I have been recently interviewed on 5G issues and this made me realize how confusing is the knowledge and understanding about 5G.
Most of the time, when I heard on mainstream media comment about 5G I find form one side apologetic wonders of how this or that vendor with 5G can solve all human problems, form the other side fears related strictly to the fact that 5G today means Chinese or European vendors, for the first time in years the USA is not leading technologically a strategic sector.
even lesser I heard about the link between 5G and IoT and what this means.
Generally speaking, most of the discussions on IoT are focused on devices and not as a system, as well in most of the case I seldom find consideration related to 5G implementation and security. This is quite annoying from my point of view since security in IoT (I wrote about that on The IoT files) is more than the single device security and 5G security issues are not related to Huawei spying us.
And to say the truth from my point of view (Italian and European) would not make much difference if the spy comes from China, Russia, the USA, or the UK.
The first problem I to understand if there is a relationship between IoT and 5G. Well, the relationship is kind of simple: with the current technologies, the IoT is hardly limited due to connectivity, IP and bandwidth issues. 5G aim is to overcome those limitations offering broadband connectivity that can support IoT needs. this will require investment, change of business models and…wait to read this go to my previous IoT articles, I called them the IoT files because there is so much thing to say an article can not cover everything.
Turning back to the point so, 5G is the technology that can glue IoT in terms of connectivity, but what does it mean? Well, when we listen to 5G we listen to how we can create smart cities, how we can connect cars together so they drive better and safer with autonomous drive and so on.
5G is exactly about this, allowing all this to happen.
All typos are because I never read slides back, lol forgive me
Almost everything you heard about IoT requires 5G to become reality because current mobile broadband would not be suited to cover those needs, we are not talking about a test with a few cars that can communicate over 4G but billion of devices somehow interconnected with different priority needs, bandwidth needs, security, and privacy needs.
Basically anything that is recently referred to as “SMART something” and IoT will be bound to a technology that will allow fast, secure and reliable data connections.
As of now, 5G is the answer but, there is a problem, the champions of 5G technology aren’t from the USA and the biggest player is Chinese (Huawei holds the highest number of patents on 5G technology).
All typos are because I never read slides back for proofreading, lol forgive me 😂
This thing that can be irrelevant is actually the big issue at the moment, so big that all serious consideration on 5G is demanded as an afterthought in a second-level line of consideration.
Geopolitical technology and economic issues are at the moment the rising stars, make enough rumor to cloud judgment and to move attention to serious issues.
I am not saying that those are no problems, and I agree nations should try to defend themselves, but targeting the wrong point on 5G will not help to address correctly “ab Initio” the complex problem that 5G will bring home. and the main reason behind this is that if you ask what is 5G, the answer is…just a faster mobile network.
If speed would be the only reason behind 5G I would kindly agree that geopolitical issues are the obstacles, but 5G is not just “speed” is way more and the 5G security issue goes beyond the specifics of the connectivity offered at broadband level but goes into the core of what 5G has been designed for: services.
All typos are because I never read slides back, lol forgive me
we use to think that broadband mobile develope was only more speed, but actually, speed has never been the only target, speed and services always have developed hand in hand.
from a mobile perspective, 1G was offering 2.4 kbps and was designed to allow mobile phones, it was no less, no more than an extension of your home wired phone. Basic voice services and an analog protocol, low bandwidth was all we needed. issues were more at the infrastructure level so no time to bare with things that were not even in customer imagination at that time.
the real revolution arrives with 2G, it’s broadband, it’s digital (GSM, CDMA), can carry data, more stable…a revolution. we were able to send text, see caller number who was not enjoying it? and some mobile phones start to offer even a graphic screen and games (like “snake”). who really care about speed, that actually moved from 2,4 kbps to an astonishing 64 kbps?
The nice thing about 2G is the introduction of the idea that mobile phones can be so much more than a simple device to phone, and text messaging was there to prove it.
You see when the consumer space sees the opportunity for cool kinds of stuff that can make the market big, the vendor will follow. With the pressure of the internet and the new services a new need for data rise up and here you have 3G.
3G was not only tremendously faster than the predecessor but was designed with the need to transfer data.no simple text messages, you can have internet in your phone now.
