Realizing Zero Trust Architecture for 5G Networks

Over the last couple of years, I keep on coming across Zero-Trust Architecture (ZTA). A simple way to explain is that the standard model of security is known as perimeter security model, where everything within the perimeter can be trusted. In zero-trust (ZT) model, no assumptions is made about trustworthiness and hence it is also sometimes known as perimeterless security model.

This short video from IBM clearly explains what ZT means:

This blog post from Palo Alto Networks also clearly explains ZT:

By definition, Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero Trust for 5G removes implicit trust regardless of what the situation is, who the user is, where the user is or what application they are trying to access.

The impact of Zero Trust on network security specifically protects the security of sensitive data and critical applications by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention and simplifying granular user-access controls. Where traditional security models operate under the assumption that everything inside an organization’s perimeter can be trusted, the Zero Trust model recognizes that trust is a vulnerability.

In short, Zero Trust for 5G presents an opportunity for service providers, enterprises and organizations to re-think how users, applications and infrastructure are secured in a way that is scalable and sustainable for modern cloud, SDN-based environments and open-sourced 5G networks. Delivering the Zero Trust Enterprise means taking Zero Trust principles, making them actionable and effectively rebuilding security to keep pace with digital transformation. 

A research paper looking at Intelligent ZTA (i-ZTA) provides an interesting approach to security in 5G and beyond. The paper can be downloaded from here. The abstract states:

While network virtualization, software-defined networking (SDN), and service-based architectures (SBA) are key enablers of 5G networks, operating in an untrusted environment has also become a key feature of the networks. Further, seamless connectivity to a high volume of devices in multi-radio access technology (RAT) has broadened the attack surface on information infrastructure. Network assurance in a dynamic untrusted environment calls for revolutionary architectures beyond existing static security frameworks. This paper presents the architectural design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks. We introduce key ZT principles as real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components. The envisioned architecture adopts an SBA-based design, similar to the 3GPP specification of 5G networks, by leveraging the open radio access network (O-RAN) architecture with appropriate real-time engines and network interfaces for collecting necessary machine learning data. The i-ZTA is also expected to exploit the multi-access edge computing (MEC) technology of 5G as a key enabler of intelligent MED components for resource-constraint devices.

Ericsson Technology Review covered Zero Trust in 5G Networks in one of their issues. Quoting from the article:

The 3GPP 5G standards define relevant network security features supporting a zero trust approach in the three domains: network access security, network domain security and service-based architecture (SBA) domain security. 

The network access security features provide users with secure access to services through the device (mobile phone or connected IoT device) and protect against attacks on the air interface between the device and the radio node. Network domain security includes features that enable nodes to securely exchange signaling data and user data, for example, between radio and core network functions (NFs).

The 5G SBA is built on web technology and web protocols to enable flexible and scalable deployments using virtualization and container technologies and cloud-based processing platforms. SBA domain security specifies the mechanism for secure communication between NFs within the serving network domain and with other network domains. 

While the new requirements and functionality introduced in the 5G specifications are already aligned with many of the zero trust tenets. It is already evident, however, that further technology development, standardization and implementation are needed in areas such as policy frameworks, security monitoring and trust evaluation to support the adoption of zero trust architecture in new telecom environments that are distributed, open, multi-vendor and/or virtualized.

While various technologies can support organizations in adhering to the guiding principles of zero trust as part of their total active defense strategy, it is important to remember that technology alone will never be sufficient to realize the full potential of zero trust. Successful implementation of a network based on zero trust principles requires the concurrent implementation of information security processes, policies and best practices, as well as the presence of knowledgeable security staff. Regardless of where a CSP is in its transition toward a zero trust architecture, the three pillars of people, processes and technology will continue to be the foundation of a robust security architecture.

Related Posts:

• 3G4G: 5G Security Overview by Mpirical
• The 3G4G Blog: Key Technology Aspects of 5G Security by Rohde & Schwarz
• The 3G4G Blog: Bug hunting in 5G Networks and Devices
• The 3G4G Blog: Impact of 5G on Lawful Interception and Law Enforcement.
• The 3G4G Blog: AT&T Cybersecurity Experts Provide 5G Security Overview
• The 3G4G Blog: Everything you need to know about 5G Security
• The 3G4G Blog: Nokia Lectures in Collaboration with Bangalore University
• The 3G4G Blog: Lawful Intercept in 5G Networks
• The 3G4G Blog: 5G Roaming with SEPP (Security Edge Protection Proxy) 

5G Network Slicing for Beginners

Network Slicing is a hot topic on our blogs and it looks like people can't get enough of it. So here is a short introductory tutorial from Wray Castle.

The video embedded below explores what Network Slicing is, how it is used, and how it is deployed in the 5G network, as well as (briefly) the role of MEC (Multi Access Edge Computing) in support of specific use cases and potential slice deployments.

