Security considerations in the 5G era - An exploration of mobile edge computing and how to be ready for the transition to 5G - SAM Seamless Network
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Security considerations in the 5G era An exploration of mobile edge computing and how to be ready for the transition to 5G www.securingsam.com
Mobile edge computing (MEC) is an emerging concept introduced to bring cloud services and resources closer to the user by positioning them at the edge of the network. MEC helps achieve desired outcomes of low latency, location awareness, and mobility. In this paper, we discuss the cybersecurity aspects of mobile edge computing in the context of the 5G transition and how it facilitates two important results: Delivers secure Creates safe digital environments infrastructure for consumers and machines Mobile Edge Security for Consumers While telecom providers have been deploying 5G networks prior to last year, 2020 was the year that the world was introduced to a hands-on experience with 5G with new smartphones from multiple manufacturers including Samsung and Apple. The iPhone 12 was the first model with support for 5G, including both mmWave and Sub-6GHz 5G, the two types of 5G, and it set a record for sales.1 The term 5G is often associated with IoTs, VR and autonomous cars; however, today, smartphones dominate the 5G market. Out of 715 devices certified by the Global Certification Forum last year, 71% were smartphones. 2 And, according to estimates from Ericsson’s latest Mobility Report, the number of 5G smartphone subscriptions worldwide is expected to rise to 600 million by the end of this year, almost tripling the 2020 total.3 SAM | Mobile Edge Security 1
5G Certifications by Type Other
2.1%
Platform
Considering the increasing and 2.0%
Tablet
widespread adoption of such 2.0%
innovative technology, its’s critical WLAN Router
4.7%
to examine two key considerations:
Other
1. How to ensure the technology (personal comms)
4.7%
infrastructure and supply chain
are safe and do not increase the
Module
attack surface. 13.4%
2. How to utilize the technology
to protect subscribers from risks
in the application layer.
Smartphone
71.1%
Safe 5G
Infrastructure
The 5G transition enables new services riding on Current 5G deployments leverage legacy
top of 5G and it brings tremendous promise in infrastructure and untrusted components
capabilities and innovation. However, only investing in as it builds upon previous generations
functionalities and turning 5G deployment into a race
of wireless networks; they are currently
while not simultaneously securing the infrastructure,
being integrated with 3G/4G networks
dangerously leaves the door open for security
and contain legacy vulnerabilities.
compromises.
Vendors, service providers, and integrators MUST push to
Roll outs of both the hardware and software
upgrade the legacy components; delaying this to save money
components of 5G deployments require standards that
today will cause tremendous costs in the future. According
emphasize security and resilience to prevent attempts
to IBM System Science Institute, addressing security issues
by threat actors that may influence the design, hijack
during design is 15 times less expensive than during testing,
software, or control traffic.
and 100 times cheaper than during maintenance. 4
It’s critical to fully understand the risks and how to
remediate them prior to any breach or threat occurs.
SAM | Mobile Edge Security 2SDN (Software Defined Networking) The barriers to entry as an infrastructure
will play a crucial role in the design of 5G provider within the 5G marketplace today
wireless networks. However, like any other are very high; only a few vendors (e.g. Nokia,
software-based solution, ongoing remote Ericsson, Samsung and Huawei) are invested
updates are the most notable advantage in building the core infrastructure, which
and the most challenging risk. creates limited competition, resulting in
Consider similar software-based products; it seems that
proprietary solutions.
the SaaS Application Development Lifecycle is well defined The ability of the community to audit proprietary solutions is
to handle innovative technology while limiting the possibility challenging, so programs like “bug-bounty”* cannot be fully
of vulnerability in production. However, assuming that leveraged. Limited competition means that once a hacker
5G is an isolated network increases the attack surface discovers a vulnerability in one component, it has a worldwide
dramatically. impact.
Therefore, vendors, service providers, and integrators must These two risks alone could potentially damage the
adopt secured cloud development methodologies that reputation of the entire 5G industry. Vendors, service
assume that everyone is accessible, but no one is trusted. providers, and integrators MUST leverage open
architectures like O-RAN* and OpenRAN.
According to IBM, organizations can
cut costs by 15X if they address security
during design.
