Beefing up security in a 5G world
The next wave of the Internet of Things (IoT) promises a new land of opportunity and convenience for consumers and enterprises alike.
Yet IoT also brings its share of risks. Imagine a Smart Door Controller that can lock doors and has its own SIM card to register with the network. Very convenient, but it can also be a threat, if the device’s network private identity, its IMSI, stored on a SIM card, could be captured by a malicious hacker.
Once this personal data has leaked out, the person intercepting the controller’s signals can know if we have closed our door and left the house.
In a similar way, our location data can also be captured. The danger here is that a malicious entity can set up a fake network to collect our IMSI when a device attaches to a network and sends the IMSI as plain text.
Unfortunately, these fake networks, often called IMSI-catchers, are not just theory, they have already been used. Find out more about them in Wikipedia.
Subscriber Data Management gets user friendly
The examples above underline that the most personal bits of data in a modern mobile network are who we are and where we are.
This is well recognized and secure Subscriber Data Management (SDM) has been an integral part of the mobile network for a long time.
The new 5G front end of SDM resides in the Cloud and stores both subscription-based data and session related data in a robust and reliable back-end system called the Shared Data Layer or SDL.
Using the SDL allows dataless front ends, known as 5G Registers. The main ones to take note of are Unified Data Management (UDM) and Authentication Server Functions (AUSF). These authenticate user equipment and IoT devices to manage and expose our subscription information in a secure way.
Nokia Registers are designed to cope with threats like the IMSI catcher by fully encrypting identity information from the very first attach to the network. No matter how sophisticated the attack, the leak is plugged.
The storing of session data also has great benefits for users. We’ve all been there when an online banking session or purchase just stops and we are left wondering if the transaction really went through – will we have to enter all that data again?
Using SDL capabilities, if a session gets interrupted, it can be re-established without losing any data – and we can just pick up where we left off, knowing our data is secure.
Also good for 4G
And there’s more - with these new Registers in a live 5G core network, we can also bring the same benefits to 4G connected IoT and subscriber devices. 5G Registers can also serve different bearers, whether 4G, 5G or even Wi-Fi – the data is still protected because the traffic can also be served by the 5G core and the new Registers.
Who else benefits from enhanced privacy?
One of the most innovative aspects of the 5G architecture is network slicing, in which operators provide a portion of their network for different customers and use cases. Different levels of connectivity, capacity, speed and coverage can all be allocated to meet the demands of each use case.
Each network slice, whether used for an enterprise, IoT service or MVNO, benefits independently from the security advantages offered by the 5G core.
Thanks to these new enhanced privacy features, investing in 5G Registers pays off for operators – their subscribers’ data is safe, and they can focus on improving the value of their new 5G service without worrying about privacy.
As a single point of handling subscriber data and authentication, Registers, as the heart of the core network, reduce complexity and the time spent developing new applications.
The SDL and its capabilities are a major step in unleashing the full potential of 5G.
Learn more about how Nokia SDM back end is designed for new data freedom
Share your thoughts on this topic by joining the Twitter discussion with @nokianetworks or @nokia using #security #5G #cloud #IoT #IoTsecurity #CyberSecurity #databreach #hack #hacking