The world's migration to 5G offers communication solution providers (CoSPs) with benefits like superior network functions, service-based architecture, and IoT connectivity. However, the distributed nature of these networks can result in added security challenges. Fortunately, manufacturers like Intel have come to the rescue with a comprehensive 5G security framework.
The 4G to 5G migration
While the benefits of 5G to CoSPs and their customers are undeniable, the change in network landscape means an increase in the network's attack surface. With 4G, networks entail a single-vendor, centralized, proprietary network protected mostly by perimeter security.
In 5G, network architectures are open, multi-vendor, and service-based and include the mixing of private, hybrid, and cloud environments. And computing power is spread more evenly across the entire network on more devices - all of which need to be secured.
Security challenges in a 5G world
In their latest security guide, The Paradigm Shift in Security with the 5G stand-alone network infrastructure, Intel outlines the unique security challenges inherent to 5G build-outs and how they can be addressed.
In detail, while older, 4G architectures may benefit from some inherent security advantages, 5G networks can be just as secure, provided that CoSPs address some key areas:
- Key management is of the utmost importance
- Crypto acceleration is key to securing network traffic without compromising performance
- The platforms running it all must be resilient down to the firmware level
Specifically, 5G networks are vulnerable to three main threat categories:
Hackers attack the organization's data while at rest with malware that takes advantage of vulnerabilities in the OS or hypervisor. Addressing this threat entails using encrypted data storage.
Malicious insiders - are a continual threat to any organization's data because, by definition, they have access privileges and can intercept data when it's on the move. Therefore, encrypting data during transmission is crucial.
Third parties - include any outsiders (including competitors) who wish to access private data for their gain. In response, organizations should protect their data while it's being processed.
Building a 5G security framework
Building on the foundation of its latest 3rd Generation Intel Xeon processors, Intel has a variety of hardware and software solutions that combine to secure the latest 5G networks. These technologies include:
Intel software guard extensions (Intel SGX)
Intel SGX secures an application's data and code with built-in encryption and memory isolation to provide the best possible critical management security. It provides an enclave where security keys are stored separately from the application, VM, OS, and even VM administrators.
As a result, applications can be hosted securely anywhere on the network, including in cloud environments, without the worry of intruder access to keys. This enhanced protection is made possible thanks to the up to 512 GB of enclave capacity offered by 3rd Generation Intel scalable processors.
Intel crypto acceleration
While network encryption is not considered new, its use has previously implied decreased network performance. With built-in crypto acceleration, 3rd Generation Intel scalable processors offer a variety of performance improvements to reduce the compute cost of data encryption. Some of this gen-over-gen improvements include:
- Up to 5.6x OpenSSL RSA Sign 2048 performance
- Up to 4.2x higher TLS encrypted connections per second
- Up to 3.3x higher IPSec AES-GCM performance
- Up to 2.3x data integrity (CRC64)
Intel optane persistent memory (PMem)
In addition to data encryption at the processor level, Intel also offers hardware-based data storage encryption with Intel optane persistent memory (PMem). Specifically, 5G database applications like unified data management (UDM) and unstructured data storage function (UDSF) can benefit from PMem's ability to store unstructured data in a protected manner. In addition, these memory modules offer multiple modes that cater to specific fundamental management needs.
Intel platform resilience (Intel PFR)
As security attacks intensify, platforms are being compromised to the firmware level. For example, permanent denial of service (DoS) attacks now have the potential to shut down servers to a level that requires physical intervention.
As a result, Intel offers Intel platform firmware resilience (Intel PFR) as an available option on its 3rd Generation Intel Xeon scalable processors. It works by monitoring the system buses for suspicious traffic and verifying a platform's firmware image before executing any firmware code.
How to build the most secure 5G network
Before designing your next 5G network, consider its unique security needs. Thanks to the latest hardware from companies like Intel, you can secure your network down to the processor level and across the breadth of your entire network. In addition, don't forget to leverage a hardware integrator with strong, longstanding technology partner relationships.
As an Intel technology provider, UNICOM Engineering has helped drive the latest solutions with our partners for decades. Our skilled team actively designs solutions based on the latest 3rd Gen Intel Xeon scalable processors, Intel optane persistent memory 200 series, Intel SmartNIC and ethernet 800 series network adapters, and Intel optane SSDs. Our customers benefit from solutions optimized for telecom, cloud, enterprise, network, security, IoT, and HPC workloads with expanded I/O, storage, and network connectivity options by leveraging our services. Learn more about how UNICOM Engineering can help you transition to next-gen solutions by scheduling a consultation.