Description

5G represents a fundamental shift in communication network architectures that will accelerate revenue generation through innovative services facilitated via 5G-enabled smartphones, tablets, laptops, and Internet of Things (IoT) devices. It will deliver a potent combination of network capabilities and flexible options for network deployments, service delivery, and network management to improve carriers' ability to deliver a differentiated, customized, and scalable wireless service delivery experience. 5G networks will be optimized to support various traffic profiles, including Enhanced Mobile Broadband (eMBB) for video/streaming, Ultra-Reliable and Low-Latency Communications (uRLLC) for a wide range of industries use cases, and Massive Machine Type Communications (mMTC) to support large-scale, machine-centric communications such as the IoT.

Parameters such as a microservices-based architecture, implementation of advanced Web-based technologies, distributed cloud platforms, newer network interfaces, and support for a larger number of high-performance user equipment introduce unique security requirements for 5G. Security network functions such as firewalls and intrusion prevention systems have traditionally been based on specialized hardware where the full processing at the data plane is done by dedicated hardware components. These are typically referred to as physical network functions (PNFs). As service providers work to evolve their networks from 4G to 5G, they must also invest in virtual security implementations to protect the various virtual network functions that will be fundamental to 5G.

Distributed denial of service (DDoS) attacks emanating from the Internet are among the major security threats in cellular environments. For the attackers, it is really about targeting an IP address regardless of whether that is a 3G, 4G, or 5G network. Having an N6 firewall, or a DDoS system operating inline in near real time, can help protect the network from such attacks. With 5G, it is also important to consider mobile devices as a possible emanating source for DDoS attacks. In other words, the potential for higher uplink speeds in 5G to be abused is higher than in 4G networks. Service providers may consider implementing security controls closer to the cell site and focus on DDoS from the user equipment. Other aspects, such as signaling storms and abuse of signaling protocols, will continue to be important in 5G.

Depending upon the use case, function criticality, or workload needs, network functions can be spread over public cloud, quasi-public cloud and telco cloud (hosted by the service providers), and private cloud. While a move to a multi-cloud environment delivers benefits such as high-speed operations, resiliency, service agility, and service-specific performance optimization, a multi-cloud environment can also introduce security challenges. The access and security mechanisms provided by each of these cloud providers can be very different, which means that ensuring consistent end-to-end security implementation could be a challenge in 5G.

Author: Vikrant Gandhi