The fifth generation of mobile wireless technology (5G), brings more speed, faster communications, and the ability to connect to many more devices at the same time. However, security in 5G networks is still a challenge.
But what does this mean for data protection and privacy?
The fact that 5G supports many different access networks, including 2G, 3G, 4G, and Wi-Fi, means that the new technology may inherit all the security challenges of the networks before it.
5G is the first mobile architecture designed to support multiple specific use cases, each with its own unique cybersecurity requirements.
This poses a major security risk in 5G networks.
For example, 5G will enable IoT applications on a massive scale, such as traffic sensors and vehicle-to-infrastructure services, and is the basis for smart cities.
It is critical that cybercriminals cannot access data, hijack IoT devices, or perform distributed denial-of-service attacks in smart city scenarios.
In fact, security in 5G networks is nothing new for the mobile industry. There is a long-standing importance on security, creating a strong market differentiation from other wireless technologies, some of which have vulnerable network architectures.
Security in 5G networks and authentication must go hand in hand
Today’s networks face a wide variety of threats from different sources and attack routes. The quantity and quality of these attacks increase every year as more points of vulnerability become available in networks and devices.
With IoT at scale, the threat surface becomes quite broad, especially when it comes to services, applications, platforms, networks, and the IoT devices themselves.
In practice, cybercriminals understand the vulnerability of threats related to mobility, edge, and network cores, firewalls, and other interfaces present many opportunities for attack.
Each vulnerability point potentially presents several different types of threats, such as message blocking, denial of service, man-in-the-middle techniques, and more, that can attack authentication, integrity, network availability, and privacy.
With so many exposure points and vulnerability threats, security can significantly strain the resources of the 5G network operator
Fortunately, wireless carriers don’t have to reinvent the wheel. The protocols and security specifications in 5G networks are based on and compatible with the main frameworks developed in 4G.
In addition, 5G offers new security features that use multi-network slicing, multi-tier services, and multiple connectivity capabilities.
To enable the necessary flexibility, agility, and economies of scale, these technologies will be delivered through virtual and containerized environments.
This is a revolutionary way of working for the industry.
The development of 5G standards has adopted ‘Secure by Design’ principles, considering:
- Use of mutual authentication: Confirm that the sender and recipient have an established trust and the end-to-end relationship is guaranteed;
- An alleged “open” network: removal of any assumption of safety of the overlapping product(s) or process(es);
- An acknowledgement that all links can be accessed: Enforce encryption of inter/intra-network traffic, ensuring that encrypted information is worthless when intercepted.
While this is a common practice in solutions for other services, such as Internet Banking, it is a major paradigm shift for existing mobile telecommunications practices.
As a consequence, 5G networks should offer the consumer more protection than existing 4G/3G/2G networks.
Security in 5G Networks: Protecting Users and Devices
Security in 5G networks improves the confidentiality and integrity of user and device data.
Unlike previous generations of 5G mobile systems:
- Protects the confidentiality of messages between the device and the network: as a result, it is no longer possible to trace the user’s equipment using current attack methodologies on the radio interface, protecting against attacks
man in the middle
- It introduces a protection mechanism called home control: this means that the final authentication of the device to a visited network is completed after the home network checks the authentication status of the device and the connection used. This enhancement will prevent various types of fraud that have historically harmed carriers and address the carrier’s need to properly authenticate devices to services;
- Supports unified authentication in other types of access networks: allowing 5G networks to manage previously unmanaged and unsecured connections. This includes the ability to perform re-authentication when the device moves between different access or service networks;
- Introduces user plan integrity checking: ensuring that user traffic is not modified during transit;
- Enhances privacy protection by using public/private key pairs to hide the subscriber’s identity and derive keys used throughout the service architecture. to hide the subscriber identity and derive keys used throughout the service architecture.
The goal of 5G is to open up the network to a broader set of services and allow mobile operators to support these services. It is an opportunity to protect services and consumers from many of today’s threats.
In practice, 5G comes with many built-in security controls by design, designed to enhance the protection of individual consumers and mobile networks, this is more effective than post-deployment add-ons or extras.
The advancement of technology and the use of new architectures and features, such as network slicing, virtualization, and cloud, will introduce new threats that require new types of controls to be implemented.
Ericsson and Thales partner to offer a solution for secure 5G authentication and user privacy
One of the key components of a reliable 5G network is the integrity of the virtualized infrastructure and the confidentiality of the data flowing within it.
Protecting and authenticating subscriber authentication and privacy presents several challenges, including infrastructure complexity, the distributed nature of 5G networks, the large number of connected IoT devices, the use of multi-vendor networks, and the evolution of 3G and 4G connections.
