5g -Continued Security Vigilance Needed

5g -Continued Security Vigilance Needed

The improvements 5G enables play around us for very good reasons. As good as 5G is, however, adopters of 5G technology must continue to be vigilant toward security vulnerably–particularly as the first generation of 5G is rolling out.

5G is an amazing evolution in wireless capability. During the 1G and 2G years, we were giddy to cut the phone cord and enjoy our voice calls on the move. As our appetite for mobile computing grew, so did our appetite for mobile data. 3G and 4G evolutions delivered moving data and computing power for our smartphones and applications. Still, even with 4G LTE, we used our mobile internet connectivity at one speed–as fast as we could go. Never mind that our growing and insatiable need for data was choking some parts of our networks while other parts were hardly used. What we now need is a system that matches different applications and uses cases to the best means and connectivity available.

Enter 5G, delivering an optimized pathway specially tailored to each application ranging from autonomous vehicles to telemedicine and swarms of package delivery drones. With updates in frequency bands, faster electronics, software-defined networks, and new security features; 5G delivers 100 times the speed, lower latency, higher reliability, and significantly higher device densities. Soon, your mobile smartphone will be faster than ever, but more importantly, applications traditionally relegated to hardline connectivity can be dependably and securely wireless.

The 5G evolution enables a revolution in wireless capability for applications, and here are a few examples. Today, self-driving cars can make it slowly down the street by themselves, but millions of cars at high-speed need very reliable mobile connectivity to communicate with cars and traffic systems around them. 5G delivers that connectivity. Surgeons can’t be everywhere, particularly in hazardous situations, but telesurgery robots operated by a remote might one day be. This requires very low latency and precise control – 5G is the enabler. Our aircraft become high-speed communications hubs in the sky thanks to the connectivity 5G enables, and thousands of unpiloted aerial vehicles (UAVs) deliver packages in hours or minutes. 5G provides nationwide connectivity for these UAVs.

With each generation of wireless connectivity, we’ve been greeted with new security threats and vulnerabilities. 4G LTE was a major step in the right security direction, but there were still concerning issues. Rogue base stations could intercept calls, jamming could wipe out connectivity for blocks, mobile devices could connect with and attack other mobile devices, digital voice over LTE (VOLTE) was susceptible to intercept, streaming media content providers could be ransomed, and architectured private networks were vulnerable to compromise and denial of service attacks.

Some are surprised that these 4G threats still exist within the first installations of 5G. The initial 5G systems we have today (called 5G Non-Stand Alone, or 5G NSA) use the existing 4G cores that still contain many of these vulnerabilities. Second, 5G enables a private institution or business to construct their own private enterprise network. Security on these private enterprise networks can be optimized to individual companies and application developers - some not as security savvy as national wireless carriers. Finally, 5G enables an exponential growth in the number of connected physical devices list smart cars, industrial production machinery, and our household appliances; not just cell phones or mobile tablets. The number and variety of device and application developers is accordingly growing. While major cell phone manufacturers have thorough security development procedures, small startup businesses often lack the same resources to design, develop, test, and deliver devices and apps with adequate security. Another way to phrase this is that the threat surface of the 5G system grows significantly even though the 5G ecosystem provides greater power to reduce this vulnerability.

5G WILL BE USED IN WAYS WE NEVER IMAGINED BEFORE; HACKERS WILL HAVE NEW OPPORTUNITIES AS WELL. SECURITY IMPROVEMENTS SHOULD NEVER STOP

 Thus, future security efforts must focus on certification, analysis, and testing of the mobile, IOT, and private enterprise applications and device hardware connected to the 5G network. In short, 5G will be used in ways we never imagined before; hackers will have new opportunities as well. Security improvements should never stop.

Solutions for the many of these known 4G vulnerabilities will be available with the emergence of the future ephase of the 5G system, the 5G Stand-Alone system, and we expect these improvements to start rolling out later in 2021. The updated 5G SA systems replace the 4G core used in the 5G NSA systems with a completely rebuilt core, and even more importantly, enable the integration of an entire end-to-end network into a coordinated connectivity and processing system designed to optimize resources for every application.

