A zero-trust approach for 5G signaling networks
Due to its increased complexity, 5G network functions are exposed to a wide range of attacks, including supply chain compromises, vulnerability exploits, weaknesses due to misconfiguration, and insider threats. 5G networks have introduced state-of-the-art security mechanisms for the signaling network, but these could be further enhanced by applying an adaptive security strategy. Before we get into the details of adaptive security strategies in a signaling network, we want you to think about the importance of security in everyday life. Take online shopping, for example. When purchasing goods, you expect the online store to be legit (the store you expect it to be) and to receive your payment. But what if the store is fake and your payment is actually received by an unreliable company that will never fulfill your order? Ultimately, you might lose confidence in shopping online and not want to do it again. Obviously, these types of scams or interactions should be avoided. But how?
Taking signaling network security to the next level
When it comes to the telecommunications industry, Communications Service Providers (CSPs) need a robust strategy to protect their networks against known security risks. A typical protection strategy first addresses the core routing functions at the network edge. Security can be taken to the next level with a zero-trust approach. With zero trust, no entity inside or outside the network is trusted, instead access to resources is permitted by dynamic policies. Zero trust relies on integrity and behavioral monitoring and security analytics for policy decisions and security posture improvements. We recommend that CSPs adopt a zero-trust strategy and also use advanced analytics to elevate the level of security protection even further.
Modern security monitoring and analysis tools can reveal known and new security risks, giving CSPs the ability to take preventative action and implement necessary countermeasures before their networks are subjected to attacks. Regular security risk assessments make it possible to continuously identify potential security risks and verify the measures that protect against them. The results of security analyzes should be integrated into the security risk assessment to turn unknown security risks into known risks.
The Changing Threat Landscape
Traditional networks offering 2G, 3G or 4G services are based on the principle that trusted network elements communicate with each other. Signaling protocols used in these networks like International Standard Signaling System 7 (SS7) including Mobile Application Part (MAP) and IP-based protocols such as Session Initiation Protocol (SIP) , Diameter, and the GPRS Tunneling Protocol (GTP), can be transported through secure tunnels but support for secure transport is not required. 5G networks use HTTP signaling which is commonly used for internet services. Unlike legacy networks, 5G supports secure signaling transport via Transport Layer Security (TLS) out of the box. 3GPP has specified secure signaling transport and it must be supported by all network elements in the 5G core network.
Although there is a solution for secure signaling transport in 2G, 3G, 4G and 5G networks, the reliability of signaling communication also relies on the integrity of peering network functions. It is always possible to inject fraudulent signaling messages into networks if a node is compromised, for example by exploiting a zero-day vulnerability. Insider threats are also of great concern when network operation is abused by compromised personnel. To overcome this security flaw, an adaptive security strategy is required.
Establish an adaptive security strategy
To protect networks from reported security threats, CSPs should follow a three-step strategy:
Step 1: Adopt a signage safety framework
To establish a foundation for a secure signaling network, a CSP must protect network equipment from unauthorized access. Externally injected signaling messages should be inspected per GSMA recommendations and terminated at the network edge.
Step 2: Use process analytics and automation
While traditional defense approaches focus on protecting the network perimeter, policy decisions with the zero-trust approach are made based on trusting the identity and integrity of the claimant. The transition to zero trust requires efficient trust level calculations, which can be fed by methods for integrity monitoring, behavior analysis and threat detection.
Security analytics based on the adversary behavior model could provide superior threat detection capabilities if supported by a knowledge base of telecom-specific behaviors. Insider threats could be effectively addressed by user behavior analysis methods that detect bad behavior that deviates from the norm. Anomaly detection techniques, powered by machine learning (ML) and artificial intelligence (AI) algorithms, can mitigate unknown threats by identifying anomalies and drawing the attention of security analysts to suspects at an early stage.
Step 3: Perform regular compliance monitoring and security assessments
Compliance monitoring and security assessment is an essential procedure performed to understand the level of risk to which a signaling network is exposed and the extent to which known security issues are mitigated by network functions.
5G is not just new G: 5G is about new business models, opening up the network for businesses and organizations to increase business opportunities, while benefiting users. However, opening up the network also means you are opening it up to malicious attacks. In 2G, 3G and 4G, the basis of security was based on reliable network elements. But in 5G there is no such thing – in 5G you need to take signaling network security to the next level. Establishing an adaptive security strategy will be key to protecting your 5G network and your 5G customers.
Learn more. Check out our white paper: 5G Signaling Security – Achieving Adaptive Security in the Signaling Network
Learn more about 5G signaling