Countries are now racing to deploy 5G, short for 5th generation mobile networking or 5th generation wireless systems. The Fifth Generation (5G) mobile networks promise fast Internet for everyone, smart cities, driverless cars, critical health care, “internet of things” revolution, and reliable and secure communications for critical infrastructures and services. The coming 5G standard will offer towering benefits, such as enhanced speed and performance, lower latency, and better efficiency.
But it will also come with risks. Mobile communications systems have evolved through wireless technology innovation into 2G, 3G, and then 4G to keep pace with ever-increasing voice and data traffic. Security mechanisms have also been enhanced in mobile communication systems. For instance, one-way authentication in 2G has been elevated to mutual authentication in 3G & 4G; key length and algorithms are becoming more robust; as mobility management is improving, a forward key separation in handovers has been added in 4G; also more effective privacy protection is considered. However, 5G is no longer confined to individual customers. It’s not simply about having a faster mobile network or richer functions in smartphones.
Although 5G is susceptible to many of the same cybersecurity risks found in today’s existing telecommunications and enterprise networks, it’s also subject to new avenues of attack against core network services due to a more complex ecosystem of technologies and operations.
5G Security Vulnerabilities
In a paper titled “A Formal Analysis of 5G Authentication,” researchers from ETH Zurich, the University of Lorraine and the University of Dundee warned that 5G could usher in a new era of security threats. 5G presents new risks because It’s an immature and insufficiently tested set of technologies; It enables the movement and access of vastly higher quantities of data, and thus broadens attack surfaces, and We will depend on it more than 4G for mission-critical applications. 5G systems are going to be service-oriented. This implies there will be a special emphasis on security and privacy requirements that stem from the angle of services. The rise of new business, new architecture, and new technologies in 5G will present new challenges to security and privacy protection.
5G will also bring a more complex network topology, which could offer opportunities for hackers. The network has moved away from centralized, hardware-based switching to distributed, software-defined digital routing. Previous networks were hub-and-spoke designs in which everything came to hardware choke points where cyber hygiene could be practiced. In the 5G software-defined network, however, that activity is pushed outward to a web of digital routers throughout the network, thus denying the potential for chokepoint inspection and control.
Because 5G networks will be mostly software-defined networks, future upgrades will be software updates and thus will be vulnerable to much like the smartphone upgrades. 5G networks will support a massive number of connected devices, which together with elevated use of virtualization and the cloud will equate to many more 5G security threats and a broader, multifaceted attack surface.
5G is linked through an Application Programming Interface (APIs): 5G leverages APIs to enable communications between service functions. Insecure APIs can expose core services to attack and place the entire 5G network at risk. The example of SolarWinds, NotPetya and CCleaner shows that an attack on a single API could jeopardise the entire infrastructure.
5G connects the virtual and real worlds: 5G is based on decomposed, virtualized, and distributed network functions. This type of convergence both exposes new points of cyberattack and leads to challenges in cybersecurity management. Moreover, the connection of virtual and real worlds by 5G means If a particular network infrastructure is compromised, the consequence will not only be limited in the digital world. On the other hand, attackers can target connected physical devices such as sensors and cameras and enable them to be taken over and used for distributed denial-of-service (DDoS) attacks.
In a world of interconnected networks, devices, and applications, every activity is a potential attack vector. This vulnerability is only heightened by the nature of 5G and its highly desirable attributes. The world’s hackers (good and bad) are already turning to the 5G ecosystem, as the just concluded DEFCON 2019 (the annual ethical “hacker Olympics”) illustrated. The targets of this year’s hacker villages included key parts of the 5G ecosystem such as aviation, automobiles, infrastructure control systems, privacy, retail call centers, and help desks, hardware in general, drones, IoT, and voting machines.
Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether. The researchers expanded on their previous findings to build a new tool, dubbed 5GReasoner, which was used to find 11 new 5G vulnerabilities. By creating a malicious radio base station, an attacker can carry out several attacks against a target’s connected phone used for both surveillance and disruption. All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks and a low-cost software-defined radio, said Syed Rafiul Hussain, one of the co-authors of the new paper.
In one attack, the researchers said they were able to obtain both old and new temporary network identifiers of a victim’s phone, allowing them to discover the paging occasion, which can be used to track the phone’s location — or even hijack the paging channel to broadcast fake emergency alerts. This could lead to “artificial chaos,” the researcher said, similar to when a mistakenly sent emergency alert claimed Hawaii was about to be hit by a ballistic missile amid heightened nuclear tensions between the U.S. and North Korea.
