Intro
This article cuts into 5G from the key technologies of 5G networks and discusses the security risks facing 5G networks.
Today, 5G networks have achieved performance goals, namely high speed, low latency, and large capacity, and have started a new chapter for communications between mobile devices. Further, 5G will also empower vertical industries such as autonomous vehicles, smart cities, and Industry 4.0.
In order to meet the needs of performance and business, 5G has introduced software-defined networking (SDN), network functions virtualization (NFV), network slicing, Service Based Architecture (SBA) and other key technologies. The introduction of new technologies can indeed achieve 5G’s performance and business goals of 5G, but it also brings new security issues. This article will start with the introduction of various key technologies of 5G networks and discuss the security issues faced by 5G networks. Combined with 3GPP TS 23.501[1], the overall 5G network architecture is shown in Figure 1. This diagram shows several key technologies used in 5G networks, which also the focus of threat analysis we are working on. This section will introduce these key technologies and risks along with them one by one.
NFV and its security issues
Network Functions Virtualization (NFV) draws on the mature virtualization technology in the IT field to separate network functions from dedicated hardware devices to provide network services that are free from the limitations of hardware infrastructure. Figure 2 shows the network architecture of NFV, and the MANO on the right side of the figure is the management and network orchestration system, which orchestrates and manages network components and software elements according to different business processes. The objects orchestrated by MANO mainly include telecom operation support system (OSS/BSS), virtualized network function (VNF) and virtualized infrastructure (NFVI).
Mobile communication networks, especially core networks, are composed of many network element devices. Before the rollout of 5G, these network elements were equipment specially designed and manufactured by different manufacturers. The high cost of dedicated equipment and the inability to make full use of hardware resources greatly increase the networking cost of operators. Therefore, the demand of introducing NFV technology in 5G networks comes from operators on the purpose of reducing the networking and operating costs of operators. It really did. In addition, NFV has flexible features such as automatic deployment and auto scaling, which exactly meets the elastic requirements of 5G to cope with various service scenarios.
Since 5G introduces NFV technology, NFV’s own security problems will also exist in 5G networks.
Virtualization
VNF runs on top of the virtualized infrastructure NFVI, and security issues in virtualized environments expand the attack surface of 5G networks. For NFVI, the main security risks it faces include virtual machine escape attacks, attacks targeting orchestration management systems, denial of service (DoS) attacks, DNS amplification attacks, etc.
Management plane interface
OSS/BSS communicates with the Network Functions Virtualization Orchestration System (NFVO) and VNF and the Virtualized Network Functions Management System (VNFM) through the management interfaces Os-Ma-nfvo, Ve-Vnfm-em, Ve-nfm-nf, Ve-nfm-nf, these interfaces face security risks including Web/API vulnerability, account leakage, privileged user access, unauthorized access, unauthorized data transmission, theft/tampering of data, etc.
MANO
Compared with traditional infrastructure, the introduction of NFV makes the orchestration and deployment of various network functions more flexible, but since the orchestration system has no location restriction mechanism, attackers can use NFVO, VNFM or VIM to migrate a VNF from a legitimate deployment location to an illegal location.
SDN and its security issues
The main function of SDN introduced into 5G networks is the decoupling of control planes and data planes. Each switch and router in the traditional network work independently, and internal management commands and interfaces are also private and not open to the public. For SDN networks, an SDN controller is established on top of the network to uniformly manage and control data forwarding of the underlying devices. In an SDN network, the management functions of all subordinate nodes are handed over to the SDN controller, leaving only the forwarding function. Then, the administrator only needs to configure the routing and forwarding policy of the network by simply deploying it like a software program. Therefore, the introduction of SDN also enhances the flexibility of 5G networks. Figure 3 shows the design architecture of SDN, the main component of the control plane in the figure is the SDN Controller, which is responsible for distributing the network resource requirements of the SDN Application to the SDN Recourses of the data plane, while the SDN Resources of the data plane mainly include network resources such as physical switches/routers and virtual switches/routers.
Based on the design architecture of SDN, we will further introduce the security problems faced by SDNs from the control plane, data plane, and interaction mode between layers.
