Prevent costly network outages & security breaches with PKI

Posted by Mike Hathaway on Sep 17, 2020 10:05:29 AM

Readily available and reliable mobile internet seems second nature to us, but it’s taken a while to reach this point. This blog discusses how public key infrastructure (PKI) can help prevent costly network outages and security breaches.

The future is 5G

Although 3G has existed since 2001, mobile internet didn’t really take off until the introduction of the iPhone and the ‘app economy’ in 2007. It took a few more years to roll out 4G networks, starting in Stockholm in 2009 and reaching the UK in 2012.


How PKI can prevent costly network outage and security breaches

Fast forward to now, and 5G is being deployed with infrastructure upgrades and compatible handsets announced last year. It’s set to be as much as a thousand times faster than 4G and the increased bandwidth will enable:

  • Faster HD and UHD streaming
  • Virtual reality
  • Smart cities
  • Eventually self-driving cars

This new age of 5G will require additional hardware to support these increased speeds and provide greater signal coverage. This will be made possible by constructing thousands of new towers and micro cells. With this distributed network growing, so too does the threat to data security.

Securing the network

The distributed networks that provide coverage and mobile internet are widespread. Many of these macro, micro and small cells are installed in public spaces to provide greater coverage for 4G and 5G. This includes on high streets, on top of offices or as part of bus stops and streetlights.

These cells connect to security gateways and telecoms infrastructure, which makes these very public towers an infiltration target.

It’s possible to plug into the network via these micro cells and broadcast a signal mimicking a network provider, otherwise known as spoofing. A mobile phone will latch on to this signal and start to transmit personal information to this rogue cell.

It’s also possible for hackers to use a man in the middle approach to capture information transmitted between the telco provider and signal broadcaster.

In both instances, accessing these micro cells is a way in for attackers. Once connected, they cannot only steal customer data but also inflict damage to the telecom networks’ reputation.

The only physical barrier to accessing these endpoints is a lock on a cabinet. Telco providers should be focused on securing endpoints.

More information will be transferred across the network as 5G usage grows. This will only increase the incentive to break into the network to retrieve sensitive information. No provider can afford to have vulnerable endpoints or a vulnerable network.

How to mitigate the threat and prevent security breaches

Establishing a virtual private network (VPN) between endpoints and the core infrastructure mitigates the threat. It adds encryption and eliminates tampering and sniffing vulnerabilities.

Whilst a password or static key is relatively secure and easily deployed, good security requires frequent rotation of keys and passwords. With each tower requiring its own password, this can quickly become tricky for large telco providers to manage.

It is possible to use the in-built Certificate Authorities provided by the manufacturers of the micro cells; however, since most telco providers use multiple suppliers and technologies, this can cause interoperability issues.

Utilising a PKI can make this process more manageable and secure.

Keys and certificates are issued from a central corporate Certificate Authority (CA). Each key is unique to the device, and PKI enables the regular rotation of keys and certificates. Whilst the initial deployment can be complex, it provides strong proof of identity and full credential lifecycle management.

Expired certificates have damaged the reputation of telco providers, with mass outages leaving customers unable to access the internet or make voice calls. All because of an expired certificate! Trying to find that one expired certificate can be like finding a needle in a haystack.

This is why establishing a centralised CA to provide PKI, policy, and reporting is necessary. This will mitigate current threats to the network and prepare for the emerging 5G landscape and the increased complications of additional certificates.

Get in touch to discuss how Ascertia secures networks around the world.