Security of a 5G world

— Michał Szczęsny —

Hello everyone, I’m Michał Szczęsny and I am pleased to lead the Network Architecture and Planning Department at EXATEL. I’m here today to talk about 5G and security. In fact, this presentation covers all the hottest topics of ICT at the moment. The only thing still missing is artificial intelligence, possibly data science. When I was asked to talk about 5G and security, I thought I might do a sort of deep dive in security. Here we see key management on the mobile terminal. You probably have a smartphone either in your hand – if this presentation is not that entertaining – or in your pocket. Here we see a decomposition of every phone, every smartphone, something called – in accordance with 3GPP standardisation – user equipment, we have something that is called mobile equipment, so the hardware – the phone itself, and we have USIM, Universal Subscriber Identity Module. Here is the SIM that is in our card and, what is important, it holds a very important key that identifies our terminal. However, I decided that at the moment going through all those topics may not be very interesting. So, let’s focus more on what 5G is and the security issues related to both the services that 5G will provide and technical aspects.

It is worth mentioning here that solutions you remember from terminals are still applicable in case of 4G, 3G, 2G or, for example, USIM number. In 5G, however, we have something called SUPI, where this identifier is kind of a mix of IMSI number and network ID – it won’t be transmitted through the network unencrypted. Therefore, if someone used to try to perform IMSI catching or build a fake base station, it will be very difficult in case of 5G.

At the moment, 5G is widely discussed and evokes a lot of mixed feeling in the society, due to the number of reasons: frequency issues, radiation standards, electromagnetic fields. Anti-5G movements are forming, believing that 5G will destroy our civilisation. So, let’s confront the issue – will 5G destroy us all, and why nobody claimed that 3G or 4G technology would do so? From the point of view of plain physics, the difference between those networks is not that big. So, why is 5G such a hot topic? Let’s take a closer look at three aspects of our surroundings. The first, of course, is the web – the web, or rather meta web, which is commonly referred to as the Internet. More and more services are provided to us via the Internet, it takes a significant part of our time – time that we would otherwise spend on our own, with our family or colleagues. Now, what we get through the Internet is a very rich content that satisfies our private and professional needs. The web is such a big part of our lives and it’s no longer a toy or something that provides only entertainment, but it’s something where we function, where we live – which brings us to the second aspect: the cyberlife. What is cyberlife?

Cyberlife is what we perform in a certain relationship with the web, it is our stuff and private activities. In the evenings we watch Netflix or YouTube, we keep all our photos and movies in the cloud, we listen to music using Spotify or Tidal, etc. Everything or almost everything that surrounds us now is our private cyberlife that is connected to the web. This also includes professional life. Nowadays, network access is not only required by IT or ICT companies like it used to be in the 1990s or early 2000s, but almost every enterprise uses the Internet to function and to maintain relations with their business partners. We use the web in our professional lives, and what is probably even more important, the web is also in the public domain. We use the Internet to make a doctor’s appointment, we implemented the system of issuing sick leaves and prescriptions via the Internet. We even send our PIT return forms via the Internet. And this is where 5G comes in – the underlying assumption was that whereas we had 4G technology, 5G would be that binding agent that guarantees Internet access from any place whatsoever.

We will be immersed in this network in every aspect of our lives, so in fact 5G will not only provide access to it in some discrete model, but it will ensure that the Internet is everywhere, it will be an ether – in a really serious sense – the digital air that both we and the machines will breathe. The machines, not to scare you either, were part of the definition made in this mobile technology development mode. These technologies from 1G to 4G are developed in ten-year cycles, so there is this telecommunications union – a kind of the telecommunications UN – the ITU, which says: “I have a vision that, for example, a 4G or 5G network should meet this, this and this requirement”. It is a very high-level list of different requirements to be implemented and deployed by the commercial market and, in the next step, operators, for the benefit of end users. Almost seven years ago the ITU said that these were the preliminary requirements for 5G networks, that there would be 1,000 times more data than in 4G, in LTE Advanced networks.

And now an important comment and a brief digression – I am very dogmatic when it comes to these particular G’s: 4G is LTE Advanced which is 1Gbps, latency down to 10ms, what is defined by the ITU as IMT Advanced. This is not the regular LTE, because regular LTE, the 100Mbps that you probably remember and at the moment even 300Mbps with better modulations, is 3.9G. 4G of course is a rollout, some say it’s almost 5G, but that’s actually, according to standardisation, the only true 4G. And from that 4G as a starting point, the parameters are supposed to grow – from 10 to 100 times more devices connected to the network, even up to 500 billion devices that will be integrated within a single network. Transmission to the user: in the first ITU visions it was up to 10 and in the latest ones up to 20Gbps. What does minimum latency mean? That is, 5 times smaller than LTE Advanced on a 4G network. In this extreme case, 1.1ms. Longer battery life – in fact, the point is that various types of sensors, which for example will be sunk somewhere in asphalt or placed in waste containers, should survive even up to 10 years without access to power from the network, because simply such a battery is expected to last up to 10 years.

And from such a very high-level vision, in the key document ITU-R M.2083, something called IMT-2020 was defined in more technical terms. 5G does not exist yet, 5G is just an informal name. We refer to the requirements that the ITU has identified for 5G to meet in the upcoming years as IMT-2020. In this picture you can see IMT-Advanced, so this is 4G, this spider right here, and the 5G is represented here by the dark blue colour. These are the parameters that 5G is supposed to have, and the most important for us is the peak rate at the level of 20Gbps, up to 500km/h when it comes to movement of a given object – so, for example, all kinds of drones and helicopters will be supported, i.e. handover between different cells using 5G. That already mythical 1ms latency value when it comes to round trip time, so access from the terminal to the network is supposed to happen more or less within one millisecond. Why? We’ll discuss this matter in a moment.

Now, a crucial piece of information with regard to the Internet of Things – 10 to the power of six, one million devices per one square kilometre – everything is going to be plugged in: our wardrobe, every bottle of water – like the one I’m about to drink – all of this will be networked, because we’re talking about how in this massive Internet of Things everything will function online. And based on these global requirements, these three main usage scenarios were created. Based on a statement that 4G was for people, then 5G – and please note that I’m not a big fan of this way of putting things – 5G will be for machines and devices. Well, there is some truth in that. On an earlier slide, I showed a picture of hands representing deep relationship between humanoids and machines, actually, that will quite often use access to the 5G network in an autonomous way. And now these three main models – the first one at the top is obvious: Enhanced mobile broadband. It’s just about these gigabits per second to connect to our terminal. Whether we’re on subway, at home, or getting around by public transport, we want super quality at the terminal. Of course we ask ourselves, do we really need 10Gbps for a terminal? What kinds of services will need it? There are no services at the moment that would need 10Gbps… but, let’s wait.

Bill Gates also claimed that no more than 640 kilobytes of RAM would be ever needed. One of the big manufacturers of terminals without a display argued that the display made no sense because there were no services that would be run on the terminals with displays… and then Apple introduced such services, of course. So, let’s just wait a little bit – everything is going to change. Enhanced mobile broadband is also going to introduce UHD, 8K transmissions that need really big throughput. But that’s just one element, and it doesn’t really make a particular difference between future 5G and today’s 4G. It’s just a little more bits per second per Hertz. More spectral efficiency, so that the channel is more efficient – like in cables, that on a given twisted pair we can send, for example, 10Gbps instead of 1Gps, because there is better modulation, better transmitters and better receivers. But that’s not what 5G is all about. In 5G, those things that are important, that create that immersion in the 5G cyberspace, are the two sets of elements.

