5G Security, Part I: Foundational Security Capabilities
IEEE Future Networks Podcasts with the Experts
An IEEE Future Directions Digital Studios Production
5G Security, Part 1: Foundational Security Capabilities
The digital transformation brought about by 5G is redefining current models of end-to-end (E2E) connectivity and service reliability to include security-by-design principles. These principles are necessary to enable 5G to achieve its promise. Achieving 5G trustworthiness necessitates the importance of embedding security capabilities from the very beginning while 5G architecture is being defined and standardized. Security requirements need to overlay and permeate through the physical, network, and application systems layers of 5G, as well as different parts of an E2E 5G architecture, including a risk management framework that takes into account the evolving security threats landscape. The Security Working Group within the International Network Generations Roadmap follows a taxonomic structure, differentiation 5G functional pillars and corresponding cybersecurity risks.
Subject Matter Experts
Co-chair, Security Working Group, International Network Generations Roadmap.
Co-chair, IEEE Future Networks Initiative
Senior Scientist, Johns Hopkins University Applied Physics Lab.
Co-chair, Security Working Group, International Network Generations Roadmap
Industrial and IoT Security Specialist in Cybersecurity & Privacy, PwC Canada
With Brian Walker of IEEE Future Directions Digital Studio
Brian Walker: Can you tell us about 5G Security and why this generation presents a unique set of risks?
Ashutosh Dutta: 5G is different than previous generations in many ways. The previous generations can be categorized as 1G, 2G, 3G and 4G. Previous generations of network, they mostly focused on bandwidth-intensive application. On the other hand, 5G networks not only focus on high-bandwidth type applications, but also focus on massive sensing and ultra-low-latency type applications. So, in order to support that, there is a need to design into an architecture, a network that's flexible, adaptive, and scalable enough to react to the changes in the network quite rapidly and efficiently. And thus, 5G has adopted many new technologies in various parts of the network. That includes changes in the radio access network, such as new radio, MIMO, millimeter-wave in the core network, separation of user plane, control plane, service plus architecture, densification of cells, entities like edge-cloud, software-defined networking, network slicing, device-to-device communication, and IoT, etc. So, security requirements for 5G do need to overlay and permeate through different layers of 5G systems, including physical, network, and application, as well as different parts of end-to-end 5G architecture. And that will also include the risk management framework, and take into account the evolving security threat landscape. So, while the enablers bring various benefits and features, they also increase the threat landscape due to the introduction of these new enablers or technologies. For example, the additional SDN/NVF components and network functions, they increase that threat attack surface, and expose the end-to-end system to additional cyber threats. Some of the security risk that are pertaining to 5G may include network slicing threats, such as denial of service to other slices, or sites and other attacks at core slices. And we find, for example, when a certain slice is dedicated to a specific critical set of applications, such as emergency applications. So, all-in-all, the 5G network, although it includes a lot of features and adds some enablers, it also increases the threat landscape by posing unique sets of risks.
Eman Hammad: Just one thing on the last point you mentioned, when 5G evolved to carry more of the critical and more of the cyber physical applications and use cases, such as smart cities, transportation, energy systems, these kind of risks that might hinder the infrastructure will have a serious impact on where 5G is trying to enable the applications, specifically for such use cases. So, we're looking at a very different landscape, because of all the pieces that build the 5G system.
Brian Walker: What are the additional security pillars in 5G ecosystems?