Another attack could be used to create a “prolonged” denial-of-service condition against a target’s phone from the cellular network. In some cases, the flaws could be used to downgrade a cellular connection to a less secure standard, which makes it possible for law enforcement — and capable hackers — to launch surveillance attacks against their targets using specialist “stingray” equipment.
5G Security Requirements
The coming 5G networks have the potential to explode vertical industries, enabling the creation of a wide array of new services — all of which will demand new, varying levels of security. There is a need to conduct a thorough risk assessment, with a broader focus on vulnerabilities, threat probabilities, and impact drivers of the cyber risk equation. Such a review of 5G cyber threat mitigation should focus on the responsibilities of both 5G businesses and the government. This should include a review of whether current market-based measures and motivations can address 5G cyber risk factors and where they fall short, the proper role of targeted government intervention in an era of rapid technological change.
For virtual network slices, each of which handles a different type of application service to facilitate flexible resource orchestration and scheduling, there is a need to isolate slices from each other to prevent their resources from being accessed by network nodes in other slices. For instance, patients in a health care slice desire to allow only doctors access their health data, and they are reluctant to see their data accessed by someone in other slices. Because 5G networks can be sliced into uniquely purposed slices, each virtual network slice could demand unique security capabilities.
Unlike 4G and previous generations, 5G will support specialized use cases like e-health and connected cars. Emerging of delay-sensitive applications such as vehicles network and remote surgery have communication scenarios characterized by low-delay and high-security. Security in these scenarios could be a matter of life and death. For example, automated vehicles. The threat of automotive cyberattacks will rise as autonomous vehicles become more widespread. To combat this, the National Highway Traffic Safety Administration employs a multi-layered approach to cybersecurity as it approves driver assistance technologies.
In these scenarios, the 5G network may need to support high reliability while providing QoS guarantee with a delay not more than 1 millisecond, so as to prevent accidents such as vehicle collision and surgical operation errors. To address these new challenges, mobility security may be redesigned and optimized for the 5G network to build an efficient, lightweight, and compatible mobility management mechanism to meet the more stringent delay requirements.
Advances that 5G will bring to the health industry are mitigated by the necessity to have ever-stronger security in place—creating risks that include medical identity theft, invasion of health privacy, and medical data management. Smart homes will require stronger methods of authentication, such as biometric identification.
In the healthcare field, 5G capabilities will help with faster transfer of large patient files, remote surgery, and remote patient monitoring via IoT devices among other advances. However, those advances are tempered by the need for ever-stronger security. Creating risks that include medical identity theft, invasion of health privacy, and medical data management. The above Wipro report states that the healthcare industry was the target of 40 percent of data breaches in 2017. It adds that growing IoT device use will make dealing with increasing cybersecurity risks more challenging.
Smart homes will require stronger methods of authentication, such as biometric identification, seen in software made by Sensory that uses voice and face recognition, or the bevy of fingerprint-access door locks available at hardware stores.
5G will also enable massive IoT networks which introduce massive vulnerabilities since their limited processing, memory and energy resources limit the employment of effective security mechanisms. In July, for instance, Microsoft reported that Russian hackers had penetrated run-of-the-mill IoT devices to gain access to networks. From there, hackers discovered further insecure IoT devices into which they could plant exploitation software. These mobile Internet of Things (IoT) devices require lightweight security while high-speed mobile services demand high efficient mobile security. Internet of Things (IoT) devices and sensors will demand more complex authentication to prevent unauthorized access. For example, biometric identification could be part of the authentication in smart homes.
Physically, low-cost, short-range, small-cell antennas deployed throughout urban areas become new hard targets. Functionally, these cell sites will use 5G’s Dynamic Spectrum Sharing capability in which multiple streams of information share the bandwidth in so-called “slices”—each slice with its own varying degree of cyber risk. When software allows the functions of the network to shift dynamically, cyber protection must also be dynamic rather than relying on a uniform lowest common denominator solution.
Also, compromised Radio Access Network (RAN)-side 5G devices might present a larger Distributed Denial of Service (DDoS) threat. There’s concern that mass numbers of devices could be taken over by hackers and used for distributed denial-of-service (DDoS) attacks. The best example is Mirai, the botnet code that slipped into millions of poorly secured IP cameras, routers and digital video recorders. Mirai’s attacks against a DNS service provider annoyed people because services such as Spotify and PayPal wouldn’t resolve. But as more critical infrastructure and medical IoT devices depend on clear networks, attacks could have life-threatening consequences.