The first is massive IoT – everything is supposed to be networked, it’s this million devices per square kilometre. Nowadays there are projects connected with soldier safety (some armies conduct such projects) – that smart uniforms would have built-in sensors which are able to detect for example, a wound, leaking fluid (blood) and they would communicate that something is wrong. There is a third-party analysis that in 6G or 7G these sensors will probably be implemented within human body, so we won’t need any external elements to inform us that something is wrong, our body will itself send proper information. But this is a huge mass. And even more interesting element is the highest reliability of communication, sometimes described as 99.9999, so if we have this cyberlife and we say: “well, if we give our life to the network in some sense, for example we’re going to drive around in an autonomous car that uses the 5G network, when we’re going to participate in some projects or services implemented by e.g. healthcare where some elements will be diagnosing us, or we’re going to have something implanted, like a heart valve or a chamber that’s going to be connected to some 5G module, then we want to make sure that it’s always going to work – day and night – that if there are some problems with the network or power supply, or if there is a windstorm, those elements are not going to interrupt its connection to the network.” Building of such an infrastructure that meets such requirements will need the most advanced solutions and will be expensive. But it’s very interesting because it’s actually going to introduce some changes in the current approach to the mobile web. It will be a key change. So, if we’re talking about that top end, there is indeed an evolution: better bandwidth utilisation, quicker access to the content. With 4G these processes will take 10 seconds, but with 5G – just one. There is of course the pending question – do we really need it? There are of course some cases where this will be relevant, but those two peaks are the most crucial – the left one, and especially, the right one.

What kind of services will use 5G? I’ve already talked a bit about it, there are five key usage areas. The first one is agriculture which will use 5G solutions for various purposes. Those include analytics, like cameras used to check on the crops, certain issues related to intervention, like weeding or watering plants. Everything will be automated and analytics will be based on the 5G network. It will include sensors placed in the soil, which will check the soil moisture and pH and provide feedback to the farmer: “My dear farmer, something is wrong with this crop, you need to either water it or fertilise it with some natural fertilisers.” This is the case when we use this massive Internet of Things, when there will be a lot of these sensors. It’s also the case that has been referenced by EXATEL many times and I’ll talk about it again. This is an example of agricultural machinery suppliers in, let’s say, the United States, where they are taking advantage of 5G solutions, mainly two matters: the capacity of such a network and very low latency. So, in case of agricultural machinery, there is an analysis of the soil and after video verification whether it is a plant we want to keep, such as corn, or a weed, we apply pesticides or water, depending on that camera analysis. And this is important. This camera, this image, this analysis has to be very fast, the device is moving, it has to run a proper fluid through the nozzle, so the key element here is the delay of a few milliseconds, or even the 1ms defined in the standard.

The other important aspect is – we talked about Netflix and other entertainment – virtual reality. Again – which elements do we really need and which are critical. Again, it’s latency and, obviously, the speed of the data transmission from the transmitting device to our glasses. Since this is virtual reality, we move our head, every element that ultimately reaches our brain through sensors, or intermediate elements, our eyes, we have to stream this image to these virtual reality glasses in gigabits per second, so that it doesn’t get blurred, so that the sphericity is preserved. And the second element is latency. If we are not jet pilots, then a large percentage of people get dizzy when there is a high latency – for example, 18-25ms latency – of the image reception by the brain. Please note that human eyes as a sensor operate at a speed of +/-100 Mbps – the reception of such an image, processing it for more than 6-7 ms in accordance with the relevant research, causes problems, nausea and dizziness. As a result, people abandon these services. In this case, shorter latency is key solution for vendors like Sony and Facebook – with their Oculus or HTC – who decide that “well, if we really want to offer users our glasses and VR services, we need to have an effective network that will ensure smooth connection between the source of transmission of the video stream, the receptors and ultimately the brain”. So it’s a very good case for 5G.

Medicine is already implementing it in a lot of interesting diagnostic projects, mainly in case of Holter monitors or cardiotocographs, using ultra-high reliable elements. It’s not about throughput or even latency, but about constant availability and communication when it comes to network access. If we fall asleep with such a device – for example, an EFM that monitors the movements of the foetus – we don’t want it to communicate or send an alert at four or five in the morning in case of maintenance works or some unforeseen malfunction. So, there are a lot of use cases connected with medicine, like remote surgeries: that is, we operate remotely with the da Vinci robot, and an expert who is outside a given hospital can operate the robot with constant latency – they have a guarantee that they will always have the latency of 7ms, even though they use a mobile terminal.

