Changing

Face of

Security

with 5G

5G Architecture

Management

Access Network Core Network

Transport Network

Core Network

Other Operator

Interconnect

NetworkUser

Equipment

Public

Network

User Payload

Control Signalling

Management Traffic

5G Use Cases

● Broadband Experience,

Everywhere, Anytime

● Internet of Things (IoT)

● Smart Vehicles, Transport &

Infrastructure

● Critical Control of Remote

Devices

● Media Everywhere

5G Features

5G technology is driven by 8 specification

requirements:

1. Up to 10Gbps data rate - > 10 to 100x

improvement over 4G and 4.5G networks

2. 1-millisecond latency

3. 1000x bandwidth per unit area

4. Up to 100x number of connected devices

per unit area (compared with 4G LTE)

5. 99.999% availability

6. 100% coverage

7. 90% reduction in network energy usage

8. Up to 10-year battery life for low power

IoT device

Historical Security

● Targeted Protection

○ Initially voice and then data

● Limited Protection needs

○ User: data encryption, basic

identity protection (temporary IDs)

● Relative Stability

○ Threats didn’t change much over

time

● Generally Successful

○ Issues with Cloning /

Masquerading and Crypto issues in

1st and 2nd Generation

○ Zero Config from users point of

view

What’s Different with 5G?

Business & Trust Models

● Not just voice and data, but different

devices e.g. unattended machines,

sensors, smart meters, cars and

architectures (Cloud and IoT)

● Higher bitrate, lower latency and more

devices

● Connecting industries: manufacturing,

health, transport, smart cities…

● 5G has a crucial role in society operation

and security, privacy and resilience will

span beyond technology to regulations

and legal frameworks

Service Delivery Models

● Cloud, Virtualisation and Anything-

as-a-service

○ Reduce costs, deploy and

optimize services more rapidly

○ Increased dependency on secure

software

○ Decoupling of Hardware and

Software means that software can

no longer rely on security

attributes of dedicated hardware

○ Stronger isolation properties are

required

● Telecom Network API’s

Increased Privacy

● Awareness of user privacy due to

events such as:

○ Edward Snowden and NSA

○ Julian Assange and Wikileaks

○ Cambridge Analytica

● Big Data, Machine Learning and AI

push these concerns even further

Evolving Threat Landscape

● 5G as Critical Infrastructure will be

subject to cascading effects

● 5G Security protocols should be

designed for attack resistance

● Phase out of traditional methods

e.g. username/password

● Emphasis on measurable security

assurance and compliance

Potential Targets in 5G Networks

User Equipment

Examples: Smartphones, tablets, Smart

Devices (TV, Fridge, Home)

Why Target?

● Popularity

● Increased Data Transmission

● Large variety of connectivity options

● Mobile Malware

● Mobile Botnets

Access Networks

● Attacks on 4G Infrastructure

○ Attack the packet scheduling

algorithm to steal bandwidth

○ Message insertion leads to DoS attack

against a new arriving UE

● Femtocell attacks

○ Physical tampering with devices

○ Configuration attacks

○ Protocol attacks (MitM during first

access)

○ Attacks on the operators core network

from compromised nodes

○ Attacks on radio resources and

management to increase handovers

Core & External Networks

● DDoS attacks:

○ Signalling amplification

○ Home Subscriber Server saturation

● DDoS attacks targeting external

entities over the mobile operators

core network

● Compromise enterprise networks

Summary

● 5G will support the vision of “everything connected”

● Instead of individual security mechanisms, a systematic approach is needed

● 5G security cannot be “copied” from 4G or older security standards and practices

● There are valid security approaches, but they need to be revisited e.g. trust models, devices,

assurances

● Attacker targets include just about everything: user devices, access and core networks , home

and external networks

● Better synergy between IT, Security and Network Teams. The landscape is changing and so are

the skill sets