The Computing Community Consortium (CCC) has released a white paper titled 5G Security and Privacy – A Research Roadmap. The white paper, written by CCC Council Member Elisa Bertino (Purdue University) with Syed Rafiul Hussain (Purdue University) and Omar Chowdhury (University of Iowa), aims to stimulate conversation around a research roadmap for the security of 5G-related technologies.
From the abstract: “Cellular networks represent a critical infrastructure and their security is thus crucial. 5G – the latest generation of cellular networks – combines different technologies to increase capacity, reduce latency, and save energy. Due to its complexity and scale, however, ensuring its security is extremely challenging. In this white paper, we outline recent approaches supporting systematic analyses of 4G LTE and 5G protocols and their related defenses and introduce an initial security and privacy roadmap, covering different research challenges, including formal and comprehensive analyses of cellular protocols as defined by the standardization groups, verification of the software implementing the protocols, the design of robust defenses, and application and device security.”
In the white paper, Bertino, Hussain, and Chowdhury outline several future research directions, including:
- Formal analysis of standards including the radio protocol stack, inter-networking protocols, and network slicing.
- Verification of software and firmware “to holistically verify whether 5G protocol/system implementations faithfully adhere to the design specifications along with the security and privacy requirements.”
- Root cause analysis “in order to partition protocol-level attacks (including identity exposure, location tracking, denial-of-service, and impersonation attacks) into classes of attacks where attacks in a particular class exploit the same protocol vulnerability” and, once an attack class is identified, the subsequent defense development for next generation cellular networks “that will thwart that class of attacks by eliminating the underlying protocol vulnerability.”
- Application and device security, such as eliminating robo-calls, by proving the “end-to-end security and privacy of a given application—that is, composing the application-level security measures and the guarantees provided by the cellular network indeed entail the overall expected security guarantees of an application.” (pp. 7-8)
Read the full 5G Security and Privacy – A Research Roadmap white paper here. The topics of cybersecurity and privacy in general, and 5G technologies in particular, are of ongoing interest to the CCC. We encourage you to explore our other related whitepaper/workshop reports on the CCC by CS area webpage, and to check the CCC blog regularly for updates. This white paper is intended to catalyze conversation and we anticipate writing updates as 5G technologies are rolled out over the next several years. The CCC would appreciate thoughts on the roadmap from the community — we encourage you to reach out to the authors (emails are listed in the white paper) or email infoccc@cra.org.
The White House also recently released a report on the security of 5G—the National Strategy to Secure 5G of the United States of America is now available. From the report: “The United States National Cyber Strategy states that: The Administration will facilitate the accelerated development and rollout of next generation telecommunications and information communications infrastructure here in the United States, while using the buying power of the Federal Government to incentivize the move towards more secure supply chains. The United States Government will work with the private sector to facilitate the evolution and security of 5G, examine technological and spectrum-based solutions, and lay the groundwork for innovation beyond next-generation advancements. This National Strategy to Secure 5G expands on how the United States Government will secure 5G infrastructure domestically and abroad.“ (p. 1).
Read the National Strategy to Secure 5G of the United States of America here.