Next, are autonomous cars, probably one of the most popular examples on this list. We implement the vehicles that move around on the roads, but also airborne vehicles. So, all sorts of drones that deliver packages, parcels, blood, or even transport people – after all, there are plans to create drones that function as single- or several-passenger air taxis – and autonomous cars are supposed to use 5G too. There’s a whole family of standards and solutions that allow the automotive industry to connect cars to the network, and it’s called V2X (Vehicle-to-everything). Why introduce a car network? First, a car may receive information from a car in front of it: “you can overtake me, there is no other car in front of me”; 2 kilometres back on the road there was some kind of an accident: “reroute my itinerary”, or, for example, incidents like jaywalking can also be spotted in V2X. I have a terminal in my pocket, I step onto the roadway and a car which is also equipped with a 5G system recognises that someone is getting on the road, so the car is automatically stopped and the accident is avoided. Cars that have all sorts of radars, lidars, cameras, it’s all well and dandy – of course these technologies are going to be used as well, but, with the use of 5G, they will be communicating with one another. So, the light turns red, the car drives up, its camera recognises the red light, but also this signal lighting pole informs the car “I turned the light to red, stop” – if, for example, the camera does not work and does not recognise the red light and does not stop the car, this sensor will.

And the last example, also already mentioned before – everything that will be worn, everything plugged in. I mean it both in terms of our surroundings, but also in terms of the range of devices that will surround us. This means the Internet of Things, only maximally upgraded in terms of network accessibility, so that we won’t have to worry about what kind of network it is, whether it’s a local network, whether it’s Bluetooth Low Energy, ZigBee or something more complex like LTM or Narrowband IoT, which are available in 4G technology, although IoT in 5G will be some kind of modification of what it is in 4G – namely these LTM and Narrowband IoT protocols. These are the services that can be distinguished. 5G is going to offer a viable operating environment compared to what 4G currently gives us.

Now, let’s move to some more technical matters. Logical architecture in the good old 3GPP style. 3GPP is kind of a subsidiary of ETSI, the European Telecommunications Standards Institute. 3GPP is dealing with mobile solutions. 3GPP says: we will build an architecture. We have user equipment, meaning – the user terminal. Here is all the user play, so: the gigabits per second through the radio access network, then we have the user play function, here is a gateway, and this DN (Data Network) is the Internet. Here are management functions of various kinds, UDM, user base, HLR/HSS if you know this architecture of older generations, or some session and access management. Is it safe at the moment? It uses all sorts of legacy protocols and 3GPP, under a lot of pressure from US players, said that there were long delays in this standardisation, so that the whole world that is using LTE – because it’s also a huge achievement, as you remember in case of 2G or even 3G, it was different in the United States, it was different in Europe, it was different in Japan. These standards were not compatible. 4G is the first standard about which we can say that it is global, and indeed it is the same in Japan, in the US, in Brazil, and it is the same in every European country, that it is very unified – as it was imposed. This is a huge success, but 3GPP is lagging a bit. And now, what are the operator using to compete?

They are using technology. They say: I have LTE, I have 200 or even 300Mbps, I want even more, I want to deploy 5G as soon as possible… but, there’s obviously a little paradox there. It’s 2019, as you remember I showed you IMT-2020 and it was IMT-2020 for a reason, because formally the ITU should indicate 5G as the technology to be used after 2020, and there have already been some deployments. So, there’s a huge rush to deploy it as soon as possible and there was a huge pressure on 3GPP to do this as soon as possible, to abandon the old protocols and make it more sexy, and by more sexy I mean the way the Over The Top players are doing it, the way Google, Facebook and Amazon are doing it. If they are succeeding, the telecom network must also undergo such an evolution. It won’t be easy, of course. Remodelling this architecture based on various complex protocols like SS7, or Diameter, i.e. we still use several telecommunication protocols that worked back when these telecom devices were running on coal, and now we’re facing an abrupt change. We can say okay, here’s this whole user play – here, on these dark blue boxes – because here’s where these IP packets are going to be, YouTube or Netflix data is going to be transmitted this way from the Internet to our terminal, but all these controls are going to be microservices, it has to be http. We’re launching http 2.0, these are microservices, we need to migrate all of this.

