“It’s Not Just You: 5G Is a Big Letdown,” is the title of a Wall Street Journal on-line article published today (January 11, 2023). Author Joanna Stern writes:
I turned off Verizon’s red down pointing triangle 5G on my iPhone—and barely noticed a difference. The 4G LTE performance and coverage felt just about the same.
Three years since the U.S. cellular carriers lit up their next-generation networks and promised to change the game, the game hasn’t changed. And if you’re among the millions of Americans who recently upgraded, you probably already know that. In 2022, 61% of U.S. cellular customers accessed 5G networks, according to Global Wireless Solutions, a network testing and research company.
On Verizon’s Ultra Wideband network, I got 500 Mbps down. But I didn’t notice a difference when streaming Netflix, watching TikTok, loading websites or sending messages. You don’t need a fire hose to extinguish a candle.
Where you might see a difference is during commuting hours and other times of heavy congestion, Chetan Sharma, a telecom-industry analyst, told me. A Verizon spokesman said that 5G’s higher data capacity helps at concerts, sporting events and other crowded areas where everyone is trying to download or upload photos or videos.
“As cars, smart home standards, and so many screens took center stage at this year’s [CES] show, 5G took a back seat,” concludes a Verge article titled, “Where was 5G at CES?” “After years of hype, 5G was seemingly a no-show at CES 2023.” The Verge article continues knocking 5G (and for good reason):
For starters, we’re all sick of hearing about it. And CES has a unique way of rallying around a technology one year and then leaving it for dead the next.
And there was always a time limit on 5G’s newsworthiness — at a certain point, when it becomes the prevailing wireless technology, it’s not going to be “5G the new thing;” it’ll just be “the internet you use when you’re not on Wi-Fi.”
More than any of the above, the time has passed where wireless CEOs feel they need to sell 5G to the general public (and, of course, their shareholders). It’s not a niche new service anymore; it’s the default option (in the U.S. at least). Basically every new phone sold on their shelves is 5G compatible, and mid-band 5G finally exists on all major carriers in large parts of the US. The next time you walk into a wireless store to buy a new phone or sign up for a new service, you’ll have a very hard time leaving without a 5G device and plan, regardless of whether you really wanted them.
So now we have 5G phones in our hands, 5G networks are here, and… not much has changed. Maybe web pages load a little faster — hardly robot surgery. What gives? The thing is, rolling out 5G is a long ongoing process. The hype made it seem like all the good stuff was just around the corner, but truthfully, it was (and still is) years and years away.
So yes, you may have a 5G icon on your phone, but the most transformative aspects of 5G are supposedly still in the works. That’s a tough message to sell in a flashy keynote, especially when everyone in the room has access to the technology you’re talking about.
The IEEE Techblog in general, and this author in particular, have been pounding the table for years that 5G would be a colossal tech train wreck for these reasons:
1. 3GPP Release 16 URLLC in the RAN spec and performance testing have not been completed. Hence the URLLC in 3GPP Release 15 and ITU M.2150 recommendation do not meet the critically important URLLC ITU M.2410 performance requirements for ultra high reliability or ultra low latency. Here is the latest status of URLLC in the RAN in the 3GPP Release 16 specification as of 6 January 2023:
–Physical Layer Enhancements for NR Ultra-Reliable and Low Latency Communication (URLLC) NR_L1enh_URLLC 1 Rel-16 R1 6/15/2018 12/22/2022 96% complete RP-19158
–UE Conformance Test Aspects – Physical Layer Enhancements for NR URLLC NR_L1enh_URLLC-UEConTest 2 Rel-16 R5 12/14/2020 12/22/2022 90% complete RP-202566 RP-221485
2. There is no implementation standard for 5G SA Core network– only 3GPP reference architecture specs which list alternative implementation schemes, most of which are “cloud native.” That resulted in a lot of telco confusion that delayed the roll out of 5G SA networks such that most 5G deployed today is NSA which uses 4G LTE core network and functions. Dell’Oro Group’s Dave Bolan wrote in a white paper:
The 5G Core is the key to monetizing the 5G SA network bringing MNOs (Mobile Network Operators) into the modern cloud era, allowing the MNO to (1) offer new services quickly with Cloud-Native Network Functions, (2) add Network Slices on demand for mobile private networks, and (3) address latency-sensitive applications with MEC. These new opportunities cannot be addressed by 4G or 5G NSA networks, and the sooner an MNO embraces 5G SA networking, the closer it will be to reaping new revenue streams.
3. ALL of the 3GPP defined 5G functions and features, require 5G SA Core network. Those 5G functions include 5G security, network slicing, and automation/virtualization. MEC also needs a 5G SA Core network to work efficiently with a 5G RAN. There are relatively few 5G SA Core networks deployed and for those that are, there are few of the highly touted 5G functions available, e.g. T-Mobile is a case in point.
4. There is no standard for roaming between 5G networks, especially not when there are different versions of 5G SA core networks- each requiring a different software download for 5G endpoint devices. Hence, 5G is not truly mobile in the sense of portability. 5G is probably best used for FWA or local M2M/IoT communications where there are no roaming requirements.
5. There is no standard for 5G Frequency Arrangements (ITU M.1036 revision 6) which are critically important for all the mmWave frequencies specified at WRC 19 for 5G, but frequency arrangements not yet agreed upon by ITU-R WP 5D.
6. 5G base station and endpoint device power consumption is very high, especially for the mmWave frequencies which deliver the fastest 5G speeds.
5G in India:
Mike Dano of Light Reading writes that the U.S. is working on a national spectrum policy, presumably for 5G (and later) 6G.
The White House is working through the NTIA to develop a national spectrum strategy that would cover 5G, 6G and other spectrum users.
According to FierceWireless, National Telecommunications and Information Administration (NTIA) chief Alan Davidson said that work would continue throughout this year. Speaking at last week’s CES conference in Las Vegas, Davidson reminded the audience that the NTIA manages federal spectrum use and serves as the President’s advisor on spectrum policy. That means that the NTIA works together with the FCC to manage spectrum when a federal user is involved. From a practical perspective, the Department of Defense has historically held a lot of valuable spectrum for national security use, making the DoD an incumbent user in many spectrum bands.
The NTIA manages federal spectrum use and serves as the President’s advisor on spectrum policy. (Image Credit: Gerd Altmann from Pixabay)
In 2023 NTIA will be working with federal agency partners to develop a national spectrum strategy, which will provide a long-term plan to meet both commercial and federal spectrum needs.
Officials from the National Oceanic and Atmospheric Administration (NOAA) said they’re taking stock of the agency’s spectrum usage in order to potentially release some for commercial uses, according to SpaceNews. “It is an ongoing challenge. We expect to have to fight for maintenance of spectrum. But at the same time, we realize we’re not going to win every fight,” said Steve Volz, NOAA Satellite and Information Service assistant administrator on January 11th at the American Meteorological Society meeting.
Spectrum for 5G and 6G is a critical national policy topic:
“Continuing to meet increasing consumer demand and expectations, ensure continued growth of the US economy, bridge the digital divide, and facilitate global leadership on next-generation technologies requires sufficient spectrum resources,” wrote the CTIA, the US wireless industry’s main trade association. “Accordingly, it is imperative that the commission continually replenish its pipeline of spectrum allocated for commercial mobile and fixed broadband services.”