Ericsson announced its solution
Authentication Security Module
to enhance user privacy security, based on a dedicated physical module for central management of authentication procedures in 5G Core networks.
The solution is powered by the Thales 5G Luna Hardware Security Module (HSM).
The Ericsson Authentication Security Module is a unique solution that supports multi-access (3G/4G/5G) and is pre-integrated with Ericsson’s dual-mode 5G Core for efficiency and reliable deployment flexibility.
The solution is 3GPP compliant, increases network security against cyber attacks, and provides a more secure ecosystem for 5G use cases and business innovation.
To provide the highest level of performance and security for cryptographic keys and algorithms, Ericsson’s solution is powered by the trusted root of the Thales 5G Luna Hardware Security Module (HSM).
The outstanding performance of the FIPS-140-2 Level 3 compliant 5G Luna HSM meets the security, high throughput, and scalability requirements for 5G.
Thales has introduced the 5G Luna Hardware Security Module (HSM) to help Communication Service Providers (CSP) address security challenges.
The 5G Luna HSM delivers up to 1,660 transactions per second (tps) with a single HSM and a PKI hardware-based root of trust, enabling fast and secure scaling from the data center to the edge.
All encryption and encryption key storage, generation and management operations are performed within the secure confines of the 5G Luna HSM, ensuring the protection of subscriber identities, including user equipment, radio area networks (RANs), and your core network infrastructure.
Ericsson and Thales partnership benefits
The Ericsson Authentication Security Module and the Thales 5G Luna HSM offer a wide range of benefits for organizations operating in a jurisdiction of strict privacy requirements. These benefits include:
- React quickly to threats by implementing agile encryption, alternative means of encryption;
- Prepare your organization for the future by implementing quantum secure algorithms;
- Added security for your organization’s users and data today and in the future.
With the growing relevance of 5G networks in the communications infrastructure, regulatory frameworks to protect user security and privacy are likely to become even stricter.
By integrating an HSM (hardware security module) based security into leading 5G subscriber data management solutions and service providers will be able to meet the most stringent requirements.
What makes the Thales Luna HSM solution the best option for your company’s needs?
Thales Hardware Security Modules provide the highest level of security by always storing cryptographic keys in hardware.
In addition, they provide a secure encryption foundation, as the keys never leave the FIPS-validated, intrusion-resistant, tamper-proof device.
Since all cryptographic operations take place inside the HSM, strong access controls prevent unauthorized users from accessing confidential cryptographic material.
In addition, Thales also implements operations that make deploying secure HSMs as easy as possible, and our HSMs are integrated with the Thales Crypto Command Center for fast and easy partitioning, reporting, and monitoring of cryptographic resources.
Thales’ HSMs follow strict design requirements and must pass rigorous product verification tests, followed by real-world application testing to verify the security and integrity of each device.
Thales’ HSMs are cloud agnostic and are the HSM of choice for Microsoft, AWS and IBM, providing a hardware security module service that dedicates a single tenant device located in the cloud for the customer’s cryptographic processing and storage needs.
With Thales hardware security modules, you can:
- Addressing compliance requirements with solutions for Blockchain, General Data Protection Law (LGPD) and Open banking, IoT, innovation initiatives such as the Central Bank of Brazil’s Pix, and prominent certifications such as PCI DSS, digital signatures, DNSSEC, hardware key storage, transactional acceleration, certificate signing, code or document signing, mass key generation, and data encryption;
- The keys are generated and always stored in an intrusion-resistant, tamper-proof, FIPS-validated device with the strongest levels of access control;
- Create partitions with a dedicated Security Office per partition and segregate by administrator key separation;
Therefore, Thales Luna HSMs have been implementing best practices in hardware, software, and operations that make deploying HSMs as easy as possible.
Thales Luna HSMs meet stringent design requirements and must pass rigorous product verification testing, followed by real-world application testing to verify the safety and integrity of each device.
Make the best choice
HSMs are built to protect cryptographic keys. Large banks or corporate offices often operate a variety of HSMs simultaneously.
Key management systems control and update these keys according to internal security policies and external standards.
A centralized key management design has the advantage of streamlining key management and providing the best overview for keys in many different systems.
Learn more about Thales HSM
The encryption keys are literally the key to accessing the organization’s data. They protect an organization’s most sensitive information, so the system that generates and stores it must be protected at all costs.
The Thales Luna HSM not only provides the best physical security, it is usually located at the heart of a company’s secure data center, but also ensures that the stored keys are never tampered with.
Unless you have an environment where a physical data center is not available, adopt an HSM appliance to secure the organization’s encryption keys and leave virtualized services for the rest of your infrastructure, and take comfort in knowing your encrypted connections and data are always secure.
EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.