5G further complicates its cyber vulnerability by virtualizing in software higher-level network functions formerly performed by physical appliances. These activities are based on the common language of Internet Protocol and operating systems which have well-known vulnerabilities waiting to be exploited by nation-states or criminal actors.
The network management is also performed by software based on artificial intelligence that itself can be vulnerable. An attacker that gains control of the software managing the networks can also control the network. New cloud/virtualization technologies such as software-defined networking (SDN) and network functions virtualization (NFV) too comes with new security concerns. Because of their open, flexible, programmable nature, SDN and NFV can be insecure technologies in isolation. For example, a network element of an SDN such as the management interfaces could be used to attack the SDN controller or management system and bring down the system.
SDN reduces costs, but also raises the security stakes. A compromised SDN controller, for example, “can give ‘root-like’ access to configuration of virtualized devices under its control, leading to data loss or loss of network security,” according to a white paper by the Institute for Communications Systems at the University of Surrey. Therefore, it will be crucial that they remain at the core of robust 5G networks.
Security management, for instance, managing identities, performing authentication, defending against denial of service (DoS) attacks, and protecting confidentiality and integrity of service traffic, is a general request to vertical industries. However, perhaps not all industry players have the capabilities to build security management on their own, either due to economic burdens or technical challenges, etc. Utilizing security service could be a good choice to these players.
With advancements in data mining technologies, retrieval of user privacy information has been made easier. Therefore, user privacy information must be securely protected in the 5G network so that users and vertical industries can use the network without worrying about information leakage. Alleged eavesdropping by China on phone calls is one of the major concerns that drove the U.S. into thinking it should roll out its own 5G network. The government is also concerned that using network equipment from Huawei or ZTE may potentially create opportunities for spying.
Pierson says that regardless of what type of security is built into the 5G protocols, the supply chain behind telecommunication components is a concern. In 2016, for instance, hackers shut down major portions of the internet by taking control of millions of low-cost chips in the motherboards of video security cameras and digital video recorders. “Much of the backbone for the circuits, antennas, microprocessors, and other conductive equipment may be supplied by foreign entities and any potential exploit in protocols or weaknesses could be exploited,” says Chris Pierson, founder and CEO of Binary Sun Cyber Risk Advisors. “Protecting the supply chain and conducting third party assurance of these products will be a daunting task.”
EU commission proposes Common EU approach for Cybersecurity of 5G networks
European Commission has released its recommendations on cybersecurity in 5G networks; they essentially call for EU countries to jointly study the issue and then take a common approach to the security of 5G networks.
The dependence of many critical services on 5G networks would make the consequences of systemic and widespread disruption particularly serious. As a result, ensuring the cybersecurity of 5G networks is an issue of strategic importance for the Union, at a time when cyber-attacks are on the rise and more sophisticated than ever.
The interconnected and transnational nature of the infrastructures underpinning the digital ecosystem, and the cross-border nature of the threats involved, mean that any significant vulnerabilities and/or cybersecurity incidents concerning 5G networks happening in one Member State would affect the Union as a whole. This is why measures should be provided to underpin a high common level of cybersecurity of 5G networks.
This Recommendation addresses cybersecurity risks in 5G networks by setting out guidance on appropriate risk analysis and management measures at the national level, on developing a coordinated European risk assessment, and on establishing a process to develop a common toolbox of best risk management measures.
Addressing cybersecurity risks in 5G networks should take into account both technical and other factors. Technical factors may include cybersecurity vulnerabilities that may be exploited to gain unauthorized access to information (cyber espionage, be it for economic or political reasons) or for other malicious purposes (cyberattacks aimed at disrupting or destroying systems and data).
Important aspects to consider should be the need to protect the networks across their entire lifecycle and the need to cover all relevant equipment, including in the design, development, procurement, deployment, operation and maintenance phases of 5G networks. Other factors may include regulatory or other requirements imposed on information and communications technologies equipment suppliers.
The future European cybersecurity certification framework should provide an essential supporting tool to promote consistent levels of security. It should allow for the development of cybersecurity certification schemes to respond to the needs of users of 5G-related equipment and software.
