Industry Trends

The Growing Need for 4G and 5G Radio Access Network (RAN) Security

By Ronen Shpirer | May 28, 2020
Executive Perspectives

Radio Access Network Evolution: The Cornerstone for Growth

LTE and new radio (NR) evolution is a fundamental component in MNOs’ ability to deliver upon the promise of 5G and growth. It is fundamental for 5G’s cornerstone capabilities: high bandwidth (eMBB), massive scale (mMTC), high reliability and low latency (uRLLC).    

Evolving LTE and 5G RAN technologies and architectures also enable these mobile network operators to expand their customer segment from consumers to enterprises and industries – enabling new markets and growth engines. 

But at the same time, these 4G and 5G radio access infrastructures not only introduce complexity, but also increase the potential attack surface and risk presented. And this risk must be addressed through appropriate security controls designed to support and protect the delivery of business and industry use cases across the Radio Access Network (RAN) and elsewhere in the telco cloud.

The Growing Need for RAN Security

RAN evolution, current and future target market segments, and use cases enabled by 4G/5G technologies and infrastructures, all have a strong impact on the growing need for RAN security:

Big, Bigger, Biggest

To enable the growing scalability delivered by LTE-A, and especially 5G, the deployment of a growing network of small cells is required. Many of these femtocells, picocells, and microcells eNobeBs (eNB) and gNodeBs (gNB) will be located in the public domain and in other non-secure locations. These will also be, in most cases, connected to the MNO network via an untrusted backhaul. These factors represent a growing risk, contributing to an increase in the overall attack surface as well as risk for traffic tampering, misuse, and manipulation.

Growing Importance and Scale of User Plane Traffic

The ongoing evolution of 4G, and the introduction of 5G, are gradually enabling the implementation of business and vertical use cases that provide value beyond plain wireless connectivity. However, they also place a growing importance on the integrity and continuity of user plane traffic in the RAN, as well as onto the core. This user plane has now become one of the primary components of the MNOs’ ability to provide value added services (VAS) such as infotainment, IoT services, and AR services, to name a few.

This, in turn, drives the need for greater security, integrity, and continuity of user plane data which is also likely to experience significant growth.

Diversified RAN Architectures at Place

The need for better and higher RAN performance, agility, scalability, flexibility, and cost-effectiveness have led to its gradual evolution in LTE, and ultimately, onto 5G NR. As a result, MNOs will be operating a hybrid RAN environment composed of different centralized, distributed, and virtualized/cloud eNB/gNB architectures. 

These architectures will also depend on specific use case requirements per market segment or network slice. In such a hybrid environment, maintaining security, integrity, and visibility for control, user planes, and O&M requires using a common set of security tools flexible enough to adapt to the RAN’s different architectures, requirements, and constraints.   

Mobile Infrastructure Critical Use Cases

LTE-A and mostly 5G provide the ability to support critical use cases and innovation in different industries, including healthcare, energy, and transportation. Unlike the previous mobile generation, mobile infrastructure technology “standardization” and the growing reliance on its services for some critical use cases will increase the cybercrime community’s interest in the mobile infrastructure as an attack vector and target, and will further drive the growing need for RAN security.  

Lurking Threats in the RAN

These are some of the main forces driving MNOs to modernize and strengthen their existing RAN security. Failure to provide confidentiality, integrity, and service continuity for all communication planes (control, user, and O&M) may result in different types of attacks:

  • Introduction of rogue eNBs and gNBs as a launch point for attacks against the core infrastructure
  • Man in the middle (MIM) attack for intercepting control and user plane traffic
  • Distributed/Denial of Service (DDoS/DoS)
  • Injection of malicious traffic (malware) to attack and manipulate core elements
  • Misconfiguration or failed software updates within the RAN

Any one of the above attacks has the potential to disrupt the RAN, the core network, and overall service continuity. They can also expose and modify user data, impacting both customers and telco cloud applications and services, and overall jeopardize the MNO’s ability to comply with data privacy and security regulation.  

Fortinet’s RAN Security Infrastructure

The Fortinet solution for RAN security utilizes the FortiGate platform in different form factors (physical and virtual network functions – PNF and VNF) to provide advanced Secure Gateway (SecGW) and a state-of-the-art Next Generation Firewall (NGFW) capabilities. These are designed to meet the security needs of different LTE and 5G NR architectures. The FortiGate provides three key security functions for the RAN:

  • Confidentiality - FortiGate ensures the protection of user traffic throughout the RAN and into the distributed Core in the central DC or multi-access edge compute (MEC) locations. 
  • Integrity - FortiGate protects against unlawful changes of user data, due to things like malware injections or rogue traffic.
  • Availability and Continuity – FortiGate protects against attacks that can lead to the misuse of RAN and Core elements, causing service degradation or interruption 

This unique combination of form factors and functionalities delivers a powerful tool with a rich set of versatile capabilities suitable for the largest Tier-1 4G and 5G RAN deployments:

  • Massive single tunnel throughput performance - up to 110 Gbps
  • Ultra-low, µs-level latency
  • "Re-ordering avoidance" technology
  • Comprehensive QoS Support
  • X2/Xn Traffic mirroring
  • Horizontally Scalable Cluster Options and Geo-redundancy
  • QKD (Quantum key distribution) support
  • Hitless site failover and in-service software upgrade
  • Highly Energy efficient and compact form-factor

RAN Security Requires an Innovative Approach

Securing the RAN mandates a new kind of SecGW infrastructure, one is the agile and hybrid, and yet capable of supporting the mixed architectures and different performance, scalability and QoS requirements that LTE-A and 5G bring to bear. Fortinet’s FortiGate unique capabilities and performance provides a truly secure LTE-A and 5G NR infrastructure enabling mobile network operators to securely deliver current and new services and use cases.

Learn more about Fortinet’s LTE and 5G new radio security solutions.

Download Whitepaper to explore considerations and requirements for 4G and 5G Radio Access Network (RAN) Security.