Prevent costly network outages & security breaches with PKI

Posted by Mike Hathaway on Sep 17, 2020 10:05:29 AM

Readily available and reliable mobile internet seems second nature to us now, but it’s taken a while to get to this point. In this blog, we discuss how public key infrastructure (PKI) can help prevent costly network outages and security breaches.

The future is 5G

Although 3G has existed since 2001, mobile internet didn’t really take off until the introduction of the iPhone and the ‘app economy’ in 2007. It took a few more years for 4G networks to be rolled out, starting in Stockholm in 2009 and reaching the UK in 2012.

How PKI can prevent costly network outage and security breaches

Fast forward to now and 5G is being deployed with infrastructure upgrades and compatible handsets announced last year. It’s set to be as much as a thousand times faster than 4G and the increased bandwidth will enable faster HD and UHD streaming, virtual reality, smart cities and eventually self-driving cars. It truly is a transformational time.

This new age of 5G will require additional hardware to support these increased speeds and provide greater signal coverage. This will be made possible by the construction of thousands of new towers and micro cells. And with this distributed network growing, so too does the threat to data security.

Securing the network

The distributed networks that provide coverage and mobile internet are widespread. Many of these macro, micro and small cells are installed in public spaces to provide greater coverage for 4G as well as 5G – on high streets, on top of offices or as part of bus stops and streetlights.

These cells connect to security gateways and telecoms infrastructure, which makes these very public towers an infiltration target.

It’s possible to plug into the network via these micro cells and broadcast a signal mimicking a network provider otherwise known as spoofing. A mobile phone will latch on to this signal and start to transmit personal information to this rogue cell.

It’s also possible for hackers to use a man in the middle approach to capture information transmitted between the telco provider and signal broadcaster.

In both instances, accessing these micro cells is a way in for attackers and once connected, they not only have the ability to steal customer data, but inflict reputational damage on the telecom networks that consumers trust to keep their data secure.

As the only physical barrier at the moment to accessing these endpoints is a lock on a cabinet, telco providers should be focused on securing endpoints.

As 5G usage grows, more and more information will be transferred across the network. This will only increase the incentive to break into the network to retrieve sensitive information. No provider can afford to have vulnerable endpoints or a vulnerable network.

How to mitigate the threat and prevent security breaches

Establishing a virtual private network between endpoints and the core infrastructure mitigates the threat. It adds encryption and authentication and eliminates tampering and sniffing vulnerabilities.

Whilst a password or static key is relatively secure and simple to deploy, good security practice requires frequent rotation of keys and passwords. With each tower requiring its own password, this can quickly become unmanageable for large telco providers.

It is possible to use the in-built Certificate Authorities provided by the manufacturers of the micro cells, however due to the fact that the majority of telco providers use multiple suppliers and technologies, this can cause interoperability issues.

Utilising a PKI can make this process more manageable and secure.

Keys and certificates are issued from a central corporate Certificate Authority (CA). Each key is unique to the device and PKI enables easy rotation of keys and certificates on a regular basis. Whilst the initial deployment can be more complex, it provides a strong proof of identity and full credential lifecycle management.

Expired certificates have caused reputational damage for telco providers in the past, with mass outages leaving customers unable to access the internet or make voice calls. All because of an expired certificate! Trying to find that one expired certificate can be like finding a needle in a haystack.

This is why establishing a centralised CA to provide PKI, policy and reporting is a must to not only mitigate current threats to the network but prepare for the emerging 5G landscape and the increased complications of additional certificates.

Get in touch to discuss how Ascertia secures networks around the world.