Organizations and consumers alike are eagerly anticipating the arrival of 5G, the latest generation of cellular mobile communications. But perhaps IT and security executives need to be thinking about the potential security implications.
This latest iteration of communications technology is designed to provide benefits such as increased performance made possible by much higher data rates than offered by previous cellular networks. The latest networks will achieve the higher data rates by using higher frequency radio waves than previous cellular networks.
Other possible benefits of 5G include reduced latency, energy savings, cost reduction, higher system capacity, and massive device connectivity—an important consideration for the growing Internet of Things (IoT).
In addition to IoT, the high data rates and low latency of 5G are expected to support newer applications such as virtual reality (VR) and augmented (AR), as well as accommodate the huge amount of data consumption needed for autonomous vehicles to operate safely.
The first phase of 5G specifications is scheduled for completion by April 2019 to accommodate early commercial deployment. The second phase is due to be completed by April 2020.
Research firm International Data Corp. (IDC) in November 2018 forecast that worldwide 5G network infrastructure revenue will reach $26 billion in 2022 as network build-outs progress and 5G-enabled solutions gain traction.
With the first instances of 5G services having rolled out in the fourth quarter of 2018, this year is set to be a “seminal year” in the mobile industry, the firm said.
That being the case, it’s a good idea for organizations to be prepared for any data security issues related to 5G. One 2018 study, by a team from ETH Zurich, the University of Lorraine/INRIA, and the University of Dundee, described some of the concerns with the next generation of mobile communication.
The researchers subjected the 5G mobile communication standard to a comprehensive security analysis. And while they concluded that data protection is improved in comparison with the previous standards 3G and 4G, security gaps are still present.
With the aid of a security protocol verification tool designed for analyzing cryptographic protocols, the researchers systematically examined the 5G Authentication and Key Agreement (AKA) security protocol, taking the specified security aims into account.
The tool automatically identifies the minimum-security assumptions needed in order to achieve the security objectives set by the 3rd Generation Partnership Project (3GPP), a collaboration between groups of telecommunications standards associations.
The analysis showed that the standard is not sufficient to achieve all the critical security aims of the 5G AKA protocol.
The researchers also determined that the protocol permits certain types of traceability attacks, in which a mobile phone does not send the user’s full identity to the tracking device but still indicates the phone’s presence in the immediate vicinity.
They assume that more sophisticated tracking devices could also be dangerous for 5G users in the future. If the new mobile communication technology is introduced with these specifications, the team said, it might lead to numerous cyber security attacks. The team is in contact with 3GPP to jointly implement improvements in the 5G AKA protocol that would address remaining security concerns.
A recent posting on SDxCentral, a security news site, examined some of the top 5G-related security challenges, threats, and vulnerabilities. These include the threat of automotive cyber attacks as autonomous vehicles become more widespread; medical identity theft following new health industry applications; and unauthorized access to IoT devices.
New cloud and virtualization technologies such as software-defined networking (SDN) and network functions virtualization (NFV) are gaining ground in anticipation of 5G networks, the post said, but they also come with new security concerns. Because of their open, flexible programmable nature, SDN and NFV can be insecure technologies isolation. The security of 5G network infrastructure must evolve along with the standard.
SDxCentral, citing advice from networking company Cisco, mentions a number of security protections organizations should focus on. One is to minimize the basic issues that account for most security incidents, by using firewalls to protect networks, access controls to minimize user-based risk, and intrusion detection and prevention tools to block basic 5G security threats.
Another is to stop advanced malware, going beyond signature-based tools to spot the attacks designed to evade basic filters. Behavior-based checks on endpoints, possibly using sandboxing, are important. And once a threat is detected, organizations need to be able to remove all instances of it on the network.
Other suggestions are to use packet capture, big data, and machine learning to identify threats that aren’t detected by basic filters. When embedded into network switches and routers, these technologies far more effective because they turn the devices into 5G security sensors.