Security and Data Privacy in 5G and Next Generation IoT Networks
As 5G standards continue to evolve, all relevant stakeholders including research institutions should be involved in the 5G technology rollout process and the 6G development initiative to ensure the security of billions of IoT devices and systems. This also applies to the development of emergent networks which will have big implications for government and industry solutions in terms of public safety and critical asset protection.
The Internet of Things (IoT) has become part of our daily lives, from wearables and smart homes to industrial applications. A recent research study by Transforma Insights estimated that the global IoT market will reach 24.1 billion active devices by 2030. However, as the number of IoT devices connected to the Internet continues to grow so will the number of security and privacy concerns. Each of these devices is a potential gateway for hackers and other malicious actors to gain access to our social and economic infrastructures, which include our health/medical information and shopping habits. Once a threat actor has access to a device in a network, they may use tactics such as lateral movement to access other devices and information that would usually be inaccessible. Therefore, security must be a crucial part of the design of IoT systems across every part from the devices, to the networks, and programs. Besides, privacy and ethical issues in the use, storage, and analysis of personal and sensitive data must also be taken seriously. This article looks into the issues of security and privacy in 5G and emergent IoT networks. It also reports on recent academic and industry research studies on approaches for securing IoT networks and mechanisms for protecting sensitive data.
Threats and Vulnerabilities in 5G and Next Generation IoT Networks
Many countries have joined the race towards realizing the fifth generation (5G) networks and the global rollout of the technology which promises to open the door to many new possibilities for new technologies and devices. According to the Canadian Internet Registration Authority (CIRA) Labs, the widespread deployment of 5G networks will lead to an explosion of internet-connected devices in households and businesses around the world. And as more and more devices become internet-connected, the cybersecurity risks around them will grow. This literature survey on security and privacy of 5G technologies reported that the 5G era will provide an ideal target for attackers due to IoT, connected world, and critical infrastructure facilities. The review also covered holistic investigations on security challenges in key 5G security domains which include authentication, access control, communication security, and encryption. Despite the numerous applications and potentials of 5G networks, there seems to be an agreement across both academia and the industry about threats and vulnerabilities in 5G-enabled IoT networks.
- According to Ericson’s 5G network security guide, 5G networks will serve as the critical infrastructure to facilitate digitization, automation, and connectivity to machines, robots, and transport solutions. Also, 5G networks will expand traditional relationships between consumers, business users, and mobile network operators. This expansion will include new relationships that will depend on trust between different stakeholders. Thus, there is significant value at stake as well as a significantly different tolerance for risk.
- This Huawei’s 5G security whitepaper also affirms that 5G networks face security challenges brought by new services, architectures, and technologies as well as higher user privacy and protection requirements. And that the key assets of 5G networks that are targeted by attack agents include personal' data and communication data, hardware and software assets of wireless and core networks, computing resource assets, as well as accounts, passwords, logs, configurations, and charging data records operated and maintained by operators.
- This Nokia’s 5G security whitepaper also reported that 5G networks will see more devices, people, and enterprises connected than ever before with trillions of endpoints delivering data. As such, attackers can exploit thousands or even millions of interconnected and vulnerable nodes to steal data, gain personal information, or deploy ransomware.
Although 5G networks will have stronger security protocols than its predecessors, it is still vulnerable to adversarial attacks. Adding to this challenge is the current wave of competition in the global rollout of the technology which may push some vendors to sacrifice security testing for speed, allowing potential vulnerabilities in the network to be easily exploitable by attackers. While many vendors will take their time and ensure security vulnerabilities are tested, yet the addition of several new devices noted above provides an opportunity for malicious online parties and threat actors to penetrate the market with greater force.
Securing 5G-Enabled IoT Networks
IoT systems support new business models that involve new actors (users, devices, service providers), all of which affect the trust and security of the entire network. The trustworthiness of services and service use depends on how the actors govern identities, data security and privacy, and the degree to which they comply with the agreed policies, standards, and regulations. A major step in securing 5G and emergent networks is for all stakeholders to conduct security assessments to help identify gaps between existing security capabilities and 5G security requirements. One example of strategies geared towards securing a 5G-enabled IoT network is the CIRA Labs’ collaboration with a cross-disciplinary team of experts, technologists, and advisors to develop a cutting edge Secure IoT Registry to securely provision IoT devices. The Registry is aimed at establishing trust among mobile network operators, cloud service providers, IoT device manufacturers, and end-users. This literature survey explores the core enabling technologies that are used to build the 5G security model and identified security issues associated with 5G key technologies which include software-defined networking, network function virtualization, cloud computing, multi-access edge computing, and network slicing. It also included a horizontal analysis of security monitoring and privacy aspects on the 5G network. Finally, a comprehensive list of future directions and open challenges were provided in the review to encourage future research on the 5G security domain. In terms of industry efforts:
- This Ericson’s 5G network security guide reported that building a secure 5G requires a holistic view rather than only focusing on individual technical parts in isolation. Specifically, interactions between user authentication, traffic encryption, mobility, overload situations, and network resilience aspects need to be considered together. The guide also detailed Ericsson’s 5G product security.
- According to Huawei’s 5G security whitepaper, to control risks in the 5G network, there is a need to continuously enhance security solutions through technological innovation and build secure systems and networks through standards and ecosystem cooperation. The industry needs to understand the requirements of diversified scenarios and better define 5G security standards and technologies to address the associated risks. The whitepaper also detailed Huawei’s 5G product security.
- This Nokia’s 5G security whitepaper reported that 5G requires built-in security that goes beyond the 3rd Generation Partnership Project (3GPP) standards and encompasses automation, security orchestration, analytics, and machine learning to detect and mitigate threats. According to the whitepaper, a major step in building out the new 5G security approach is a security assessment to help identify gaps between existing security capabilities and 5G security requirements. The whitepaper also detailed Nokia’s 5G product security.
IoT Security in Next Generation Networks
As 5G research matures towards a global standard, the research community has already initiated a plan for the development of sixth generation (6G) networks targeting the year 2030. The 6G network will use higher frequencies than 5G and also provide substantially higher capacity and much lower latency. The first 6G flagship Wireless Summit held in March 2019 in Levi, Finland, launched the process of identifying the key drivers, research requirements, challenges, and essential research questions related to 6G. One of the outcomes of the summit was this 6G whitepaper which describes its goals, the use-cases anticipated in 2030, and the associated technical requirements. In terms of security and data privacy, the summit noted that by 2030, the digital and physical worlds will be deeply entangled and people’s lives will depend on a reliable and operational network. It further warns that major industrial value will be lost if networks fail. Whereas in the digital world an attack may compromise intangible assets, in the cyber-physical world physical assets could be stolen, incapacitated, or harmed by digital attacks. A malicious cyber activity could lead to loss of property and life. The networks will also generate an unprecedented amount of sensitive information about people and businesses. Such private information collected from the physical world can be very sensitive and used against people’s interests in many ways. Therefore, 6G technology needs a network with embedded trust and that privacy protection is one key enabler for future services and applications.
In conclusion, as 5G standards continue to evolve, all relevant stakeholders including research institutions should be involved in the 5G technology rollout process and the 6G development initiative to ensure the security of billions of IoT devices and systems. This also applies to the development of emergent networks which will have big implications for government and industry solutions in terms of public safety and critical asset protection.