Ashutosh Dutta: When you look at the 5G ecosystem, basically looking at end-to-end, you have a device, you have a radio access network, you have edge-cloud, you have the core network, and you also have applications. And if I look into the different pillars, from an end-to-end perspective, these pillars enable 5G features, right? But at the same time, we're also looking into the risks that are associated with pillars, and I can just name a few. To start with cloud-RAN security, SDN controller security, proactive security analytics, virtualization security or hypervisor container security, orchestration security, network slicing security, Open Source Security, security function virtualization, and faster authentication. So, these are some of the additional components where we have to look mainly at what are the additional risks, those are provided by adding these new 5G enablers. For example, if you have an SDN controller that gives you the programmability and flexibility, adaptability on the network, but at the same time, there are additional risks on the SDN controller. If the SDN controller is under attack, or this configuration gets changed, or somebody hacks into the SDN controller through a northbound API or southbound API, the whole programmable part becomes completely contaminated. So, instead of stopping bad traffic, it's going to allow the bad traffic to go through. Similarly, if you have orchestration security, if you do not have enough security on the orchestrator that allows to instantiate new network function, VNF, the Virtual Network Functions, one can just highjack the orchestration procedure and instead of orchestrating a specific VNF, it may orchestrate a wrong VNF in a wrong place. And that itself is pretty bad in terms of reliable operation. Similarly, for the hypervisor virtualization security, if a hypervisor is under attack or gets compromised then the VNF, the Virtual Network Function, from one tenant may be able to attack another tenant by compromising the reliable operation. So, these are some of the pillars. So, when we design an end-to-end 5G network, we need to look into, and make sure we have proper security requirements and mitigation techniques, which are available and designed from the very get-go.
Brian Walker: Where are these risks focused? Are they mainly at the consumer level? Or at the enterprise level as well?
Ashutosh Dutta: So, different security risks that are uniquely related to 5G are both on the consumer level and as well as the enterprise level. I'll just give you an example, because 5G's currently positioned to enable connectivity across many verticals. So, the security risk will be largely determined by the types of use cases for these verticals or the types of applications that are supported by these verticals, right? And these verticals could be transportation, first responder networks, smart city, tactical networks, auto industry, and automation. And the applications they support may have different key performance indicators. For example, they may need a different kind of bandwidth, different kind of latency, or different kind of system control. So, based on these KPIs we need to design our 5G network and, for each of these KPIs, we have to enable those components like edge-Cloud or SDN / NFV that may need proper security measures to be in place.
Eman Hammad: Maybe one point to add into this is, it's helpful always to look at the reference architecture for 5G. So, after the edge we're looking into the end-users, devices, and systems. Systems that are enabled by 5G. And then after that demarcation point, we're looking at the main core networks and the connectivity to the Cloud. Now, as to end-user level, we might be even dealing on that level with enterprise and end-users as well. So, that speaks volumes to the complexity of 5G, and how the risks are propagated through even some architecture demarcation points, making it much more challenging to enforce cybersecurity functions, and require much more creativity and critical thinking when imposing security solutions. For example, one example is in one survey - most of the respondents from IP providers and telecom carriers - responded saying that they are looking at Zero Trust models to enable security in 5G. And Zero Trust models require really robust, scalable certificate management on all end devices and subcomponents of the 5G architecture, within the endpoint ecosystem, and within the 5G core system. So, this is one of the solutions that can actually mitigate risks from end-to-end on the 5G platform, some types of risks.
Brian Walker: And how do you anticipate security risks in mitigation with 5G evolving over time?
Eman Hammad: So, within any security framework, when you look at the complex system, and you look at a system that incorporates, as Ashutosh mentioned, many building blocks as well. The designers of the system have to incorporate from the very beginning an approach to assess the threats that are evolving with time, and assess the impact of such threats as they are actually happening. And this is usually formalized through a risk management framework. So, we believe that this is conducive for a 5G network to perform these realistic risk assessments on some of the scenarios and people should pay attention to the scenarios that are relevant to the use cases. For example, when you're really looking at risks of the type of electromagnetic interference, this has always been there, but with 5G and the different use cases for 5G, this takes a new shape and form. Also, risks related to resources exhaustion, and this is relevant to SDN, virtual function, cloud resources, slicing. So, any of these modular blocks that shape a service, if they are targeted within the control platform, or from a user via a massive IoT risk request or something of that sort, this will cause a resource exhaustion that will impact the reliability of the 5G as a whole system, or a major component of 5G. So, a risk management platform will say, "Okay, these are the risks that are currently happening. Let's assess for some of the use cases: what are the impacts, and based on that, let's look at existing security controls that are implemented, and what's missing? What are the gaps, and what's the priority to mitigate the high risks within that timeframe?" And adopting that methodology will help us as the threats continue to evolve. Because threats are just a point in time, and your security measures are a point in time. Now, a basic evolution or innovation that will help with 5G is incorporating that risk assessment into security automation. Meaning, if by some innovations and research, we can formalize an indicator of risk saying, "Okay, based on the latest threat intelligence, we know this is happening outside-- in the environment, in the ecosystem, then can we automate part of the provisioning of security functions to proactively protect certain parts of the network in anticipation of this threat vector?" So, this is where automation ties into risk management. This is not yet the case, but we expect this to be more prevalent in future systems to enable us to mitigate evolving cyber threats.
