comes from more than one vendor. This could complicate the security issues. For services and users, building an E2E data security chain could be a way to reduce the reliance on individual link security and simplifies security management.
With 5G coming soon, knowing there will be thousands of connected devices in the near future, thinking about 5G security is vital to achieving business success. As the business verticals will discover the potential of this new technology and will turn these opportunities into business, large amounts of sensitive information and potential privacy data will be sent. The way in which we will apply security for these matters will move to a next phase of more service-oriented security architectures. This means new eco-systems will arise as this cannot be done in a stand-alone setup.
Rene van de Kracht - 21 February 2019
Do you want to learn more about this subject, or do you have specific questions? Don't hesitate and reach out! Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your inquiries.
Rene van de Kracht