The fundamental promise of 5G—transforming telecommunications by bringing wireline reliability and truly everywhere/anywhere service accessibility to mobile—introduces some new security challenges that must be solved to make next-generation services dependable and safe. As operators, vendors, and standards-developing organizations work together on 5G, they need to address not only security provisions for new products, but also security as a built-in feature of communication between devices or components along the network path.
Broadly, the reason for this new approach to security is that 5G networks will involve many more devices, inevitably resulting in more potential vulnerabilities for attackers to exploit.
NFV and 5G Security
More specifically, it is looking briefly at the role of network functions virtualization (NFV) in 5G and how that relates to network security.
To achieve the fast responses and low latency envisioned for 5G, it’s necessary to locate some applications on the IP network edge. This will significantly change network design, requiring NFV servers and virtual machines in the core network, allowing applications to be split and decentralized—so that apps can technically be “everywhere and nowhere.”
But, the use of NFV creates some significant challenges around network security. For example:
- Many NFV solutions are built on open source software and whitebox hardware, a setup that tends to be less secure than proprietary software and hardware.
- Obtaining access to any VNF software component can result in attackers gaining control of hosts (via an external controller) and therefore potentially the entire network.
- Virtual networks built on NFV are not protected by firewalls.
- Segmenting VLANs introduces security vulnerabilities.
Relatedly, network slicing makes it possible to perform dynamic service chaining, but this does mean more components in the network and more security needed for each component. If not detected immediately, attacks can reach all the way to the eNodeB—resulting in wasted bandwidth or much worse.
Key 5G Security Challenges
Digging a little deeper, there are two main security challenges involved in securing 5G networks:
1. IP layer visibility
In a nutshell, all layers and components involved have to be secured. To stop attacks, behavior detection can be highly effective. This might involve, for example, using different parameters to characterize the IP flow. With predictive measurements, it is possible to detect an attack and perform live filtering to stop it.
2. NFV integration
In NFV environments, the control agent is the in the core network and the user plane is distributed. This creates another link to secure with proper encryption. Attacks must be detected at the edge to achieve successful security; it’s too late by the time the attack reaches the core. Operators, vendors, and development communities must work together to secure virtualized networks and release associated standards.
Achieving 5G Security
Fundamental actions that need to be taken to ensure 5G security include:
- Adapt network equipment for virtualization functions
- Diversify security to address the mobile core
- Do away with “one size fits all” security methodologies
5G is a complex environment that integrates open source elements with proprietary solutions. Complexity is the enemy of security. Security must therefore be part of the network design from the start.