Telecom Tech Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Telecom Tech Outlook
The legacy telecommunications infrastructure has been providing essential societal functions as well as supporting business and consumers while under attack from various hackers, fraudsters and nation states. The infrastructure is composed of many components including user endpoints (e.g., smartphones), access networks (e.g., radio towers and subsystems), core network (e.g., switches and databases), and interconnection points (e.g., signaling gateways) between service providers. All of these network elements, protocol stacks, service functions, interfaces and databases can be targeted and exploited to obtainunauthorized location tracking, call interception, caller ID spoofing and denial of service.
There are major technology and architectural trends that create new attack paths to the endpoints and the core network and increases the challenges for security and privacy:
• Changesin telecommunications protocols from Signaling System 7 to IP-based protocols and interfaces (e.g. HTTP, Rest API)
• Security risks with 3G and 4G network infrastructures co-existing with the emerging 5G technology
• Hand-off connections to WiFi networks continuing even with 5G, exposing more and more cellular users to WiFI security threats
• Agile networking by the virtualization of network and security functions (NFV) and enabling network slicing to create virtual path through the network to support specific application requirements
• Multi-media smartphones with downloadable diverse applications and programmable and embedded Subscriber Identity Modules (eSIMs)
• Exponential growth of vulnerable Internet of Things (IoT) devices and applications using open source software middleware and IoT gateways with enterprise, cellular and private network connections.
• Local Cloud-based edge computing and storage environments that reside closer to the subscriber to address latency requirements
Over the years telecom service providers have been active in working with suppliers, standards forums and industry groups to implement security features within the service architectures, individual products, interfaces, applications, signaling protocols and management systems. However, these new threats, service models and technology changes continue to challenge the current security controls and generate the need for more complete, robust and scalable security within and across these new components. To counter these potential targets and previous intrusion experiences, many new 5G security properties have been defined such as signaling message authentication and confidentiality, bearer traffic confidentiality, and user identity and location confidentiality. In addition, the home network verifies the device location when roaming, an access agnostic device context authentication framework, network segmentation through controlled network slicing, integrity protection for the user plane, certificates for IoT devices, protected APIs and endpoint-assisted network-based detection of false base stations.
There are alsoindustry activities to address these challenges including:
• FCC sponsored Communications Security, Reliability and Interoperability Council (CSRIC) will be examining key 5G 3GPP standards (i.e., Releases 15 & 16)to identifysecurity gaps and approaches to address these gaps
• Council to Secure the Digital Economy (CSDE) and the supporting organizations published baseline requirements for IoT device security capabilities
• GSMA, a global mobile industry trade association continues to develop specific guidance to secure different signaling protocols (e.g., SS7, Diameter), Network Equipment Security Assurance Scheme (NESAS), interconnections between service providers, subscriber fraud protection and different infrastructure functionality across 3G-4G-5G mobile generations.
• CTIA, the wireless industry association, recently launched its IoT Cybersecurity Certification Program to test cellular connected devices in authorized labs to verify security capabilities.
The telecommunications infrastructure is going through significant changes to support new multi-media services with demanding requirements. The number of devices and dynamic interactions across the control and user planes and the network subsystems are already creating new security challenges. These changes are being built on legacy technology and architectures that have experienced successful attacks and abuse. The challenge will be to create a security approach that addresses typical security vulnerabilities (e.g., weak API security, gateway misconfigurations), and creates defenses for the new devices, protocol stacksand vertical and horizontal end-to-end planes with intelligent security management.
However, if you would like to share the information in this article, you may use the link below: