If not thoughtfully and thoroughly implemented, 5G security can be a mixed bag. On the one hand, 5G has new features designed to enhance security, such as stronger encryption algorithms and better user authentication. At the same time, 5G networks face several security challenges, including new attack vectors and a larger attack surface.
This article briefly reviews the increased challenges associated with 5G and securing edge connectivity for the Internet of Things (IoT), then presents several tools for dealing with those challenges.
5G software-defined network (SDN) controllers are tempting targets. Successful attackers can manipulate network traffic flow, potentially leading to unauthorized access, data breaches, denial-of-service attacks, and disruption of network functionality.
Network functions virtualization (NFV) components can be another attractive target. NFV vulnerabilities can include weak passwords, insecure application programming interfaces (APIs), a lack of network segmentation, the potential for malware to spread due to virtualization, possibly leading to attacks on the SDN controller, and a lack of isolation between virtualized network functions.
5G networks are inherently distributed, with many small cells and edge nodes, increasing the number of points subject to attack and the attack surface. In addition, these networks can be attacked from the enterprise network or the telecom network side, multiplying the size of the attack surface (Figure 1).
Figure 1. 5G networks and devices are vulnerable to multiple attack vectors. (Image: Ericsson)
5G technology security features
Edge devices on a 5G network can perform more localized processing of sensitive data. That reduces the amount of data that needs to be transmitted back to a centralized server, keeping the data in a more secure environment. When it’s necessary to transmit data, 5G technology includes several features to enhance security. Examples include:
- Stronger encryption algorithms, such as 256-bit cryptography, to protect data.
- Authentication and Key Agreement protocol to verify the identity of users, devices, and network elements.
- Zero-trust security principles are built into the network.
- Network slicing enables different network segments to have individually optimized security control.
5G network security structure
5G network security begins by mutually authenticating the user equipment (UE) and base station (gNB), as shown in Figure 2. Security on the serving network, or the roaming network for mobile devices, is based on a layered approach. The center security anchor function provides the most secure environment that can only be accessed through multiple identification and authentication processes. It starts with the universal subscriber identity module (USIM) — a tamper-proof trust anchor securely storing the authentication credentials — computing the cryptographic keys, storing the public key, and other security data.
Figure 2. 5G network security provides a layered approach using multiple identification and authentication functions, extending from the UE to the serving network, through the IP network, and cloud to the home network. (Image: Verizon)
A new network element, the security edge protection proxy (SEPP), was added in 5G to protect the home network. SEPP functions as the security gateway between the serving and home networks through the IP network and the cloud. The SEPP performs several functions like:
- Providing application layer security and protection from eavesdropping and other attacks.
- Providing end-to-end authentication and protection using signatures and encryption.
- Supporting key management to set the cryptographic keys and perform the secure negotiation functions.
- Validation of JavaScript Object Notation (JSON) objects used as a lightweight format for storing and transporting data.
- Several miscellaneous functions also include filtering out suspicious messages, controlling traffic flow, concealing the internal network structure, and hiding sensitive information, such as network element addresses.
Summary
The inherent complexity of 5G networks makes them more vulnerable to cybersecurity threats, and the networks’ size gives them a larger attack surface. Fortunately, 5G was designed with numerous technology tools and structural features that support high levels of security. 5G can be a powerful and secure tool for connecting edge devices in the IoT.
References
Deciphering the evolving threat landscape: security in a 5G world, Ericsson
First principles for securing 5G, Verizon
How 5G is enabling resilient communication for the connected, intelligent edge Qualcomm
How 5G Technology Affects Cybersecurity: Looking to the Future, UpGuard
The Impact of 5G on Network Security and IoT, C Solutions IT
Related WTWH links
How Open RAN provides a secure wireless network
What to expect from 5G-Advanced
IoT devices in private 5G networks bring new verification tests
Wi-Fi 7 and 5G for FWA need testing
How can AI help maximize energy efficiency in 5G systems?