3GPP 5G Security
The real work on 5G security is being done by 3GPP with technical specification (TS) 33.501 Security architecture and procedures for 5G system being the foundation 5G security document. That 3GPP spec was first published in Release 16, but the latest version dated 16 December 2020 is targeted at Release 17. You can see all versions of that spec here.
In December 2017, the Non-Standalone (aka. NSA) specifications for 5G new radio (NR) were approved, followed in June 2018, by the Standalone specifications – completing the radio part of 5G Phase 1 (3GPP Release 15). The 3GPP Security Working Group (SA3) has been involved from the outset of the work. ou can see all versions of that spec here.
The 5G system is an evolution of the 4G mobile communication systems. 3GPP’s 5G security architecture is designed to integrate 4G equivalent security. In addition, the reassessment of other security threats such as attacks on radio interfaces, signaling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken in to account for 5G and will lead to further security enhancements.
In 5G a privacy solution is developed that protects the user’s subscription permanent identifier against active attacks. A home network public key is used to provide subscriber identity privacy. The 5G core network is based on a service based architecture, which did not exist in 4G and earlier generations. Thus 5G also provides adequate security for SBA. Like 3G and 4G networks, the existing 5G standard employs something called the Authentication and Key Agreement (AKA), which is a system for enabling networks to trust each other.
To enable SNs and subscribers to establish secure channels and authenticate each other, the 3GPP has specified two authentication methods: 5G AKA and EAP-AKA’. The choice between those two methods is left to the HN, once it has correctly identified the subscriber with the Initialization Protocol.
The researchers performed a comprehensive analysis of security issues in the 5G network and discovered that the 5G AKA has at least two major vulnerabilities. First, it enables one malicious user to move usage charges to another user. Second, it’s possible to find nearby phones, which enables tracking of other users.
5G Security Measures and Mechanisms
Research from the Journal of ICT Standardization suggests a multi-pronged approach to 5G security, including trust models, Authentication and Key Agreement (AKA), and an Extensible Authentication Protocol (EAP)-based secondary authentication, among others. Many of the old network security rules will hold true for 5G security. According to Cisco, there are five primary 5G security protections to focus on:
Prevent threats: Minimize the basic issues that account for most security incidents. Use firewalls to protect your network, and access controls to minimize user-based risk. Consider intrusion detection and prevention tools for blocking basic 5G security threats. In this regard, machine learning capabilities and AI are going to be essential tools that help regulators monitor the security system and prevent potential cyberattacks.
Stop and fix advanced malware: Go beyond signature-based tools to spot the attacks designed to evade basic filters. Behavior-based checks on endpoints — possibly using sandboxing — are important. Once you detect a threat, you will need to be able to remove all instances of it on the network.
Detect anomalies: Use packet capture, big data, and machine learning to identify threats not spotted by basic filters. When embedded into network switches and routers, it’s far more effective, as it turns those devices into 5G security sensors. Moreover, regulators should also focus on monitoring physical devices that are connected to 5G networks. To monitor these devices, regulators should consider adopting a Manufacturer Usage Descriptions (M-U-D) policy. Under this framework, manufacturers need to embed certificates to identify the class and model of all IoT devices.
Incorporate DNS intelligence: Monitor DNS activity and protect against anything malicious.
Make threat intelligence paramount: To understand the malicious efforts of hackers, providers must look for vendors that profile hackers. Try and get intelligence from the widest range of sources possible.
The Department for Digital, Culture, Media and Sport of the United Kingdom government released a technical report on 5G architecture and security in December 2018. It outlined four security mechanisms 5G networks need to meet.
First, cross-layer security. A unified framework is needed to coordinate different security methods for each security layer, such as applications or the IoT. Cross-domain security is a must. 5G networks create a massive amount of novel use cases with unique requirements. Since the vertical market will only grow in order to fulfill those novel use cases, the report calls for cooperation between those in the 5G system to enact integrated security solutions that go across domains.
Then, end-to-end security. There should be a secure connection for the communication paths between the user and the core network. The distributed nature of 5G networks makes this challenging. Finally, the concept of secure-by-design. As the network changes and evolves, security must be built into the design during development.
Zero trust frameworks
First, to build safe and secure 5G networks, governments have to adopt zero-trust frameworks. A cybersecurity system using this framework has four characteristics: i) limiting access to all interactions ii) regulating all interactions iii) partitioning assets through small segments, and iv) regularly monitoring security systems. The end-to-end protecting and monitoring mechanisms of the zero-trust framework will ensure that every activity on the 5G network is secure.
