Imaginative visual of smart digital city with globalization abstract graphic showing 5G cybersecurity issues

5G and Cybersecurity – A Realistic Path Forward

5G Technolgy has been increasing in popularity among the telecom companies creating it and organizations that consume wireless networks. The reasons for this are not trivial.

It is expected that in 2022, the total data traffic across mobile networks will reach 77 exabytes per month (that is 1 million terabytes of internet traffic every month). Only 5G with its mmWave technology will be able to deal with that massive traffic burden.

5G also brings faster speeds (approximately 20x faster than 4G), more bandwidth, higher device density (approximately 1 million devices per square kilometer)

Seeing these benefits, it is understandable why many companies have made large investments into either the production or consumption of 5G technologies.

Some industries that will derive immediate benefits are:

Automotive:

The automotive industry can take advantage of 5G by using Vehicle-To-Everything (V2X) technology. V2X is a technology that allows vehicles to communicate with one another (V2V), with infrastructure (V2I), or the network itself (V2N).

Some information that is exchanged includes vehicle speed, road congestion data, accident location, etc. These messages can also be communicated to infrastructure like smart traffic signs which dynamically adapt based on the current condition of the roads.

Satellite communications:

Satellite communications are usually targeted towards use cases where it would be too costly to deploy infrastructure at the target location. For example in low population areas, or places with harsh terrains like mountains, etc.

Current satellite networking has some drawbacks. It is more costly to set up and maintain for users. It also has less fidelity than the traditional cable internet or broadband.

The integration of 5G with satellite technology (such as High Throughput Satellites) will help mitigate the problems of low fidelity with satellite-based networks.

Cybersecurity issues

Many cybersecurity issues are affecting 5G but in this section, we will be focusing on the 3 most severe ones.

Latency:

A lot of Machine Type Communication (MTC), Internet of Things (IoT) communication, and Vehicle to Everything (V2X) communication will need to occur in environments with very low latency (< 1millisecond).

In addition, these environments will need to be extremely reliable and available. However current 5G networks are vulnerable to many internet-based threats that target access nodes such as low-powered access nodes and LTE nodes.

One example attack is a Denial of Service (DoS). Under normal circumstances, the goal of a DoS attack is to completely render a system unusable. However, when sub-millisecond latency must be maintained then the bar for a successful attack is lowered. This allows sorts of bad actors with little resources the ability to launch crippling network attacks.

Passive eavesdropping:

The number of devices per network is increasing quickly. In addition, there are many different types of devices in each network.

This has created a situation where open access supplementary networks like Wireless Local Area Networks (WLANs) are preferred by network operators due to their capacity requirements.

However, the data transmitted within these WLANs are susceptible to eavesdropping attacks as well as unauthorized users being able to gain access.

One way hackers can eavesdrop is by taking advantage of the simplicity of low power access points. This is because such access points do not have the fast and reliable authentication handover mechanisms needed for 5G networks.

An extension to this attack is when an attacker can track a particular user across networks. This works because, in the current 5G networks, the user’s device provides its International Mobile Subscriber Identity (IMSI) over the air and in an unencrypted form during the initial connection process. An attacker can then listen in the network for these IMSIs.

User impersonation:

Although this is an extension of the Eavesdropping attack, its effects can be more damaging. In passive eavesdropping, the attacker simply consumes information meant for another user.

However, the attacker can impersonate the user and send malicious messages or actions. This allows the attacker to gain even more control over the situation as they can use their false credentials to initiate more attacks. Depending on the length of the access keys, the attacker’s impersonation could last for a very long time.

Solutions

Now that we have discussed some pressing issues with 5G cybersecurity, let’s discuss potential and practical solutions to those problems.

Network slicing:

This is when you create multiple virtual independent logical networks over the same physical infrastructure.

This method should be used because it allows 5G operators to individually manage and configure each network slice. Sometimes, the physical network operator can lease these slices to various Mobile Virtual Network Operators (MVNOs).

This adds even more flexibility as the MVNOs can cater directly to their client’s needs with their focused expertise.

This helps because different entities, although sharing the same physical infrastructure, have different needs. These needs include but are not limited to bandwidth, latency, privacy, Quality of Service, etc.

In an actual implementation, 5G and network slice operators can use technologies like Software Defined Networks (SDN) and Network Function Virtualization (NFV) to allow network programmability. Which allows physical networks the flexibility needed to create multiple virtual networks sharing the same physical infrastructure.

Physical layer security:

The main principle behind this is to use the inherent randomness of the noise within the communication medium to restrict the amount of information that an attacker can decipher.

Many sample Physical Layer Security implementations have been proposed, such as Orthogonal Frequency Division Multiplexing (OFDM). However, we are not going to discuss this here as it is extremely technical.

The main takeaway from this is it has the potential to be used to protect network users from eavesdropping attacks.

Temporary identification:

When roaming between trusted and untrusted networks, rather than a user sharing their IMSI (which as we discussed before could enable tracking) they disclose a temporary identity to non-trusted networks.

An example implementation could be the temporary identity being generated in the trusted network and then it is shared by the user’s device while inside the untrusted network.

Methods based on the Extensible Authentication Protocol (EAP) are being implemented in the current 5G networks. Again we will not be going into the EAP as it is very technical and out of scope.

However, this method could solve the problem of user tracking while roaming across networks.

Conclusion

5G is here and is going to revolutionize the connected world. However, some cybersecurity considerations must take into account before it will be able to live up to the lofty expectations placed on it.

Sources
  • J. Nakazato, M. Nakamura, Y. Tao, G. K. Tran, and K. Sakaguchi, “Benefits of MEC in 5G Cellular Networks from Telecom Operator’s View Points,” 2019 IEEE Global Communications Conference (GLOBECOM), 2019, pp. 1-7, doi: 10.1109/GLOBECOM38437.2019.9013346.
  • I. Šeremet and S. Čaušević, “Benefits of using 5G Network Slicing to implement Vehicle-to-Everything (V2X) technology,” 2019 18th International Symposium INFOTEH-JAHORINA (INFOTEH), 2019, pp. 1-6, doi: 10.1109/INFOTEH.2019.8717780.
  • H. Khalili et al., “Benefits and Challenges of Software Defined Satellite-5G Communication,” 2019 15th Annual Conference on Wireless On-demand Network Systems and Services (WONS), 2019, pp. 1-4, doi: 10.23919/WONS.2019.8795462.
  • Ahmad, Ijaz & Shahabuddin, Shahriar & Kumar, Tanesh & Okwuibe, Jude & Gurtov, Andrei & Ylianttila, Mika. (2019). Security for 5G and Beyond. IEEE Communications Surveys & Tutorials. PP. 10.1109/COMST.2019.2916180.