Security Talk丨How far are we from 5G?

[[267324]]

Security officials from governments around the world recently agreed on a series of proposals for future 5G networks, highlighting concerns that equipment from vendors could be subject to government influence. (While no vendors were named directly at the time, the United States has been pressuring allies to limit their use of equipment from China's Huawei, even though Huawei has repeatedly denied the possibility that its equipment could be used for espionage.)

"The overall risks posed by suppliers from third countries should be taken into account." This is the consensus reached by more than 30 countries including the European Union, NATO, the United States, Germany and Japan after the meeting. The 32 countries jointly launched the "Prague Proposal", which was said to be a "fatal blow" to Huawei.

(When I wrote the above sentence, the United States had not yet started its full-scale crackdown on Huawei. Look at it now, the world has changed.)

(By the way, let me mention the sweater war. Can you win? No. Will you definitely lose? Not necessarily. But when you can stand and bargain with someone, don't kneel down first.)

Ok, let's get back to the topic. When did the concept of 5G suddenly appear in our lives? Anyway, I don't remember.

I don't know if you have seen "Fast and Furious 8". In the movie, the villain Charlize Theron used her superb hacking skills to control cameras all over the world and manipulated hundreds of cars to chase and intercept Donald Trump. She was omnipotent and even used a nuclear bomb to threaten world peace.

Isn’t it cool?

Are these movie plots all fiction? Yes. But are they really impossible to achieve? No.

Nowadays, more and more devices are connected to the Internet, and more and more operations can be completed through terminals. As the most widely used terminal, mobile phones are no longer new to large-scale information leakage, fake base stations, and communication monitoring. It can be said that these are real security risks around people.

Therefore, some people who are prepared for danger in times of peace have begun to think about what 5G is and how safe it is.

What is 5G

5G network, the fifth generation mobile communication network, is said to have a peak theoretical transmission speed of tens of GB per second, which is hundreds of times faster than the 4G network we currently use. A 1G movie can be downloaded in just 8 seconds. From Samsung Electronics' announcement in 2014 that it had developed a mobile transmission network based on 5G core technology, to the release of the first commercially deployable 5G NR at the 3GP RAN conference of the International Telecommunication Standards Organization in 2017, to the gradual deployment of 5G equipment in many countries and regions around the world, it seems that the development of 5G has been smooth sailing.

As the saying goes, "4G changes life, 5G changes society". The existence of 5G is not just an upgrade of the network, but the foundation for truly realizing the interconnection of all things. It changes the previous 1-4G concept of "interconnecting people" and deeply integrates multiple industries such as the Internet of Things, industry, life, medical care, and transportation to truly change life. (From the fierce competition in the industry now, we can also see that 5G is no longer a technology competition, but a strategic competition for national interests)

The impact of 5G

As the bridge that connects all things, 5G may be under more pressure than we imagined.

Technology is constantly being updated, and the Internet is constantly integrating with traditional fields. While 5G generates massive amounts of data, it is bound to bring security threats in multiple scenarios and dimensions. As network boundaries continue to expand, network threats are constantly refreshing people's cognition. Future network security issues may directly affect people's life safety, social economic development, and the long-term stability of the country.

In February this year, a security team composed of several foreign scholars conducted a study on mobile networks and announced that they had successfully discovered three security vulnerabilities in 4G and 5G networks. This is the first time that vulnerabilities have appeared that can affect both the existing 4G and the upcoming 5G. Although 5G networks claim to provide faster speeds and higher levels of security protection, researchers said that the vulnerabilities they found can bypass these protections.

According to the paper published by these researchers, the three vulnerabilities are Torpedo, Piercer and IMSI-Cracking, which can be used to intercept calls and track the location of mobile phone users. The most serious one is Torpedo, which exploits the weakness of the cellular paging protocol (paging protocol, which is used by operators to notify mobile phones before incoming calls or text messages). Making and canceling mobile phone calls in a short period of time can trigger the paging protocol when notifying the target device of the incoming call, allowing attackers to track the victim's location. Researchers said that knowing the victim's paging timing can also allow attackers to hijack the paging channel and insert or reject paging messages by spoofing messages (such as Amber alerts) or blocking messages completely.

Through Torpedo, two other vulnerabilities were also able to be pushed forward. Piercer allows attackers to determine the International Mobile Subscriber Identity (IMSI) on 4G networks, while another vulnerability is called IMSI-Cracking Attack, which can brute-force IMSI numbers on 4G and 5G networks. In general, IMSI numbers are encrypted.

Research shows that the four major telecom operators in the United States (AT&T, Verizon, Sprint and T-Mobile) all have Torpedo vulnerabilities, and attackers only need to spend $200 to buy a radio communication device to launch an attack. There are even insiders who said that an operator in the United States has been attacked by the Piercer vulnerability.

…

5G Security

5G networks are said to have enhanced security features in all aspects. The 5G Network Security Research Report released by 360 not long ago summarized the characteristics of 5G:

(1) Enhanced privacy protection for user unique identifiers

(2) Enhanced control over the home network, greatly reducing the risk of fraud in roaming areas

(3) Provide data encryption on demand, expanding the protection of user data

(4) Enhanced security of connections between operators

(5) Selectively deny terminal access to improve the IoT’s ability to defend against DDoS attacks

(6) The new redundant transmission security solution can effectively balance the reliability and security of low-latency services

5G will face more open network links, deeper computing devices, and more complex application environments, as well as six security challenges, including core network technology, low-latency services, large-connection services, network slicing technology, fake base station issues, and user location privacy protection.

Network Slicing

Network slicing may be a relatively new concept. What is slicing? What is being sliced?