“America needs a national strategy to make sure there is enough spectrum to build out 5G networks and not fall behind China,” wrote Mike Rogers, a former Congressional representative from Michigan who authored a report critical of China’s Huawei, in The Hill.
Joel Thayer, of the Digital Progress Institute, agreed. “If we cannot get our act together and follow an all-of-the-above spectrum strategy, we cede the race to 5G and even 6G to China. Full stop,” he wrote in The Hill.
Ericsson expects RAN market to be flat with 5G build-out still in its early days; U.S. cellular industry growth to slow in 2023
For many years now, this author has repeatedly stated that 5G would be the biggest train wreck in all of tech history. That is still the case. It’s primarily due to the lack of ITU standards (really only one- ITU M.2150) and 5G core network implementation specs (vs 5G network architecture) from 3GPP.
We’ve noted that the few 5G SA core networks deployed are all different with no interoperability or roaming between networks. I can’t emphasize enough that ALL 3GPP defined 5G functions and features (including security and network slicing) require a 5G SA core network. Yet most of the deployed 5G networks are NSA which use a 4G infrastructure for everything other than the RAN.
It also must be emphasized that the 5G URLLC Physical layer specified in ITU-R M.2150 does not meet the performance requirements in ITU-R M.2410 as the URLLC spec is based on 3GPP Release 15. Astonishingly, the 3GPP Release 16 work item “URLLC in the RAN” has yet to be completed, despite Release 16 being “frozen” in June 2020 (2 1/2 years ago). The official name of that Release 16 work item is “Physical Layer Enhancements for NR Ultra-Reliable and Low Latency Communication (URLLC)” with the latest spec version dated June 23, 2022. That work item is based on the outcome of the study items resulting in TR 38.824 and TR 38.825. It specifies PDCCH enhancements, UCI enhancements, PUSCH enhancements, enhanced inter UE TX prioritization/multiplexing and enhanced UL configured grant transmission.
Finally, revision 6 of ITU-R recommendation M.1036 on terrestrial 5G frequency arrangements (especially for mmWave), still has not been agreed upon by ITU-R WP5D. That has resulted in a “frequency free for all,” where each country is defining their own set of 5G mmWave frequencies which inhibits 5G end point device interoperability.
In an article titled, 5G Market Growth, Mohamad Hashisho provides his view of why 5G has not lived up to its promise and potential.
Standalone 5G Is Yet to Breakout:
5G market growth still needs to feel as imposing as many imagined it. A technology created to replace previous generations still relies on their infrastructure. Standalone (SA) 5G is unrestricted by the limits of the prior generation of telecommunications technology because it does not rely on the already-existing 4G infrastructure. As a result, it can deliver the fast speeds and low latency that 5G networks have consistently promised. Clearly, standalone(SA) 5G is the way to go, so why do we not see effective implementation and marketing for it?
The numerous challenges businesses encounter while using SA are alluded to in the various telco comments about device availability, carrier aggregation, and infrastructure upgrades. The 5G New Radio system is connected to the current 4G core, the network’s command center, with older NSA. As its name suggests, SA sweeps this crutch aside and substitutes a new 5G core. But operators face several difficulties when they push it out, according to Brown. The first is the challenge of creating “cloud-native” systems, as they are known in the industry. Most operators now want to fully utilize containers, microservices, and other Internet-world technologies rather than simply virtualizing their networks. With these, networks risk being less efficient and easier to automate, and new services may take longer to launch. But the transition is proving to be challenging.
Overpromising, Yet to Deliver:
5G came out of the corner swinging. Huge promises were thrown around whenever the subject of 5g was discussed. It has been a while since 5G came to fruition, yet its market growth remain humble. Some might say that the bark was way more extensive than the bite. While some of these promises were delivered, they weren’t as grand as the ones yet to happen.
Speed was one of the main promises of 5G. And while some argue that this promise is fulfilled, others might say otherwise. Speeds are yet to reach speeds that can eclipse those of 4G. It is not only about speeds, though. It is about the availability of it. The high-speed services of 5G networks are only available in some places. Its been years and many regions are yet to receive proper 5G services. Simply put, a large portion of the dissatisfaction surrounding 5G can be attributed to the failure to fully deploy the infrastructure and the development of applications that fully utilize 5G.
5G of Tomorrow Struggles With Its Today:
5G is, without a doubt, the way to go for the future, but does its present state reflect that? Maybe. That is the issue. Years into its adoption, the answer should be decisive. Telcos might see potential in the maybes and work based on tomorrow’s potential. Consumers won’t be as patient. The consumers need the promised services now. You need to keep your customer base around with promises of the future. Especially when 4G LTE did the job well, really well.
Moreover, some areas in the US, not in struggling countries, have speeds slower than 4G LTE. Some 5G phones struggle to do the minimum tasks. Phones have to stick to specific chips capable of 5G support. But it is not about the small scale. Let’s think big, going back to the big promises 5G made. Smart cities, big-scale internet activities happening in real-time. IoT integration everywhere, controlling drones and robots from across the world. Automated cars as well, 5G was promised to deliver on all that, today and not tomorrow, but here we are.
Finally, the marketing was hit and miss, more miss, to be frank. Most consumers pay more to be 5G ready, while 5G still needs to be truly prepared. It’s hard to keep people interested when 4G is doing great. The only thing that the people needed was consistency, and sadly 5G is less consistent than some would hope.
Lastly, innovation waits for none. This even includes 5G and 5G market growth. There are talks, even more than talks, about 6G. China is pushing for 6G supremacy, while Nokia and japan are starting the conversation about 7G. A major oversight that 5G missed was range. 5 G does great over small distances.
When the promises were massive in scale and global, you practically shot yourself in the foot. Time is running out for 5G, or is it pressuring 5G to live up to its potential?
Author: Adil Baghir (edited by Alan J Weissberger)
Telcos and enterprises realize the need to move toward the network edge to deploy cloud-like solutions to leverage the massive advances in transmission offered by 5G. Benefits such as speed, low latency, and capacity will drive major transformation for telcos and enterprises, opening new revenue opportunities from new business models. We’ll examine several 5G deployment scenarios and security threats in this article.
Image Credit: Palo Alto Networks
Telcos and enterprises are exploring new use cases by deploying edge clouds and bringing content and applications closer to the users and billions of IoT devices to meet the low-latency requirements. The Ericsson 2022 Mobility Report forecasts that over 30 billion Internet of Things (IoT) devices will be connected by 2027.
The 5G core network functions could be deployed as a microservice in a private data centre of the communications service provider (CSP) and enterprise network or in a public cloud (like AT&T-Microsoft Azure and Dish Network-Amazon AWS).
The shift to the edge and deploying telco cloud edge services and enterprise hybrid private 5G networks introduce new security threats associated with the 5G and edge deployment.
Even though there are security risks with 3G/4G, these risks are mainly associated with external attacks. However, with 5G/MEC/IoT architecture, these risks become more serious. 5G core and edge sites can be attacked from the internal network in an “inside-to-outside” approach. Considering that 5G provides high-speed internet broadband, connecting a massive number of consumer and IoT devices, this can be viewed as a new point of attack for the 5G cloud edge architecture.
