Weaknesses in the various legacy protocols in signaling security have been revealed over the last decade. Today they are rather numerous and often exploited (from SMS spam to subscriber DoS and account fraud to location tracking and call intercept). As part of the provider’s core network, it is up to the carrier to address any vulnerabilities. Michela Menting, cybersecurity applications research director at ABI Research, zooms in on how a smarter focus on improving signaling security could enable a smoother transition to the 5G network.
Telecommunications signaling protocols are designed to control communications between endpoints and switching systems, essentially allowing for establishing and terminating a connection. Various protocols have been devised over the years for the different cellular generations, and those still in use today include Signaling System No. 7 (SS7) for 2G and 3G networks and Diameter for 4G. These are proprietary based protocols designed specifically for those cellular networks. With 5G networks, there is a drastic change in signaling, which will happen over the open network protocol HTTP used in the world wide web. Importantly, 5G networks will use the latest generation, HTTP/2, standardized in 2015 by the Internet Engineering Task Force (IETF).
Numerous solutions have emerged on the market to handle these, such as monitoring and filtering through firewalls. Accompanying guidelines have been published by standards development organizations, such as the GSMA and the 3GPP, but their implementation by carriers has been primarily done in a rather one-sided and disparate fashion, leading to a fragmented approach to mobile network security that continues to retain many weak points.
Integrating Advanced Signaling Security
In large part, advanced signaling protection is a costly and relatively complex effort, not least because it needs to be integrated somehow into deployed infrastructure that is largely hardware-based. For maximum efficacy, security needs to be deployed comprehensively in a coordinated manner, which is currently not the case. Further, a fragmented regulatory landscape on signaling security is not conducive to adoption by carriers, many of which prefer to accept the risk rather than invest more in security.
Since the various cellular generations often overlap and therefore need to communicate, interconnecting between them is required. As such, any vulnerabilities within specific protocols necessarily affect other networks. The impact on 5G networks is therefore not negligible, especially for non-standalone networks which will be directly vulnerable to weaknesses inherited from legacy signaling protocols.
Nonetheless, efforts to minimize these risks from a standardization perspective and modern commercial solutions have found innovative ways to solve some of the issues.
The advantage of 5G is that security and privacy were seriously considered during the standardization process, where issues of legacy cellular networks were taken into account. As such, it means that security has been designed into 5G networks and rolled out during deployment.
See More: 5G Security in the Spotlight: Can it Help Sustain Future IoT Applications?
5G uses of HTTP/2 as an application layer protocol for all communications on the control plane (via RESTful APIs), which means signaling between network functions will also happen here. 5G’s service-based architecture eliminates the strict signaling hierarchies present in past protocols, allowing unfettered communication between different signaling consumers and producers. This could pose an issue through the expansion of threat vectors, but the 5G standard development body, the 3GPP, introduced safeguards in the design.
Securing Interconnect Between 5G Networks
To ensure security for 5G signaling, the security edge protection proxy (SEPP) was devised to sit at the perimeter of the public land mobile network (PLMN) to ensure secure interconnect between 5G networks; all signaling traffic between networks must therefore transit through the SEPP, which can provide confidentiality and integrity of signaling information (through encrypted application interfaces, TLS security, separate security negotiation interfaces, message filtering and monitoring, etc.).
This is all well and good for stand-alone 5G cores, but what happens to the vulnerabilities inherent to SS7 and Diameter in non-standalone 5G networks which present a hybrid architecture leveraging 4G evolved-packet core (EPC) and 4G LTE radio with 5G new radio (RN)?
Various security technologies to minimize some of the legacy protocol risks have been available for some time, notably through distinct firewall solutions (SS7 firewall and Diameter firewall). The difficulty now is how to best manage these various security solutions alongside signaling security requirements for 5G through the SEPP.
The market has risen to the demand, and today there are commercial SEPP solutions available from various vendors that seek to converge all firewall functions into one overarching technology. Cross-protocol signaling firewalls have emerged as an ideal solution, able to monitor traffic across various protocols such as SS7, Diameter, and HTTP/2, as well as GTP, SIP, MAP, etc.
Security Edge Protection Proxy in Action
SEPP is essentially a platform solution that can be deployed in various models:
- Pre-integrated into a COTS hardware appliance that is installed on-premise or in turn-key (proprietary) hardware appliances,
- Deployed in a virtualized environment,
- On containerized applications in cloud infrastructure.
SEPP is essentially a highly flexible and adaptable platform, and its abstracted deployment models will be easily scaled as the network evolves. Protocol support can be added or removed as needed, allowing for better management of signaling security. Further, these support a more cost-effective operational expenditure model than dedicated hardware appliances.
Most interestingly, some of the commercial offerings on the market today are built on single-engine product designs, meaning those engines also underlie other product offerings, such as the service communication proxy (SCP) and the binding support functions (BSF).
Simplifying Network Risk and Vulnerability-management
Today the focus is on simplifying the complexity of managing security for known vulnerabilities of legacy protocols as they become part and parcel of 5G networks. As older cellular networks are discontinued, these risks will eventually lessen until they disappear altogether with 5G SA.
Certainly, going forward, there are bound to be new vulnerabilities and issues revealed for signaling security in 5G networks. However, 5G’s service-based architecture and the use of open protocols will mean that remediation will happen faster and be less expensive, enabling 5G stakeholders to patch and update their networks more quickly.
What network security challenges do you foresee as we transition to 5G capabilities? Share with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
MORE ON 5G
About Expert Contributors: The Expert Contributor program is designed to help kickstart meaningful conversations around the priorities and challenges most critical to C-level executives. The insights and perspectives will help CIOs tackle what’s most important to them. We are always looking for industry thinkers who can help set the narrative for our enterprise audience. To know more about this program, and submit your ideas, reach out to the Spiceworks News & Insights Editorial team at editorial-toolbox@ziffdavis.com.