Again the real difference with 2G was not “speed” but the kind of services you were bringing on board. so as a natural evolution from the old internet we moved to the new one with video, streaming, chatting and so on. A new class of services was required here the need for something more, something new 4G.
And as a matter of fact, besides the speed, the real need for 4G (or the not so cool but hey better than nothing 4.5G) was video capability.
The services drive the speed so the speed is just a consequence of the needs the technology has to address.
But if we limit to consider just the usual way we use the internet (facebook, youtube, YouPorn, LinkedIn, wechat-weixin, WhatsApp, Instagram, ticktock and so on) we could just add some megabytes more to our 4G (is what 4,5G does by the way) but here comes IoT.
IoT brings way more devices on the internet, with their needs in terms of bandwidth, connectivity, quality of services. all of this requires new technology, and being ambitious why then not thinking to make this technology able to address even the LAN\WAN realm?
This is not so stupid, the telcos have always tried to gain space in the LAN\WAN market, money can be a huge driver, the telco activities with the enterprise was related to offering connectivity to internet and voice service. The revenues for analog voice services were hight but VoIP lower dramatically the incomes since it was cheaper putting Telcos in a difficult position. If internet broadband services for home users have been a good business it requires substantial infrastructure investments that are not always covered by the revenues, hence the digital divide.
But 5G can turn all this upside down, justifying the investment that was not so cool, because 5G means all in telcos hands!
All typos are because I never read slides back, lol forgive me
If 5G is the backbone of IoT and Smart X this means an incredibly big market for telcos, since telcos will provide 5G connectivity. this is why telco vendors are so interested in 5G, alas this is a world also where security has always been a secondary issue if not a neglected one, so we cannot expect that security will be addressed correctly if other players will not put their nose in.
From this point of view governments and regulators could play a key role in leveraging security and privacy by design and by default in the 5G world design, alas at the moment all seems to be more focused on boring geopolitical issues than the real stuff
All typos are because I never read slides back, lol forgive me
In the 5G challenges, there are a few that are easy to spot if we understood that 5G is the IoT backbone. Without the lousy arrogance to think to be exhaustive here some that should, at least, taken into serious consideration:
1) fast connectivity between devices, this accordingly to the device\service need. not all IoT devices are born equal in terms of bandwidth, data processing, quality and sensitivity of data an so on, being able
2) segregation of traffic, that means every group of device that are under a specific service instance should have its traffic isolated and protected from the other ones. I would not enjoy my personal photo shared everywhere if the IoT device is my home HDD storage where I put them. segregation of traffic is the minimum level of security we have to think of when we plan a broadband multiservice environment.
3) Quality of service is a key factor here, even if the bandwidth is incredibly hudge this does not mean that there will be no latency or bandwidth bottlenecks, and some services have to be granted no matter what, telemedicine, telesurgery just to name a couple should be prioritized upon watching youtube.
4) authentication and authorization are not less important, we need in a heterogeneous environment bein able to authenticateand authorize with the correct level of permission every single device on every single service it needs to access and with its user ownership. failing this point will means access to anyone…
5) multivendor environment, this can seem a minor issue but in an ever-growing connected devices-users-services environment being able to reassure all the stuff will work seamlessly is not so easy. maybe someone remembers issues with a famous leading network gear vendor and the nic auto speed detection protocol? standard not always mean standard, but this can open a serious breach to operativity and security if not addressed correctly.
6) not all will be 5G at the beginning, and probably when the legacy world will end we will be on 6G (which will rid of part of the infrastructure leveraging peer to peer connection directly at the device level), 7G with 5G as the old stuff. so 5G will have to deal with ethernet as well as 4G as well as what will come in the future. A gateway between the different technologies is not so simple since service definition can differ.
7) in particular, the existing mobile environment and LAN/WAN battlefield should be carefully considered, form one side we still have 3G, form the other side LAN\WAN vendor will fight back to keep their domains intact. so will be an interesting battle where again, standards and regulators could drive a little light at the end of the tunnel (hoping it is not the train)
and more could be mentioned but if I want to continue better to stop with this list.
if you are here to read means you are interested in the subject, I am impressed and thankful 🙂
So the backbone for IoT will be, at least at the beginning, 5G network wich, just to be clear, is still on implementation. If we think of what is IoT definition:
The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems.
we can try to assume then that internet connectivity will be more and more 5G
All typos are because I never read slides back, lol forgive me
which should now clarify why speed is just one of the many issued of 5G and why 5G is not just bare connectivity but something should manage services. so now we should understand what this “service” word means here.
