The rule sets are logical on many levels since application-specific policy is a requirement for 5G services and enforcement must take place on the control plane. Based on “extremely important” responses, these are programmable rule sets (41%) and multi-tenant use case support (39%). Two attributes stand out, as illustrated in the figure below. This shift in application interactions on the control plane and the additional complexity inherent with securing the 5G control plane will also influence the criteria for selecting fraud and security vendors. (N=97-100)įraud and security vendors: criteria for selection Question: Compared to 3G or 4G, please indicate whether you agree or disagree with the following statements in a 5G context. Based on this input, the 5G control plane will continue to be a special area of focus in a security context. Security must also enable improvements in responses to threat vectors using caller ID (CLI) spoofing and robocalling (65%). Thus, security must be able to protect against multiprotocol attacks (68%), which affects the need to deploy distributed signaling firewalls (66%) that play a role in managing topology hiding challenges (61%). In addition, many respondents believe signaling storms will be more common both in the New Radio (NR) and NGC (65% and 60%). For example, a high number of respondents believe 5G roaming will be more difficult to secure (70%) and more susceptible to fraud (63%). Based on the high percentage of “agree” responses, there is little doubt that the 5G control plane will be more problematic to secure on several levels, as illustrated in the figure below. The study input from the survey respondents validated some of these concerns. The network actions taken by all these devices will be automated and without human intervention, possibly creating or escalating security incidents. An additional concern with 5G is caused by the impact of worldwide digital transformation enabled by massive amounts of sensors, connected cars, health monitors, etc. When I caught a first glimpse in 2017 of the 5G next-generation core (NGC) architecture with a fully distributed control plane utilizing protocols such as HTTP/2 to support a service-based architecture (SBA) control plane, it was hard not to think the control plane would once again become an area of concern. I documented this trend in a 2013 Heavy Reading report, "Service-Enabling the Control Plane: The Role of Diameter Signaling in Next-Generation Networks." As a result, the GSM Association (GSMA) recommended its mobile operator members should enhance the protection of their SS7 and Diameter interconnects with the addition of signaling firewalls.Īnother control plane concern I had was that even with 4G and the very early days of network functions virtualization (NFV), there was a sense that the control plane was evolving to play a greater role in service orchestration, which injected additional security concerns. Issues include the risks for both network overload and denial-of-service (DOS) incidents as well as the risks to individual customers of location tracking, eavesdropping, and banking fraud. In parallel, there have been increasing concerns about the security of mobile networks due to vulnerabilities with the use of the SS7 and Diameter signaling protocols for the support of mobile roaming. Fortunately, however, they were mitigated by the industry adoption of software-based control plane platforms such as Diameter signaling controllers (DSCs) that could scale and seamlessly interwork 2G protocols like SS7 and 4G Diameter-based nodes. These signaling storm concerns ultimately did come to fruition. Going back as far as seven years ago, as part of my IP Multimedia Subsystem (IMS) coverage, concerns were already noted in articles related to the potential for 4G IMS-fueled signaling storms. The topic of control plane security has been of considerable interest for me for some time. These questions ranged from assessing service providers' confidence levels in securing the 5G control plane and use case-specific challenges to determining how they would select 5G control plane security vendors.Ĭontrol Plane Security: A Special Area of Focus The MLS-based survey we developed with F5 Networks, Fortinet, NetNumber and Palo Alto Networks attracted 103 global respondents and included several questions related to the challenges of control plane security. Accordingly, this was an area of interest to the sponsors of Heavy Reading's recently completed 5G Security Market Leadership Study (MLS). Without question, the additional requirements that the 5G control plane supports will inject additional complexity into security enforcement.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |