Ericsson report says 5G will require a complete security rethink

The arrival of 5G networks from 2020 may necessitate a complete rethink of security methods, claims a new white paper from network specialist Ericsson.

While current 4G cellular systems provide a decent level of security for users, that won’t automatically prove to be sufficient with the switch to 5G.

As the report points out, 5G won’t be a simple evolution of previous mobile network standards in the same way that 2G, 3G, and 4G have been. It will represent a sizeable leap forward in complexity as well as performance, requiring a whole new approach to security.

For example, while mobile networks up to now have been designed to serve individual users, 5G will connect whole industries, such as intelligent transport, smart grids and e-health. 5G will also serve to link hundreds of individual unmanned devices and sensors in any one area rather than just individual smartphones operated by a single person.

“What characterises 5G, even more than 4G, is that it will have a crucial role in the operation of society,” says the report. As such, the scope of 5G’s security systems will need to go far beyond what we see now, and will likely bring about increased regulatory involvement.

Useful reading : What Is 5G?

5G security characteristics

Ericsson claims that there will be four defining characteristics of 5G security: 

• New trust models: 5G will bring in new actors, devices and business models, which will necessitate extended requirements in authentication. In addition to the next generation of smartphones and tablets there will be things like industry automation control devices, shipping containers, vehicles, and climate monitoring sensors all joining our networks.
• Security for new service delivery models: There will be a much less reliance on proprietary hardware and much higher emphasis on software ‘virtualisation’ with 5G, which will necessitate much stronger security software. “Decoupling software and hardware means that telecom software can no longer rely on the specific security attributes of a dedicated telecom hardware platform,” says Ericsson.
• Evolved threat landscape: 5G’s increased importance will mean an accelerated threat from hacktivists, underground economies, cybercrime and cyber-terrorists. What’s more, with 5G set to become a vital part of society, public safety could be impacted by such attacks.
• Increased privacy concerns: There are growing concerns in the media over mass surveillance, and of tech companies extracting personal data without permission. This will need to be discussed within a 5G context, with the new network set to create an even more connected world.

Because of the increase in number and variety of connections that will define 5G, Ericsson proposes that a well-designed, flexible security baseline is needed rather than a simple increase in security measures. This will require “a multi-stakeholder approach involving operators, vendors, regulators, policy-makers and representatives of 5G users” prior to 5G standardisation.

The report mentions four specific technical topics that will need to be covered by any such baseline 5G security approach: identity management, radio network security, flexible and scalable security architecture, energy efficient security and cloud security.

Ericsson concludes by highlighting a pair of important overarching points concerning 5G security. For one thing, not every device will be connected - “only those things that benefit from being connected”. Secondly, while many more devices will indeed be connected, that doesn’t necessarily mean that this will be over a single 5G system.

Download the report:  5G security – scenarios and solutions for free here

Image credit: Ericsson