5G security
BPI Network: 5G Commercial Deployment Status & Importance of 5G Security?
According to a new global study report, “Toward a More Secure 5G World,” developed by the Business Performance Innovation (BPI) Network, in partnership with A10 Networks. The percentage of mobile service providers who say their companies are “moving rapidly toward commercial deployment” has increased significantly in the past year, climbing from 26 percent in a survey announced in early 2019 to 45 percent in the new survey. Virtually all respondents say improved security [1.] is a critical network requirement and top concern in the 5G era.
……………………………………………………………………………………………………………………………………………………
Note 1. “Improved 5G security” is really an oxymoron, because there are no standards for 5G security. In particular, no substantive work in ITU-T despite SG17 studying 5G security. There are five work items under development by Q.6 in SG17 but nothing has been completed yet.
• X.5Gsec-q, Security guidelines for applying quantum-safe algorithms in 5G systems, started from March 2018
• X.5Gsec-t, Security framework based on trust relationship in 5G ecosystem, started from September 2018
• X.5Gsec-ecs, Security Framework for 5G Edge Computing Services, started from January 2019
• X.5Gsec-guide, Security guideline for 5G communication system based on ITU-T X.805, started from January 2019
• X.5Gsec-netec, Security capabilities of network layer for 5G edge computing, established recently September 2019
………………………………………………………………………………………………………………………………………………
The real 5G Security spec work seems to be taking place in 3GPP. Here is text from 3GPP specification 23.501 (Release 16) on 5G Systems Architecture, related to 5G security (see reference below to download that spec):
5.10 Security aspects:
5.10.1 General
The security features in the 5G System include:
– Authentication of the UE by the network and vice versa (mutual authentication between UE and network).
– Security context generation and distribution.
– User Plane data confidentiality and integrity protection.
– Control Plane signaling confidentiality and integrity protection.
– User identity confidentiality.
– Support of LI requirements as specified in TS 33.126 [35] subject to regional/national regulatory requirements, including protection of LI data (e.g., target list) that may be stored or transferred by an NF.
Detailed security related network functions for 5G are described in TS 33.501.
……………………………………………………………………………………………………………………………………………………….
Early 5G networks are being designed in accordance with the non-standalone (NSA) 5G specification from 3GPP Release 15, However, 30 percent of respondents say they are already proactively planning to add standalone 5G, and another 9 percent say their companies will move directly to standalone. Standalone 5G will require a whole new network core utilizing a cloud-native, virtualized, service-based architecture. Many respondents say they are making significant progress toward network virtualization.
The respondents claim there is steady work toward virtualizing core network functions and a reexamination of the security investments they will need to protect their networks and customers. But once again, there are no standards for that. The only real work here is being done by 3GPP in its “5G core” specification which is part of 3GPP Release 16. Here is the complete list of 5G deliverables in 3GPP Release 16. One of the most important specs is #23.501 Systems Architecture for the 5G System.
“Our latest study indicates that major mobile carriers around the world are on track with their 5G plans, and more expect to begin commercial build-outs in the coming months,” said Dave Murray, director of thought leadership with the BPI Network. “While COVID-19 may result in some short-term delays for operators, the pandemic ultimately demonstrates a global need for higher speed, higher capacity 5G networks and the applications and use case they enable.”
Among key findings of the survey:
- 81% say industry progress toward 5G is moving rapidly, mostly in major markets, or is at least in line with expectations.
- 71% expect to begin 5G network build-outs within 18 months, including one-third who have already begun or will do so in 2020.
- 95% percent say virtualizing network functions is important to their 5G plans, and some three-quarters say their companies are either well on their way or making good progress toward virtualization.
- 99% view deployment of mobile edge clouds as an important aspect of 5G networks, with 65% saying they expect edge clouds on their 5G networks within 18 months.
“Mobile operators globally need to proactively prepare for the demands of a new virtualized and secure 5G world,” said Gunter Reiss, worldwide vice president of A10 Networks, a provider of secure application services for mobile operators worldwide. “That means boosting security at key protection points like the mobile edge, deploying a cloud-native infrastructure, consolidating network functions, leveraging new CI/CD integrations and DevOps automation tools, and moving to an agile and hyperscale service-based architecture as much as possible. All of these improvements will pay dividends immediately with existing networks and move carriers closer to their ultimate goals for broader 5G adoption and the roll-out of new and innovative ultra-reliable low-latency use cases.”
You can download this report at http://bpinetwork.org/thought-leadership/studies/77/download-report-toward-a-more-secure-5g-world
……………………………………………………………………………………………………………………………………………..
Challenges—the Security Mandate
The industry’s top 5G challenges:
- Heavy cost of build-outs (59%)
- Security of network (57%)
- Need for new technical skills (55%)
- Lack of 5G enabled devices (42%)
Importance of security to 5G:
- 99% rate security as important to their 5G planning, higher than even network reach and coverage or network capacity and throughput
- 97% say increased traffic, connected devices and mission-critical use case significantly increase security and reliability concerns for 5G
- 93% say their security investments are already being affected (52%) or are under review (41%) due to 5G requirements
Top Use Cases Expected to Power 5G Adoption
Next two years
- Ultra-high-speed connectivity (81%)
- Industrial automation & smart manufacturing (62%)
- Smart cities (54%)
- Connected vehicles
Next 5 to 6 years
- Smart cities (62%)
- Ultra-high-speed connectivity (59%)
- Connected Vehicles (57%)
- Industrial automation & smart manufacturing (42%)
“Mobile operators globally need to be proactively preparing for the demands of a new 5G world,” Reiss said.
