Mobileum Blog

Prepare your signaling firewall for 5G today | Mobileum

Written by Stephen Buck | 17/03/2020

With 5G networks now live in 24 markets around the world, things are beginning to take off. The GSMA recently projected that by 2025, 15% of all connections, a whopping 1.8 billion, will be via 5G. Despite all the 5G hype, 4G will continue to grow for the next few years, peaking at just under 60% of global connections by 2023.

This shows that while 5G is about to soar, existing 3G and 4G networks will still carry the bulk of the traffic for the foreseeable future, this is because 5G will be the non-standalone variety, with a 4G core. However, when it comes to network security, many operators are launching their 5G networks without implementing the required security measures for managing network traffic in such a complex environment. We break down some of our concerns around this often-overlooked issue:

1. Multi-networks, multi-signaling protocols, multiple security vulnerabilities

Today’s multi-generational networks are based on different signaling protocols that create different security risks. For instance, 3G networks run on SS7 protocol, while 4G relies on Diameter and SIP, none of these having authentication methods built-in making them more prone to security issues.

5G networks have taken positive steps with enhancements for encryption, mutual authentication, integrity projection, and privacy. However, 5G’s built-in cybersecurity features cannot roll back the clock and plug the existing vulnerabilities found in the other networks. This is particularly pertinent as 5G coverage remains dispersed, and traffic will continue to traverse between 3G and 4G/LTE networks for the foreseeable future. While 5G may prove more secure, the same trust cannot be given when traffic crosses different networks. For 5G, the security edge protection proxy (SEPP) is not enough. It just authenticates the sender and checks that the message is not changed, but a firewall is still needed to verify that the message is allowed to be sent by that operator, to that user, in that context, from that location.

2. Roaming traffic will increase

Juniper Research projects that mobile data roaming revenues will reach $31 billion by 2022, representing an average annual growth rate of 8 percent – with IoT roaming revenues expecting to increase by 20-30%. New 5G protocols will mean that roaming traffic will have the added protection of the Security Edge Protection Proxy (SEPP), which aims to secure internetwork interconnect issues and resolve these legacy security threats. In addition, 5G provides native support to securely steer roaming traffic to preferred visited partner networks, with the ability to authenticate the location of a roaming device when a request is received from a visited network. This drastically reduces the threat of fraud or call interception, but there’s a catch. While these improvements provide additional protection against the known inter-connect/roaming vulnerabilities of SS7 and DIAMETER, a signaling firewall is still required to protect the SEPP control plane.


3. Introduction of network slices

The introduction of 5G network slicing is being eyed with excitement because it will support a wide range of new use cases and revenue opportunities. But the addition of APIs with these slices mean more types of enterprises will be communicating, and they will all have different security requirements. Greater flexibility, in managing who can send what, will be required; meaning security considerations need to be addressed at an individual level. For example, even though both 4G and 5G applications support video services, there are vastly different security requirements for mission critical video applications like remote surgery, as opposed to what would be required for a simple video conference. What’s more, the rise of network slices will also expand the attack surface available to hackers. With the added complexity of network slices there are simply more entry points that need protecting: user devices, radio access and core networks, the mobile edge, internet, roaming and air interfaces. All these must be protected.

As you can see, 5G delivers some critical advances in network security. However, it is expected that for the foreseeable future, network traffic will still rely upon 3G or 4G, and this will require additional encryption. Operators shouldn’t wait for 5G to benefit from these built-in cybersecurity features. Instead, today, they can apply multi-signaling firewalls that ensures traffic that traverses between 3G and 4G networks - and eventually 5G - have the proper security protections in place to handle this hybrid scenario.

This is why Mobileum offers a 5G upgrade for its multi-signaling firewall. Mobileum’s signaling firewall provides protection for multi-generational network traffic as well as standalone 5G networks. In addition, it provides a critical added layer of protection that the SEPP proxy alone cannot deliver. This provides an evolutionary approach for operators to ensure their network remains secure now - and in the future. 

For more details, please contact us.