“The security of a 5G network relies on operators and vendors”
The rapid evolution of technology has ushered in a new era of mobile communication, and the emergence of 5G is a key lever in this transformation. As we embrace the potential of 5G, it is crucial to compare its security implications with those of its predecessor, 4G. Robin Leblon, CTO of Citymesh, provided insights into the structure of modern telecommunications networks.
A modern telecommunications network consists of four main components, he explained: “The access network includes the cell towers spread across the country. The transport network connects various access networks. The core network operates within data centres and transforms radio signals into mobile cell service. Finally, the interconnect network connects local mobile networks with global mobile operators and public internet services.”
In the past decade, 4G played a pivotal role in shaping our mobile communications landscape. Today, 5G is poised to take centre stage. Alongside general IT infrastructure challenges associated with the shift to 5G, the telecom sector faces critical security threats, including renegotiation attacks that aim to downgrade clients to less-secure 3G or 2G networks. “Moreover, user identity transmission over access networks in 4G and below poses device and identity tracking risks. Additionally, mobile networks’ reliance on a single secret key in the operator’s core network means that, if it is compromised, the entire network and its users are at risk,” Robin warned.
3rd Generation Partnership Project (3GPP)
Many of the 5G security threats have already been identified and addressed in 4G. The 3rd Generation Partnership Project (3GPP) sets the security standards for mobile technology. “The main challenge lies in the implementation by vendors and the proper configuration by operators. In 4G, security measures were often optional and disabled by default, making it difficult to assert that 4G networks were universally secure,” Robin explained.
“The three goals of the 3GPP are the use of mutual authentication, a presumed ‘open’ network, and an acknowledgement that all links could be tapped.”
5G security design goals and improvements
With 3GPP’s zero trust security goals, 5G maintains several similarities with 4G in terms of network security access, but introduces notable improvements. “User plane integrity protection is an enhanced measure to ensure that no interference occurs. 5G moves away from appliance-based architecture towards a more secure setup, utilising standardised protocols and introducing the Security Edge Protection Proxy (SEPP) function. This is what we call network domain security,” said Robin, explaining the first two goals of 3GPP.
The other design goals includes creating an authentication domain that offers greater separation between the network serving a subscriber and their home network, to ensure end-to-end encryption even during roaming. “There is also the genius concept of slicing, which provides a separate security context for specific applications or clients, to offer true isolation on the network.”
Public vs private, 4G vs 5G
While 3GPP standardisation ensures interoperability, network security primarily depends on the operator’s implementation. “Properly realised, 5G can indeed offer superior security compared to 4G. Features such as slicing have the potential to enhance isolation and security, although this concept is still evolving.”
For those considering running sensitive or business-critical applications on public networks, due diligence is essential. “Extensive assessment and collaboration with operators is necessary to ensure that security is executed correctly. The same principles apply to private networks, which can be customised to meet specific enterprise security requirements,” Robin concludes.
As we step into the 5G era, it is imperative to recognise both its opportunities and challenges. 5G introduces improvements and innovations that can enhance network security. Ultimately, the security of a 5G network relies on the diligence of operators and vendors, and it is vital for businesses and organisations to be proactive in ensuring the security of their mobile communications, whether on public or private networks.