Related Posts: 

• The 3G4G Blog: Network Slicing Tutorials and Other Resources
• The 3G4G Blog: Network Slicing using User Equipment Route Selection Policy (URSP)
• The 3G4G Blog: 5G Slicing Templates
• The 3G4G Blog: End-to-end Network Slicing in 5G
• The 3G4G Blog: Network Slicing in NG RAN
• The 3G4G Blog: How to Identify Network Slices in NG RAN 

GSMA Releases Mobile Economy Report 2022

The GSMA Mobile Economy report series provides the latest insights on the state of the mobile industry worldwide. Produced by GSMA's in-house research team, GSMA Intelligence, these reports contain a range of technology, socio-economic and financial datasets, including forecasts out to 2025. The global version of the report is published annually at MWC Barcelona, while regional editions are published throughout the year.

The Infographic above (PDF) shows the latest update from 2022. The PDF of report is available here.

Selective extract from the executive summary as follows:

The mobile industry has been instrumental in extending connectivity to people around the world. In 2021, the number of mobile internet subscribers reached 4.2 billion people globally. Operators’ investments in network infrastructure over the last decade have helped to shrink the coverage gap for mobile broadband networks from a third of the global population to just 6%. But although the industry continues to invest in innovative solutions and partnerships to extend connectivity to still underserved and far-flung communities, the adoption of mobile internet services has not kept pace with the expansion of network coverage. This has resulted in a significant usage gap. In 2021, the usage gap stood at 3.2 billion people, or 41% of the global population. 

The reasons for the usage gap are multifaceted and vary by region, but they generally relate to a lack of affordability, relevance, knowledge and skills, in addition to safety and security concerns. Furthermore, the barriers to mobile internet adoption are particularly acute among certain segments of the population, including women, the elderly, those in rural areas and persons with disabilities – or a combination thereof. Addressing the usage gap for these key groups will extend the benefits of the internet and digital technology to more people in society, and will require concerted efforts by a broad range of stakeholders working together with mobile operators and other ecosystem players, such as device manufacturers and digital content creators.

5G adoption continues to grow rapidly in pioneer markets, with the total number of connections set to reach 1 billion in 2022. Momentum has been boosted by a number of factors, including the economic recovery from the pandemic, rising 5G handset sales, network coverage expansions and overall marketing efforts by mobile operators. Meanwhile, a new wave of 5G rollouts in large markets with modest income levels (such as Brazil, Indonesia and India) could further incentivise the mass production of more affordable 5G devices, which in turn could further bolster subscriber growth. By the end of 2025, 5G will account for around a quarter of total mobile connections and more than two in five people around the world will live within reach of a 5G network.

4G still has room to grow in most developing markets, particularly in SubSaharan Africa, where 4G adoption is still below a fifth of total connections and operators are stepping up efforts to migrate existing 2G and 3G customers to 4G networks. However, rising 5G adoption in leading markets, such as China, South Korea and the US, means that 4G adoption on a global level is beginning to decline. Globally, 4G adoption will account for 55% of total connections by 2025, down from a peak of 58% in 2021.

By the end of 2021, 5.3 billion people subscribed to mobile services, representing 67% of the global population. In a growing number of markets, most adults now own a mobile phone, meaning that future growth will come from younger populations taking out a mobile subscription for the first time. Over the period to 2025, there will be an additional 400 million new mobile subscribers, most of them from Asia Pacific and Sub-Saharan Africa, taking the total number of subscribers to 5.7 billion (70% of the global population). 

In 2021, mobile technologies and services generated $4.5 trillion of economic value added, or 5% of GDP, globally. This figure will grow by more than $400 billion by 2025 to nearly $5 trillion as countries increasingly benefit from the improvements in productivity and efficiency brought about by the increased take-up of mobile services. 5G is expected to benefit all economic sectors of the global economy during this period, with services and manufacturing experiencing the most impact.

You can download all reports from here.

For anyone interested in keeping a track of which 2G/3G networks are undergoing sunset, you can follow my Twitter thread that lists all the networks I become aware of 

Orange is shutting down some 2G/3G networks in Europe, African opcos won't be affected. In summary:
* France: 2G shutdown 2025, 3G sunset 2028
* Rest of Europe: 3G switch off by 2025 & 2G latest by 2030#2G #3G #3G4G5G #2G3Gshutdownhttps://t.co/3iYF93MWej

— Zahid Ghadialy (@zahidtg) March 5, 2022

Related Posts: 

• The 3G4G Blog: Are there 50 Billion IoT Devices yet?
• The 3G4G Blog: The Status of 5G Standalone (5G SA) Networks - March 2021
• The 3G4G Blog: Real-life 5G Use Cases for Verticals from China
• The 3G4G Blog: When will 2G & 3G be switched off now that 5G is here?
• The 3G4G Blog: Can KaiOS accelerate the transition from 2G / 3G to 4G?