Home / Security / Security: Bruce Schneier on 5G Security

Security: Bruce Schneier on 5G Security




Security: Wireless Networking

Security: China

Security: Communications

Security: Security

Security: United States


Bruce Schneier on 5G Security (schneier.com)



from the closer-look dept.

Bruce Schneier

comments on the issues surrounding 5G security


[…] Keeping untrusted companies like Huawei out of Western infrastructure isn’t enough to secure 5G. Neither is banning Chinese microchips, software, or programmers. Security vulnerabilities in the standards, the protocols and software for 5G, ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks. If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security. To be sure, there are significant security improvements in 5G over 4G in encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren’t enough. The 5G security problems are threefold.

First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it. Second, there’s so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems. Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.

Center meeting at 4pm in 2C-543.


Read More

Share this:


About admin

Check Also

Security: Vinyl cover maker Slickwraps coughs up customer info in a data breach

Security: Vinyl cover maker Slickwraps coughs up customer info in a data breach

In an email sent to customers this morning, Slickwraps says an "unauthorized party" accessed its private databases, and obtained customer names, emails and addresses. Slickwraps claims passwords and credit card information weren't compromised."We are deeply sorry for this oversight. We promise to learn from this mistake and will make improvements going forward. This will include…

Leave a Reply

Your email address will not be published. Required fields are marked *