5G is being hailed as the next big thing in the telecoms world. It’s seen as the enabler for IoT applications such as autonomous vehicles, healthcare solutions, and robotics – the future in other words, all thanks to its increased data speeds with incredibly low latency. With the number of worldwide 5G connections set to hit 1.4 billion by 2025[i], you can understand why its imminent rollout is also music to the ears of equipment manufacturers. Once fully implemented, the likes of Apple and Samsung will be using the “5G enabled” tagline as a key selling-point to an ever-growing smartphone market.
However, while these handset giants are busy counting their chickens before they’ve hatched with regards to profit margins and increased market share, and service providers are working up a sustainable business model prior to implementation (who is actually going to pay for it is still up for debate) security is being massively overlooked. If the next generation of telecommunications is to become a true success, securing the networks must be a priority.
Attacks can come in many different shapes and sizes; user malware, fraudulent calls, spam, viruses, data and identity theft, and denial of service, to name a few examples. The rise in security threats is partly due to the growing deployment of carrier Wi-Fi access infrastructures and small cells in public areas, offices and homes and will increase exponentially with M2M. Historically, carrier-grade telecom networks have had an excellent record for user and network security; however, today’s communications infrastructure is far more vulnerable than its predecessors. And with advances in security threats constantly evolving, service providers must invest in the right tools to keep on top of the issue.
These increasing security risks are due to the move to the IP-centric LTE architecture. The flatter architecture is what exposed the 4G networks, due to the fact there were fewer steps to the core network, and this will continue to be an issue with 5G networks. Previously, with 3G, the Radio Network Controller (RNC) controlled all access to the base stations meaning that potential hackers couldn’t get close to the core network. However, in LTE, IP backhaul is mandatory but the RNC node is eliminated, giving a potential attacker a straighter path to the core network. Operators recognise that IPsec tunnels will be required at every cell site connected to an insecure network for the purpose of authentication and encryption. In addition, there will be a large increase in RAN and small cells to provide the huge number of connections, giving intruders a greater number of access points to the core network.
To tackle these issues, operators must ensure connections from the device to the core network over S1 and Gb interfaces are fully authenticated. Operators must invest in and revisit the capabilities of their GPRS Tunneling (GTP) and Stream Control Transmission (SCTP) protocols, which will handle the connections into the core network. Authentication can be delivered by the RFC 4895 for the SCTP protocol without compromising performance or network monitoring visibility like IPsec/VPNs do. This can prove vital as networks become subjected to attacks with greater frequency and potentially disastrous outcomes. Alongside a highly reliable SCTP protocol, operators should implement a Datagram Transport Layer Security (DTLS) module. This helps detect and fix real-time connection failures, redundancy and fault tolerance for signaling applications and improved destination and peer path failure.
It’s clear that service providers cannot afford to cut corners when it comes to securing their networks and must look to a solution that will guarantee protection from attacks via a multitude of entry points. If 5G is set to dominate not only the telecommunications industry, but the tech world in general, providers must invest in security solutions to combat the ever-growing issue.
[su_box title=”About Robin Kent” style=”noise” box_color=”#336588″][short_info id=’104741′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.