As 5G gains traction, service providers need to be able to trust their networks’ security to truly take advantage of 5G’s capabilities. Digital certificates are critical to that, writes Alexa Tahan of Nokia.
There’s no hiding the clear advantages of 5G; this technology has made way for countless innovations as well as greater speed and lower latency. However, as with any advancement, there are also new problems and complications — including securing data-in-motion.
As 5G networks are comparatively more open, relative to previous Gs, threat surfaces have grown — and are creating vulnerabilities for communications service providers (CSPs) when securing data-at-rest or data-in-motion. A solution to this is using digital certificates for authenticating data sources and data recipients.
Up until 5G, CSPs hadn’t given digital certificates much of a role. That’s because previously, they had largely just been used to encrypt traffic and IPSec or to authenticate base stations. This begs the question of why they should be focused on now.
Well, it’s fairly simple. Digital certificates within 5G networks are needed not only for the usual suspects of data traffic and base stations but also for the application level. And because it’s distributed throughout the network, certificate-based security can securely communicate across application levels to address major concerns regarding data security.
So, let’s take a greater look at the argument for digital certificates and why they are essential to 5G security.
The greater the network, the greater the security challenges
CSPs built themselves quite the security reputation in 2G and 3G networks. However, the 5G environment is different, with cloud-based infrastructures and agile-centric networks that make it easier to rapidly deploy new services.
With 5G, CSPs can evolve into digital service providers (DSPs), bettering customer experience and increasing demand for innovation by allowing customers access to dedicated services on a shared infrastructure.
However, as customers increase the number of connected devices they use and increase their data traffic volumes, machine-to-machine communication increases. This opens the door for new security vulnerabilities in critical infrastructure, including distributed denial-of-service (DDoS), denial-of-service (DoS) and GPRS tunneling protocol (GTP) anomaly attacks.
Evolving the network alongside 5G
Security vulnerabilities first became apparent during the 2G, 3G, and 4G network eras. This brought about the rollout of encryption and authentication through 3rd Generation Partnership Project (3GPP) standardization as potential solutions.
While helpful starting points for new approaches to 5G, encryption and authentication look a bit different in today’s 5G networks as their task of authenticating and encrypting data by way of digital certificates expands to all forms of signaling traffic.
As such, CSPs that level-up their network to 5G also need to step up their security measures to ensure that application programming interfaces (APIs) across every layer of the CSP cloud network are secure. In fact, digital certificates actually use this for authentication – something that wasn’t previously done as a part of other “G” networks.
In other words, these certificates are used at a much larger scale of total network communication in 5G than in previous “Gs” to provide security to all end-users of innovations including slice-based use cases for gaming and emergency services — across the RAN, core, transport and service layers.
With the vast number of functions within the network that require certificate-based security, it’s clear that certificates have a role in virtually every network domain — making them critical to 5G security.
Building a network DSPs can trust
Keeping up-to-date with customer wants and needs for increased connectivity and innovations can be time-consuming and difficult as is. Add in concerns about the security of the network, and it is just too much. DSPs need to be able to trust their networks’ security to truly take advantage of 5G’s capabilities.
Ensuring you have the right architecture in place is crucial for DSPs and CSPs when deploying digital certificates. Depending on security, compliance requirements and infrastructure, a DSP may choose to deploy a single central certificate authority (CA) or several CAs. Further, they’ll need to determine how to logically and physically separate the different services that will rely on the digital certificates.
For example, a 5G network slice supporting a mission-critical service might need maximum separation, which would demand its own separate CA for that slice only. And if required, the DSP can prevent cross-certification by configuring several root CAs separated from each other, which allows each service to possess its own root CA unrelated to any other root CA in the system.
Nonetheless, this situation is rather rare, and in most circumstances, this kind of logical or physical separation is not needed as a single CA has the capability to support multiple roots of trust for the network.
Still, this scenario highlights the importance of determining the correct configuration for the proposed network architecture. Similarly, it underlines questions that CSPs should ask about managing the certificates, planning for the immediate term, impacts on the 5G business strategy and more.
Due to the dynamism, openness and complexity that come with delivering slice-based services and multi-layer interactions, digital certificates will play a crucial role in supporting 5G networks in authenticating entities and encrypting and obscuring data.
So, while CSPs and DSPs may have looked past digital certificates in previous Gs, it’s now time to give them the respect and attention they deserve — as the network’s security depends on it.