Securing 5G for business

Pual Graham, Fieldfisher.
(Image credit: Future)

 With thousands of new devices set to be connected via 5G networks, the potential for malicious hackers and other cybercriminals to attack data systems is greatly increased. In this post, Fieldfisher cybersecurity expert Paul Graham - with help from Chris Eastham and Alex Harbin - examines the challenges of making 5G secure.

The fifth generation technology standard for cellular networks is hailed as the future of connectivity. And the ability of 5G to support as many as one million devices or end-points per square kilometre, compared to around 2,000 connected devices per square kilometre with 4G, is touted as vital for the Internet of Things (IoT) era, where numerous additional devices like cars, appliances, air conditioning systems and even clothes will eventually be connected to mobile networks.

In a world where just about everything is online and connected, securing these devices from malicious attacks becomes a far greater challenge.

On the edge of safety?

5G is designed to significantly reduce latency, which is the time lapse between when a mobile tower sends data and when the destination device receives that data.

Much of the system that supports 5G low latency will rely on 'edge computing'. Traditionally, the edge of the network has been where a device (e.g., a smartphone) connects to the rest of the network to deliver and receive data from a centrally located data centre.

"But edge computing also expands the number of potential points of attack by storing and processing sensitive data across a more extensive array of systems."

Paul Graham, Fieldfisher.

Edge computing refers to the system of processing the vast amounts of data produced by devices at a location much nearer to the source of the data, minimising the need for long distance communications between client and server and reducing latency and bandwidth usage.

But edge computing also expands the number of potential points of attack by storing and processing sensitive data across a more extensive array of systems, making the data footprint too large and complicated to protect.

Connectivity at this scale therefore increases the risk of theft of sensitive personal data as well as the loss of other personal information, such as a person's location, behavioural habits and choices.

In short, the decentralisation of the network required for 5G connectivity could make it much harder to control who gets access to what kinds of data.

Going it alone?

The 3rd Generation Partnership Project (3GPP), an umbrella term for a number of global standards organisations which have been developing protocols for the deployment of 5G, has developed two deployment options for 5G: Non-Stand-Alone (NSA) and Stand-Alone (SA):


NSA: Under this option, the 5G Radio Access Network and New Radio interface works in conjunction with the existing LTE and EPC infrastructure core network used for 4G deployment.

The NSA option can be seen as a temporary step towards full 5G deployment, catering to mobile operators that want to launch 5G quickly and provide enhanced mobile broadband leveraging existing network assets.

This option does not cater for the full benefits of 5G technology (including reduced latency or the ability to connect to and process data from massive amounts of devices), however, and comes with significant security concerns.

Existing 4G LTE infrastructure remains vulnerable because of flaws in the SS7 and Diameter protocols it uses to transmit service data. The key issue is that the 3G and 4G networks did not account for the possibility of an intruder inside the network or part of a roaming network.


SA: Under this option, 5G architecture is connected to a separate 5G core network, distinct from the 4G core network.

The SA option will seek to address concerns presented by the NSA model by operating under a different trust model.

3GPP explains this trust model and the new security features of the 5G system in its Release 15 paper on Phase 1 of the 5G system.

Crucially, the SA option will not rely on the existing 4G core network, so additional security measures can be built into the new core network by design.

In the SA system, trust decreases the further one moves from the core network. The radio access network and base stations are separated into distributed units and central units, where the distributed units (closest to the edge of the network) do not have access to unencrypted user data.

The central unit is responsible for transfer of user data and applying the 3GPP defined NDS/IP security framework used to protect the integrity and confidentiality of the user plane and control plane between the device, the 5G radio node and the core network.

The network and devices in 5G are mutually authenticated (allowing the device to authenticate the network using the AUTH (Authentication Token) returned by the network and the shared key) and data transmission networks outside the mobile operator domain, such as Wi-Fi calling, undergo secondary authentication.

Secondary authentication is executed during the set-up of user plane connections and utilises the "extensible authentication protocol" (EAP) to allow the operator to delegate authentication of the connection to a third party (as EAP caters for a wide variety of credentials and authentication methods). For example, where the connection relates to Wi-Fi calling via an app, credentials such as username and password held by the third party app could be used to authenticate the user and authorise the connection.


So is 5G secure?

5G security challenges need to be acknowledged and addressed. Anecdotal evidence suggests that only a small number of those who stand to benefit from the technology appreciate that it comes with additional risks.

The technology promises to enable everything from faster broadband to smart cities and self-driving cars. But if the security of 5G networks are not taken seriously, the results could be catastrophic.

In many ways, the security of 5G is a shared responsibility. Standards bodies like 3GPP can dictate how to implement secure network architecture, but operators are responsible for the security of the network and must adopt a continual risk-based approach to monitoring networks and services, adapting security controls in response to emerging threats.

In the meantime, businesses need to be aware of 5G security risks so they can prepare for its arrival.

Paul Graham

 Paul Graham is a TMT Partner at European law firm Fieldfisher LLP. Fieldfisher has a growing European network of offices that support an international client base alongside its strategic bases in Silicon Valley and China. Clients include web companies, consulting and digital services, pharmaceutical, life sciences and medical devices companies, energy suppliers, infrastructure and chemicals companies, as well as banks and financial institutions.