Control Plane
From the control plane, an attacker can determine the forwarding policy of the network device by analyzing the performance indicators of the forwarding device. For example, an attacker can use the SDN’s input buffer to identify rules and further determine the forwarding policy by analyzing the processing time of the packet [2].
Data Plane
The security risks faced by SDN data plane mainly include attacks against protocols and attacks on devices. The attack on the protocol is mainly that the attacker exploits the vulnerability of the network protocol in the forwarding device to attack the SDN data surface. Attacks against devices are primarily attacked by attackers targeting software vulnerabilities (such as firmware attacks) or hardware functions (such as TCAM memory) of SDN forwarding devices.
API
The SDN layers communicate with each other through APIs, which also face a variety of security issues. The interface between the SDN controller and the data plane is called the southbound interface. For southbound interfaces, an attacker can grasp the events that occur in the SDN by stealing the information exchanged between the control plane and the data plane through the southbound interface, and can also destroy the normal behavior of the network by maliciously modifying the messages that are being communicated. You can also directly launch a DoS attack on the southbound interface. The interface between the SDN application layer and the SDN controller is called the northbound interface. The risks faced by northbound interfaces are basically the same as those of southbound interfaces, but compared to southbound interfaces, northbound interfaces may be at the application layer and require higher levels of system access rights, and there may be situations where applications do not run on the same device. Therefore, attacks on northbound interfaces are more difficult than southbound interfaces.
Network slicing and its security issues
NFV technology has realized the decoupling of software and hardware, and SDN technology has completed the decoupling of control and forwarding, both of which have promoted the flexibility of 5G networks on a certain basis. The purpose of flexibility is to serve the network slice. Network slicing is a network architecture that enables virtualization and multiplexing of independent logical networks on the same physical network infrastructure [3]. Since each slice is an isolated, end-to-end network, these networks can be tailored to meet a variety of needs requested by a particular application. Therefore, network slicing can be said to be the core capabilities and key features of 5G. Now major operators are vigorously carrying out SA networking, and they are preparing for network slicing.
We hope that 5G networks can provide network communication services customized for a variety of different communication services, different traffic loads, and different end-user groups, and network slicing can meet this demand. Figure 4 shows the design architecture of the network slice. Among them, the service instance layer represents the user service or business service that the service provider needs to support, the communication service management function (CSMF) is responsible for converting the communication service requirements into network slicing requirements, and the network slicing management function (NSMF) is responsible for the management of the network slicing instance (NSI). The core component of the network slicing architecture is the Network Slicing Instance (NSI), each of which can provide a network service of a customized resource, including a set of network functions (NFs) and the computing, storage, and network resources associated with that set of NFs. In addition, in order to facilitate the management of NF in different network environments, each NSI will also be divided into multiple network slice subnet instances (NSSI), such as the NSI in Figure 4, including the access network NSSI and the core network NSSI.
For network slicing, there are mainly the following security issues.
Security of management and orchestration
From the perspective of business model and user needs, MANO of network slicing needs to be more complex and flexible. However, this high level of complexity and flexibility will bring higher security risks. In addition, the current 3GPP specification on service management request authorization has not yet been finalized. Then in practice, some security problems may also be exposed.
API
The establishment of communication between the services provided by different service scenarios and the corresponding network slices needs to be based on the specified APIs, and the vulnerability of these APIs themselves will also introduce new security risks. In addition, the European Union Cybersecurity Agency (ENISA) listed the security risks of network slicing in more detail in its Threat Landscape for 5G Networks [3] released in December 2020, as shown in Table 1.
All in all, making network slicing flexible and customizable to provide network services is a prerequisite for 5G to empower thousands of industries. To make 5G networks more secure and stable to serve the public, it is also necessary to comprehensively consider the security problems faced by various key technologies and deploy security strategies to 5G networks in a targeted manner.
References
[1]https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3144
[2]http://www.thenucleuspak.org.pk/index.php/Nucleus/article/view/142
[3]https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks
Why only have the Gi-FW and GTP inspection isn’t enough for 5G security?
DDoS to Loom Large in the 5G EraNSFOCUS Assures Security for Commercial 5G Services