Many industries are poised to tap into the speed, automation, and global reach of 5G, a telecom technology that is new to many of these industries. Generally, they will be unprepared, under-skilled, and ill-equipped to handle the sudden simultaneous arrival of many powerful new technologies. This will compound the effects of already-mature threat actor groups and complex vulnerabilities in the global telecom carrier ecosystem. In addition to its intrinsic risks, it can be leveraged as a very powerful attack engine.
This complexity can be difficult to explain all at once. The much smaller scope of a non-public network (NPN) or “campus local 5G” can be used to clarify and summarize it. The example of an NPN 5G factory will be used in this paper.
Risks and Threats to 5G Non-Public Networks (NPN)
Our latest research explored threats to 5G connectivity — from SIMjacking, IoT identity fraud, false decision engine data and logs, and poisoning machine learning rules for the manipulation of business decisions. We also looked at how these risks and threats can be mitigated and addressed through an identity-based approach to security.
Poisoning Decision Engines and Artificial Intelligence (AI) and Machine Learning (ML) Deployments
5G and 5G NPN are dependent on nested tiers of automation (clouds within clouds). This dependence on a variety of decision engines is a critical element of the speed and scalability of 5G. This tiered automation relies heavily on tuned models, increasing the efficiency and cost savings of large-scale deployments.
Decision engines can be impaired if active false telemetry and passive blind spots are injected into them, consequently altering the “ground truth” they base decisions on. This is a 5G-class enterprise example of GIGO, or "garbage in, garbage out." This is most convenient for an attacker when coming through the IoT sensor cloud.
Depending on who has responsibility for decisions made on bad intelligence, the effect could range from reduced confidence in the system to that in the executive decision-maker or the corporation’s brand.
Since algorithms are reusable, when used consistently over time, these decision engines will consider this bad data as “acceptable, factual history” similar to fake news. This will have high credibility since it originates within internal systems.
Network-Based Attacks and Altering the Basic Truth of the Network
Acceptable histories are what decisions are based on. A well-designed set of bad rules can “rewrite history” — bad network intelligence, or bad decisions used for board decision-making, for example. These bad rules can also lead to network-based attacks — sabotage, espionage, supply chain abuses, and wiretap, among others.
A carefully thought-out set of bad rules can result in specific bad decisions. These can persuade a company’s systems into not seeing things that are actually there. By arranging data in patterns that produce a desired data architecture within decision engines, a threat actor can shroud his activities by creating a blind spot. This can create rules-level blind spots that are then overlooked by an enterprise’s security functions.
In this way a series of coordinated network attacks targeting how data is organized (rather than the data itself) can result in poisoning of all the decision engines dependent on the data. AI and ML, lesser decision engines, and even the quality of the products made by an automated assembly line can be altered. Combined attacks executed as “low-and-slow,” “salami,” and “baseline contamination” attacks can create blind spots of this kind.
SIMjacking Threat Landscape
Subscriber identity modules (SIMs) upgraded in the 5G era become tiny, on-board chips called eSIMs. Since they are embedded in the electronics of IoT devices, eSIMs can be remotely updated and configured by cellular radio to join another network anywhere in the world. While this eases deployments, it can also pose significant risks. Using eSIMs is the most convenient method of IoT hardware-level identity management. Through this process, all the functions of eSIMs and their devices are remotely accessible by global telecommunications technology.
One way that data can be altered is through 100+ flexible telecom-side attacks that, when combined, are often classed as “SIM hijacking” or SIMjacking. Confidential data such as product or facility designs can be stolen via SIMjack wiretap. A production run can be embedded with flaws, which will subsequently affect the quality of products. Threat actors can also inject malware into devices.
When these eSIMs are in the IoT devices used in a smart factory (or another deployment such as an NPN), they can be updated with new configuration to make them more efficient. This mechanism can be abused to get an eSIM-enabled device to join an attacker’s remote network, where data can then be manipulated or added to the device. In turn, the device can be instructed to provide false information to the network and its databases and decision engines.
Identity and Integrity Management: Bringing IT and Telecommunications Together
SIMs are used to assert the identity of human subscribers. When IoT devices use SIMs, various species of nonhuman subscribers will emerge — home appliances, robots, IP cameras, and cars, to name a few. Each will be manufactured by different vendors, and thus have different implementations and traffic profiles. This complexity can be addressed neither by separate and traditional device inventory management (for IoT devices) nor by identity management (for human-operated devices such as phones). Their combination, however, is necessary.
Inventory management is identity management for devices; identity management is inventory management for people. These two traditionally separate disciplines can be brought together for security: Human identity management practices can be applied to devices, and inventory management practices can be applied to people.
This combination of identity management, however, can be problematic. People, for instance, can simply report an issue if a SIM is defective, or request access for additional service. IoT-supported eSIMs, on the other hand, have less granular human oversight but much more power. Neither SIM cards nor a machine’s telecom identity can be addressed in traditional non-telecom IT-based security architecture. An enterprise’s data architecture, too, is not often integrated with its security architecture, if there is one at all — and may even be incorrectly considered a mere privacy compliance issue with little technical impact on the network.
Security Recommendation: Cyber-Telecom Identity Federation
A unity is needed that is not present in IT or 4G-era technologies, and not explicitly addressed in 5G, and should involve reduced trust in device radio authentication, including from IoT devices. A means of addressing roaming vulnerabilities in the IoT using identity federation in telecom technology should be implemented. These should be implemented using the federated cyber-telecom identity model in a single coherent data security architecture that addresses the following:
- Identity — Federation that enables portability of identity between IT and telecom, local and public telecom, as well as roaming and home networks.
- Access — Authentication that enables federated identity and access management (FIdAM). This enables identity to be visible across multiple domains, making cyber-telecom incidents more detectable.
- Integrity — Proofing the device against tampering.Reduced trust on radio security can be achieved through a distributed ledger embedded in the device’s eSIM. This approach makes data, telemetry, and transactions traceable to a federated identity, hardening AI and ML from poisoning attacks.
Addressing the identity, access, and integrity helps maintain security context across foreign networks, roaming technologies, and contracts. This principle enforces perimeterless, zero-trust identity access integrity.
5G security should not be an afterthought
5G is a response to the need for bandwidth, consistency, and speed, especially in an era where mobile and IoT devices are ubiquitous among enterprises and industrial facilities increasingly moving toward digital transformation. But like any nascent and dynamic technology, it comes with security and privacy risks, which can have significant repercussions given the kind and vast amount data that 5G is poised to collect, process, and interpret.
Security strategies, technical skills, and additional technologies are needed to ease the organization’s transition to adopting 5G and fully reaping its benefits. The federated cyber-telecom identity model is an approach to 5G security that provides a single and coherent security architecture for protecting the access to and the identity and integrity of data and other components and technologies within 5G networks.
Our latest research, “Securing 5G Through Cyber-Telecom Identity Federation,” provides an overview of the security risks in 5G, threats and attacks that may take advantage of it, and how they can be addressed by enterprises that will use this newfangled technology.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.