And now an important comma related to security: is it becoming more secure? All the presentations you’ve listened to today and probably also yesterday and every day in your careers, made it more obvious: “http ok, here’s going to be some Apache, not some weird STP signalling router that’s going to transfer SS7 packets in there, even if it’s SIP Trunk over IP”. It’s more complex, more complicated. We’re simplifying it, but as we simplify it, there may be more vulnerabilities of course, there may be more people. SS7 or derived protocols are not very popular. There are of course all sorts of attacks, for example on SS7, but not as many as on the http protocol, so we have to think about how to secure it. How to secure a 5G operator network architecture. This is where SBA comes in. Service-Based Architecture is the transition from legacy to something more trendy and sexy, just like the stuff of those big operators, so that the telco doesn’t lag behind that much.

How will we secure it? Various interesting technologies have been introduced, they are widely known, of course. As in the good old days of telecommunications – I hope they will only get better – many of these devices were dedicated equipment, those were huge devices that occupied hundreds of square meters in large data centre facilities. Now we have a platform, we have cloud computing, we have a big PC with all sorts of software and, we have some antennas, a base station which we connect not even with a waveguide any more, but with some kind of fibre optic cable, we process the radio, there’s CPRI, that is de facto Radio-over-Fibre transmission, that is we transmit radio samples over fibre optic cable, as if we were transmitting some traffic over Ethernet. And that is what it is going to look like – this SBA architecture, http, an Apache. What’s next? NFV (Network Function Virtualisation) of course, meaning everything will be virtualised, everything will be in the cloud. Even now there are projects that you can create a core network of an operator, for example, in Amazon’s AWS and we don’t need dedicated solutions that we have to place in our data centre, but you can do it virtually. There is Software Defined Networking (SDN). We will be able to reprogram it – what is the SDN in a canonical mode, so we separate Control Plain from User Plain. This also can be used in this 5G network architecture, of course. MEC (Multi-access Edge Computing) it’s like computing power. So, when this car moves along the road, the speed of its reaction – that one millisecond – is supposed to be provided by this function.

It will work similar way to those antennas that were placed on the car’s roof. Somewhere there will be some kind of – I don’t want to say a computer, but computing power, there will be computer storage near the base station, some calculation will have to be done and the information will have to be redirected to such a car. If there is a “reroute” command, then it is supposed to be done by the network edge. So, the smart network is not really centralisation, because for example in 4G or earlier in 3G, there was a lot of centralisation of network resources. Here, certain elements will be moved to the edge. There will be a lot of decentralisation, but to provide those functional parameters, we need to give more intelligence when it comes to the network edge. The whole thing is to be managed by something called slicing, so we will be able to divide the network into virtual slices, but on a very low level. At the moment that would be impossible. When the LTE network was built by one operator, it could be used de facto only by this operator, there was one PDN Gateway, HSS, there was eNodeB – the base station, to put it simply – and it was hard to divide it among different providers. Here we have virtualisation, a kind of multitenant, which means: we build one network using all these mechanisms, it’s physically a low level underlay network, a universal one, unified in a way, and different operators can run their networks on it, their services, it can be a network per service.

It may be so that it will be possible to define the network – for example, I am a large-scale farmer, I want to have a dedicated network where there will be only the Internet of Things, I do not want to pay for 20Gbps just to look after my plants. I just want something that is a quality parameter regarding IoT. Or, for example, an emergency service or some autonomous vehicle provider comes in and says they’re not interested in IoT, they’re not going to have a million devices per kilometre, they just want to have 1ms – build me such a slice, a virtual network based on a unified infrastructure. This will also make it easier to scale resources – just like in the cloud – as it will provided by NFV or SBA. So, the question of security – indeed there are certain elements… the network opens up a little bit to the things that are well known – and when they are well known, there are all sorts of attacks, rootkits and so on, there may indeed be more places of vulnerability, but on the other hand – we do secure that. But slicing is the first large element that will secure all this for us, separate different kinds of networks.

