Dmitry Kurbatov is the CTO of Positive Technologies, a cybersecurity company. He began his career as a network engineer in 2007 before switching to security in 2009. In his presentation, he discusses security issues for 5G and IoT networks. He notes that the virtualized and programmable nature of 5G introduces new vulnerabilities, and that legacy threats to previous cellular standards still apply. Additionally, the massive number of connected IoT devices poses new threats like large-scale botnets. He concludes by providing guidelines for 5G security, including implementing policies separately for each network slice and securing new interfaces from the start.

1. Telecom Security
in the Era of 5G and IoT
Dmitry Kurbatov, CTO
dmitry.kurbatov@positive-tech.com

2.  Started as a network engineer in 2007
 Switched to security in 2009
 Joined Positive Technologies 2010 and it changed everything
Who I am
Signaling System 7
(SS7) security report
Vulnerabilities of
mobile Internet (GPRS)
2014 2016
Primary security threats
to SS7 cellular networks
2017
Threats to packet core
security of 4G network
Next-generation networks, next-
level cybersecurity problems
(Diameter vulnerabilities)
2018
Diameter vulnerabilities
exposure report
2019
5G security
analytics

3. What we do
Competences:
Identification of threats and possible
attack scenarios in companies of any
business sphere
Global cybersecurity research
Wide range of products and services
portfolio: corporate, ICS, telecom,
financial, media, retail, government
National scale sports and government
cybersecurity service provider
Worldwide leadership
Web
Banking
ERP
Telecom
ICS

4. What we do
Competences:
Identification of threats and possible
attack scenarios in companies of any
business sphere
Global cybersecurity research
Wide range of products and services
portfolio: corporate, ICS, telecom,
financial, media, retail, government
National scale sports and government
cybersecurity service provider
Worldwide leadership
Web
Banking
ERP
Telecom
ICS
More IT technologies
penetrate
into other segments

5. Positive Technologies
in numbers
Every year 200+
200+
Information
security audits
0-day vulnerabilities
discovered
We discovered more than 50%
of all vulnerabilities in ICS and Telco
Expertise
150+
0-day
vulnerabilities
discovered
in ICS
30+
0-day
vulnerabilities
discovered
in Telco
400+
Web security
researches
30+
Public cybersecurity
analytical reports

6. Agenda
1/3 of presentation
V
Few words about me
and Positive Technologies
V
Inherited and new security issues
in 5G
V
Security guidelines

7. What to look at
in terms of security
Transfer to new
protocols
5G non-standalone or
how will it work right
now
Virtualized
everything
Lots and lots of new
devices and services

8. Where do I start … slicing
 Splitting a network
into isolated slices
 Allocating separate
(virtual) resources
 Unique security
policies to each slice

9. Where do I start … slicing
more slices =
more virtual devices =
more configurations
BUT
1/3 successful attacks
during 4G network testing
due to misconfiguration
75% of corp harbored critical
or high-severity vulnerabilities
because of configuration flaws
Misconfiguration Misconfiguration Vulnerability in Rest API
Vulnerability in network equipment

10. New core
 Super flexible
 Can serve all devices
and new application
 Based on SDN/NFV
NEF NRF PCF UDM AF
Network Exposure
Function
NF Repository
Function
Policy Control
Function
Unified Data
Management
Application
Function
AUSF
Authentication
Server Function
AMF
Core Access and Mobility
Management Function
SMF
Session Management
Function
Nnef Nnrf Npcf Nudm Naf
Nusf Namf Nsmf
UE (R)AN UPF DN
User Plane
Function
N2 N4
N5N3
N1

11. New core, all virtual
 Lots of VMs
and containers
 Communication
over software bus
BUT NEF NRF PCF UDM AF
Network Exposure
Function
NF Repository
Function
Policy Control
Function
Unified Data
Management
Application
Function
AUSF
Authentication
Server Function
AMF
Core Access and Mobility
Management Function
SMF
Session Management
Function
Nnef Nnrf Npcf Nudm Naf
Nusf Namf Nsmf
UE (R)AN UPF DN
User Plane
Function
N2 N4
N5N3
N1

