Treehouse Technology Group is pleased to partner with guest blog contributors. With the emergence of new technologies, data security is of the utmost importance to all of our development projects.
Exclusively written for treehousetechgroup.com
Submitted by Alisha Carrie
The rollout of 5G is now only a matter of time. It promises higher speeds, lower latency, and increased bandwidth. This new technology comes at a perfect time with the increasing prevalence of Artificial Intelligence and the Internet of Things. But while 5G and its benefits may be impressive, many are still concerned how this new technology will fare in terms of data security.
To understand the situation better, let’s first examine the security vulnerabilities of current mobile data technology. When it comes to 3G, there are concerns regarding its dependence on monolithic cell towers, which makes it easy for hackers to target network providers. The more recent technology, 4G LTE, was initially lauded for its peer-to-peer (P2P) communication model. But cybersecurity experts noted that its P2P system also opens it up to mobile-to-mobile attacks. In addition, the Black Hat conference revealed an exploitable point in 3G and 4G’s authentication and key agreement. Said flaw forces a phone to connect to compromised networks, allowing a hacker to track consumption patterns and even the device’s physical location.
There’s also the equally disturbing issue of malware attacks involving both 3G and 4G. A study published on Research Gate traced the evolution of mobile malware such as Trojan, Botnet and Rootkit. This only stresses the importance of defensive strategies in data protection and cyber security in general. Maryville University details some of these pre-emptive tactics and post-attack countermeasures, including digital forensics, incident response and malware analysis. With so many challenges faced by existing mobile data technology, it’s getting harder to deal with attacks, let alone prevent them.
5G is expected to address these issues by enabling mutual authentication between networks and users. Pushing the P2P model to its physical limits, 5G may be considered similar to decentralized technologies today. This mutual authentication process makes it easier to detect threats and enforce better network hygiene. According to John Marinho, CTIA Vice President of Technology and Cybersecurity, “5G addresses all of what we know about previous challenges, but also privacy by design. It’s baked in from the beginning… Security is more embedded and dynamic than ever before.”
Of course, there are still concerns about 5G’s dependence on SS7 and Diameter for communications control. These protocols, which have been designed for 2G/3G tech, form the backbone of 5G’s data transfer and voice call capabilities. However, they were crafted for optimal data performance, and not for security, according to an assessment from Cornell University. The researchers noted that some of the most important security goals have not been met by 5G’s protocol. They added that “the standard does not provide for mutual authentication requirements and agreement properties on the established key, despite the fact that 5G uses an Authenticated Key Exchange protocol.”
Then there is the question of who gets to build the 5G infrastructure. This became a hot issue in New Zealand, as the country’s intelligence agency rejected the first request from China’s Huawei Technologies to use 5G equipment. Citing national security concerns, intelligence services minister Andrew Little explained that 5G’s configuration means every component of the network can be accessed. This whole episode adds another layer of complication to the problem, as 5G infrastructure will not only power mobile devices but also entire IoT micro-networks.
Thankfully, entire communities have dedicated themselves to patch up these holes. A European consortium consisting of wireless vendors and researchers known as the Next Generation Mobile Networks Alliance published a white paper on 5G. Meanwhile, groups such as 3rd Generation Partnership Project (3GPP) and the UN-backed International Telecommunications Union have made forays into establishing industry standards. Other researchers suggest new ways for identity management aside from device-based identification methods currently used by 4G and older technologies. Using multiple association mechanisms can improve security and privacy, as well as address the device location vulnerability raised earlier.
It is clear that prior to and even after 5G’s release, there will be security challenges to overcome. While decentralization makes it harder for hackers to exploit a network, it exposes other areas of the data structure which may be targeted by cybercriminals. Combined with the arrival of 5G, more processes will most likely be shifted to the cloud, as we have discussed in a previous Treehouse Tech post. Putting the majority or all of the data on this system come with its challenges, too. There is much more to be done to make 5G secure to a level where its benefits far outweigh the risks, but the industry is making strides.
Image credit: Pixabay