Conceptualizing security in mobile communication networks – how does 5G fit in?
This report will uncover the telecom security aspects in the era of 5G. Telecom networks are evolving rapidly across a broad technological environment which includes virtualization, disaggregation, cloud, AI, IoT and Industry 4.0. This is met by an equally broad yet an increasingly challenging cybersecurity environment.
Key topics
The telecom network transfers voice and data across the globe with high quality and consistency. User devices such as mobile phones can stay connected regardless of time and place, which is all possible thanks to standardized signaling systems and interfaces.
Mobile telecommunication networks consist of four main logical network parts: radio access network, core network, transport network, and interconnect network.
Each network part comprises three so-called planes, each of which is responsible for carrying a different type of traffic, namely: the control plane which carries the signaling traffic; the user plane which carries the payload (actual-) traffic; and the management plane which carries the management traffic.
In terms of network security, all three planes can each be exposed to unique types of threats. There are also uniform threats which can affect all three planes simultaneously.
Core network functions and management systems are critical assets in a mobile network. Affecting the core network or management systems may compromise the confidentiality, availability, and integrity of the entire mobile network services.
Radio access network is also a sensitive asset, as it handles user data and may be placed in critical locations. At the introduction of edge computing certain core network functions are expected to deploy closer to the access sites, which makes the access also critical.
Data is one of the most important assets in mobile networks, subscriber data being the most critical one in this category. Subscriber data comprises of communication data (voice, text, and data sessions) as well as subscriber related information, such as identities, location, subscription profile, and connection metadata (e.g. Call Data Records or signaling traces). To protect subscriber privacy, this data needs to be protected at storage and at transport.
Apart from subscriber data, network management related information assets are required for proper operation of the mobile network. The management data comprises of infrastructure and service configuration data, network configuration data, security-related data, monitoring data, such as performance metrics, logs, and traces.
All data deemed critical must be protected over its entire lifecycle, including secure deletion. To ensure sustained protection, it is essential to enforce secure handling of encryption keys and the use of cryptographic algorithms and protocols of appropriate strength.
For data-at-rest, the protection should include file system protection, encryption, integrity protection and strict access control. Additional controls are necessary for data-in transit; traffic analysis to detect passing data to unexpected communication endpoints transport layer encryption, and monitoring changes to router and firewall configurations.
Data-in-use protection may require selective actions on specific data items e.g. for privacy protection.
Additional access controls can be applied, and some data elements may need to be removed, obfuscated, or anonymized.