Such massive transformation forces telcos and enterprises are deploying cloud edge and private 5G services to rethink their security and network protection. There are many challenges in how telcos and enterprises deploy security solutions today as they cannot provide integrated 5G core and security solutions to adapt with cloud-edge use cases. For example, moving to the edge will require a low footprint, automation, scaling and simplified lifecycle management (LCM). Given the increase in the number of edge sites deployed, it will be very complex to manage and scale different security solutions manually. The typical deployments of security solutions are not optimised for distributed and cloud-edge architectures.
The impact of security compromise on an operator or enterprise edge network could be massive because edge sites usually have less capacity than core sites and host mission-critical applications to accommodate low latency requirements, including IoT use cases. For example, a 10/20G volumetric DDoS attack could have a major impact on the network availability and low-latency requirements, and it would lead to a critical service interruption and result in brand damage.
The shift to cloud and edge for telcos and enterprises is an evolved approach to deploying and delivering services and solutions, and introducing a more dynamic environment. The security measures in place today are not aligned with the cloud-edge requirements for the footprint for physical security solutions, increasing number of edge sites, cloud-native strategy and other required capabilities to improve TCO.
DDoS-based IoT Botnet
Most IoT devices have limited computing resources to provide security functionality and typically are not securely coded. MOZI is an example of a DDoS-focused IoT botnet that utilises a large set of remote code executions (RCEs) to leverage common vulnerabilities and exposures (CVEs) in IoT devices for infection. These devices include network gateways, CCTVs, DVRs, etc. Once the IoT device is successfully infected, the botnet uses protocols/apps, such as TCP/UDP/HTTP, to send and receive configuration updates and attack commands. Eventually, the infected IoT nodes begin generating attack traffic, leading to a massive and sudden spike in UDP traffic going back and forth with peer-to-peer networks. Such volumetric attacks from compromised IoT devices will make it very challenging to guarantee a level of service and maintain low-latency requirements.
Even though it’s always recommended to keep the IoT devices running the latest firmware with all the necessary security patches applied. However, we can’t rely entirely on securing or updating IoT devices. Therefore the network should also be equipped with modern security solutions like DDoS baselining techniques to see anomalous behaviour versus historical norms, and AI/ML techniques, for detection and zero-day attack prevention.
Mobile Edge Cloud and Private 5G Requires New Security Approaches
Security for mobile cloud edge and enterprise hybrid private 5G must be measured carefully to align with the new and increasing security threats. This requires securing the mobile core infrastructure and modern network protection to deliver mission-critical applications while maintaining low latency requirements. Ultimately, this will help telcos and enterprises achieve their desired business outcomes.
In addition, the security implementation for telcos should consider security-as-a-service so that operators may offer secure IoT services leveraging network slicing and provide the flexibility for end customers to manage their security policies with complete network isolation. This requires security integration with the 5G ecosystems to ensure subscriber and device awareness for more agile security control.
Enterprises that deploy private 5G networks may lack the telco experience and knowledge to secure that mobile infrastructure. They might rely entirely on the MNO or their mobile network equipment providers (NEPs) to ensure the infrastructure is fully secured and protected. However, enterprises must extend their network and IT security standards and take all the necessary considerations when they move their critical systems and applications to the edge.
Although 5G comes with embedded security standards, it also introduces potential security risks associated with the deployment model and communications systems. In this post, I have focused on one of the security risks associated with 5G deployment: a DDoS-based IoT botnet. In Part II, I will cover other potential security areas:
- 5G deployment in Hyperscale Cloud Providers (HCP)
- HTTP/2 and exposure of API
Threat Intelligence Report, A10 Global State of DDoS Weapons, H1 2021
Ericsson 2022 Mobility Report, June 2022
Evolving 5G Security for the Cloud, 5G Americas White Paper, Sept 2022
CTIA today announced the launch of its 5G Security Test Bed (STB), a security testing and validation initiative dedicated to commercial 5G networks. CTIA created the STB in partnership with organizations across wireless, tech, and academia to test 5G security recommendations across real-world conditions using commercial-grade equipment and facilities.
The 5G Security Test Bed’s founding members—AT&T, Ericsson, T-Mobile, UScellular, MITRE, and the University of Maryland (UMD)—contribute invaluable industry expertise that strengthens the STB’s ability to enhance the wireless security ecosystem and ensure strong protections on 5G networks.
There are no ITU standards for 5G security, which requires a 5G SA Core network. Rather, there are 3GPP 5G Security technical specifications (TS 23.501 – 23.503) with ALL features required to be implemented by vendors, but none of them mandatory for 5G network operators. IEEE Techblog articles and tutorials for 5G security are here.
The STB was created to build on 5G security (presumably from the referenced 3GPP technical specs), testing use cases, making recommendations, and further bolstering 5G’s security to benefit consumers, enterprises, and government.
Governed by industry leaders, guided by government priorities, and managed by CTIA, the test-bed is the latest in a series of steps the industry has taken to make 5G the most secure network ever. Its founding members developed the initiative through their participation in CTIA’s Cybersecurity Working Group, which convenes the world’s leading telecom and tech companies to assess and address the present and future of cybersecurity.
The STB primarily focuses on verifying the Federal Communications Commission’s (FCC) Communications Security Reliability and Interoperability Council (CSRIC) VII recommendations for 5G networks. The FCC announced the working group members of the council last month. There are six CSRIC VIII working groups:
-Working Group 1 is centered on 5G signalling protocols security and is co-chaired by Brian Daly of AT&T and Travis Russell of Oracle.
-Working Group 2 focuses on promoting the security, reliability, and interoperability of Open RAN equipment. It is co-chaired by Mike Barnes of Mavenir and George Woodward of the Rural Wireless Association.
-Working Group 3 focuses on using virtualization to promote security and reliability in 5G, co-chaired by Micaela Giuhat of Microsoft and John Roese of Dell
-Working Group 4 is centered on 911 service over Wi-Fi and is co-chaired by Mary Boyd of Intrado and Mark Reddish of APCO.
-Working Group 5’s area of focus is on managing software and cloud services supply chain security for communications infrastructure; the group is chaired by Rittwik Jana of VMWare.
-Working Group 6 will work on issues surrounding the use of mobile device applications and firmware for wireless emergency alerts. It is co-chaired by Farrokh Khatibi of Qualcomm and Francisco Sanchez of Harris County, Texas’ OHSEM.
The STB will also serve as a valuable industry resource for CSRIC VIII, focused on 5G security, which launched in June, and includes CTIA SVP and CTO Tom Sawanobori among its members.
“This initiative will complement and bolster the FCC’s 5G security efforts, validate its recommendations, and demonstrate 5G security features, with cross-industry groups working collaboratively to test use cases and products on an actual 5G network using real-world hardware and software,” said Sawanobori.
The test bed’s first configuration, built with Ericsson equipment, mirrors the initial setup for most 5G networks—a 5G radio access network is connected to a 4G core to create a 5G non-standalone (NSA) network. In 2022, the STB’s configuration will shift to a 5G standalone (SA) network using a 5G core, which will enable testing of 5G SA use cases.
The STB is located at a secure lab facility at the University of Maryland, leveraging personnel with extensive experience in wireless security. The wireless core network is hosted in Northern Virginia by MITRE, a not-for-profit research and development company.
The 5G Security Test Bed’s evaluations and recommendations cover issue areas that will help transform cities, government, and industries. Applications include autonomous vehicles, immersive augmented reality and virtual reality, automated factory operations, private 5G networks for enterprises, and much more.