Basically a service is a mix of devices, connectivity, data, process and users that can be grouped somehow. There can be thousands, millions, billions of services under this simple definition (i know is mine but worth everyone to understand the point).
the main point is that services are not all the same: HTTP browsing can be a service under 5G and video broadcasting as well, the 2 are different in nature and in terms of requirements.
All typos are because I never read slides back, lol forgive me
different services require different needs and for once speed can be a good example to understand the point: what is speed?
the very concept of speed can vary from service to service, so consider the automotive and smart road ideas. In this scenario, we will have a small piece of critical data exchanged from one car to another and/or the infrastructure that has to be processed and transmitted as fast as possible. seems easy but we should consider that the cars are moving and the traffic can be largely unpredictable (I don’t know when someone will decide to get into the car to go somewhere, I can not predict if external issues will modify viability as crossing pedestrian, not in the dedicated areas, problems with the state of the road, holes, weather, flood, heartquake, superman vs batman and so on)
So here speed means very low latency, quick authentication and authorization, fast address resolution, and reliability at least. probably I should add geolocation and other critical missing point but I think we have an idea.
On the same hands if I have to move a big chunk of data, well speed means mainly bandwidth, QoS and conflict resolution if more agents/objects/users are trying to move the same os nearby data. so if you are trying to align your data center with your new cloud one and you want to move some Coperbyte of data and as well your neighborhood want to do this well we have to manage the bandwidth somehow…
Of course, if the need is just to browse and watch movies your needs are focused (remember we are in 5G) on DNS response and video-voice sync.
But since in a billion IoT devices there can be billions of services that at the moment do not exist, we need to create an environment able to define the need in advance (or wait for 6G for new services implementation).
so broadening the argument here 5G for IoT should, at least:
1)Segregate different services
A different class of services should be independent one to the other
Services should be arbitrary and the service set required should be one of the services definition parameters
2)Allow QoS for critical ones
Not all services are the same, internet browsing is not a running truck on a highway, a surgical operation is not like watching porn on your phone
3)Provide strong security and management featured for each service
Service should be identified
Authorization and authentication of service and users should be available and effective
4)Take into account security and privacy by design and default
and so on
Different scenarios on 5G require different analyses take as an example 3 easy to spot: your home environment, smart road, LAN\WAN substitution.
I love the home example because is something even not IT freak can understand. the photo depicts the world before and after 5G
if you have the internet at home you are probably in this scenario:
We have one router to connect to the internet
•All devices internally connect via wifi/LAN
•When devices need to talk one to the other they use their internal IP network on a private subnet
•When devices need to talk to the internet the call the router.
•Internet router interface through ISP to the internet offering some security services and NAT
•Smart devices like smartphones use a double connection wifi internal/sim external
•…
We know if we want to see what we have in our local storage we move data internally (At least we hope so) our gateway to the internet is our router which (should) provide some basic security stuff as firewalling and a minimum authentication at least for wifi internal connectivity. We live in a private network where connectivity is basically ethernet and wi-fi and we go on the internet with a natted address shared by all devices. Probably we have some devices that do not have a real internet exposition, other that goes just to search updates, some that connect to a web service to allow you to check and configure things and finally some that go to the internet by themselves for unknown reason (Alexa like, ROTFL). Ah, do not forget your smartphone that has both wi-fi and your 4G\4.5G connection with apps to manage both your internal LAN and the web interfaces of your LAN devices.
what 5G will change here? of course everything absolutely everything.