An important element is the 3GPP trust model, which is the organisation that standardises all the networks, it’s kind of the master of the universe when it comes to 2G, 3G, 4G networks. Those are all the people who work within the 3GPP build these networks, they build the concepts of these networks, and then the providers deliver. Here is a scenario where we are at home, and here – when we activate roaming and enter a foreign network. Here we have this first circle of trust, where we have the device and the SIM card, and here is the network, the network-only elements, and here is the storage of user information, that these are independent, secure elements, none of them can be compromised. So, the separation is very distinctive, so this is what I was talking about – SUPI to which the information is sent, like IMSI, which is this user ID, is transferred in a way that prevents interception. And here, when we have roaming, we of course use the network of the foreign operator, there are no base stations. We choose operator X when we are in Poland, but it doesn’t have its infrastructure in Germany. We use the services of local operators, in this case a local German operator, Vodafone, T-Mobile or Telefonica o2, but this is our base, because we are identified as a user in Poland – a user of services provided by Play, T-Mobile, Polkomtel, Orange, and our terminal, as this circle of trust, communicates through the domain of the operator in Germany, asks the base in Poland: “base in Poland, can I have such and such services, can I be logged into the network?”, it answers and this terminal logs into the German network and you have roaming.

This is how it will work in 5G and these key elements which improve 5G – to present in one picture just what is most important – here we have a quadrilateral of important elements: equipment, here we have the Internet, here we have the Visited Network, which means here we have roaming, and there we are at home (HPLMN), which means in a given network, in a given country where we use services within the home network. Increased privacy, meaning better cryptography, keys, no IMSI transmission, those elements that will be on that side: Primary Authentication, use of AK, 5G AK, i.e. the terminal authenticates the network, but the network also authenticates the terminal – this function wasn’t available in previous technologies – in LTE (4G) it already is, but it wasn’t available before, so it’s very easy to set up a fake BTS. Key Hierarchy is several levels of key management, especially this most important KI key, which is on the SIM, and allows you to identify the terminal “Michał Szczęsny”. Protection within the device. CU-DU Interface – the radio is divided into radio unit, distributed unit and centralized unit – the base station is actually divided into three elements. This is also related to those 1ms type parameters. We have to disassemble the network a little bit and these interfaces – as we are looking at those circles of trust from the previous slide – will allow us to secure this network also in the transport layer, also in communication, because please note that 5G is the first 3GPP network or mobile network where the possibility of DDoS attack from the terminals is considered. This means that terminals – if there will be 20Gbps everywhere, it’s like the network will be hit not from the Internet side (Data Network), but it may happen from the side of terminals and we have to protect ourselves also from the network side, as our own terminals or terminals which will be under roaming may attack us. Further, Interoperator Security. These will be special firewalls. Between these networks here is something called SEPP – Security Edge Protection Proxy, which will filter all signalling, all traffic, so that our terminal or home network is not compromised when it works under roaming.

I actually give a lot of credit to 5G networks and approach these new technologies with strong confidence. If we are to secure our lives, not just the cyber ones but the real ones, then 5G must also be safe. And there is the third very sexy topic, the last one. Where does this 5G change? Here is a schematic drawing of a beam-steering antenna with an Artificial Intelligence module. What is it about? The point is that these antennas that radiate, even in 4G, even if there are Mimo antennas – that is, several antennas in parallel are at the terminal and at the base station – in 5G it’s supposed to work very differently. These are to be electronically controlled beams, so such an antenna will be folded, as here we have 4 times 4 squares, and it could be, for example, 16 times 16. E.g. there is a 2 by 2 centimetre square and there will be a dedicated beam that will track you. So I’ve got a terminal, I’m in 5G, and this antenna is supposed to track me here, because it’s supposed to feed this 20Gbps to a specific place, as it can’t be done in any other way. You can’t distribute radio and network parameters so widely. And what is such an AI Chip supposed to be for? The thing is, it knows that Michał Szczęsny always leaves home at 9 and goes to get a newspaper and turns right. Such a system can anticipate that I will always turn right and can already direct this beam to always turn right. I know that the network will know everything about us, that the confidentiality of our everyday lives is compromised, that the operator or the network will have this intelligence, but the point is that there are already such antennas – it’s no longer just a passive component, it’s also something in 5G, those are active devices and smart beams will track the movement of such a terminal.