5G Stand Alone security improvements include better authentication of devices onto the network, so you know you are connecting to the authorized endpoint, jamming and Denial of Service reduction through beamforming antenna’s enhancement to end-to-end encryption, and finally, network slicing to apply appropriate levels of network capability, including security, to different applications. 5G modem manufacturers also provide security software development kits and built-in security applications accessible to app developers to improve security even further.

With all of these improvements, there are still vulnerabilities that must be carefully monitored, analyzed, tested, and assessed. Challenges including how vendors implement 5G security, vulnerabilities of application software, and supply chain vulnerabilities require continual assessment. The Department of Homeland Security and Department of Energy’s Idaho National Laboratory (INL)have initiated programs to develop and implement evaluation techniques and procedures to assess how these applications and private enterprise network systems implement security; and continue the assessment of new, unknown security vulnerabilities in 5G systems.

As part of these efforts, the INL’s Wireless Security Institute hosts periodic conferences bringing together leading

national security experts and researchers to discuss national challenges and potential solutions. At the last conference, experts discussed these vulnerabilities and developed a list of recommendations to help organize 5G security, including:

1. Develop measurable security metrics— Build metrics and models specifically focused on characterizing how to fix impacts security, the cost-benefit of that fix, and whether the fix has unintended consequences.

2. Address security by design through engagement with 5G equipment vendors—

Work with vendors to understand the security features they have devised for 5G systems and how they are implemented.

3. Identify a required set of 5G security procedures—

Develop a minimum set of 5G security standards and a core methodology of how they are applied that guarantees sound system security across multiple vendors and applications.

4. Validate that critical security procedures are implemented and performing to the level required—

Facilitate external, third-party validation that security has been implemented correctly, particularly for high-security applications and federal government purposes.

5. Consider all types of wireless end devices that can introduce security problems to the 5G network—

Understand the significant number and diversity of 5G enabled devices, particularly those considered as part of the Internet of Things (IOT), and evaluate their potential security vulnerabilities.

6. Plan for resilient response and gather and analyze forensic data to develop mitigations in the event of a major 5G system breach—

In the event of a major 5G security breach or a disaster such as a hurricane, develop a plan to reconstitute the network as quickly as possible. This may include developing the capability to reorganize the network using drones or other mobile cellular service devices, so the network is back online within minutes, not days or weeks.

The conference included a wide range of experts and was one of the first times that such a diverse group came together and hashed out the top wireless security concepts to make 5G more secure.

The INL WSI will host the next virtual Security Conference on Nov 17-18, 2020. The conference focuses on Research and Development priorities for secure and resilient 5G devices, UAV operations, and secure spectrum sharing technologies.

About INL’s Wireless Security Institute

INL’s Wireless Security Institute leads and coordinates government, academic, and private industry research efforts fostering more secure and reliable 5G wireless technology. The institute consolidates INL’s experience leading communications-focused cybersecurity research, dynamic spectrum sharing research and development, waveform development, and operating one of the nation’s largest and most diverse open-air wireless broadband communications test ranges.

The institute integrates research, analysis, design, test, and standards recommendations to improve cellular, radio, and satellite communication systems. It supports government agencies, regulatory bodies, and private industry by establishing a collaborative, core partnership of public and private leaders in the wireless security field. Together with partners, the institute helps prioritize the most pressing national security challenges and elevate research efforts.

Weekly Brief

Read Also

Home Automation for the Battlefield

Home Automation for the Battlefield

Brad Grane, Senior Manager, Strategic Development, Ball Aerospace
5g -Continued Security Vigilance Needed

5g -Continued Security Vigilance Needed

Dr. Carl Kutsche, Chief Technologist, Critical Infrastructure Security and Resilience, Idaho National Laboratory
Covid-19 - Driving Changing Attitudes To Digital Asset Management

Covid-19 - Driving Changing Attitudes To Digital Asset Management

Patrick Ryan, Senior Vice President, Engineering and Technology and Joshua Divin, Program Manager, Government Programs, American Bureau of Shipping (ABS)
Taking Off For Success: Driving Digital Innovation In The Aerospace Industry

Taking Off For Success: Driving Digital Innovation In The Aerospace Industry

Mark Hermans, Managing Director, Rachel Sealy, Partner, PwC