Ashutosh Dutta: I'd like to add a few things. I'll just take a specific use case. And we have a case here in which 5G is evolving over time. So, today we have 5G, 5G beyond, maybe it'll go 6G. There is one specific example I'd like to give, which is Open Source. As 5G and beyond evolve we are going to be relying maybe more on Open Source type solutions and while Open Source gives us a lot of modularity and acceleration to deploy, it also has potential risks, so that is something we all need to keep in mind. What are the potential risks associated with Open Source? And the second thing, Eman, you talked about automation, which is very important. How quickly you detect if there is an attack happening and how quickly do you mitigate that? This closed-loop automation, to a large extent, depends on the traffic variance, the service variance, which type of application, and they call it control variance. Where exactly do you want to put this closed-loop automation? Whether it should be in the edge, or should be in the core, or deep down in the application layer. So, to a large extent, that will determine how quickly we can detect and mitigate. And over time, I'd like to add that some of the AI and machine learning techniques could be applicable to determine the attack before the attack actually happens. And Eman, I think you talked about Zero Trust, right, how we can deploy those techniques to prevent the attack altogether.
Eman Hammad: Yeah, excellent point, Ashutosh. Just a follow-up, even when we look at automation that is enabled by A.I. and machine learning, as we have discussed many times, how to monitor A.I. and machine learning to establish the trust in the algorithm and to ensure that it continues to perform consistently with what has been designed, the design goals for the algorithms, right?
Brian Walker: What potential solutions might be developed to make 5G reliably secure?
Eman Hammad: So, when we look at the solutions that will enable 5G to catch up, to continuously be ahead of the game in cybersecurity and be able to deliver to its promise of being reliable and resilient. Some of the main trends are already being seen now, but they need to be evolved over time and innovated over time. One of the building blocks is encryption and certificate management. And one of the subtleties in that is that quantum computing threatens current encryption algorithms and certificate infrastructure. So, to be robust, future robust, or future proof, we have to start right now looking into PKI infrastructure, public key infrastructure to enable the Zero Trust models with quantum-safe algorithms and encryption. That's one of the approaches. The other approach, we are looking now into Zero Trust. But as Zero Trust will require a massive scale of public key infrastructure and certificate management. We have started seeing trust platforms such as blockchain. Blockchain enables you within that certificate management to say, "This endpoint is trusted to actually connect to the network, or this antenna, or this base station is not a rogue space station. It's an authentic part of the network." So, similar solutions to establish trust, whether it's blockchain or something similar, that's scalable and reliable when it adds to reliability of the 5G network. Other solutions to take into account are the use cases for low latency. And the challenge comes from, let's imagine together use case for transportation or power systems. Within, if we are looking at 5G enabling these low latency use cases, then the delay that is incorporated by security functions going back through to the core, going to the core and back, this might not be acceptable within that key performance indicator for such use cases. So, we'll say, "Okay, at the edge, how can I enable these use cases within the low latency requirements with security guarantees?" And this will require innovations into light authentication or fast authentication. And this is beginning to be investigated in the academia and industry as well to enable these use cases. So, as mentioned so far, trust platforms, safe quantum algorithms or encryption, and low latency light authentication, for example. These are three examples of gaps that are existing in security controls right now that need more investment to establish reliable and robust security controls. In addition, one other point that we have to address as well is A.I. and machine learning. We know that the complexity of 5G will require orchestration and optimization that can only be handled by the likes of machine learning and A.I. And this will become more prevalent as we go to 5G-and-beyond networks. Now it’s necessary to establish some monitoring of these algorithms as they function, especially if they are to orchestrate security functions.
