Mobile security needs a rethink for the 5G era

The anticipated impact of future mobile network applications, such as connected and autonomous vehicles (CAVs), virtual reality gaming, the internet of things (IoT) and gigabit download speeds, to name but a few, means the UK needs to rethink its mobile security strategy if it is to capture the benefits of 5G.

This is the key finding of a new report released through the government’s 5G Testbeds and Trials programme, with input from, among others, the University of Surrey’s 5G Innovation Centre and three of the ongoing testbeds – AutoAir, 5G RuralFirst, and the Worcestershire 5G Testbed.

“We are expecting the first 5G enabled services to come to market next year and we are already doing significant work across the UK test beds,” said Rahim Tafazolli, University of Surrey Regius professor and founding director of the 5GIC. “The benefits of being prepared for what 5G offers are clear for all to see.

“Performance risk in such a complex network means that we need to reconsider many of our digital security processes. We believe that with the sound recommendations made in this paper, the UK will be in a good position to continue our leadership position in 5G innovation, development and deployment.”

Peter Claydon, project director of AutoAir, said: “Since the age of 2G, mobile networks have been some of the most secure things on the planet, helped by the fact that each one is controlled by a single network operator. 5G opens up mobile networks, allowing network operators to provide ‘slices’ of their networks to customers.

“Also, customers’ data can be offloaded and processed at the edge of the network, without going through the secure network core. This report is a timely reminder of the security challenges that these new features raise.”

The report’s authors believe the UK needs to innovate to create a “new way to predict and pre-validate” 5G network connections – possibly using mobile AI-based autonomous technology – whether those come from smartphones, other home IoT devices or machines, so that the network can recognise them quickly and efficiently and confirm their security and validity without compromising experience or performance.

The report made three further key recommendations: first, that a cross-layered process be designed to allow end-to-end security for critical 5G services in areas such as transport or health; second, that a dedicated body be established to monitor and encourage security-by-design practice around 5G; and third, that existing UK testbeds be involved in further testing of 5G security standards and capabilities as they emerge.

Robert Driver, head of UK5G, the country’s national 5G innovation body, said: “The paper highlights the challenges and inevitable trade-offs between cost, security and performance in the development and deployment of 5G. In a new environment of multiple use cases, each with different performance requirements, along with the expected introduction of new market players, alignment and cooperation between parties will be essential. Systems need to be ‘secure by design’ and new approaches, including the use of AI, will be required.”