5G STB Member Quotes:
“We are excited to have a network dedicated to testing security, which is paramount for the success of 5G. This effort builds on the work underway in standards setting bodies, such as 3GPP, and will enable the industry to demonstrate 5G security in a real-word setting for consumers, enterprise businesses and government.” — Chris Boyer, VP, Global Security and Technology Policy, AT&T
“Ericsson has worked closely with operators to provide the latest equipment to expand secure 5G networks and devices across the nation. We are pleased to play a major role in this next critical step in ensuring robust 5G security for all users. Critical Infrastructure, in particular, must have secure and resilient communication end to end, while maintaining the trust and integrity of its supply chain. Ericsson is proud to be such a trusted supplier, as we provide much of that next-gen equipment from our 5G Smart Factory in Lewisville, TX and services from across the U.S.” —Jason Boswell, VP and Head of End-to-End Security, Ericsson North America
“5G is the most secure generation of wireless networks to date, and we are dedicated to enhancing those protections even further. We’re thrilled that the 5G Security Test Bed will provide an environment to assess potential threats to 5G security raised by security researchers.” — Drew Morin, Director, Federal Cyber Security Technology and Engineering Programs, T-Mobile
“The work being done by this collaborative group to evaluate and validate assumptions is important for protecting the integrity and security of 5G data. We’re looking forward to contributing to the security of 5G for consumers, business and government, now and as the technology continues to evolve.” — Narothum Saxena, Vice President of Technology Strategy & Architecture, UScellular
“Securing 5G networks is whole-of-nation problem with significant implications for our economic and national security that requires collaboration across industry and government. Ensuring the next generation of wireless networks is secure and reflective of democratic values will provide an invaluable foundation for further innovation.” — Charles Clancy, Senior Vice President, General Manager, and Chief Futurist, MITRE Labs
“At UMD, we pride ourselves on training the next generation of engineering leaders and conducting research that advances network and device performance and security. This industry collaboration greatly enhances our ability to meet those objectives.” — Wayne Phoel, Ph.D., Visiting Research Engineer, Institute for Systems Research, University of Maryland
Additional information about the 5G Security Test Bed and how to participate is available at www.5GSecurityTestBed.com.
CTIA® (www.ctia.org) represents the U.S. wireless communications industry and the companies throughout the mobile ecosystem that enable Americans to lead a 21st century connected life. The association’s members include wireless carriers, device manufacturers, suppliers as well as apps and content companies. CTIA vigorously advocates at all levels of government for policies that foster continued wireless innovation and investment. The association also coordinates the industry’s voluntary best practices, hosts educational events that promote the wireless industry and co-produces the industry’s leading wireless tradeshow. CTIA was founded in 1984 and is based in Washington, D.C.
by Akash Tripathi with Alan J Weissberger
5G networks were deployed in increasing numbers this past year. As of December 2021, GSA had identified 481 operators in 144 countries or territories that were investing in 5G, up from 412 operators at the end of 2020. Of those, a total of 189 operators in 74 countries/territories had launched one or more 3GPP-compliant 5G services, up by 40% from 135 from one year ago.
Despite 5G’s much advertised potential, there are significant security risks, especially with a “cloud native” service based architecture, which we explain in this article.
New 5G services, functions and features have posed new challenges for 5G network operators. For example, bad actors could set up “secure” wireless channels with previously issued 5G security keys.
Therefore, it’s imperative for 5G operators to address end-to-end cyber security, using an array of novel techniques and mechanisms, which have been defined by 3GPP and (to a much lesser extent) by GSMA.
5G Security Requires 5G SA Core Network:
It’s important to distinguish between 5G NSA network security (which use 4G security mechanisms and 4G core network/EPC) vs. 5G SA network security (which uses 5G core network serviced base architecture and new 5G security mechanisms as defined by 3GPP).
▪ With the launch of 5G Stand Alone (SA) networks, 3GPP mitigates some long-standing 4G vulnerabilities to enable much stronger security.
▪ At the same time, the way the Service Based Architecture ‘explodes’ the new 5G Core opens up potentially major new vulnerabilities. This requires a fundamentally new approach to securing the 5G Core, including comprehensive API security.
▪ Operators can communicate 5G SA’s new security features to some business users. Communication to consumers is more challenging because the benefit of new security enhancements will only come into effect incrementally over many years.
▪ Mobile network security cannot depend on 3GPP alone. Operators must apply robust cyber security hygiene and operational best practice throughout their operations.
In addition, the 5G network infrastructure must meet certain critical security requirements, such as the key exchange protocol briefly described below.
There are many other risks and challenges, such as the rising shortage of well-trained cyber security and cyber defense specialists. We will address these in this article. But first, a backgrounder….
5G Core Network Service Based Architecture (SBA):
To understand 5G security specifications, one has to first the 3GPP defined 5G SA/core network architecture.
5G has brought about a paradigm shift in the architecture of mobile networks, from the classical model with point-to-point interfaces between network function to service-based interfaces (SBIs).
The 5G core network (defined by 3GPP) is a Service-Based Architecture (SBA), whereby the control plane functionality and common data repositories of a 5G network are delivered by way of a set of interconnected Network Functions (NFs), each with authorization to access each other’s services.
Network Functions are self-contained, independent and reusable. Each Network Function service exposes its functionality through a Service Based Interface (SBI), which employs a well-defined REST interface using HTTP/2. To mitigate issues around TCP head-of-line (HOL) blocking, the Quick UDP Internet Connections (QUIC) protocol may be used in the future.
Here’s an illustration of 5G core network SBA:
The 5G core network architecture (but not implementation details) is specified by 3GPP in the following Technical Specifications:
|TS 23.501||System architecture for the 5G System (5GS)|
|TS 23.502||Procedures for the 5G System (5GS)|
|TS 23.503||Policy and charging control framework for the 5G System (5GS); Stage 2|
The 5G network consists of nine network functions (NFs) responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting user equipment to the Internet using a base station. These technologies create a liability for attackers to carry out man-in-the-middle and DoS attacks against subscribers.
Overview of 3GPP 5G Security Technical Specifications:
The 5G security specification work are done by a 3GPP Working Group named SA3. For the 5G system security mechanisms are specified by SA3 in TS 33.501. You can see all versions of that spec here.
3GPP’s 5G security architecture is designed to integrate 4G equivalent security. In addition, the reassessment of other security threats such as attacks on radio interfaces, signaling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken in to account for 5G and will lead to further security enhancements.
Another important 3GPP Security spec is TS 33.51 Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class, which is part of Release 16.
It’s critically important to note that ALL 3GPP security spec features and functions are required to be supported by vendors, but the are ALL OPTIONAL for 5G service providers. That has led to inconsistent implementations of 5G security in deployed and planned 5G networks as per this chart, courtesy of Heavy Reading:
Scott Poretsky, Ericsson’s Head of Security, wrote in an email to Alan:
“The reason for the inconsistent implementation of the 5G security requirements is the language in the 3GPP specs that make it mandatory for vendor support of the security features and optional for the operator to decide to use the feature. The requirements are defined in this manner because some countries did not want these security features implemented by their national telecoms due to these security features also providing privacy. The U.S. was not one of those countries.”
Overview of Risks and Potential Threats to 5G Networks:
A few of the threats that 5G networks are likely to be susceptible to might include those passed over from previous generations of mobile networks, such as older and outdated protocols.
Interoperability with 2G-4G Networks
For inter-operability with previous versions of software or backward compatibility, 5G must still extend interoperability options with mobile gadgets adhering to the previous generation of cellular standards.