Ashutosh Dutta: The dynamic service churning, or security as a service is an important piece, and that can be enabled by having a closed-loop that we talked about. Something that detects. That means you need to have a solid platform for security monitoring that means the ability to monitor the user plane, control plane and data plane signaling. At the same time, having analytics that can provide analytics to an orchestrated platform like ONAP (Open Network Automation Platform), and then having an interface from your orchestration platform to a software-defined network controller, like ODL (Open Day Light) or ONOS. And finally having some enforcement point on the DDOS (Distributed Denial of Service) or IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) type functionality that interfaces with this SDN controller. So, that will allow one to detect any attack that's coming up, either at your Cloud-RAN or in the core, or in the application layer. And how quickly you can send it to orchestration. So, what is going to happen is you recover and resolve at the same time. So, while you're detecting the attack, who is attacking it, and the details of the attack, and trying to mitigate, at the same time you are recovering the network resources by having the ability to dynamically scale up the network. So, in that situation, in the case of a denial-of-service attack, you can still sustain the attack and any kind of priority services there will still continue to be provided while you figure out who is attacking it, and finally mitigate that, and then scale down the network. So, I believe this kind of security-as-a-service with the help of dynamic servicing will be very, very essential.
Eman Hammad: It speaks to the opportunities that are provided by 5G for isolation, proper mitigation, and forensics afterwards. I thought maybe we should add something on the application layer for our security capabilities, because that will enable 5G to continue to operate. Because as you know 5G extends from the physical layer to application layer. One of the use cases for security is around 5G fraud. And we haven't touched on that previously. But within 5G fraud, with 5G, with all the pieces that tie into it has enabled—has better-enabled providers and carriers better control over fraud within the subsystem and within the use cases.
Brian Walker: As threat vectors targeting 5G evolve, what would be the best approach to ensure reliable system operation?
Ashutosh Dutta: That means we need to have a closed connection between the KPIs that you discussed, for any specific type of application, and then how do we adapt your network accordingly to make sure your KPIs are properly attained. The other thing I was thinking is, they call it defense-in-depth. That means you have to design your network, and from the very get-go, you need to keep all the security threats and potential security risks in mind, and design your network accordingly. It is not like you wake up and figure out, "Well, this is a security risk, and I got to re-design my network." So, we have to keep in mind potential threat vectors, and do an end-to-end analysis. When I say that, you open up your network, open your network interface, look at all the components that comprise your network, and try to do a thorough analysis, we call it threat taxonomy, of each of the components, each interface, and what types of attacks could happen. If you design that ahead of time, then you can think about the mitigation techniques, and potential risks mentioned earlier, to have the mitigation technique that can be applied. If you do not have a security control, you make sure you put the proper security control in place. It has to be like an iterative process.
Eman Hammad: Yeah, yes, exactly. And that's what a risk management framework does. But I like the point, Ashutosh, where you mentioned the system is a not a point in time. The system design is not a point in time. So 5G is an evolving, living system, and I don't think that's an overstatement, because the orchestration, the automation, the optimization, the dynamic allocation of resources between the user and the control plane, the different -- how you can actually shape, and it was based on the changing KPIs, based on the changing attacks, based on the current state of system security or system service levels, required service levels, attest to the requirement for operators, security analysts that are working on the system, and automation like what are device levels of automation to make that feasible. It goes back into, yes, you have to have a very deep understanding of the system, the services, the APIs, the system calls between the APIs and what components work, how. And even in the design of network slicing for proper isolation, so that you have a reliability metric of the system because of the Security by Design that you have done at the very beginning that you will continue to do over time. And use cases change as the threat landscape changes, and as your load, or your requirements change.
Brian Walker: What are the inherent security opportunities resulting from 5G enablers?
