With great power comes great responsibility. 5G is the next generation of 3GPP technology. Along with having the potential to facilitate the next leap in connectivity, 5G technology supremacy also has the power to define the geopolitics of the next century. As the global battle for 5G dominance plays out, companies are driving hard to secure coveted Standard Essential Patents (SEPs) encompassing 5G technology. The victor will secure substantial revenue and money flow in the form of patent royalties.
Since all service providers wishing to facilitate 5G networks will need to license SEPs with hefty royalty fees, there are major economic advantages for the country whose companies secure 5G SEPs. To date, Huawei, which was founded in 1987 by a former People’s Liberation Army engineer, holds the majority of SEPs encompassing 5G technologies, causing misgivings on the part of some world leaders. Some in Washington say that Huawei is nothing more than an arm of Chinese State Intelligence, which Huawei vehemently denies. Despite the denial, U.S. Secretary of State Mike Pompeo has made clear his belief that, “Our view of Huawei is: putting it in your system creates real risk.”
So, what has our leaders up in arms? Looking at the issue from a technical perspective, critical infrastructure such as electric grids is one example of prime targets for attacks that will need enhanced 5G security. Data reported back to decision-making systems must be communicated in a way that is protected from corruption. If critical data is corrupted when communicated in 5G networks, the results could be catastrophic. Providing necessary network functions such as storage and processing technology in 5G ecosystems is paramount for securing such critical infrastructure. Since everything of late is virtualized—meaning hardware functions are replaced with software that is stored and executed remotely—creating 5G Software Defined Networks (SDNs) that facilitate Network Function Virtualization (NFVs) offer opportunities for potential service providers.
SDNs and the Drawbacks of Centralization
SDNs centralize network control platforms and provide program flexibility in communication networks. SDNs allow the network to dynamically reconfigure itself by taking a new approach to the network architecture and separate the network into three different layers—application, control and data. The Application Layer hosts applications and communicates with the SDN controller. The SDN applications may include network applications, cloud orchestration or business applications. The Control Layer includes a SDN controller and communicates the application layer requirements while controlling the SDN data paths. The Infrastructure Layer (i.e., the tangible network hardware) facilitates open standards-based access to infrastructure. In a traditional network device, a router or switch contains both the control and data plane. The control plane determines the route that traffic will take through the network, while the data plane is the part of the network that actually carries the traffic.
Unfortunately, the opportunities derived from SDNs and NFVs also come with risks. For example, centralized control elements are susceptible to Denial of Service (DoS) attacks, among other risks. SDNs could be rewritten with malicious code, thereby infecting NFVs. Data being sent to virtual networks could also be corrupted. This is especially true with Mobile Cloud Computing (MCC) which conceptually migrates cloud computing into 5G ecosystems, including the open nature of architectural and infrastructural modifications of 5G. Based on this open architecture, vulnerabilities are especially prevalent on the front-end of MCC architectures where client platforms execute applications and interfaces that are required to integrate with the Cloud. The threat landscape of these vulnerabilities includes physical threats targeting the actual mobile device and application-based threats including spyware, malware and other harmful protocols implemented for interrupting user applications or gathering sensitive user data. When critical Application Programming Interfaces (APIs) running on SDNs are exposed to malicious software, an entire network may be rendered inoperable. An SDN controller can also change flow rules in the data path which creates more vulnerabilities. Data Channels in current SDN systems are protected by TLS/SSL sessions. However, these methods are also vulnerable (e.g., IP layer attacks, SDN scanner attacks, and the like) and do not have effective authentication mechanisms.
The Power of Decentralization
One potential approach to dealing with vulnerabilities of the SDNs due to their centralized nature is to decentralize the network on blockchain-based SDNs that enable 5G security framework. Implementing a blockchain smart contract provides an immutable way of validating the contract and can prevent malware, man-in-the-middle attacks and device misbehaviors when individual nodes or user equipment (UE) are corrupted. With this approach, SDN software can be obtained from the blockchain. By using the blockchain for SDN and UE interactions, the integrity of UE devices can be maintained.
For example, United States Pre-Grant Publication by Smith et al. (US 2019/0373472) discusses blockchain application for securing software code and 5G network configuration. Specifically addressing NFVs with SDNs, the ‘472 publication teaches a 5G SDN Network being run and configured through the blockchain. The ‘472 publication implements SDN based on smart contracts within a blockchain ecosystem for provisioning and managing devices securely. Various elements of a 5G SDN can acquire software protocols from the blockchain. Smith provides necessary tools for operating a virtualized infrastructure, managing the life cycle of the NFVs and orchestrating virtual infrastructure and network functions to compose value-added end-to-end network services.
A recent patent awarded to Cisco outlines another flavor of blockchain/5G security methods for Internet of Things (IoT) devices. For example, U.S. Patent No. 10,299,128 implements a so-called “blockchain roaming broker entity” (BRB) over a blockchain network interface. The BRB entity may act as an agent or gateway to blockchain authentication functions and for managing data sessions. Notably, access and mobility management functions may communicate directly with the BRB entity over the blockchain network interface. The ‘128 patent teaches techniques for registering UE on 5G networks using a natively integrated blockchain platform, which can support complementary/substitute blockchain authentication procedures for any UE attaching to a 5G network. The ‘128 patent includes operations to register and attach the UE to the core network and to encrypt and protect traffic between the UE and core network entities. The BRB receives a blockchain authentication confirmation from the BRB entity and utilizes an NFV entity that forms part of a core communication network.
Implementing software and or configuration scripts for devices on the blockchain is not limited to 5G or IoT devices. Blockchain smart contracts providing a verifiable method for device integrity also apply to traditional devices that operate in traditional wired networks. Developers looking at security for applications outside of 5G and IoT could also implement blockchain in analogous ways for achieving robust network architecture.
Only time—and, likely, more patents—will tell whether the blockchain will and can be used to successfully minimize the vulnerabilities of 5G and reduce fears of its misuse.