Bruce Schneier on 5G Security (schneier.com) 33
Bruce Schneier comments on the issues surrounding 5G security: [...] Keeping untrusted companies like Huawei out of Western infrastructure isn't enough to secure 5G. Neither is banning Chinese microchips, software, or programmers. Security vulnerabilities in the standards, the protocols and software for 5G, ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks. If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security. To be sure, there are significant security improvements in 5G over 4G in encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough. The 5G security problems are threefold.
First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it. Second, there's so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems. Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.
First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it. Second, there's so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems. Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.
Yeah, but... (Score:3, Interesting)
What about 3G? LTE? How do they compare with 4G and 5G in regards to security?
Re:Yeah, but... (Score:4, Insightful)
Mostly like MD5 compares to SHA1. Even more insecure, but do you really care whether you open the door or the barn door to your house?
The point is that just because something is "more secure" doesn't mean it's secure enough. Security is an effort/reward game, how much do you try to secure with how much effort? Your home computer is probably less secure than the average server at your local bank, do you think your computer is more at risk to be hacked?
Re: Yeah, but... (Score:1)
Security as an afterthought? (Score:3)
Perish the thought, that has NEVER happened before!
What? (Score:4, Interesting)
Since when has security ever been a priority for mobile standards? Hell 5G has already been broken, even before being rolled out.
Do they even *want* security? (Score:2)
Is there some way they're making money off data breaches? Are companies somehow quietly profiting from it? May sound outlandish but it would be a better explanation than 'humans are just plain stupid'. The level of 'stupid' required otherwise would contradict our ability to have any sort of actual civilization.
Re: (Score:2)
The concept of a "network" is antithetical to security. A network is for sharing information between endpoints, not hiding it. There is a trade off between security and cost. Does it really matter if a 5G connection is 100% "secure"? Probably not.
Re:Do they even *want* security? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I actually think that's not true. While connecting two end point necessarily creates the possibility of an attack, there's no fundamental reason why a network can't be acceptably safe in practical terms.
What makes the problem hard is that security is not something that can be evaluated with a functional test. A system has to be critically evaluated by people with special expertise, and that *doesn't* happen, there's no way a user can know that hasn't happened until he's caught up in some kind of giant dat
Re:Do they even *want* security? (Score:4, Funny)
"Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police".
- Professor Gene Spafford
The execs and security people don't understand (Score:2)
I've observed that the people who understand security don't understand how to talk to executives, the technical people don't speak that language. On the other side, the executives (money people) don't know how to talk to security people - they don't know wtf ECC curves are etc. Heck, neither group is particularly good at understanding and discussing risk management, which should be the meeting place for these two groups. The security people and the money people can't talk to each other effectively, so a l
To Complex or Too expensive (Score:2, Offtopic)
"First, the standards are simply too complex to implement securely."
Translate to: This is already expensive any additional expense will hit projected profit margins.Which will affect our Share Value on the Stock Market.
America is lagging in many business sectors not because we are too expensive to product, but we are expensive and produce bad quality products.
Why do I drive a Toyota vs a Ford? Because the Toyota has a better track record for quality.
We are willing to pay for quality. So even if American Pro
Re: (Score:2)
What does this have to do with America? This is a global standard.
Re: (Score:1)
It would mean that products from certain countries wouldnt come with a certain reputation attached.
Japanese car, Indian car, British car, Chinese car, German car, Italian car. I would find it very odd indeed if you were to tell me that they all evoked the same image in your mind.
Limiting Scope (Score:5, Informative)
That said, I don't think it's realistic to expect mobile operators or the 3GPP (standards body writing the spec) to come up with a bulletproof security scheme. I think the more realistic approach is to improve security to a point where:
a) subscribers and operators don't lose money to fraud (i.e., people can't use someone else's subscription);
b) denial-of-service attacks on the network are difficult to carry out (i.e., legitimate users can't be stopped from using the network).
This could be trivially done by well established security techniques long implemented in the Internet world (PKI, key exchange protocols, etc.) There are massive challenges for national security with jamming, physical and cyber attacks on infrastructure, etc., but this is well outside the scope of subscriber security.
Most importantly, developers who build services on top of the network must be told in no uncertain terms, that their communication is, by design, INSECURE. Just like with any other means of Internet access, everyone should expects their packets to be visible to others, and should also be prepared for some level of tampering. This is how all of the Internet works, and our expectations should be no different for cellular. Once this is understood, we're back to solving problems in the Internet world, which are still very difficult, but are much more familiar.
Re: (Score:2)
Most importantly, developers who build services on top of the network must be told in no uncertain terms, that their communication is, by design, INSECURE. Just like with any other means of Internet access, everyone should expects their packets to be visible to others, and should also be prepared for some level of tampering. This is how all of the Internet works, and our expectations should be no different for cellular. Once this is understood, we're back to solving problems in the Internet world, which are still very difficult, but are much more familiar.
That would defeat the purpose of telling developers (and users) that the network is secure so that they make their applications insecure allowing ubiquitous surveillance. It is not enough that the network is insecure; people also need to believe it is secure.
The time old equation.... (Score:1)
Making a clean break makes sense. (Score:2)
If this is true that 5G is just an evolution of 4G and therefore inherits the security problems instead of fixing them then a clean break makes sense. It's not like cell phone service providers didn't have to deal with a transition of different protocols before. This will no doubt be more expensive but if 5G is as broken as people claim (as I recall power consumption on 5G devices has been a big problem) then this will be even more expensive to fix later.
I do like the idea of separating the security from
As long as the execs are making money... (Score:4, Insightful)
All the standards are insanely over complicated. (Score:3, Interesting)
Security has to be at the start (Score:2)
How will the NSA and GCHQ (Score:1)
Re: How will the NSA and GCHQ (Score:2)
Ed Snowden (Score:2)
Either the NSA has turned over a new leaf, or all their bitching and moaning about Huawei is simply because the NSA doesn't have a guarantee of implants in their gear. It looks like the UK may defect from Five Eyes on this one.
They"ve even got nutballs who failed 7th-grade science afraid that 5G is going to give them cancer, slowing down local permitting enough to allow the "cooperating entities" enough time to get their gear finished.