Ashutosh Dutta: So, first of all, I'd like to make it clear when you say security opportunities, this means when we add or move to a new type of network, or new enablers, that provides us some opportunity and reduces the CAPEX or OPEX and helps smooth operation of the network, etcetera. But we already discussed some of the security issues associated with those enablers. What I'm talking about here is there are some security implications that could be minimized by having the enablers. So, there are two things. One is by introducing the enablers that are security issues that need to be taken care of. And this question we're talking about, the security opportunities that will be provided by these enablers, which are otherwise not available in previous generation of networks. I'll give you a few examples here. The first example is by having a 5G network, and 5G technology, inherently gives the resiliency support and flexibility support. So, I'll just take the example of network function virtualization, - NFV / SDN - these are the enablers of 5G. When they were not there, if there was an attack taking place, a denial-of-service attack, and, at that time it was taking a long time to detect, a long time to re-provision the network, or dynamically provision the network, but with 5G technology, this specific issue is taken care of because NFV and SDN, by default inherently provide this resiliency of the network by scaling up and scaling down the network on demand. So, the effect of a denial-of-service attack is minimized by having this resiliency. At the same time, if there is attack taking place, how quickly can we detect and mitigate that? By having an SDN controller in this closed loop function, it has the ability to dynamically service chain the DDOS, IDS and IPS functionalities and block this malicious traffic from going to any customer's premises. So, that is an opportunity, the programmability and flexibility. The third one I wanted to talk about is slicing. Network slicing is another enabler. So, network slicing itself provides the ability to assign resources to priority applications. You know, let's say an IoT application, first responder application, automotive application, they all get resources reserved from end-to-end. So, this is an opportunity, right? Well, at the same time we discussed earlier, slicing itself also gives rise to some security issues that needed to be taken care of. So, we are just highlighting some of the opportunities, security opportunities, those are provided, because if there is no slicing, the priority services’ quality of service is not properly maintained, and you cannot separate one application from another application, right? If the first responder wants to send a high quality of service, audio and video, that can be made possible by the use of slices. But, at the same time, virtualization is another opportunity where you can segment your computing resources and provide one type of application to one VNF or tenants, another type of application, another VNF with tenant, right? So, these are some of the high level security related opportunities that we can obtain from 5G type technology.
Eman Hammad: I just want to follow up by saying these capabilities of 5G, the enablers of 5G do provide some inherent characteristics that are like intuitive to expand our security and controls. Even provide security controls that were not available in other systems, such as slicing. What I wanted to add is to make sure that we reap the benefits of these inherent characteristics, we need to actually implement additional security controls and properly design the system with this thinking in mind. Meaning, for example, when we design the slicing, we have proper isolation of the slices, and some cap on resources for critical slices, for example. Critical services are assigned slices to make sure that if something happens to the resources, these slices continue to survive. This takes us to talk about other types of opportunities that come from 5G, and I guess I hinted at that when we said, "properly designed with security in mind." So, this requires investment in the security of 5G. And a continuous improvement of the security, but this could give us several folds of benefits. One benefit is to enable our system being resilient, flexible, reliable, as Ashutosh mentioned. The other thing is it enables the providers and carriers to extend their business into new elements. And I'll mention one example. We hear more about security-as-a-service. If a service provider or a carrier implements the proper security controls up to the edge, with monitoring, with some forensics and incident response, then that service provider can actually offer security-as-a-service for its clients, including enterprise clients, and different use cases such as certain transportation providers or a smart city.
Ashutosh Dutta: I’d also like to add one more thing I forgot to discuss, which is very, very important. As the operators are trying to get into 5G, they're building this eMBB (enhanced Mobile Broad Band) type network, one of the components is Cloud-RAN, and separation of user plane and control plane, right? So, by having Cloud-RAN or Open RAN type networks, you are separating your BBU (Base Band Unit)and RRH (Remote Radio Head) functionality, so thereby you are also dynamically adding RAN functionality, RAN functions in the networks in case of lots of IoT type devices, millions of IoT devices trying to get connected. You can easily scale up your RAN functionality on the BBU side in the Cloud right? And the security monitoring mitigation technique can be easily ported in Cloud-RAN, thereby, you can detect the type of attacks early enough, so your core network is not really affected, so that is another opportunity as well.