This inter-operability necessity ensures that vulnerabilities detected in the outmoded Diameter Signaling and the SS7 Interworking functions followed by 2G-4G networks can still be a cause of concern for the next-generation 5G network.
Issues related to data protection and privacy
There is a likely possibility of a cyber security attack such as Man-in-the-Middle (MITM) attack in a 5G network where a perpetrator can access personal data through the deployment of the International Mobile Subscriber Identity (IMSI)-catchers or cellular rogue base stations masquerading as genuine mobile network operator equipment.
Possibility of rerouting of sensitive data
The 5G core network SBA itself could make the 5G network vulnerable to Internet Protocol (IP) attacks such as Distributed Denial of Service (DDoS). Similarly, network hijacking, which involves redirecting confidential data through an intruder’s network, could be another form of attack.
Collision of Politics and Technology
Government entities can impact 5G security when it comes to the production of hardware for cellular networks. For instance, various countries have new regulations that ban the use of 5G infrastructure equipment that are procured from Chinese companies (Huawei and ZTE) citing concerns over possible surveillance by the Chinese government.
Network Slicing and Cyberattacks
Network slicing is a 5G SA core network function (defined by 3GPP) that can logically separate network resources. The facility empowers a cellular network operator to create multiple independent and logical (virtual) networks on a single shared access. However, despite the benefits, concerns are being raised about security risks in the form of how a perpetrator could compromise a network slice to monopolize resources for compute-intensive activities.
3GPP Public Key based Encryption Schemes:
3GPP has introduced more robust encryption algorithms. It has defined the Subscription Permanent Identifier (SUPI) and the Subscription Concealed Identifier (SUCI).
- A SUPI is a 5G globally unique Subscription Permanent Identifier (SUPI) allocated to each subscriber and defined in 3GPP specification TS 23.501.
- SUCI is a privacy preserving identifier containing the concealed SUPI.
The User Equipment (UE) generates a SUCI using a Elliptic Curve Integrated Encryption Scheme (ECIES)-based protection scheme with the public key of the Home Network that was securely provisioned to the Universal Subscriber Identity Module (USIM) during the USIM registration.
Through the implementation of SUCI, the chance of meta-data exploits that rely on the user’s identity are significantly reduced.
Zero Trust architecture:
As 5G will support a massive number of devices, Zero Trust can help private companies to authenticate and identify all connected devices and keep an eye on all the activities of those devices for any suspected transgression within the network. While it has been successfully tested for private enterprise networks, its capability for a public network like open-sourced 5G remains to be gauged.
Private 5G Networks:
A private 5G network will be a preferred mode for organizational entities that require the highest levels of security taking into account national interests, economic competitiveness, or public safety. A fully private 5G network extends an organization with absolute control over the network hardware as well as software set-up. All of those mechanisms can be proprietary as the 5G private network deployment is only within one company’s facilities (campus, building, factory floor, etc).
Future of 5G Security:
The next-generation 5G-based wireless cellular network has put the spotlight on new opportunities, challenges, and risks, which are mandatorily required as the 5G technology makes great strides.
The 5G security mechanisms will continue to evolve in 3GPP (with Release 17 and above). Many of them will be transposed to become (“rubber stamped”) ETSI standards.
Note that 3GPP has not submitted its 5G core network architecture or 5G security specifications to ITU-T which is responsible for all 5G (IMT 2020) non-radio standards.
Europe’s General Data Protection Regulation (GDPR), applicable as of May 25th, 2018 in all EU member states, harmonizes data privacy laws across Europe. It could serve as a model for network security and data protection initiatives outside the European Union.
The 5G network has the possibility to enhance network and service security. While 5G comes with many built-in security controls by design, developed to enhance the protection of both individual subscribers and wireless cellular networks, there is a constant need to remain vigilant and a step ahead in terms of technological innovation to thwart possible new cyber-attacks.
An end-to-end security framework across all layers and all domains would be essential. Introducing best practices and policies around security and resilience will remain imperative to future-proof 5G networks.
Akash Tripathi is a Content Marketing strategist at Top Mobile Tech. He has 10+ years of experience in blogging and digital marketing. At Top Mobile Tech, he covers various how-to and tips & tricks related to iPhone and more related to technologies. For more about Akash, please refer to:
Exium, a 5G security company [1.], today announced that it is collaborating with IBM to help clients adopt an edge computing strategy designed to enable them to run AI or IoT applications seamlessly across hybrid cloud environments, from private data centers to the edge. Exium offers clients an end-to-end AI deployment solution designed for high performance on the Edge that can extend to any cloud. This platform can help clients address vendor lock-in by providing flexibility to run their centralized Data/AI resources across any cloud or in private data centers.
Note 1. Exium was founded in 2019 by wireless telecommunications entrepreneur Farooq Khan (ex-Phazr, ex-JMA Wireless). The company believes that the current Cybersecurity Model is broken. Existing cybersecurity approaches and technologies simply no longer provide the levels of security and access control modern digital organizations need. These organizations demand immediate, uninterrupted secure access for their users, teams, and IoT/ OT devices, no matter where they are located.
Exium’s Intelligent Cybersecurity Mesh™ (see diagram below) provides secure access for a distributed workforce, IoT devices, and mission-critical Operational Technology (OT) infrastructure, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.
CyberMesh consolidates three technologies, 5G, Secure Access Services Edge, or SASE, and Extended Detection and Response, or XDR in a single powerful cloud platform.
The Intelligent Cybersecurity Mesh is the first network security platform rooted in internationally accepted digital trust standards and is a reflection of Exium’s commitment to an open, interoperable, and secure global internet for all.
Exium’s Secure Edge AI is designed to provide a secured, highly performant Edge for IoT data collection and AI execution that works with WiFi/Ethernet/4G today and will be able to assist enterprises to upgrade to 5G in the future.
Exium’s CyberMesh is designed to deliver Zero-Trust Edge Security, Intent-Driven Edge Network Performance, and connect Edge and Cloud locations to help provide scalability and resilience out of the box. Zero-Trust Edge Security addresses trust assumptions to help build the connection between users, devices, and edge applications. Intent-Driven Edge Network enables edge applications to influence the 5G network for traffic routing, steering and QoS control.
“With computing done in so many places—on public and private clouds and the edge–we believe the challenge that businesses face today is to securely connect all these different elements into a cohesive, end-to-end platform,” said Farooq Khan, Founder & CEO at Exium. “Through our collaboration, Exium plans to integrate with IBM Edge Application Manager to offer edge solutions at scale for our clients.”
“We look forward to collaborating with Exium to help clients deploy, operate and manage thousands of endpoints throughout their operations with IBM Edge Application Manager,” said Evaristus Mainsah, GM, IBM Hybrid Cloud and Edge Ecosystem. “Together, we can help enterprises accelerate their digital transformation by acting on insights closer to where their data is being created, at the edge.”
A recent IBM Institute for Business Value report, “Why organizations are betting on edge computing: Insights from the edge,” revealed that 91% of the 1,500 executives surveyed indicated that their organizations plan to implement edge computing strategies within five years. IBM Edge Application Manager, an autonomous management solution that runs on Red Hat OpenShift, enables the secured deployment, continuous operations and remote management of AI, analytics, and IoT enterprise workloads to deliver real-time analysis and insights at scale. The introduction of Intel® Secure Device Onboard (SDO) made available as open source through the Linux Foundation, provides zero-touch provisioning of edge nodes, and enables multi-tenant support for enterprises to manage up to 40,000 edge devices simultaneously per edge hub. IBM Edge Application Manager is the industry’s first solution powered by the open-source project, Linux Foundation Open Horizon.