O-RAN Bug-Bounty
O-RAN Alliance is an operator defined open radio access Bug-bounty refers to specific programs organizations and
network that works to transform the industry to an open, websites have developed that offer compensation and recognition
intelligent, virtualized, and fully interoperable RAN. for reporting bugs, particularly if they are related to security
breaches and/or vulnerabilities.
True Seamless Security 5G connectivity
is 600X faster than current
5G promises to offer speeds of approximately 10 gigabits
4G mobile phones
per second to your phone. That's more than 600 times faster
than the today’s 4G speeds on mobile phones—fast enough
to download a 4K high-definition movie in 25 seconds.
The evolution of mobile connectivity
3G 4G 5G
Development year 2004 -2005 2006 - 2010 2020 and beyond
Bandwidth 2 mbps 200 mbps > 1 Gbps
Latency 100 - 500 Milliseconds 20 - 30 Milliseconds 10 Milliseconds
Average Speed 144 Kbps 25 Kbps 200 - 400 Mbps
SAM | Mobile Edge Security 3Reaching 10 gigabit per second and 1 millisecond latency requires offloading cloud
computing into the edge, known as Mobile Edge Computing (MEC). It helps reduce
congestion on mobile networks to enhance the quality of experience (QoE), and this routing
reduces costs which is essential in mass production technologies.
MEC will also change the way consumers are protected. Today, consumers primarily
use endpoint software like Antivirus to defend themselves. MEC releases the chains
of download, installs and maintains endpoint software, damages the battery, and requires
dedicated flavor for each operation system missing the advantages of Cloud Applications.
Leveraging MEC changes the game
in the following areas:
User privacy Digital safety
VPN is a great tool to protect user privacy; it masks IP Being anonymous is just a part of the equation for
addresses, so your online actions are virtually untraceable. information security. Another more important factor
Even more importantly, VPN services establish secure and is filtering malicious content like malware, phishing, and
encrypted connections. One of the well-known drawbacks spyware, that are delivered in email, websites, and social
of VPN is the slow internet caused by the doubled media.
roundtrip of traffic.
Today, mobile devices are protected against these scenarios
Before the mobile device traffic arrives at its destination, mostly by endpoint security software. However, most
it is redirected via the VPN server, which might be located consumers lack the awareness to ensure this is implemented
far away from the user or the destination. on their devices.
Increase efficiency and save bandwidth costs by installing Having a safe browsing module in the edge will provide
VPN servers closer to the endpoint. agentless, network-based security that can protect mass
production users.
Remote work
As 5G networks allow users to send large amounts of data
to cloud-based applications, it will require the traffic to
SASE
go directly into the cloud without passing through their
Secure Access Service Edge is a term coined by Gartner
organization's private networks. However, CISOs will want
in August 2019. It refers to a new network security model
to enforce advanced security controls such as Zero Trust
that combines different functions of network and security
Network Access (ZTNA), Cloud Access Security Brokers
solutions into a unified cloud security platform to be delivered
(CASB), and Secure Web Gateways (SWG).
as a service.
Applying these security controls without redirecting the
traffic via the organization’s private networks will require
an extension of the SASE5 solutions into the Mobile Edge.
SAM | Mobile Edge Security 4Mobile Edge
Enterprise Security
Branch
Edge SDWAN
Node
Smartphone Headquarters
Packet
Core
Edge
Node
PC with
5G Module
Enterprise Cloud Apps
CASB ZTNA
SWG IPS
Advanced Security Controls WWW
Mobile Edge Security for IoTs
Although there is a higher adoption rate of 5G smartphones versus IoT devices today,
billions of dollars are spent on enabling access machines to connect to the 5G network
via cutting-edge technologies like eMTC, NB-IoT, NR-Light, and eMBB. Imagine being able
to wear smart glasses outdoors, without any WiFi Hotspot around, or text your vehicle
to drive itself from the parking garage to pick up your children from the school. Today,
IoT security solutions are focused on protecting local managed networks such as homes,
offices, and enterprises.
However, the 5G transition requires IoT security solutions to deep dive into distributed
unmanaged assets like cars, solar panels, wearable devices, and smart cities to ensure
they’re properly secured.
SAM | Mobile Edge Security 5Distributed IoT Security
Unlike enterprise networks, where the CISO or IT team control which devices have access
to the network, in mass production IoT, the user needs a SIM card to gain access and
create damage. Mass production IoT security solutions have cloud-native architecture that
leverages MEC to identify the devices, enforce security policies and detect anomalies.