Brian Walker: Where can people learn more about 5G security?
Ashutosh Dutta: Eman and I are the Security Working Group Co-Chairs, that's one of the Roadmap Working Groups for the IEEE Future Networks International Network Generation Roadmap, we call it INGR. There are 15 roadmap working groups, and Security is one of them. If you visit the website, futurenetworks.ieee.org/roadmap, you will get to know more details. We have already published the first edition of the INGR Roadmap. You should be able to find out on the website some of the things Eman and I spoke about today, but it goes into details of three-years, five-years, and ten-years, what the security landscape is going to look like. How's it going to be useful for 5G-and-beyond, 6G or 7G. So, that's a good source you can take a look. In addition, we also have bi-weekly meetings, you're welcome to join this group, contribute. We have started working on the second generation of the Roadmap. At the same time, there are lots of opportunities like podcasts like we are doing today, webinars, research articles and testbeds, etcetera.
Eman Hammad: I want to add just one thing, which is that being involved with this initiative within IEEE enables you to kind of get more visibility into what's happening in parallel with the different initiatives and efforts, as well as help shape, if we feel, for example, there is a need or a serious gap in security in a certain area that we anticipate to be prevalent in five to ten years, we can point into that, and we can actually work on making special editions, special journals, special conferences, symposiums that will provide an incentive for people to pay attention to these gaps. So, it's really worthwhile to be part of the ecosystem.
Ashutosh Dutta: Yeah, that's a good point. So, there are lots of resources here, there are 46 Societies within IEEE. Over 23 of those are contributing to IEEE's Future Networks Initiative. And the Security Working Group also does collaborate with the other 14 Working Groups to see what are the potential security implications they might have. For example, MIMO, hardware, millimeter wave, edge automation applications. So, we have an opportunity to interact and collaborate with them and find out how we can look at their work and what are the potential security implications there. So, this is happening within IEEE, but we also do collaborate and attend 11 other standards groups like 3GPP, IETF, ITU and ETSI. And we try to complement the work they're doing by developing new technologies, or new algorithms, and new optimizers and techniques in security, how it can help the architecture being developed by, let's say, 3GPP, or protocol developed by IETF. So, that is a real benefit. Anything, Eman, on the standards' side?
Eman Hammad: Just the collaboration with the Standards Group of IEEE, because we all know how the strength of IEEE when it comes to standards. So, there's also the opportunity within IEEE to look at the gaps in standards, or try to facilitate more conversations between the main standards for these that you mentioned, Ashutosh.
Ashutosh Dutta: Right, and the other thing I wanted to also mention are the testbeds. Within the IEEE Future Network Initiative, we have a Testbed Working Group. But at the same time, we also have an MOU agreement with a few of the testbed like RUTGERS/WINLABand 5G Lab in Germany, and a few other testbeds where IEEE volunteers or members of Future Networks get a chance to log in and do any kind of experimental work. So, for example, if somebody wants to try some security-related experiment, they can join this group, and by being a member of this group, you get access to these labs, and can build your own experiments. At the same, IEEE standards activity recently has come up with IEEE Open, where they're building an Open Source testbed. Thereby, you can try various security-related experiments. So, collaboration is very important, not only with academics, with industry, with the vendor community, develop the security requirements ahead of time, bring it to standards and build some proof of concept to make sure some of the security challenges or issues that we talked about should be validated or demonstrated, right? So, it's like a complete ecosystem. And we need help from, and collaboration from everybody around the world to make 5G and beyond more secure.
Eman Hammad: One final thought is around trust. So, when we discuss security or cybersecurity in general, we're talking about how we trust the technology that enables our day-to-day life. And this is exactly what we're talking about when we talk about being involved in shaping the initiatives; or try to be part of the ecosystem, to make sure that we build trustworthy systems, or we help guide the design and build-out of trustworthy systems.