Exium is part of IBM’s partner ecosystem, collaborating with more than 30 equipment manufacturers, networking, IT & software providers to implement open standards-based cloud-native solutions that can autonomously manage edge applications at scale. IBM’s partner ecosystem fuels hybrid cloud environments by helping clients manage and modernize workloads from bare-metal to multicloud and everything in between with Red Hat OpenShift, the industry’s leading enterprise Kubernetes platform.
Exium is a U.S. full-stack cybersecurity and 5G clean networking pioneer helping organizations to connect and secure their teams, users, and mission-critical assets with ease, wherever they are.
To learn more about Exium, please visit https://exium.net/
About Farooq Khan, PhD:
Before founding Exium, Farooq Khan was founder and CEO of PHAZR, a 5G Millimeter wave radio network solutions company that was sold to JMA Wireless . Before that he was the President and Head of Samsung Research America, Samsung’s U.S.-based R&D unit, where he led high impact collaborative research programs in mobile technology. He also held engineering positions at Bell Labs, Ericsson and Paktel.
Farooq earned a PhD in Computer Science from Université de Versailles Saint-Quentin-en-Yvelines in France. He holds over 200 U.S. patents, has written over 50 research articles and a best-selling book.
Some key findings from ResearchAndMarkets.com’s “5G Security Market by Technology, Solution, Category, Software, Services, and Industry Vertical Support 2021 – 2026” new report:
- The overall global 5G security market will reach $9.2 billion by 2026 [1.]
- The fastest-growing segment will be communications security at 49.2% CAGR
- North America [2.] will be the leading region projected to reach $4.1 billion by 2026
- Integrated 5G security and blockchain solutions will reach $183.1 million by 2026
- AI-based solutions for edge computing infrastructure will reach $253.2 million by 2026
- Distributed denial of service (DDoS) protection for 5G networks will reach $583 million by 2026
- Major drivers for carrier 5G security include 5G core network implementation and support of private wireless networks
- Leading carriers will transform 5G security from a cost of doing business into a major market differentiator for business customers
Note 1. In February 2021 report, Markets and Markets said that 5G security market size is projected to grow from $580 million in 2020 to $5.226 billion by 2026, at a compound annual growth rate (CAGR) of 44.3%. The market research firm believes the major drivers for the 5G security market include rising security concerns in the 5G networks, increasing ransomware attacks on IoT devices, rising attacks on critical infrastructure, and increasing IoT connections paved way for mMTC with enhanced security requirement.
The “cloud native mode” of 5G core/SA deployment is expected to exhibit a higher CAGR during the forecast period. By deploying 5G security solutions and services on the cloud, organizations can avoid spending on hardware, software, storage, and technical staff.
The cloud deployment type is often used for both private and public clouds and may vary from case to case, depending on the requirement of the client.
Additionally, organizations can scale up or down, depending on their use of cloud-based 5G security services. The cloud deployment segment has witnessed strong demand in the early phase of the 5G standalone network. It offers a wide range of benefits, such as scalability, accessibility, flexibility, and cost-effectiveness.
Note 2. Markets and Markets expects the APAC region to hold the largest market share during the forecast period. China, Australia, and Japan are the prime APAC countries that have started several 5G-related activities; which would provide growth opportunities for 5G security vendors in the region.
Asian telecom service providers, vendors, and government firms are determined to take the lead in 5G R&D. The infrastructural growth in APAC, especially in Japan, South Korea, Australia, Singapore, China, and India, and the increasing deployment of 4G and 5G networks present huge opportunities for the implementation of the 5G security solutions.
The ResearchAndMarkets.com report evaluates the 5G threat landscape as well as technologies and solutions to secure networks, platforms, devices, data, and applications [3.]. The report also assesses the 5G security market outlook and potential for many solutions, services, and support. It also evaluates the impact of security functions across various technologies including Mobile Edge Computing (MEC), IoT networks, and mobility infrastructure. The report includes market forecasts for all major technologies, industry verticals, solutions, and service types from 2021 to 2026.
The 5G security market must be robust as solutions need to be deployed on multiple levels including devices, air interface equipment, cloud RAN infrastructure, mobile backhaul facilities, and more.
Note 3. There’s likely to be an increasing adoption of 5G security solutions by carriers. It will be used for identity management, differentiated security protection, privacy protection and growing demand for data protection worldwide. 5G security technology offers various benefits such as diversified system level protection of IT-aware infrastructure, security as service, and rapid detection and response.
The growing demand for a security monitoring and threat analysis to help the business to protect the integrity of systems and data is expected to create a huge opportunity for the global 5G Security market.
In addition, the need for E2E security for vertical industries from protection to detection and increasing importance of a unified security view across enterprise, are anticipated to drive the 5G Security market growth.
Among other areas, the 3GPP Security architecture and procedures for 5G System (Specification #: 33.501) specifies requirements for E1 and f1 interfaces as well as requirements for an overall secure environment. The organization specified many areas necessary for 5G security including subscription authentication, UE authorization, access and serving network authorization and more. Other areas include user and signaling data integrity to ensure seamlessness and interoperability between network elements.
Note that there are no ITU-T recommendations on 5G/IMT 2020 security.
One of the import areas emerging with 5G security that is a greater concern than ever before is data security and private. Much more so than LTE, 5G networks must be concerned with the confidentiality and integrity of user and signaling data. The 5G gNB must support encryption as per security policies for various potential vulnerability areas such as user data in transit as well as signaling for radio resource control. Access control is equally important as well as ensuring that serving networks are authorized by home networks.
5G mobile network operators need to expedite implementation of a more integrated 5G security approach, one of the primary areas of focus will be support of 5G-based private wireless networks for enterprise and industrial customers. While today’s private networks take a more old-school approach to security, more security-minded enterprise, industrial and government sector customers will realize greater cybersecurity through interconnection and managed services with leading carrier 5G security solutions.
Leading carriers will transform 5G security from a cost of doing business into a major market differentiator for business customers including direct to enterprise/industrial/government customers and via hybrid models involving neutral hosts and/or direct interconnect with private wireless networks. The challenging task for mobile network operators is to simultaneously convince business customers that they are more secure with them than without them, while not causing alarm about security holes that existed prior to implementation of 5G security solutions.
For more information about this report please visit: https://www.researchandmarkets.com/r/vqa21q
In a recent IEEE Future Networks presentation titled, Security Considerations for Evolving RAN Architectures, Scott Poretsky and Jason Boswell of Ericsson wrote about “the trust stack in 5G Cloud RAN.” Here’s what they said (emphasis added):
Network security is built upon a trust stack of trusted hardware, trusted software, trusted deployment, trusted applications, and trusted operations. Cloud deployments have an expanded attack surface due to decoupling of the software from the hardware, multiple organizations sharing the same hardware, a third-party organization managing the cloud infrastructure, and use of open source software components.
The chain of trust between these disparate components is not standardized and is implementation dependent, making it challenging to determine the level of risk, such as defined by the NIST Risk Management Framework (RMF). In a cloud environment an external attacker could gain access to a compromised container and from there escalate privilege to gain access to services and infrastructure. Likewise, an attacker that gains access to a service can use it as platform to gain access to containers and infrastructure.
