New horizons of 5G to boost the importance of network protection
5G networks are becoming more and more integrated into our daily lives — “mainstream” users can already find them on their own 5G-enabled devices. Of course, with the expansion of next generation networks, smartphones are by no means the most exciting segment, but rather the emerging areas of application, such as IoT (Internet of Things), self-driving automobiles, industrial automation, or even remote healthcare/remote surgery.
Network protection is always critical in all scenarios, but in the case of these new areas, this is all the more true, as human lives can depend on it when doing surgery or navigating a vehicle. Ericsson’s Hungarian experts are also actively involved in building robust lines of defense. A significant part of the company's 5G security development activities are the responsibility of the local team, which includes about 120 members of the Ericsson Packet Core's international staff, 30 of which are assigned to security related development activities.
Security in a 100 percent cloud-based environment
Cloud Packet Core, one of the cornerstones of 5G networks and services, performs a wide range of tasks, from collecting data from devices connected to the network, through identifying users and devices, to enforcing current network policies, and then redirecting traffic to meet the given service provider's needs — and all of this is done in a cloud-based environment.
Built on a cloud-based, containerized, service-based architecture, the Cloud Packet Core consists of two main components: the Packet Core Controller and the Packet Core Gateway. The latter, as the name suggests, provides gateway functions and data processing within the Cloud Packet Core. The development and protection of the Packet Core Gateway is also the main focus of the Budapest team. Ensuring proper security is, of course, no small task, especially since it is a product that involves the work of thousands of engineers around the world and that affects the lives of millions.
Unsurprisingly, from the very first minute of product development, proper security must be kept in mind, handling it among the most important system requirements, and subordinating any subsequently defined additional criteria and functions to it. The development process is accompanied by continuous testing, which, of course, does not end when the products go live. Ericsson experts are constantly investigating any potential attack surfaces of each product, and if they find one, they analyze and fix it quickly.
Developers also catch errors in external software
One of the typical problems to look for is the open, outbound TCP/IP ports - while they are not necessarily a problem for closed systems, they can pose a much greater security risk in a cloud-based environment. Most of the system messages and status reports are communicated via TCP/IP ports, and if such a port can also be reached from outside the system, it can provide access to sensitive information inside the product to potential attackers. This situation could be even worse, as it can allow messages to be spoofed and block communication between system applications by jamming the communication channel with irrelevant messages. Fortunately, this example can be easily remedied with a firewall, however, it is better to start working on eliminating the potential attacks already on the design table.
Of course, this is not always possible, for example, in the case of potential vulnerabilities in software developed by third parties and communities used in the company's products. In connection with such vulnerabilities in third-party products, the company not only maintains contact with the company or community that develops the software used, but also thoroughly checks the software packages itself. If the team finds a vulnerability, they fix it immediately with a patch provided by the community or create a patch with its own engineers and then share it with the community, according to the current licensing agreements.
Obviously, the latest security standards must be followed during development and the subsequent maintenance of the lines of defense. The unique and special needs of the customers must also be met, and difficulties can also often arise from different regional security standards, that can have contradicting requirements. A typical example of this is the appropriate complexity of passwords. A strong password is critical to prevent inference attacks and brute force methods bombarding the system with automated login attempts. However, different government regulations impose different requirements for the creation of sufficiently strong passwords. While the US NIST (National Institute of Standards and Technology) emphasizes the length of passwords and does not recommend the use of special characters, the Indian ITSAR (Indian Telecom Security Assurance Requirements) requires four types of characters (lowercase, uppercase, numeric, special). The latter problem was solved by the Hungarian team by making the Packet Core system configurable, according to the requirements of each country, so the customer can set for himself which regulations the given setting must comply with.
With the ever-increasing penetration of 5G, these security developments themselves are becoming increasingly important as infrastructure becomes the cornerstone of everyday life, from personal communications, through transportation to healthcare, and the operation of industrial environments. The development of adequate protection is an integral part of all stages in the development process, in which Hungarian professionals also play a key role.
RELATED CONTENT
Like what you’re reading? Please sign up for email updates on your favorite topics.
Subscribe nowAt the Ericsson Blog, we provide insight to make complex ideas on technology, innovation and business simple.