5G networks promise to deliver a radically improved performance in terms of greater data throughput, lower latency, and support to a huge number of simultaneous connections. These capabilities will open up new opportunities to use 5G in ways that have not been possible with previous generations of mobile telecommunication technology.
5G makes use of new network architectures that better support the use of cloud-based resources, virtualisation and network slices; resources are optimised to support specific services in a much more granular way than has been possible in the past; and a new radio interface delivers a step-change in capacity and speed. It is expected that the number of different types of applications for 5G networks will be much more than those for 3G and 4G networks. Alongside, the volume and diversity of devices that will connect to 5G networks will be greater too. These two factors will have the effect of broadening the possible “attack surface” for 5G networks, introducing potential new risks. This was recognised early on, and the 5G standards from the Third Generation Partnership Project (3GPP) Release 15 onwards include significant enhancements in the way security is designed for networks at a fundamental level to enhance security in 5G networks. In addition, the mobile community is working closely with suppliers and the likely users of 5G networks on security issues to consider ways in which network features can complement and fully address the broader security context. It is expected that 5G networks will be more secure than previous generations of mobile networks, and robust enough to address any security risk in the connectivity domain.
How 5G delivers security
For network operators
First, 5G involves advanced security approaches right from the start. Release 15 of the 3GPP standards addresses the changing threat landscape with a suite of security technologies. Second, operators have access to the best practice guidance for “network security by design”, using security capabilities such as a demilitarised zone, isolation, and access control management of operations administration and maintenance, among others. Third, robust and secure networks require comprehensive testing throughout the product and network design phase, to ensure that the network elements are meeting the required standards while delivering the performance that 5G promises. Operators need to continually assess the performance of critical network nodes, especially virtualised ones, with the move towards greater use of network function virtualisation (NFV) and multi-access edge computing (MEC) where the network elements are distributed.
Lastly, there has been a huge amount of pan-industry development work – notably on security assurance, led by 3GPP and GSMA, and by the European Telecommunications Standards Institute – for security in software-defined networks and NFV. Adherence to best practices ensures that 5G networks are secure end to end. Vendors (including test and measurement specialists) have worked closely together to develop test cases that not only meet the most stringent national and international cybersecurity requirements but also keep pace with them as they evolve.
5G has the potential to provide major improvements in security at the network level. However, it requires effective implementation within the entire system architecture (including devices and apps).
The 5G network is designed to be secure. Details of the end user’s device are encrypted during communication (data in transit), from the moment the device connects to the 5G network, irrespective of the access method used. Security while roaming on other networks has also been enhanced significantly in 5G. Hence, operators can use their 5G networks to provide higher levels of security within the network, to protect users’ data and applications. Device manufacturers too are striving to make their products more secure than ever before.
Features such as the Unified Authentication Framework and Extensible Authentication Protocol provide reassurance that should an application need additional authentication, for instance to support financial transactions, or the transmission of very sensitive user data such as medical records, this can be readily accommodated within the network. The mobile ecosystem has worked closely with multiple vertical sectors to ensure that both the 5G network and its use to support specific business services and applications are appropriately secure. This work includes building in more efficient device security– including trusted execution environments, secure firmware in 5G modules, and lightweight encryption algorithms through 5G network security features including support for private network slices, to a whole-system approach to deployment, security testing and operation of 5G applications. Operators’ MEC resources can also be used by enterprises to build their own security solutions. However, careful implementation of applications that make use of 5G networks is important to ensure end-to-end security.
Since 5G is the infrastructure of various vertical industry applications, its scope of security and safety extends much beyond network layer security. 5G security needs the involvement of multiple stakeholders, including regulators to provide guidelines and standards that support vertical industry applications. A great deal of work is being done in this area. s
Based on Global Mobile Suppliers Association’s (GSA) white paper, “5G Security Primer”