Since the beginning of our activity, in Layakk we have been studying the security of mobile communications for years, in different areas: network access protocols, core network protocols and specific implementations (in the baseband of the terminals and in different elements of the network of the operator). Apart from the professional services (security assessments and consultancy for network operators, specialized and deep technical training, security analysis of products), this has translated in numerous publications and activities: identification of vulnerabilities (“Nuevos escenarios de ataques con estación base falsa” at RootedCon 2012; “Atacando 3G vol. III” at RootedCON 2016), practical demonstrations (“A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications” at Black Hat DC 2011; “Sistema de localización geográfica de un terminal móvil” at RootedCON 2013; “Seguridad de comunicaciones móviles 3G” at CyberCamp 2015), etc. Our activity in this area has been reinforced with the accreditation of our laboratory to perform security evaluations of products.
Since the birth of the new generation of mobile communications, we have been studying the security of 5G, which has motivated several talks (“5G: Certificación de su seguridad en Europa” at XIV Jornadas STIC CCN-CERT; “5G: Mitos y leyendas” at XIII Jornadas STIC CCN-CERT), training and other activities (assessments, consulting) for our clients.
In this article we want to share our conclusions about the 4 key aspects that need to be addressed to globally improve the security of 5G, which is a task that should involve all relevant actors: operators, manufacturers, regulators and security experts:
- CORRECT IMPLEMENTATION: One of the our recurring messages in our talks and also in our consulting activities has always been that 5G Security has been designed as being dependant on the implementation carried out by the network operators of both home networks (those that finalize the USIM cards) and serving networks (e.g. in a roaming scenario). This dependency has important implications regarding aspects such us the confidentiality of the identity of the user, the confidentiality of the communications, the serving networks, the authorization of access to different services of different 5G slices, etc. For this reason we consider critical that operators are aware of their responsibility in implementing the norm correctly. In this regard, initiatives brought forward by regulators, like the draft of the future 5G Cybersecurity Act in Spain, contribute to achive this goal, because they require these security features from a regulatory standpoint. This is one of the pillars encouraged by the European Union (Cybersecurity of 5G networks: EU Toolbox of risk mitigating measures).
- AUDIT: Just as in other areas of IT, we consider a fact that the security of 5G needs to be audited. Here we differentiate 2 work areas:
– Audit of 5G products: the products that make the 5G ecosystem are susceptible to presenting implementation defects. We are talking about products that compose the 5G networks themselves and also consumer products that, with this new generation, broaden enormously their spectrum beyond the mobile terminals (IoT, industrial devices, vehicles, etc.), which may cause that manufacturers that originally did not expose their interfaces now they do and thus have to tackle the complex task of protecting them properly.
– Audit of deployed 5G networks: with the goal of verifying that their implementation is correct and secure.
In Layakk we are working on broadening our capabilities in that area and we have created a laboratory that helps us deliver this type of services, both for product security audits and for collateral tests associated to auditing operator networks. In this laboratory we have implemented the NESAS methodology and we are committed to keeping it always up to date and evolving it towards the upcoming new 5G Cybersecurity Certification Scheme that will soon be approved by the European Union.
- DEPLOYMENT OF COLLATERAL PRODUCTS: One reality being observed nowadays is that some aspects of the security of 5G are dependant on services that are not defined in the standards and which implementation corresponds to the operator. Lately we are seeing vulnerabilities associated to access authorization, control and accounting, filtering of operations, etc. We think that a key factor in the improvement of the security must be the development and adoption of products that supply the necessary security characteristics of 5G that have been delegated by the standards. This aspect must be embraced as soon as possible to make it possible that those security characteristics get developed and implemented together with the rest during the massive deployment or the networks.
- KNOWLEDGE MANAGEMENT: The last aspect that we consider key is the management of the knowledge on 5G security that operators and regulagors need to have. We think it is of paramount importance that they hold a level of technical knowledge regarding security that enables them to be manage correctly the deployments of this technology. Also, this knowledge will be reusable in the future with the arrival of new generations (6G) shich are already in the works.
At Layakk we are commited to this objectives and we invest permanently to guarantee that we are able to offer related services, always with our devotion to quality, responsibility and honesty.