Bertino and Hussain Author CCC White Paper on 5G Security and Privacy
04-07-2020
Read the full 5G Security and Privacy – A Research Roadmap white paper here.
The Computing Community Consortium (CCC) has released a white paper titled 5G Security and Privacy – A Research Roadmap. The white paper, written by CCC Council Member and Professor Elisa Bertino with postdoctoral researcher Syed Rafiul Hussain and Omar Chowdhury (University of Iowa), aims to stimulate conversation around a research roadmap for the security of 5G-related technologies.
From the abstract: “Cellular networks represent a critical infrastructure and their security is thus crucial. 5G – the latest generation of cellular networks – combines different technologies to increase capacity, reduce latency, and save energy. Due to its complexity and scale, however, ensuring its security is extremely challenging. In this white paper, we outline recent approaches supporting systematic analyses of 4G LTE and 5G protocols and their related defenses and introduce an initial security and privacy roadmap, covering different research challenges, including formal and comprehensive analyses of cellular protocols as defined by the standardization groups, verification of the software implementing the protocols, the design of robust defenses, and application and device security.”
In the white paper, Bertino, Hussain, and Chowdhury outline several future research directions, including:
- Formal analysis of standards including the radio protocol stack, inter-networking protocols, and network slicing.
- Verification of software and firmware “to holistically verify whether 5G protocol/system implementations faithfully adhere to the design specifications along with the security and privacy requirements.”
- Root cause analysis “in order to partition protocol-level attacks (including identity exposure, location tracking, denial-of-service, and impersonation attacks) into classes of attacks where attacks in a particular class exploit the same protocol vulnerability” and, once an attack class is identified, the subsequent defense development for next generation cellular networks “that will thwart that class of attacks by eliminating the underlying protocol vulnerability.”
- Application and device security, such as eliminating robo-calls, by proving the “end-to-end security and privacy of a given application—that is, composing the application-level security measures and the guarantees provided by the cellular network indeed entail the overall expected security guarantees of an application.” (pp. 7-8)
Originally published in the Computing Community Consortium Blog