12. New core, all virtual, web-based
NEF NRF PCF UDM AF
Network Exposure
Function
NF Repository
Function
Policy Control
Function
Unified Data
Management
Application
Function
AUSF
Authentication
Server Function
AMF
Core Access and Mobility
Management Function
SMF
Session Management
Function
Nnef Nnrf Npcf Nudm Naf
Nusf Namf Nsmf
UE (R)AN UPF DN
User Plane
Function
N2 N4
N5N3
N1
Architecture

13. New core, all virtual, web-based
Example
of communication
between functions
Service Registration
Service Discovery
Session Establishment
Session
Establishment Request
HTTP PUT (NF register)
201 Created
HTTP PUT (NFDiscovery)
200 OK (List of SMSFs)
HTTP POST (Create PDU Session)
201 Created

14. Convergence of
telecom and IT world
 The 5G network core
is TCP/IP-based
 These protocols are
open and well-known
 Tools for finding and
exploiting vulnerabilities
are available to
any adversary

15. Problem is clear, but not solved
Hacking 5G will be just as simple as hacking the web or enterprise
Difficulty of bypassing the perimeter (percentage of systems) Security level (percentage of web applications)

16. Analogue
1980 1991 1999 2001 2005 2010 2017
1G 2G 2.5G+ 3G 3.5G 4G 5G
Constant & continual introduction of additional network access
SS7
GTP
SIP
4.5G
APIs
Diameter
Backward compatibility
2019

17. Now what can a hacker do?
Easily
From
anywhere
Any mobile
operator
No special
skills needed
Steal your money
Get access to your
email and social media
Track your location
Intercept your data, calls,
and SMS messages
Take control of
your digital identity
from
GSM to 5G
Different protocols
SAME THREATS
Perform massive
denial-of-service attacks

18. Protocol threat comparisons
Successful attacks by threat types
Threat
Percentage of vulnerable
networks (2017)
SS7
networks
Diameter
networks
Subscriber information disclosure 100% 100%
Network information disclosure 63% 75%
Subscriber traffic interception 89% —*
Fraud 78% 33%
Subscriber denial of service 100% 100%
* In the tested networks, SMS transmission using the Diameter network was not carried out.
To establish voice calls in 4G networks, the SIP protocol is used.
Possible different reasons for previous generations
out performing Diameter in certain areas.
 SS7 threat awareness is higher
 Diameter specific challenges
Positive Technologies have further research being
published very soon looking at Diameter.
Comparing 4G networks using Diameter against
earlier network generations

19. Inherited issue
5G non-standalone is vulnerable to denial of service
AvailabilityConfidentiality
IntegrityIntegrity
ConfidentialityAvailability
USUALSECURITY
PRIORITIES
IOTSECURITY
PRIORITIES

20. Briefly about IoT
32%
37%
24%
8%
0
5
10
15
20
25
30
35
40
1 2 3 4
GARTNER: "By 2020, over 25% of identified attacks in enterprises will involve IoT."
Already
use IoT
Preparing to
implement
IoT
Will wait
and see
Will wait as
long possible

21. Guess how easy is it?
Millions of connected IoT devices mean
millions of potential botnet soldiers
Mirai,
500K devices
in botnet
2016
1M potentially
vulnerable
2019 TOTAL RESULTS 1,086,395
TOP COUNTRIES

22. Almost finished
V
Few words about me
and Positive Technologies
2/3 of presentation
V
Inherited and new security issues
in 5G
V
Security guidelines

23. Where to start
Ensure protection
where interoperability
required from day one
Secure new
interfaces and
communications
channels
Safeguard
SDN/NFV and
virtual environment
Implement policies
separately for
network slices
Take IoT in your
network under control
where possible

24. Summary
Trustworthy solutions,
constant verification
Security by design is
good, but
implementation is
always different
Security awareness
is the key
Security should
be comprehensive

25. Thanks
for attention
Dmitry.Kurbatov@positive-tech.com
Contact@positive-tech.com