About the BPI Network
The Business Performance Innovation (BPI) Network is a peer-driven thought leadership and professional networking organization reaching some 50,000 heads IT transformation, change management, business re-engineering, process improvement, and strategic planning. The BPI Network brings together global executives who are champions of change through ongoing research, authoritative content and peer-to-peer conversations. For more information, visit www.bpinetwork.org.
About A10 Networks:
A10 Networks provides secure application services for on-premises, multi-cloud and edge-cloud environments at hyperscale. Our mission is to enable service providers and enterprises to deliver business-critical applications that are secure, available and efficient for multi-cloud transformation and 5G readiness. We deliver better business outcomes that support investment protection, new business models and help future-proof infrastructures, empowering our customers to provide the most secure and available digital experience. Founded in 2004, A10 Networks is based in San Jose, Calif. and serves customers globally. For more information, visit www.a10networks.com and follow us @A10Networks.
………………………………………………………………………………………………………………………………………………..
References:
http://bpinetwork.org/thought-leadership/studies/77/download-report-toward-a-more-secure-5g-world
https://www.3gpp.org/dynareport/SpecList.htm?release=Rel-16&tech=4&ts=1&tr=1
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3144
India’s Airtel: Security concerns should be addressed before adopting 5G; Nokia and Huawei disagree!
India Telecom operator Bharti Airtel has cautioned that security concerns [1.] should be addressed before adopting 5G in India, even if it means pushing the rollout back by 12-18 months. Telecom equipment vendors Nokia and Huawei disagreed, saying security aspects shouldn’t be overplayed, and that India should not waste time before adopting 5G.
Gopal Vittal, CEO-India South Asia for Bharti Airtel said India must have right security architecture and policy.
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………….
Note 1. 5G (IMT 2020) networks will also come with risks. Vastly increased numbers of devices and an elevated use of virtualization and the cloud will mean many more 5G security threats and a broader, multifaceted attack surface. To realize a strong and healthy communications future, the industry needs to maintain a laser focus on 5G security.
ITU-T SG17/Q6: Security aspects of telecommunication services, networks and Internet of Things is the lead ITU-T activity on 5G security. Doesn’t appear anything concrete has come out yet!
………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
The above referenced companies differed on the broader issue of security, with Nokia saying security around 5G was also a geopolitical matter, and not just a matter of technology, with “trust” in the gear supplier of crucial importance. China’s Huawei – under pressure across the world owing to alleged security concerns due to its perceived proximity to the Chinese government and fighting to gain trust of countries like India – downplayed the issue, saying it was a “a technical issue, not a political one.”
The government assured it is going through all issues, adding that concerns will be addressed through the Personal Data Protection Bill.“We should not plunge into this (5G), we should take next 12-18 months …to make sure we really understand this beast thoroughly,” Gopal Vittal, CEO-India South Asia for Bharti Airtel, said at ET Telecom 5G Congress held last week. He said India must have right security architecture and policy.
“Telcos have been mandated as per the licensing conditions how they have to deal with the data…Yes, there are concerns in OTT (over-the-top, or app) players and third-party solution (providers), and data protection will be in place,” said R Shakya, deputy director general (security) at the Department of Telecommunications (DoT). Shakya was part of a panel on Policy and Regulatory Challenges in India’s 5G Journey that was moderated by Prashant Singhal, TMT emerging markets leader at EY.
Sanjay Malik, Nokia’s head of India market, said, “There will be a bit more threat in 5G but, from launching perceptive, let’s not overburden with policy and security aspects. Maybe it needs to be seen in terms of more than just network security, (and also the) geopolitical situation.”
Huawei India CEO Jay Chen countered, saying network security in the 5G context is “a technical issue, not a political one,” which he believes the Indian government is increasingly aware of. He added that challenges can be handled by framing universal security standards, equipment testing and even thrashing out legal arrangements. Chen also said 5G technology was also a lot more secure than 2G, 3G, or 4G due to its unique architecture, and its encryption codes can only be broken by quantum computers of the future. Huawei India’s CEO said there is no time to lose as there are already 26 commercial 5G networks worldwide as we speak, which is likely to rise to 60 by the year-end, adding that there would also be 1 million 5G base stations in China alone by next year.
https://www.ctia.org/news/whats-new-in-5g-security-a-brief-explainer
http://www.5gamericas.org/files/8815/4092/3086/5G_Americas_5G_Security_White_Paper_Final.pdf
https://www.3gpp.org/news-events/1975-sec_5g
https://www.huawei.com/minisite/5g/img/5G_Security_Whitepaper_en.pdf
https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180319/Pages/default.aspx