Is 5G more secure than 4G?
It’s a fact: there’s a growing buzz around 5G right now as carriers start to launch their first services. But the question few ask is if 5G is more secure than 4G? Is 5G even needed? And how does 5G play out from a security perspective?
By now, we’ve all heard probably of the coming 5G revolution, on how—for the first time in more than a decade—a major improvement in mobile performance speeds is coming (We all remember how the 3G to 4G transition certainly was a massive improvement in using Internet on the phone). Global mobile data traffic is expected to multiply by five times before the end of 2024 and the current 4G networks simply won’t be able to keep up; clearly a new standard is necessary. And 5G is promising to herald in a new industrial 4.0 revolution as it will enable new use cases where very low latency is required, from situations like Industrial IoT (IIoT) and autonomous cars to remote surgery, 5G will, if you believe the hype, lead to one of biggest structural changes to connectivity yet.
What, however, are the specific benefits and how will they play out for security?
Today, when you switch on your phone it performs an Initial Attach to the 4G network, authenticating you using your SIM card. In 5G there are other, more expanded options to using the SIM card. The 5G authentication procedure is called Primary Authentication and will give you session keys that will be used in the communication between the device and the network. It uses the Extensible Authentication Protocol (EAP)—a security protocol specified by the Internet Engineering Task Force (IETF) organization. It supports certificates, pre-shared keys, and username/password. EAP is also used for Secondary Authentication, which is used when you setup a data session to browse to a website for example.
When you have your 4G phone in your pocket and it doesn’t receive any data it can enter IDLE mode. Then when you get a message from a friend or if the network needs to wake up your phone (or to send data to it for other reasons) it will perform a Paging. In 4G the paging can expose your device ID, the IMSI, which could be caught by someone monitoring the air interface. In 5G IMSI cannot be used for Paging, there will only be temporary ID’s which will improve privacy.
There is also less information in clear text in the control plane signalling messages which makes it harder for someone to correlate them to identify a single subscriber.
Furthermore, the 5G network can detect false base stations, so called IMSI catchers in a very clever way. It simply performs analytics on the radio environment data that devices report back to the network anyway. Such as neighbouring base stations and their signal strength. If devices suddenly report a new base station, it will be caught as an anomaly. It would even be possible to use the device reports to triangulate and get the location of it.
Improved Core Network Security
The 5G core network has a Service Based Architecture (SBA) which is offering services on-demand rather than the traditional point-to-point interfaces between nodes. The transport between network functions is protected using TLS (1.2 and 1.3). It has an authorization framework using OAuth2 at the application layer to ensure that only authorized network functions are granted access to a service offered by another function.
Improved Roaming Security
There is a new network function called security edge protection proxy (SEPP) processing all the roaming signaling traffic. Authentication between the SEPP’s is required and there is a level of application layer security on the interface (the interface is called N32).
Improved Edge and Backhaul Security
Integrity protection of the user plan data between the device and the gNB is a new feature with 5G but it is resource demanding and may not always be used. You get the picture, 5G is absolutely an improvement in many regards, especially in the terms of security. But still, to realize the full potential of 5G, technology needs to be created to release the full potential benefits.
Clavister’s 5G Security Solution
One of the first technical issues to address is network scaling and slicing. The SBA and Network slicing requires a virtualized core network as the principle is to spin up multiple instances of the network, or parts of the network, on demand.
That’s why Clavister has a unique position with its Services Based Firewall, Clavister NetShield. It’s ideal for protecting, for example, virtual core networks, running fully virtual and being orchestrated by the same tools that orchestrate the other network functions. The orchestration is enabled by Clavister InCenter which offers one API for managing the full security solution from Clavister including Core Security, Service Domain Security, Roaming Security, Backhaul Security and Edge Security.
The future looks bright for 5G and with vendors configuring their solutions to fully tap into its benefits, consumers will get those new, amazing services even quicker.
The Radio base station in 4G is called eNodeB (eNB), in 5G it’s called gNodeB (gNB).
Comparing the “G’s”
- 1G: Mobile voice calls
- 2G: Mobile voice calls and SMS
- 3G: Mobile web browsing
- 4G: Mobile video consumption and higher data speed
- 5G: Technology to serve consumers and digitalization of industries
Benefits of 5G
- 100 times faster
- More responsive
- Lower network latency, 1-10ms
- More stable
- Network Slicing, making it possible to dedicate a unique part of a 5G network for a service
- More secure
- Enhancements of: Authentication, encryption of traffic between nodes and privacy
- More cost efficient
- 5G will enable 10 times lower cost per gigabyte than current 4G networks
Find out more about Clavister’s 5G and telecom solutions here