It is early days for 5G. If you analyse the already considerable amount of media comment on the subject, it’s obvious that the industry has a clear vision of services that it hopes 5G will facilitate. What’s less clear is the technology – much remains to be determined on the technical front with standardisation activities just beginning, writes Paul Bradley, pictured. He’s chair of the 5G Working Group at the industry association SIMalliance.
However, it is absolutely evident that security and privacy must remain fundamental requirements, especially given that the changes foreseen for 5G are likely to broaden the range of attractive attack targets.
Earlier this year, SIMalliance set out to provide a high level analysis of the main potential market segments where 5G will have a transformational impact and to assess the diverse security requirements for those markets.
The results were laid out in a marketing paper, An Analysis of the Security Needs of the 5G Market. The paper focuses on four main segments for 5G: massive IoT, critical communications, enhanced mobile broadband and network operations (which underpins the three other areas). These are the segments defined by standardisation body 3GPP, which is working on 5G technical standards.
Across these segments, threats will vary from (among others) cloning in massive IoT, to denial of service in critical communications to man-in-the middle attacks in enhanced mobile broadband.
As a result, SIMalliance asserts that security requirements will vary too, both at the network access level and at the service level, where demands may range from those posed by low level sensors to those of high-end use cases like real-time remote controls, driverless mobility and remote surgery.
Needs will differ around how frequently communication occurs, the amount of data to be managed and communicated, speed and latency and around how frequent authentication has to be. For example, critical communications will require much more frequent authentication than IoT and will often involve far more sensitive data. Conversely, massive IoT will provide a scenario where devices will communicate infrequently, use low power and may require extended lifespans. In enhanced mobile broadband and in critical communications, performance demands may open the way to enhanced and highly efficient security mechanisms.
Changes in the business aspect of the 5G ecosystem and other technological developments will also combine to add to the complexity of the security challenges. In addition, much is yet to be determined, including the need for backward compatibility with earlier generations of communications.
So, it is fairly clear that according to the demands of the segment, a broad range of security solutions or changes in feature sets of those solutions are likely to be needed. That’s precisely why SIMalliance proposes that dedicated tamper resistant hardware may offer value in many aspects of 5G.
Of course there is a significant risk of falling too short, if we only look to the security and privacy challenges on the device side. A compelling concept for 5G must provide a solid proposition for the end-to end perspective that copes with the mission-critical aspects of interoperability and with scalability challenges.
What is certain, however, is that it is vital to build security into 5G from the outset, for what is not built in from the beginning cannot easily be added later on.
SIMalliance has already started work on a follow-up security requirements paper that will be published later in 2016. Industry engagement is sought on this initiative, to ensure that there are many voices, representing differing requirements, involved in fine tuning the vision of the role hardware based device security will play in protecting 5G networks and the many new services which will be deployed across the various market segments.
About SIMalliance
Members are Card Centric Solutions, Eastcompeace, Gemalto, Giesecke & Devrient, Incard, Kona I, Oasis Smart SIM, Safran Identity & Security, Oberthur Technologies, VALID, Watchdata, Wuhan Tianyu and XH Smartcard (Zhuhai) Co. Ltd. Strategic partners are Comprion, Linxens and Movenda. Visit www.simalliance.org.
