Radio Access Network (RAN) Security for 4G and 5G Explained

Radio Access Network Evolution: The Cornerstone for Growth

In the evolution from 4G to 5G, 5G New Radio was the 1^st step completed by the standards and the 1^st to be deployed by mobile operators in 5G Non Stand Alone (NSA) architectures. This is no surprise as 5G Radio Access Network (RAN) is a fundamental component in MNOs’ ability to deliver upon the promise of 5G and growth. It is fundamental for 5G’s cornerstone capabilities: high bandwidth (eMBB), massive scale (mMTC), high reliability and low latency (uRLLC). 

Today 5G public networks are delivering enhanced mobile broadband to a growing number of consumers and enterprises, and are serving a growing number of connected devices. As edge computing site evolve, 5G SA is deployed and standards continue to evolve, the full promise of 5G can be delivered. 

To meet the hyper-scalability, high performance and low latency required by future 5G use cases, 5G NR is distributed, virtualized, shared and is architecturally more complex than ever. Alongside clear benefits these capabilities bring, new security risk and challenges are introduced and amplified. These risk must be addressed through appropriate security controls designed to support and protect the delivery of business and industry use cases across 5G NR and elsewhere in the telco cloud.

The Growing Need for 5G New Radio Access Network (RAN) Security

5G NR and overall LTE evolution, current and future target market segments and use cases, all have a strong impact on the growing need for RAN security:

Big, Bigger, Biggest

To enable the growing scalability delivered by LTE-A, and especially 5G, the deployment of a growing network of small cells is required. Many of these femtocells, picocells, and microcells eNobeBs (eNB) and gNodeBs (gNB) will be located in the public domain and in other non-secure locations. These will also be, in most cases, connected to the MNO network via an untrusted backhaul. These factors represent a growing risk, contributing to an increase in the overall attack surface as well as risk for traffic tampering, misuse, and manipulation.

5G Radio Access Network (RAN) Sharing

5G RAN sharing is an increasingly popular method used by 5g operators to cost-effectively increase their coverage. It involves sharing 5G RAN between two (or more) mobile operators—mutually offering access to each other’s’ resources to better serve customers and reduce costs associated with 5G NR deployments. This is specifically attractive in 5G higher frequencies, especially in the mmWave bands with a more limited reach, where the cost implications of deploying more base stations is significant.

To ensure user and control plane separation, privacy and security between the sharing operators, the appropriate security tools must be deployed.

Growing Importance and Scale of User Plane Traffic

The ongoing evolution of 4G, and the introduction of 5G, are gradually enabling the implementation of business and vertical use cases that provide value beyond plain wireless connectivity. However, they also place a growing importance on the integrity and continuity of user plane traffic in the RAN, as well as onto the core. This user plane has now become one of the primary components of the MNOs’ ability to provide value added services (VAS) such as infotainment, IoT services, and AR services, to name a few.

This, in turn, drives the need for greater security, integrity, and continuity of user plane data which is also likely to experience significant growth.

Diversified Radio Access Network (RAN) Architectures at Place

The need for better and higher RAN performance, agility, scalability, flexibility, and cost-effectiveness have led to its gradual evolution in LTE, and ultimately, onto 5G NR. As a result, MNOs will be operating a hybrid RAN environment composed of different centralized, distributed, and virtualized/cloud eNB/gNB architectures. 

These architectures will also depend on specific use case requirements per market segment or network slice. In such a hybrid environment, maintaining security, integrity, and visibility for control, user planes, and O&M requires using a common set of security tools flexible enough to adapt to the RAN’s different architectures, requirements, and constraints.   

Mobile Infrastructure Critical Use Cases

LTE-A and mostly 5G provide the ability to support critical use cases and innovation in different industries, including healthcare, energy, and transportation. Unlike the previous mobile generation, mobile infrastructure technology “standardization” and the growing reliance on its services for some critical use cases will increase the cybercrime community’s interest in the mobile infrastructure as an attack vector and target, and will further drive the growing need for RAN security.  

Lurking Threats in the Radio Access Network (RAN)

These are some of the main forces driving MNOs to modernize and strengthen their existing RAN security. Failure to provide confidentiality, integrity, and service continuity for all communication planes (control, user, and O&M) may result in different types of attacks:

• Introduction of rogue eNBs and gNBs as a launch point for attacks against the core infrastructure
• Man in the middle (MIM) attack for intercepting control and user plane traffic
• Distributed/Denial of Service (DDoS/DoS)
• Injection of malicious traffic (malware) to attack and manipulate core elements
• Misconfiguration or failed software updates within the RAN

Any one of the above attacks has the potential to disrupt the RAN, the core network, and overall service continuity. They can also expose and modify user data, impacting both customers and telco cloud applications and services, and overall jeopardize the MNO’s ability to comply with data privacy and security regulation.  

Fortinet’s Radio Access Network (RAN) Security Infrastructure

The Fortinet solution for RAN security utilizes the FortiGate platform in different form factors (physical and virtual network functions – PNF and VNF) to provide advanced Secure Gateway (SecGW) and a state-of-the-art Next Generation Firewall (NGFW) capabilities. These are designed to meet the security needs of different LTE and 5G NR architectures. The FortiGate provides three key security functions for the RAN:

• Confidentiality - FortiGate ensures the protection of user traffic throughout the RAN and into the distributed Core in the central DC or multi-access edge compute (MEC) locations. 
• Integrity - FortiGate protects against unlawful changes of user data, due to things like malware injections or rogue traffic.
• Availability and Continuity – FortiGate protects against attacks that can lead to the misuse of RAN and Core elements, causing service degradation or interruption.

This unique combination of form factors and functionalities delivers a powerful tool with a rich set of versatile capabilities suitable for the largest Tier-1 5G RAN deployments:

• Massive single tunnel throughput performance - up to 110 Gbps
• Ultra-low, µs-level latency
• "Re-ordering avoidance" technology
• Comprehensive QoS Support
• X2/Xn Traffic mirroring
• Horizontally Scalable Cluster Options and Geo-redundancy
• QKD (Quantum key distribution) support
• Hitless site failover and in-service software upgrade
• Highly Energy efficient and compact form-factor

5G Radio Access Network (RAN) Security Requires an Innovative Approach

5G will address new market segments and enable industry transformation and innovation, with 5G NR serving as the foundations for delivering these capabilities. As such, securing the 5G RAN has never been more important. Such a scalable, complex, distributed and dynamic RAN mandates a new kind of security infrastructure, one is the agile and hybrid, and yet capable of supporting the mixed architectures and different performance, scalability and QoS requirements 5G brings to bear. The Fortinet Security Fabric for 5G delivers security visibility, automation and control, primarily via the FortiGate SecGW, totruly secure LTE-A and 5G NR infrastructure without compromising performance, scalability and ultra-low latency, enabling mobile network operators to securely deliver current and new services and use cases.

Learn more about Fortinet’s LTE and 5G new radio security solutions.

Download Whitepaper to explore considerations and requirements for 4G and 5G Radio Access Network (RAN) Security.