Explore end-to-end 5G security

The rise of 5G has been well documented and highly anticipated over the past few years. However, despite the excitement about next-generation cellular performance and low latency, many organizations are still questioning whether 5G (connecting all those people, places, and things) will also increase the attack surface of any network. If you have more network endpoints, you have more places for hackers to infiltrate the network, right? The answer is, not necessarily.

What enterprises should know is that cellular-enabled wireless WANs have been able to provide enterprise-grade security at the network edge for years. With new developments in the network core layer, there is an argument that 5G may be even more secure than other LAN and WAN solutions available today.

From 4G to 5G: Security improvements at the network level

Each new generation of cellular technology brings the opportunity to improve security. 5G network core (the service provider’s network) comes with several key changes:

1. New authentication framework

The 5G standard introduces a new authentication framework based on a mature and widely used IT protocol called Extensible Authentication Protocol (EAP), which is open, network agnostic, and more secure.

2. Enhanced User Privacy

The 5G standard introduces privacy improvements to prevent attacks that occur when a false base station calls a terminal to bring it back from an idle state. In 5G, the International Mobile Subscriber Identity (IMSI) is not used in paging, fewer texts are exchanged, and the network analyzes the radio environment to detect abnormal base stations.

3. Improve the flexibility and security of the core network

The core of 5G networks moves to a service-based architecture (SBA), which is provided by a set of interconnected network functions (NFs) and authorizes access to each other's services. SBA supports plug-and-play software, agile programming, and network slicing, thereby simplifying operations and accelerating innovation.

4. Extended roaming security

The 5G standard introduces enhanced interconnect security between network operators, centered around a network function called the Secure Edge Protection Proxy (SEPP) located at the edge of each network operator’s 5G network. Each operator’s SEPP is authenticated, with application-layer security protecting traffic.

5. Advanced integrity protection of the user plane

The 5G standard introduces a new feature that protects user-plane traffic between devices and cell towers. The feature is designed to mitigate sophisticated man-in-the-middle attacks that tamper with sensitive unprotected over-the-air user-plane data.

Cellular Broadband Security at the Network Edge

At the network edge, organizations should continue to use the same advanced network security strategies they already use for wired and 4G broadband networks, but now, 5G-related technologies also offer the following capabilities.

Network Slicing

The balance of 5G speed, low latency and reliability can only be achieved when network components share the right information through appropriate virtual network functions (VNFs). This is achieved through network slicing within SBA.

Similar to how cloud computing moved to containerization and VNFs, the 5G core is moving to this model and building microservices contained in security groups, or slices, that make commitments to specific traffic based on its QoS marking (Single Network Slice Selection Assistance Information, or S-NSSAI).

Network slicing allows operators to deliver customized network services for each enterprise’s unique needs while enabling companies to choose the right level of security for each use case.

Private 5G Network

IT/OT teams with large areas that require similarly secure LAN connectivity can deploy their own private cellular network (PCN).

5G is the first cellular network specification to truly embrace virtualization, saving a lot of costs on deploying an expensive physical network core. An organization can control its own PCN by implementing localized micro-towers and small cells (similar to access points). It's like a scaled-down version of the public network, except you control security and quality of service.

Trusted technology for securing wired and wireless networks

If network security professionals have not yet adopted new adaptive security protocols to protect their traditional wired networks, now is the time to implement these security architectures to protect both wired and wireless endpoints.

Zero Trust Network Access (ZTNA)

Zero Trust Network Access (ZTNA) is a holistic security concept that assumes that anyone attempting to access a network or application is a malicious actor who needs to be constantly authenticated. ZTNA uses an adaptive authentication policy based on each session that can take into account the user's identity, location, device, time and date of the request, and previously observed usage patterns.

ZTNA will be a critical component of 5G security at the network edge because the rapid and far-reaching expansion of the Internet of Things and other connected use cases will require enterprises to more tightly and remotely control the authentication and identification of devices and the data flows between them.

Secure Access Service Edge (SASE)

With such a large percentage of data flowing to the cloud, most security services reside there as well. Secure Access Service Edge (SASE) is a cloud-delivered security model that combines network and security functions. In the SASE model, traffic is encrypted and directed to cloud services, where highly sophisticated security technologies are applied.

With so many companies preparing to deploy 5G connectivity in a wide range of branches, stores, vehicles, and other scenarios, these enterprises can greatly improve their ability to scale quickly and securely by deploying cloud-manageable wireless edge routers and security layers in a coherent manner. Wireless WAN and SASE are well suited for the distributed edge.

With 5G’s enhanced edge-to-core security capabilities combined with today’s edge-to-cloud security technologies, such as SASE and ZTNA, enterprises can significantly improve their end-to-end security posture as they embrace 5G.