5G networks support a massive number of connected devices, enable a huge increase of bandwidth over LTE, and create a threat landscape different from previous networks. Security challenges stem from the very attributes that make 5G such an improvement.
In 2018, Wipro released a cybersecurity report that raised concerns for 5G. The report lists Internet of Things (IoT) as one major avenue for attack, since 5G enables IoT to be much larger than on previous networks. The future of communications will drive new 5G security requirements, because of concerns for new use cases and new network architectures.
5G Security and New Use Cases
The coming 5G networks have the potential to explode vertical industries, enabling the creation of a wide array of new services — all of which will demand new, varying levels of security.
For example, automated vehicles. The threat of automotive cyberattacks will rise as autonomous vehicles become more widespread. To combat this, the National Highway Traffic Safety Administration employs a multi-layered approach to cybersecurity as it approves driver assistance technologies.
In the healthcare field, 5G capabilities will help with faster transfer of large patient files, remote surgery, and remote patient monitoring via IoT devices among other advances. However, those advances are tempered by the need for ever-stronger security. Creating risks that include medical identity theft, invasion of health privacy, and medical data management. The above Wipro report states that the healthcare industry was the target of 40 percent of data breaches in 2017. It adds that growing IoT device use will make dealing with increasing cybersecurity risks more challenging.
Smart homes will require stronger methods of authentication, such as biometric identification, seen in software made by Sensory that uses voice and face recognition, or the bevy of fingerprint-access door locks available at hardware stores.
In general, IoT devices and sensors will demand more complex authentication to prevent unauthorized access.
5G Security and New Network Architectures
New cloud/virtualization technologies such as software-defined networking (SDN) and network functions virtualization (NFV) are thriving in anticipation of 5G networks, but they too come with new security concerns. Because of their open, flexible, programmable nature, SDN and NFV open up a new avenue of security threats. For example, a network element of an SDN such as the management interfaces could be used to attack the SDN controller or management system and bring down the system.
Research from the Journal of ICT Standardization suggests a multi-pronged approach to 5G security, including trust models, Authentication and Key Agreement (AKA), and an Extensible Authentication Protocol (EAP)-based secondary authentication, among others.
The security of 5G network infrastructure must evolve alongside the standard. For example, because 5G networks can be sliced into uniquely purposed slices, each virtual network slice could demand unique security capabilities based on the needs of different usage scenarios. Also, compromised Radio Access Network (RAN)-side 5G devices might present a larger Distributed Denial of Service (DDoS) threat.
Vulnerabilities for a network with a distributed 5G core. Source: 5G Americas
Tackling 5G Security
The Department for Digital, Culture, Media and Sport of the United Kingdom government released a technical report on 5G architecture and security in December 2018. It outlined four security mechanisms 5G networks need to meet.
First, cross-layer security. A unified framework is needed to coordinate different security methods for each security layer, such as applications or the IoT.
Then, end-to-end security. There should be a secure connection for the communication paths between the user and the core network. The distributed nature of 5G networks makes this challenging.
Cross-domain security is a must. 5G networks create a massive amount of novel use cases with unique requirements. Since the vertical market will only grow in order to fulfill those novel use cases, the report calls for cooperation between those in the 5G system to enact integrated security solutions that go across domains.
Finally, the concept of secure-by-design. As the network changes and evolves, security must be built into the design during development.
The Importance of 5G Security
The 5G standard will offer a multitude of benefits, such as enhanced speed and performance, lower latency, and better efficiency. But it will also come with risks. Vastly increased numbers of devices and an elevated use of virtualization and the cloud will mean many more 5G security threats and a broader, multifaceted attack surface. To realize a strong and healthy communications future, the industry needs to maintain a laser focus on 5G security.
Updated April 2019