Topics In Demand
Notification
New

No notification found.

Addressing 5G Security Concerns with Threat Modeling
Addressing 5G Security Concerns with Threat Modeling

March 9, 2022

281

0

5G technology is poised to transform the world of telecommunications with unprecedented speeds of data transfer. For example, it promises 100 times the data transfer speed of 4G or LTE with a network latency of less than 1 millisecond. In other words, issues like latency are going to be a thing of the past, with digital transfer of data across systems supposed to take place in the blink of an eye. Statistically speaking, the rollout of 5G technology is expected to reach one-third of the population globally by 2025. In fact, global infrastructure spending towards 5G is likely to increase by 22% in 2022, crossing $23 billion (source: Gartner).

However, notwithstanding the growth that experts forecast, 5G can be subjected to a host of security issues as well. Given the growth prospects and comprehensive coverage of 5G, it is unlikely that cybercriminals are going to give it a miss. Security experts fear that 5G networks can be subjected to DDoS and other types of attacks through compromised IoT devices or systems. So, should proper security measures such as rigorous 5G security testing not be implemented with the rollout of 5G, the benefits of this technology could wither away in the maelstrom of cybersecurity issues. Let us understand the security concerns surrounding 5G and how threat modeling can help mitigate them.

What are the 5G security concerns?

Along with the benefits of this technology, 5G can encompass several security concerns, as mentioned below:

Network Functions Virtualization (NFV): NFV enables network slicing and virtualizes network functions on devices such as routers, firewalls, and load balancers. These functions are run by utilizing virtual network functions (VNFs) as packaged software sitting on virtual machines. The virtualization of network functions can generate vulnerabilities such as DDoS and malware. These should be identified by the 5G security testing exercise and addressed thereon.

Software Defined Networking (SDN): In addition to NFV, SDN technology uses network management to separate the control and forwarding planes. SDNs extract the underlying infrastructure from the network services and apps and enable programmable network controls. By virtue of being centralized and controllable, SDNs deliver the much-needed agility to adapt to the needs of 5G services. However, in spite of their benefits, SDNs are vulnerable to cyber threats such as device attacks, counterfeit traffic flows, control pane threats, and much more.

Microservices: The core of 5G comprises a service-based architecture where microservices are crucial to its development. These are more customizable, agile, and flexible than monolithic applications. Besides, microservices are faster to develop and relatively easier to maintain. These are often deployed over multiple clouds and/or VMs, thereby increasing the attack area for threat actors. The use of API-linked microservices to launch attacks, as well as the rapid change of applications built with microservices, can increase the risk of vulnerabilities even further.

Use of new technologies and platforms: Technologies and methodologies such as virtualization, cloud, edge computing, containerization, and DevOps play a crucial role in 5G. They provide the necessary ultra-low latency, flexibility, cost-savings, agility, and high bandwidth for 5G. However, they also add complex attack paths and increase the attack surface, thereby making it difficult to detect threats

How to address security concerns with threat modeling

As discussed above, 5G encompasses a lot of functional elements and factors, which make it vulnerable to security threats. So, the most important step to securing a 5G network in 5G assurance testing is building a threat model. Threat modeling enables 5G testing companies to assess risks facing the application, including the consequences of not addressing the risks. Threat modeling allows security engineers to identify risks on a priority basis and resolve them based on the level of security. In fact, threat modeling experts not only limit their risk assessment to a predefined list but also look for any new types of attacks.

The five steps to building a threat model for 5G are

  • Define the user-side assets and different networks that are susceptible to coordinated or random attacks.
  • For every individual asset, create a list of potential threat actors - internal and external.
  • Find out the type of action the threat actors are likely to take to cause the breach of assets.
  • Create a list of threats by analyzing the factors and prioritizing the threats based on their likelihood of succeeding and the level of damage they can cause to the assets.
  • Create an action plan to address the identified threats.

Conclusion

5G is going to be fundamentally different from any existing technology, such as 4G, LTE, and others. With its rollout across sectors and an increase in the attack surface, experts fear the systems and architectures using 5G are likely to be subjected to a fusillade of security attacks. However, with threat modeling as part of 5G application testing, the threats and their risks can be identified and mitigated. Thereafter, penetration testing is conducted for testing 5G networks based on the findings of threat modeling.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


World’s Leading AI & IP-led Digital Assurance and Digital Engineering Services Company

© Copyright nasscom. All Rights Reserved.