Report Linker forecasts that the global 5G security market will grow from USD 580 million in 2020 to USD 5,226 million by 2026, at a Compound Annual Growth Rate (CAGR) of 44.3% during the forecast period.
The 5G security market is gaining traction due to rising security concerns in the 5G networks, increasing ransomware attacks on IoT devices, rising attacks on critical infrastructure, and increasing IoT connections paved way for mMTC with enhanced security requirement. However, high cost of 5G security solutions will restrain the adoption by SMEs.
The implied negative flipside for operators and enterprises, of course, is that more money will have to be spent on tackling 5G vulnerabilities. The report pointedly notes that the high cost of 5G security solutions will limit adoption by SMEs.
Based on solution type, the DDoS protection solution segment is expected to grow with the fastest growth rate during the forecast period
The DDoS protection segment is projected to grow with the most rapid growth rate in 2020 to 2026.Enterprises use DDoS protection and mitigation solutions and services for adaptive defense against DDoS attacks.
These attacks further affect the confidentiality, integrity, and availability of resources, which may result in billion-dollar losses for enterprises.
Enterprises segment to grow at the highest CAGR during the forecast period
Enterprises are undergoing digital transformation across different industries. Businesses are in various stages of implementing new technologies to develop new solutions, improve service delivery, increase operational efficiency, reduce cost, gain competitive advantage, and meet rising customer expectations. 5G will soon make it into the list of technologies enterprise will consider, with standalone 5G solutions that will enable various new industrial applications, such as robotics, big data analytics, IIoT and AR/VR in engineering and design, as well as new ways to provide remote support and training. As a result, enterprises will need 5G security mechanism to secure the entire network, applications, and devices.
Asia Pacific (APAC) region to record the highest growth and also account for largest markety share in the 5G security market
APAC region is set to dominate 5G, edge computing, blockchain, and 5G security technology, due to its size, diversity, and the strategic lead taken by countries, including Singapore, South Korea, China, Australia, and Japan.These countries have always supported and promoted industrial and technological growth.
Also, they possess a developed technological infrastructure, which is promoting the adoption of 5G security solutions across all industry verticals. Moreover, the region has become the center of attraction for major investments and business expansion opportunities.
While Reportlinker.com praises APAC for leading in 5G security, Europe is way behind if a recent report according to a report from the European Court of Auditors (ECA).
A year-long ECA probe into how European Union (EU) member states are dealing with 5G security found that while “member states have started to develop and implement necessary security measures to mitigate risks, they seem to be progressing at a different pace.”
More worryingly, Annemie Turtelboom, the ECA member leading the audit, indicated that some EU countries were bypassing supplier security checks in order to speed up 5G rollout.
Companies such as ZTE (China), Samsung (South Korea), and Huawei (China) are heavily investing in the upcoming 5G technology and are initiating field trials together with some of the leading mobile service carriers, such as China Telecom (China), KT (South Korea), SK Telecom (South Korea), China Mobile (China), SoftBank (Japan), and China Unicom (China).
• By Company Type: Tier 1 – 62%, Tier 2 – 23%, and Tier 3 – 15%
• By Designation: C-level – 38%, Directors – 30%, and Others – 32%
• By Region: North America – 40%, Europe – 15%, APAC – 35%, and Rest of the World (RoW)– 10%
This research study outlines the market potential, market dynamics, and major vendors operating in the 5G security market. Key and innovative vendors in the 5G security market include A10 Networks (US), Akamai (US), Allot (Israel), AT&T (US), Avast (Czech Republic), Check Point (US), Cisco (US), Clavister (Sweden), Colt Technology (UK), Ericsson (Sweden), F5 Networks (US), ForgeRock (US), Fortinet (US), G+D Mobile Security (Germany), Huawei (China), Juniper Networks (US), Mobileum (US), Nokia (Finland), Palo Alto Networks (US), Positive Technologies (UK), Radware (Israel), Riscure (The Netherlands), Spirent (US), Trend Micro (Japan), and ZTE (China).
The market study covers the 5G security market across different segments. It aims at estimating the market size and the growth potential of this market across different segments based on component (solutions and services), network component security, architecture, end user, deployment type, vertical, and region.
The study also includes an in-depth competitive analysis of the key market players, along with their company profiles, key observations related to product and business offerings, recent developments, and key market strategies.
EU nations are ‘progressing at different paces’ in terms of cyber security protocols introduced by the European Commission in order to ensure the safety of next-generation telecommunications networks, the European Court of Auditors has said.
The news comes at the beginning of a year-long probe into the EU’s security of 5G networks by auditors, while the European Commission has also confirmed to EURACTIV that nations across the bloc have missed deadlines set out in law, which had bound countries to assign 5G spectrum frequencies by the end of 2020.
Auditors say their research has already unearthed evidence of a divergent approach to 5G security across member states [1.], as well as differences in deployment timelines for the technology across the continent. As part of a series of measures unveiled by the Commission in their 2020 5G Toolbox, member states were tasked with assessing the risk profile of telecom providers, with a view to applying restrictions for those vendors considered to be high-risk.
Note 1. Of course, there is an inconsistent approach to 5G security as there are no standards for same from ITU and the 3GPP Release 16 specs for 5G Security are incomplete (delayed to Release 17). That was all described in this IEEE Techblog post.
The toolbox highlighted that “a particular threat stems from cyber offensive initiatives of non-EU countries,” in a veiled reference to Chinese telecommunications providers Huawei and ZTE.
“Several member states have identified that certain non-EU countries (China?) represent a particular cyber threat to their national interests based on previous modus operandi of attacks by certain entities or on the existence of an offensive cyber program of a given third state against them,” the toolbox adds.
A progress report on the plans in July pressed member states to make ‘urgent progress’ on mitigating the risks to 5G telecommunications networks posed by certain high-risk suppliers.
Speaking on Thursday (7 January 2021), the European Court of Auditors’ Paolo Pesce, part of the team conducting the 12-month review, said harmonization across the bloc on such security standards had not happened yet. “Member states have developed and started implementing necessary security measures to mitigate risks,” Pesce said. “But from the information gathered so far, member states seem to be progressing at a different pace as we implement this measure.”
Annemie Turtelboom, the ECA member leading the audit, added that the report will seek to probe the trade-off EU nations seem to be making with regards to security and speed of deployment.
“The coronavirus crisis has made electronic communications including mobile communications even more vital for the citizens and businesses while making it more difficult to timely prepare authorization procedures so that several member states have recently expressed their intention to delay their national spectrum auction procedures,” a spokesperson told EURACTIV.
“The Commission will follow the matter closely and take any difficulty into consideration considering the impact of the current public health crisis.”
However, it appears that the security concerns of contracting various suppliers have been just as relevant in the delays as has the coronavirus pandemic.
In one recent example, Sweden had to sideline auctions for its 3.4-3.6 GHz and 3.6-3.8 GHz bands, after telecoms regulators PTS prohibited the use of equipment from Chinese firms Huawei and ZTE. Earlier this week, Huawei announced that it had lodged an appeal to the supreme administrative court for being frozen out of the auctions.
