Originally published in No Jitter on February 26, 2018

5G will present new opportunities for hackers to challenge security protocols and traditional network protections.

Every few months there seems to be a new story in the press about hacking or some other security or privacy failure with a particular mobile network. This publicity can be devastating to an operator’s brand and can result in increased churn, more downward pressure on prices, and increased regulatory scruntity. Other security issues, including theft of voice and messaging revenues, can deplete an operator’s profitability.

These security concerns have prompted mobile network operators (MNOs), vendors, and standards groups to address vulnerabilities within the signaling networks and roaming or interconnect arrangements. Security concerns include: toll fraud; eavesdropping or spying; and illicit and illegal use of location data. Prominent public reports of such breaches — several of which I’ve cited below — have fueled the urgency in addressing these issues.

One solution that has gained prominence is signaling firewalls. These network elements can help prevent location tracking, and phone call and message interception. We expect that these firewall solutions will initially begin with SS7 networks and then include diameter signalling as LTE and Voice-over- LTE (VoLTE) interconnects proliferate shortly thereafter.

Security and fraud-prevention audits and network monitoring services often accompany signaling firewalls. A vital part of the total network security solution, these services are approximately equal to, or perhaps larger than, the firewall market itself in terms of revenue.

Openness: a Double-Edged Sword
While MNOs face continued pressure to block and scrutinize exogenous network traffic, they also have incentive to be more open with their networks. This comes in the form of open APIs that allow third parties to access an operator’s network functions and services and quickly develop, deploy, and monetize services that successfully compete and partner with over-the-top service and content providers like Apple, Facebook, Google, and Netflix. Since many of these services and applications are IP-based — like VoLTE and the soon-to-be 5G — network operators are going to have to address the new security challenges unfolding around them.

If new technologies like the Internet of Things (IoT) and artificial intelligence proliferate and become dependent on ubiquitous high-speed networks, 5G will help enable them. However, 5G will also present new opportunities for hackers to challenge security protocols and the systems MNOs have implemented to protect their current networks.

We can’t just assume that the security architecture inherent in 4G LTE addresses all issues. 4G LTE includes LTE vulnerabilities as well as long-standing IP-based security weaknesses, which MNOs are left to manage by themselves. The popularity of VoLTE, or VoLTE with 4G deployed throughout Asia, North America, and most of Europe, is increasing 4G LTE security concerns for MNOs.

Security from hackers continues to be at the forefront of operator, enterprise, and government concerns. Helping these entities formulate security strategies is a key service for networking vendors and diameter signaling contollers to provide for mobile networks now and in the future.

Security and Signaling with 5G Networks
The advent of 5G core network elements has prompted the the 3rd Generation Partnership Project (3GPP) to support HTTP/2 for its flexible format and scaling ability, its use of open source technology, and because it encrypts traffic. But the 3GPP also defined a new network element, the Security Edge Protection Proxy (SEPP), which is roughly analogous to the diameter edge agent in LTE networks. The SEPP will be tasked with topology hiding and encryption services as 5G traffic traverses network boundaries between other operators and content providers, and other external groups. Given IoT and network slicing business models, a wide variety and large number of external organizations will likely be accessing an operator’s network, making security an even more important factor in 5G networks.

A new signaling protocol will likely require the need for an HTTP/2 proxy (or similar) network element that sits within the core of an operator’s network and will serve many of the same use cases as a diameter routing agent, including congestion control, protocol normalization, session binding, subscriber-level routing of network traffic, and interworking with legacy technologies. While the standards are still in the formative stages, we anticipate publishing a forecast of the 5G signaling market within the first half of 2018, as it will certainly be an element of interest in this market.