Supply Chain Security
Second, the authorities have to verify the security of the supply chain. Recent examples of major cyberattacks, including Solarware attack, show that supply chains are the primary target of hackers. Therefore, leveraging trustworthy components and vendors is the foundation for 5G cybersecurity. Regulators need to continuously monitor how 5G vendors secure their corporate environments from being attacked. The government has to look at the way 5G vendors protect their entire supply chains: from development to delivery to implementation.
QKD for 5G Security
Today’s standard key exchange algorithms (such as Difﬁe-Hellman and RSA) are thought to be vulnerable to attacks by large-scale quantum computers. As such, there are two possible routes for avoiding this future threat: quantum-resistant algorithms (QRAs), such as those being developed under the NIST program, and quantum key distribution (QKD). One advantage of QKD is that it is secure against any future computational threat, be that classical or quantum, whereas IRAs may be insecure against a future quantum hacking algorithm, which is yet to be discovered
QKD, or quantum key distribution, is a method of communication that allows two parties to create a shared random “key” that is known only to them. This key can be used to encrypt and decrypt messages. It continuously generates encryption keys that are immune to attacks because any disruption to the channel breaks the quantum state of photons, which signals hackers are eavesdropping. By installing quantum technology like QKD at key “hub” locations throughout the fiber network that underpins 5G, data trafficked on the 5G network could be protected.
In 2020, Verizon trialed quantum key distribution (QKD) in the Washington, D.C. area, and it plans to be one of the first carriers to pilot QKD in the U.S. “Verizon’s own tests, as well as other industry testing, have shown that deriving ‘secret keys’ between two entities via light photons effectively blocks perfect cloning by an eavesdropper if a key intercept is attempted,” said IDC analyst Christina Richmond in a Verizon blog about the trial. “Current technological breakthroughs have proven that both the quantum channel and encrypted data channel can be sent over a single optical fiber. Verizon has demonstrated this streamlined approach brings greater efficiency for practical large-scale implementation allowing keys to be securely shared over wide-ranging networks.”
Bristol University’s Breakthrough research using quantum cryptography addresses security in 5G networks
The work was carried out by the High-Performance Networks (HPN) Research Group at the University of Bristol’s Smart Internet Lab and following a competitive peer review selection process.
The proposed solution will enable 5G network operators to offer ultimately secure 5G services while guaranteeing ultra-low-latency and high-bandwidth communications. This is due to the novel combination of quantum and infrastructure virtualization technologies.
Recent advances in software engineering and commodity computing technologies have revolutionised the telecommunications industry in the past ten years. Entire classes of network communication services that have traditionally been carried out by proprietary, dedicated hardware, are now virtualised and hosted in commodity computing servers. This is commonly referred to as ”Network Softwareisation”.
The move of critical network communication functions into software, distributed across the internet however, imposes significant security risk for telecommunications networks and specifically for 5G networks that rely entirely on such software architecture. Any malicious attempt to tamper with these virtualized network functions can potentially put the whole internet and its users at risk.
The new research addresses this problem with a new, fully programmable network virtualization platform leveraging on quantum technologies for securing function virtualisation and service orchestration.
The proposed quantum secured 5G virtualization platform is capable of working across multiple 5G operators’ networks (i.e. EE, O2, Vodafone etc.). It uses advanced and standard compliant virtualization technology for creating on-demand complex and collaborative 5G network services across operators’ domains, while utilising quantum cryptography and optical interconnection infrastructure to secure services and guarantee 5G Key Performance Indicators (3GPP KPIs).
Professor Reza Nejabati, Head of the HPN Research Group, said: “Hardware and software technologies reported in this paper can potentially revolutionise 5G networks. They empower network operators to leverage the flexibility and programmability offered by virtualization technology in order to create new types of internet services while taking advantages of transmission at the speed of light and also securing the system using quantum technology”.
Professor Dimitra Simeonidou, Director of the Smart Internet Lab, added: “5G networks will transform communications, industry and society in the next decade. However, security is a key concern for 5G deployment and is expressed widely in global media. The University of Bristol has pioneered research on 5G and quantum for a number of years and more recently led a number of landmark demonstrations of 5G benefits. With this new work, we bring together our research strengths to provide an ultimate security solution for 5G networks.”