For example, although a highway is very wide, it is often congested. In order to facilitate driving, someone divides the road into driving lanes, overtaking lanes, and bus lanes. This is network slicing, that is, on-demand networking, dividing multiple virtual networks on a unified infrastructure to adapt to various types of business applications.

The three major application scenarios of 5G at present: eMBB (large bandwidth), uRLLC (low latency communication), and mMTC (large connection) are three types of communication services defined based on the network's different requirements for the number of users, QoS, and bandwidth, corresponding to three slices.

The corresponding functional entities are CSMF (communication service management function), NSMF (slice management function), NSSMF (sub-slice management function) and MANO (management and orchestration).

CSMF: Communication Service Management Function, communication service management function;

NSMF: Network Slice Management Function, slice management function;

NSSMF: Network Slice Subnet Management Function, sub-slice management function;

MANO: Management and Orchestration;

SLA: Service Level Agreement, service level agreement;

NFVI: Network Functions Virtualization Infrastructure.

This may seem a bit confusing. Let me give you another example. The entire network slice can be understood as an orchestra. NSMF/NSSMF is a bit like an arranger. It can arrange music from the perspective of musical instruments (corresponding to NFVI) and timbre (corresponding to NF). The orchestra conductor (corresponding to MANO) directs different instruments to play beautiful music.

Of course, network slicing is not limited to eMBB, uRLLC, and mMTC. Operators can cut the physical network into multiple virtual networks according to different application scenarios. Therefore, more slices mean more applications, greater network value, higher return on investment, and correspondingly, greater security risks.

What is certain is that 5G network security is of great significance for ensuring the deep integration of the Internet of Things, big data, artificial intelligence with major traditional industries and the real economy, and for promoting the governance of cyberspace.

5G eliminates the threat of illegal positioning of users based on the mobile phone user identification number (IMSI), ensures the integrity of user data, reduces the risk of roaming area deception, enhances the security of links between operators, and improves the ability of the Internet of Things to resist DDoS attacks... It can be said that it has brought many positive and active impacts, which may be epoch-making in improving network security.

But in fact, the security features of 5G may not be able to play their true strength in the short term. Not to mention the effectiveness and completeness of 5G technology, it is difficult to ensure that network security solutions are "prepared for a rainy day", and targeted solutions are often customized according to actual business conditions. Therefore, the challenges facing 5G security are unprecedented. Old problems have not been solved yet, and new technologies are coming to challenge them. While promoting the interconnection of all things, 5G may also become a carnival in the hacker world.

The current state of 5G

The emergence of every new technology is bound to be accompanied by a dispute between "royalists" and "reformists", and 5G is no exception. Not long ago, the well-known consulting firm McKinsey conducted a survey on major global telecom operators on 5G issues.

The results show that the market has two completely different views on 5G. One side believes that 5G's low latency and high load capacity will help improve telecommunications efficiency; the other side believes that there has been no real 5G implementation for many years, and the huge investment that may exist in the commercialization process will become an obstacle to 5G. However, the unanimous conclusion is that 5G may reach its peak around 2022. By then, various operators will significantly increase their investment in 5G, but the growth rate and increase may not be too high.

At present, 5G presents different situations around the world. Version and AT&T, the two major operators in North America, have put 5G into commercial trials. As for the joke that they made that the 5G network speed is not as good as 4G, let’s not talk about it for now... The other two T-Mobile and Sprint have also joined forces to do something in the 5G era. On the other hand, the EU region is very cautious about 5G, which is completely different from when they introduced 2G and 3G. Of course, the various conditions of the EU itself have indeed restricted the development of 5G (the European economic growth slowed down after the 2008 financial crisis, the European market is small and fragmented, and it is difficult to obtain large-scale investment, etc.). Asia is following North America at a very rapid pace (just look at the shock caused by Huawei to understand), for example, South Korea has built more than 5,800 5G base stations in the country. And according to the GSMA's "Mobile Economy" report, by 2025, led by Australia, China, Japan and South Korea, the Asia-Pacific region is expected to become the world's largest 5G region.

Overall, although 5G has already appeared, due to "various reasons", large-scale upgrades to 5G will not occur in the next two years, and the region will become a major obstacle to its development. For major operators around the world, the current task may be more about preparing and planning for 5G.

Uncertainty about 5G

How the market will develop will ultimately depend on the attitude of the investors. If they have money, everything is easy; if they have no money, everything is a bubble.

As it stands, there may still be a lot of uncertainties about 5G.

The industry is confident that 5G will change the world, but whether 5G can really bring about changes that the general public is willing to accept is still unknown. I wonder if you still remember that when 4G first came out, a guy turned on 4G for one night and the next day's Internet fee was as much as the price of a house? 5G faces the same problem.

What is certain is that if 5G networks are to be deployed on a large scale, network infrastructure must be rebuilt (or shared with other operators), which is a very large expense. So far, few operators have expressed their willingness to build 5G facilities on their own, and most of them hope to find a third party other than an operator to build and then share. Emmmmm... The high cost of 5G equipment has deterred many people. After all, in the eyes of some operators, the ability of 5G to make money is still questionable (it may not be much better than 4G, and it will also bring huge risks).

In the 4G era, we have witnessed too many cybersecurity incidents, such as the rampant ransomware of WannaCry and Petya, and the constant emergence of security risks in the Internet of Vehicles and smart cities. Cyber ​​threats have gradually moved from the virtual world to reality. In the upcoming 5G era, the dual impact of technological development will inevitably continue to emerge with practical applications, and cybersecurity may also be a different picture. Perhaps in our lifetime, we will really be able to see a "battle of gods".