5G security for mobile networks

Ensuring network security in the 5G era

5G is the next step in the development of mobile communication. Voice and data communication have meanwhile become basic functions in our networked society. 5G creates completely new use cases for consumers and industries and is intended to improve quality and usability. Furthermore, the introduction of 5G will establish completely new business areas in the future. The networking and interaction of billions of devices will become a reality in the near future. On the basis of this, the security requirements for end users, devices and 5G infrastructure will increase massively.

The evolution of Network Security

The introduction of 5G will also close the gaps in security which have been present in previous technologies over the coming years. These innovations include improved cryptography, enhanced secure roaming and comprehensive measures to secure signaling between different mobile networks. In the future, the mobile identity of mobile devices will only be transmitted in an encrypted way in order to eliminate attacks for example by IMSI catchers.

The difference between 5G and its predecessor technologies is that 5G and its successors are more likely to be presented as a modular system in which services and structures with the most diverse characteristics can be implemented simultaneously. It will be possible to acquire geographically limited 5G licenses, for example industries can implement separate virtual networks within public infrastructures. Within the "network slicing" framework, virtual networks or services can also be designed and built with regard to short latency periods or high security. Security level requirements can also be adapted. This is an opportunity to build a much more reliable, resilient, and secure network.
• Data traffic within the 5G infrastructure is protected by state-of-the-art encryption. The devices and the network authenticate each other using integrity-protected signaling. This ensures that if a single component is compromised, the other components remain protected.
• The transmission of the long-term identity of the subscribers (IMSI) is encrypted from 5G onwards. With 2G/3G/LTE, this data is currently transmitted without encryption.
• Authentication Confirmation is a new mechanism that provides more security when roaming. The subscriber's terminal device sends cryptographic proof of the identity of the mobile network operator to whose network the terminal device has dialed back to. Current mobile networks do not support this function.
• Lower latency in mobility, since security-relevant functions are processed in the central unit of the base station.
• Secure identity management systems identify location based authentication of subscribers; by this mechanism only the real subscribers have access to network services. It is based on strong cryptographic primitives and security features already present in the 4G system.

In the future, 5G will support advanced cryptographic algorithms with 256 bits. This is to ensure that such algorithms used in 5G networks are sufficiently resistant to attacks from quantum computers.

Although these mechanisms exist, it is currently not possible to predict whether all security features will be used and correctly implemented. Currently, it is not clear how fast mobile operators are migrating their infrastructure to 5G. The migration process is neither prescribed by law nor in the 5G specifications. As a result, each mobile operator will be able to setup its network in a different way. The speed of migration will also depend on which new 5G “business scenarios” will emerge and will be adopted in the years to come. At the same time, many of the 5G benefits, such as faster transmission rates, can certainly be operated with a current LTE network. In that case, however, the new security mechanisms will not come into play.

More demand on security

The ability of end users to influence the security features is likely to be limited to the settings provided by the mobile operating system on the User Equipment (UE). For example, it is not yet clear whether end users can force their device to work only on the 5G network. It should also be noted that 5G will only be available in the first stage in coexistence with 4G. This means that all security risks of the standard will be inherited.

The choice of network operator is only one piece of the puzzle anyway. After all, the most secure network operator is of no use if the applications running on the network such as those for autonomous driving, telemedicine or smart cities do not adequately protect important data. Consumers in 5G, will need to be at least as careful as they are today when choosing applications and service providers.

It should also be noted that 5G differs significantly from its predecessor technologies in some areas. Technologies like Software Defined Networks (SDN), Network Function Virtualization (NFV) or Cloud are part of the 5G infrastructure. Each core component must meet the corresponding security requirements.

5G already meets high security requirements, even if these were initially only defined in the specifications. For a holistic fulfilment of all security aspects, all players must work together on the implementation.

Reply Expertise

With over 30 years of experience in all security related disciplines and more than 600 security experts in Europe, UK and the US, Reply has built a solid approach to applying new and definitive methodologies, technologies and countermeasures to mitigate the risks coming from new emerging technologies, like 5G.

Reply supports medium and large sized international companies in the areas of telecommunications, automotive, finance, insurance and defense. When we talk about the core 5G technologies like SDN, cloud, slicing, API Gateway or the automation and orchestration of services, the same security requirements as for existing proprietary infrastructures have to be considered and applied. The availability, integrity and confidentiality of personal data, corporate information and the security of IT infrastructures are still important issues for companies or 5G providers. In this context, Reply has proven, through various international projects, its capabilities to support and satisfy existing Enterprise-Customers through the design and application of new 5G-related-technologies.