Automated security testing of the 5G control plane is a critical step in reducing network vulnerabilities.
In previous times, the cellular network was considered pretty secure. Essentially, it was an almost closed-loop environment based on a few vendors with highly proprietary systems; instances of hacking or attacks against carriers are almost impossible to find referenced within the news media. There are likely to have been several attempts over the years, but quantifiable breaches are like unicorns – they may not exist.
But things are changing. The arrival of 5G heralds not just more bandwidth and lower latency, but also a fundamental shift in how cellular networks are designed, operated, and interconnected with the wider world of ICT. Most operators are embracing expansive designs that utilize more vendors within software-defined and cloud-centric architecture. The exciting potential offered by 5G includes intelligent smart city applications, private enterprise 5G networks, and even the growing use of 5G to replace traditional emergency services radio networks.
Because of this increasingly open and flexible approach, cellular networks have become more exposed to potential bad actors. Within network security practices, most of the attention has focused on attacks through the user plane (or data plane), which carries the network traffic, but there also needs to be consideration on securing the control plane, which carries critical signalling traffic. The industry is recognizing the potential vulnerabilities and coalescing around agreed upon best practice counter measures.
Standard bearer
3GPP is at the heart of this push through several initiatives. At the top of the pyramid is the Network Equipment Security Assurance Scheme (NESAS), which defines security requirements and an assessment framework for secure product development and product lifecycle processes, as well as 3GPP-defined test cases for the security evaluation of network equipment.
This leads to the 3GPP Security Assurance Methodology (SECAM), which is developed from a purely industrial perspective, with a focus on the security of the Common Criteria (CC) and Common Criteria Recognition Arrangement (CCRA) framework and its implementation in the mobile network.
At the node level, we have the 5G Security Assurance Specification (SCAS) that defines security requirements and test cases for network equipment implementing one or more 3GPP network functions. This is the point where we need to run specific tests across elements including Access Mobility Management Functions (AMF), User Plane Functions (UPF), Session Management Functions (SMF), and many others. The nodes go through a series of tests based on the specification that include key elements such as vulnerability, compliance, and application testing.
Automation with CI/CD
However, this is not just a fire and forget process. The high frequency of updates and larger number of vendors means that the sedate pace of change found in 3G and 4G networks - where updates might be considered every few months - is instead replaced with a constant drumbeat of weekly or even daily changes.
This has made it essential for this NESAS, SECAM, and SCAS secure process chain to become both continuous and highly automated. This shift has been a focus of the development teams at Spirent. The 5G Core Security Automation Package, which just launched this month, is an addition to their industry-first subscription-based 5G Core Automation Platform – a wrap-around and end-to-end testing solution that is fully compliant with 3GPP testing methodologies. The new package is essentially a continually updated security test library that grows in step with the ongoing revisions and additions to the underlying SCAS specification.
Spirent has also gone further through the inclusion of security attack emulation tests for threats such as Distributed Denial of Service (DDoS) and Man-in-the-Middle (MITM) attacks.
Feedback for the 5G Core Automation Platform has been extremely positive, with one of the highlights being that the implementation can be dropped seamlessly into the continuous integration and continuous deployment (CI/CD) workflows that are becoming critical for effectively delivering 5G to market.
Automation is a major time saver when it comes to comprehensive testing. In theory, SCAS testing could be carried out manually, but automation is an order of magnitude more efficient and a critical piece of the CI/CD lifecycle – a must to maintain performance and functionality with the rapid pace of change in network updates. From day one with the 5G Core Automation Platform, customers benefit from a large (and growing) base of fully automated, ready-to-use test cases that captures years of expertise in 5G, automation, and security. This results in 80% cost savings and 60% improvement in time to market.
The last point to mention is that operators we speak to genuinely accept that security needs to be taken extremely seriously. Especially as 5G starts to become a critical infrastructure – for example as the backbone for running first responder communication, CCTV, or as part of autonomous vehicles’ design. The impact of a security breach that took down an entire network would be catastrophic to governments, consumers, and ultimately the reputation of the operator – and trust in 5G.
5G is a game changer for our industry and our wider society. Making sure it’s secure as it can possibly be might well become the most important element of turning the potential into a welcomed reality.
Contact CN Rood for more information!