Due to its increased complexity, 5G network functions are exposed to wide range of attacks including supply chain compromises, vulnerability exploitations, misconfiguration-driven weaknesses and insider threats. 5G networks have introduced state of the art security mechanisms for the signaling network, but these could be further enhanced by applying an adaptive security strategy. Before going into detail about adaptive security strategies in a signaling network, we want you to reflect upon the importance of security in daily life. Take online shopping, for example. When purchasing goods, you expect that the online store is legitimate (the store you expect it to be) and that your payment is received by them. But what if the shop is fake and your payment is actually received by an untrustful company that won’t ever fulfill your order? Ultimately, you might lose trust in online shopping and not want to do it again. Obviously, these types of scams or interactions need to be prevented. But how?
Lifting the security of the signaling network to the next level
When it comes to the telecommunications industry, communication service providers (CSPs) need a robust strategy to protect their networks from known security risks. A typical protection strategy first addresses central routing functions at the network edge. Security can be lifted to the next level with a zero trust approach. With zero trust, no entity inside or outside of the network is trusted, instead resource access is authorized by dynamic policies. Zero trust relies on integrity and behavioral monitoring and security analytics for policy decisions and security posture improvements. We recommend that CSPs adopt a zero trust strategy and use advanced analytics as well to raise the level of security protection even further.
Modern security monitoring and analytics tools can reveal both known and new security risks, giving CSPs the opportunity to take preemptive action and implement the necessary countermeasures before their networks are subjected to attacks. Regular security risk assessments make it possible to continuously identify potential security risks and verify the measures that protect against them. The results from security analytics should be integrated in the security risk assessment to turn unknown security risks into known ones.
The evolving threat landscape
Legacy networks offering 2G, 3G or 4G services are built on the principle that trusted network elements communicate with each other. Signaling protocols that are used in those networks like the international Signaling System 7 (SS7) standard, including Mobile Application Part (MAP) and IP-based protocols such as Session Initiation Protocol (SIP), Diameter and GPRS Tunneling Protocol (GTP), can be transported via secure tunnels but it’s not mandatory to support the secure transport. 5G networks use HTTP signaling which is commonly used for internet services. In contrast to legacy networks, 5G supports secure signaling transport via a Transport Layer Security (TLS) right from the start. 3GPP has specified the secure signaling transport and it must be supported by all the network elements in the 5G core network.
Although there is a solution for secure signaling transport in 2G, 3G, 4G and 5G networks, the trustworthiness of signaling communication relies on the integrity of peering network functions too. It’s still possible to inject fraudulent signaling messages into the networks if a node gets compromised, for example by exploiting a zero-day vulnerability. Insider threats are also of high concerns when the network function is abused by compromised personnel. To overcome this security breach an adaptive security strategy is required.
Establishing an adaptive security strategy
To protect networks from signaling security threats, CSPs should follow a three-step strategy:
Step 1: Adopting a signaling security framework
To establish a basis for a secure signaling network, a CSP must protect network equipment from unauthorized access. Signaling messages injected from outside need to be inspected following GSMA recommendations and stopped at the edge of the network.
Step 2: Employing analytics and process automation
While traditional defense approaches put the focus on network perimeter protection, policy decisions with the zero trust approach are made based on the confidence of the requestor identity and integrity. Transition to zero trust requires efficient trust level computations, which can be powered by integrity monitoring, behavior analytics and threat detection methods.
Adversary-behavior-model-driven security analytics could provide superior threat detection capabilities if supported by a telecom-domain-specific behavior knowledge base. Insider threats could be efficiently addressed by user behavior analytics methods that detect bad behaviors deviating from the norm. Anomaly detection techniques, powered by machine learning (ML) and artificial intelligence (AI) algorithms, can mitigate unknown threats via identification of abnormalities and draw the attention of security analysts to suspects at an early stage.
Step 3: Carrying out regular compliance monitoring and security assessments
Compliance monitoring and security assessment is an essential procedure carried out to gain an understanding of the risk level a signaling network is exposed to, and to what extent known security issues are mitigated by the network functions.
Looking ahead
5G is not just a new G: 5G is all about new business models, opening the network for companies and organizations to increase business opportunities, while also benefiting users. However, opening up the network also means you’re opening it up for malicious attacks. In 2G, 3G and 4G the foundation for security was trusted network elements. But in 5G there’s no such thing – in 5G you need to lift the security of the signaling network to the next level. Establishing an adaptive security strategy will be key for protecting your 5G network and your 5G customers.
Discover more. Explore our white paper: 5G Signaling security - Achieving adaptive security in the signaling network
Read more about 5G Signaling
