5G Mobile Security Challenge

A few months ago, I attended the 5G World Congress and listened to discussions around the many challenges and technical requirements facing 5G technology.

The questions everyone wants solved are:

• Which services actually require 5G access technology? What types of content demand the fastest service? According to lectures delivered by leading mobile service providers such as DoCoMo and KT, 5G networks need to deliver higher date rates to support applications such as 3D hologram video, VR and live broadcast.
• How will the networks support the exponential growth of end-devices requiring service brought about by IoT? As IoT end devices are carrying different ARPU models, 5G should address this challenge in improved cost per bit technology.
• What is the best way to support critical services such as voice, and how to build private networks (e.g. for connected antonyms driving cars) with zero latency and improved QoS, avoiding outages?

As 5G will be commercially launched only during the 2020 Tokyo Olympic games, it was agreed that the road to 5G will be via GIGA LTE that delivers 1Gbps data rates already.

The 5G security aspect:

The traditional network concept was to design one-size-fits-all architecture. But because the 5G network is designed as a zero latency network, hosting millions of end devices including IoT endpoints, it endorses advanced NFV, SDN and network slicing models to become fast and agile networks.

As attacks are getting more complex, lasting longer and include multi-vector attacks targeting all layers of the infrastructure and applications, multi-security defense solutions as FW, IPS, NBA, WAF, SSL protection and cloud-based solutions have to be introduced to the SP network in order to properly secure it.

[You might also like: Uber-less Austin Virtually Full of Common Themes at Light Reading’s BCE]

This sends carriers out shopping for security solutions. However, one of the biggest challenges they face is that many of the various vendor solutions available are really single-function products. They lack the correlation between the different layers that will introduce blind spots, which allows an attack to succeed.

The current mobile domains are exposed to a verity of attacks such as:

• Core disorders – MSPs that allocate real IP addresses are exposed in some scenarios to Internet attacks such as ICMP flood and network scans that may result in paging flood, overwhelming their RAN
• Signaling storms created by chatty applications or poorly written applications
• Untrusted Mobile Access vulnerabilities: FEMTO and Wi-Fi AP DDoS, User Plane Packet injection, physical tempering (such as packet interception), and last but not least…
• IoT and misbehaving end points (bots, malwares, attackers)

Those Bots and Malwares Turn Mainly Android and IoT Devices into a Botnet!

The threat of a mobile botnet is very real and often hidden in unsuspecting apps found in different app stores. An HTTP flood from a mobile botnet can easily produce over 100,000 unique IP addresses, making it increasingly difficult for service providers and websites to mitigate such a large scale attack.

IoT: The Internet of Zombies:

Among the many benefits IoT brings, it also introduces a two-fold dilemma: the protection of things vs. the protection from things.

According to available IoT research, we can find that:

• 60% of devices were subject to weak credentials,
• 90% collected personal data,
• 80% did not use passwords or used very weak passwords,
• 70% of cloud-connected mobile devices allowed access to user accounts,
• 70% of devices were unencrypted

[HPE Internet of things research study 2015 report]

So what should a carrier look for when designing a security solution for their 5G network?

• Patented unique algorithms:
  1. Fuzzy Logic Inference system: This technique intrinsically assumes that the analyzed parameters are uncorrelated. Utilizing rate and ratio, the fuzzy logic can easily differentiate between mass crowd/ flash crowd events vs. an attack, avoiding false positives scenarios
  2. Automated real time signature generation engine for zero day attack detection.
  3. IP-Agnostic Fingerprinting Protection: To detect bots that either dynamically change their IP address, or located behind CDNs (single IP), fingerprinting detection should be in place.
• Automatic Life Cycle Management: Designed to lower the TCO and reduce operational costs by avoiding manual SOC analysis per attack. Criteria-based operations pending several security elements information, to define a set of actions to operate incident response.
• Visibility via robust data collection: DefenseFlow, Radware’s security command and control, acts as a cartelized cyber controller, enabling robust data collection from a variety of sources as external 3rd party security detection devices. Radware’s virtual and physical L4-7 devices, via net flow and SDN enabled devices, utilize the network as a security sensor, and Radware’s lightweight “behavioral and virtual detector.”
• An Emergency Response Team: A highly skilled team of security and product experts that keep the mobile service provider safe 24/7, monitoring and blocking attacks in real time. The team takes proactive measures such as enlisting security researchers to do Darknet research and provide heads-up customer notice about attack operations (who, how and when). They also conduct On-Premise Device Management and periodic network security design and configuration review.

In a world where the threats are ever-evolving, there’s a need for technology that is continuously adaptive, with the widest security coverage.  As a carrier, be sure you choose a comprehensive best-of-breed technology to guarantee your 5G network security and carrier grade availability.