Everything is already on the internet
•All devices are able to connect directly to the 5G network and have public addresses
•Providers of 5G connectivity can be different and bound to users and/or device
•Devices need to know their «internal» realm in order to understand which device can be trusted or not for internal communication
•Different 5G providers have to guarantee device interoperability, segregation and security as devices were in a segregated LAN
•Internet communication should be controlled and monitored as it was a single one
Autonomous driving and smart roads are actually as fun as home networks but for the opposite reason, here we are talking about something does not exist yet, and the few test and implementation, by all means, are not a serious example of what means interaction of IoT vehicles.
the reality at the moment is simple:
•Cars do not talk to each other
•Cars do not talk to the road infrastructure
•Roads use sensors for limited scope (traffic light, street light)
•Limited information is provided by broadband connectivity (as Radio Traffic where available)
•Internet connectivity provided by car SIM or smartphone
•Some app can connect to the internet and provide indications as navigators do
•Some apps can provide autonomous analysis of traffic
•…
while in a 5G world:
•All vehicles are 5G connected
•Different car-service interact with road infrastructure
•Cars and car devices are equipped with 5G capabilities from different 5G providers
•They need to be bound with the owner\owners
•They need to recognize trustable information data source
•They need to interoperate independently from the 5G provider
•They need to cover the services even when crossing country borders
•…
with 5G is clear the need for fast reliable ubiquitous and vendor\provider independent connectivity.
maybe we should expect virtual sim configured to comply driver need, but what if 2 or more people share the same car? and what kind of interaction with your smartphone and other smart devices?
let explore some consideration on the most slippery of the 3rd example, trying to move from LAN\WAN to 5G (the telcos’ dream)
What we have today (more or less):
•There is an internal (LAN) and an outside
•internal services are protected by firewalls and other security technologies
•Connectivity is provided through NIC or WI-Fi using TCP/IP protocol leveraging usually private addressing and natting to reach outside resources
•Internal resources are accessible directly internally or through a web service\web interface externally
•Resources external to the LAN are accessible trough router/firewall upon natting and authentication/authorization
•Users external to the LAN connect to the internet through mobile broadband or through Wifi
•To connect to internal resources users are identified and connected through VPN or other secure means to the LAN
•…
do I really need to describe what is the current situation? lol 🙂
what would change with 5G?
•Almost all devices are 5G connected
•Connectivity is provided by different 5G providers and can be public (using public infrastructure) or private (5G infrastructure is local)
•Interoperability has to be guaranteed regardless 5G provider or device manufacturer
•Interoperability has to be guaranteed with LAN/Ethernet previous environment
•Segregation of the internal devices has to be guaranteed as in a LAN
•Security devices should be able to work seamlessly regardless of the hybrid LAN/5G environment
•Mobile users should be able to be part of the internal network for the services in use even if they are using their own device
•…
this scenario requires a careful understanding since we have all the security problems we have in a normal network implementation plus the fact all devices can reach the internet directly and are directly exposed because of their addressing, segmentation requires multiple levels since some segment can be internally nested to others (something like we today use VLAN) and all this should communicate with the legacy world, since it is not credible an immediate takeover of 5G against LAN\WAN. Moreover, all legacy security world should be able to interoperate with the new one.
this kind of scenario is compatible with a full cloud adoption less agile with hybrid or full local implementations.
Here security and privacy issues rise up to the next level since the disintegration of the concept of LAN, started with the introduction of mobile users and BYOD, extend to almost every node but with less clear control of what is going on.
5G security, if we understand some of the implications I mentioned before, embrace a way larger concept than what people generally think. Here we are not just thinking how to secure an encrypted communication channel, which is, by the way, a clear basic requirement, but extend on how to broker, manage and control services that run on 5G.
I do not have an easy answer to this, I have seen different proposals to address such problems, as an example a central security service broker that takes into account all the request and, accordingly to rules, AI, magic and tricks solve everything.
Of course, this service broker, hypervisor or call it as you like should be able to communicate with external entities, demand part of its configuration to third parties and so on. we are entering the realm of the NFV security (if of any interest you can read my post on “NFV network function virtualization security considerations“) with some issues more. and the attack surface is way wider than a simple: I can no trust Chinese equipment.
time t go to sleep, if you read all this till here thanks, comments are very welcome
Antonio
On IoT I also wrote:
La domanda che ho posto è: ma noi sappiamo, o abbiamo capito esattamente cosa significhi APT? Di APT si parla molto sul mercato ed i vendor di sicurezza ne fanno ultimamente uno dei loro cavalli di battaglia , ma abbiamo realmente capito di cosa si tratta? APT come sigla in realtà può significare tantissime cose, e ne avete sulla destra breve elenco.