Using MEC as part of its architecture enables better user privacy and safety, without impact
on the customer experience, and offers the service provider a new way to monetize 5G
after investing billions of dollars in the architecture.
Mobile Edge Consumer
and IoT Security
Consumer IoT
& Wearables
User User
Plane Plane
VNFs Function Function VNFs
Critical IoTs CNFs CNFs
Packet Core Mobile Edge
Distributed
Assets
Hot
Fingerprint
Patching
Isolation Dynamic
Firewall
Advanced Security Controls WWW
SAM | Mobile Edge Security 6The following technologies are the building blocks
of Mass Production IoT Security solutions
Device Fingerprint
Again, without a CISO as a gatekeeper for the network, The ability to identify devices down to the specific device
nobody knows which devices are connected along with the level in seconds requires leveraging machine learning
vulnerabilities they bring with them. Identifying the devices algorithms trained on real-world data sets that operate in
based on their network signature is core functionality that the edge, so that all the required data is visible.
every IoT security solution should have.
Smart Device Policies
Once the connected devices are identified, it becomes possible to enforce device security policies. These policies cover both
prevention and remediation, and they are built on top of two enterprise-grade technologies:
(a) Virtual patching: Attackers can access IoTs as they are (b) Dynamic firewall: By leveraging device classification, it
connected directly into the mobile network. If devices have allows IoT devices to communicate only with the intended
any vulnerability, this technology patches the devices over internet addresses. For example, based on thousands of
the network remotely to block the exploits and reduce the nest smoke alarm devices connected to the mass IoT security
possibility of compromising the device. solution, we can map the communication pattern of each nest
smoke alarm model and enforce the correct communication
path for each one of them.
Hostnames *.nestcom
Any port
Hostnames *google.com
Whitelisted Ports 123, 443
Access SAM
Condnonal Mobile Hostnames *googleusercontent.com
Access 1e100. net Port 443
Edge
Hostnames *compute-1.amazonaws.com
Port 443
Network Isolation
Slicing is the most crucial component for implementing the Isolation of each network slice helps service providers and
personalization of mobile networks for unmanaged devices. organizations enhance their products' privacy and security
By the definition of 5G network slicing, logical networks can while not impacting other network slices. This can be
be virtually represented by a single network. Every network implemented in various ways – by device classification, risk
slice will have specific network functions to provide tailored score, identity, and required functionality.
services for different requirements, offering better agility,
flexibility, and cost-efficiency.
SAM | Mobile Edge Security 7Make it happen!
While crafting and reviewing this paper, we became even more convinced about how many different aspects just
from a security perspective must be covered and maintained in parallel to all the great opportunities 5G brings.
Enabling 5G is a mission that MUST involve every part of the supply chain, from the physical antenna
manufacturer to Cloud-Native Function (CNF) vendor, which provides VR streams.
Service Providers, vendors, and integrators, we at SAM Seamless Network are here to help you establish
reliable and secure 5G connectivity in the following areas:
Review of your 5G Mobile Edge Security Consumer networks
security infrastructure for enterprises and IoTs
attack vectors and ensure using a combined solution of the using the SAM Platform
a secured environment. SAM Platform together with our to create new ways to monetize
technology partners. the 5G advantages.
References
1. https://www.livemint.com/companies/company-results/apple-records-strongest-quarter-ever-with-iphone-
sales-up-by-17-11611793957072.html
2. https://www.lightreading.com/5g/5g-device-trends-mmwave-standalone-iot-gain-ground/d/d-id/768307
3. https://www.ericsson.com/4adc87/assets/local/mobility-report/documents/2020/november-2020-ericsson-
mobility-report.pdf
4. https://www.researchgate.net/figure/IBM-System-Science-Institute-Relative-Cost-of-Fixing-Defects_
fig1_255965523
5. SASE - Coined by Gartner in August 2019, is a new network security model that combines different functions
of network and security solutions into a unified cloud security platform to be delivered as a service.
Contact us
For more information about SAM Seamless Network, visit our website,
securingsam.com or contact us at info@securingsam.com
Israel - Headquarters New York Office Berlin Office
Totseret Ha'arets 7, Tel Aviv 488 Madison Ave, 11th Floor, NY 10022 5, Schinkelpl, 10117 BerlinYou can also read