By mid-December, member states, including the UK, had assigned on average only 36.1% of the 5G pioneer bands, the European Commission informed EURACTIV. Under the 2018 Electronic Communications Code, all spectrum in the 700MHz band should have been awarded by June 30, 2020, with allocations of 3.6GHz and 26GHz airwaves wrapped up by December 31, 2020.
Mobile network operators are mostly running 5G non-standalone networks (NSA), which are based on 4G LTE infrastructure. Positive Technologies said these 5G NSA networks are at risk of attack because of long-standing vulnerabilities in the Diameter and GTP protocols, which were reported on by Positive Technologies earlier this year.
“… true 5G security must go beyond the features built into standalone architecture,” said Pavel Novikov, head of the Positive Technologies’ telecom security research team. “Cost efficiencies can be gained by building a hybrid network that supports both 4G LTE and 5G which will enable a future-proofed next generation network in the longer term,” he added.
What will be the 5G security issues/vulnerabilities when mobile network operators move to deploy 5G stand alone networks with a 5G core (rather than 4G EPC used in 5G NSA)?
Cellular network operators are gradually migrating to 5G standalone infrastructure [T-Mobile US has deployed 5G SA]. but this also has security considerations of its own. Gartner expects 5G investment to exceed LTE/4G in 2022 and that communications service providers will gradually add 5G standalone capabilities to their non-standalone 5G networks.
Source: Positive Technologies’ Standalone 5G core security research
Vulnerabilities and threats for subscribers and mobile network operators stem from the use of new standalone 5G network cores. The vulnerabilities in protocols HTTP/2 and PFCP, used by standalone 5G networks, include the theft of subscriber profile data, impersonation attacks and faking subscriber authentication.
The stack of 5G technologies potentially leaves the door open to attacks on subscribers and the operator’s network. Such attacks can be performed from the international roaming network, the operator’s network, or partner networks that provide access to services.
For example, the Packet Forwarding Control Protocol (PFCP) that is used to make subscriber connections has several potential vulnerabilities such as denial of service, cutting subscriber access to the internet and redirecting traffic to an attacker, allowing them to downlink the data of a subscriber. Correct configuration of the architecture as highlighted in Positive Technologies GTP protocol research can stop these types of attacks.
The HTTP/2 protocol, which is responsible for vital network functions (NFs) that register and store profiles on 5G networks, also contains several vulnerabilities. Using these vulnerabilities, attackers could obtain the NF profile and impersonate any network service using details such as authentication status, current location, and subscriber settings for network access. Attackers can also delete NF profiles potentially causing financial losses and damaging subscriber trust.
In these cases, subscribers will be unable to take action against threats that lurk on the network, so operators need to have sufficient visibility to safeguard against these attacks.
Dmitry Kurbatov, CTO at Positive Technologies commented: “There is a risk that attackers will take advantage of standalone 5G networks while they are being established and operators are getting to grips with potential vulnerabilities. Therefore, security considerations must be addressed by operators from the offset. Subscriber attacks can be both financially and reputationally damaging – especially when vendors are in high competition to launch their 5G networks. With such a diverse surface of attack, robust core network security architecture is by far the safest way to protect users.
“5G standalone network security issues will be much further reaching when it comes to CNI, IoT and connected cities – putting critical infrastructure such as hospitals, transport and utilities at risk. In order to achieve full visibility over traffic and messaging, operators need to perform regular security audits to detect errors in the configuration of network core components to protect themselves and their subscribers,”
Jimmy Jones, telecoms cybersecurity expert at Positive Technologies, said 5G users will need to increase their lines of communication with mobile operators, analysts and customers as 5G presents new threats and attack surfaces.
“They’re going to need to start speaking to the mobile operators as much as possible, because the mobile operators can secure things and will do everything to secure things. They just need to know what they’re securing,” Jones added.
[This author has spoken at length with Jimmy Jones and can attest to his vast knowledge and experience in cellular network security/vulnerabilities]
Positive Technologies has published a new report titled “5G standalone core security assessment,” which details the vulnerabilities of those networks.
The report focuses on the SA (Standalone) mode of 5G network deployment. “The implementation is based on Rel 15 3GPP with the OpenAPI Specification providing detailed descriptions of each interface,” the researchers explain.
Again, almost all deployed 5G networks are based on NSA which depend on a “4G LTE anchor for all non radio functions, including the 4G EPC (Evolved Packet Core) technology. The 5G core network architecture (but not implementation details) is specified by 3GPP and includes the following Technical Specifications:
|TS 23.501||System architecture for the 5G System (5GS)|
|TS 23.502||Procedures for the 5G System (5GS)|
|TS 23.503||Policy and charging control framework for the 5G System (5GS); Stage 2|
The 5G mobile network consists of nine network functions (NFs) responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting user equipment to the Internet using a base station. These technologies create a liability for attackers to carry out man-in-the-middle and DoS attacks against subscribers.
One of the main issues in the system architecture is the interface responsible for session management, known as SMF (Session Management Function). SMF is possible due to a protocol known as PFCP (Packet Forwarding Protocol):
To manage subscriber connections, three procedures are available in the PFCP protocol (Session Establishment, Modification, and Deletion), which establish, modify, and delete GTP-U tunnels on the N3 interface between the UPF and gNB. […] We will focus on the N4 interface. Testing of this interface revealed potential attack scenarios against an established subscriber session.
Other problems Positive Technologies discovered are based on subscriber authentication vulnerabilities. The researchers demonstrated that “subscriber authentication becomes insecure if the NRF does not perform authentication and authori-zation of 5G core network functions.”
In conclusion, this report only covers “a few examples” of how vulnerabilities in G5 can be exploited. “Just as with previous-generation networks, attackers still can penetrate operator networks by means of the international roaming network or partner networks. Therefore, it is vital to ensure comprehensive protection of 5G networks,” the report concludes.
For more information on vulnerabilities of standalone 5G networks, please download the Positive Technologies report here –after filling out a form. …………………………………………………………………………………………………………………..
Editor’s Note: 5G Security Standards (?) and Specifications
Most 5G “professionals” don’t realize that there are no standards for 5G security– either in the radio access network (RAN) or the core network. As ITU is the official standards body for 5G (e.g. IMT 2020.SPECS for the RAN) you’d think the work would be done there. There is some high level 5G security work being done in ITU-T SG 17/Q6, but the corresponding ITU recommendations won’t be completed till late 2021- 2o22 timeframe.
The real work on 5G security is being done by 3GPP with technical specification (TS) 33.501 Security architecture and procedures for 5G system being the foundation 5G security document. That 3GPP spec was first published in Release 16, but the latest version dated 16 December 2020 is targeted at Release 17. You can see all versions of that spec here.
3GPP’s 5G security architecture is designed to integrate 4G equivalent security. In addition, the reassessment of other security threats such as attacks on radio interfaces, signaling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken in to account for 5G and will lead to further security enhancements.
Another important 3GPP Security spec is TS 33.51 Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class, which is part of Release 16. The latest version is dated Sept 25, 2020.
Here’s a chart on 3GPP and GSMA specs on 5G Security, courtesy of Heavy Reading:
Question to 5G network operators: When do you plan to implement the following 5G security specifications? Source: Heavy Reading
“While 3GPP TS 33.511 had the greatest level of commitment to implementing before commercial launch (38% + 33%), the support for all nine specifications in the list is strong enough to confirm each one is relevant on some level for ensuring the security of 5G networks,” according to Heavy Readings’ Jim Hodges.