5G can do a lot more than 4G. The company Radix Security ensures that it does not open any security gaps
.When you pull out your smartphone to quickly look for the right way or check when the next bus is leaving, the answer is usually there immediately. The processes in the background run so fast that it hardly occurs to you that they exist. But there are plenty of interfaces that sent data has to overcome. The smartphone has to connect to the nearest cell tower. Such a cell tower is, in turn, part of a Germany-wide network that is set up and operated by the major telecommunications companies. In this way, end users (almost) always have reception and can use their cell phones completely on the move.
In order to enable such connections always and everywhere, whether with the current iPhone or an LTE Banana Phone from Nokia, all parties involved must agree on the same standards for communication. This applies not only to German networks, but also worldwide. The so-called 3rd Generation Partnership Project, or 3GPP for short, is the organization responsible for negotiating and publishing the relevant standards.
The specifications cover thousands of pages, which Dr. David Rupprecht knows better than he would sometimes like. He and his colleagues at the Chair of System Security in the Faculty of Computer Science were particularly interested in the small and large errors in the standard. After all, such specification errors have a direct impact on the security of a connection and thus directly affect every single user of a network.
And that’s just the beginning: Even if the specification were 100 percent watertight, the step towards implementation is still missing. This involves using pages and pages of instructions as the basis for implementing components. “In other words, anyone who builds components of a mobile network has to read thousands of pages of text, interpret them correctly, and then also convert them into error-free code. And as if that weren’t challenge enough, there’s also the enormous complexity of networks and components,” says Rupprecht. And assuming a 100 percent secure implementation – do we have fully secured networks? “Unfortunately, even that is not enough,” explains David Rupprecht. “The various components have to interact with each other in a complex setup. Hardware from different manufacturers comes together, so the interaction has to be configured precisely. Here we now have our third and final source of error in the process.”
In 2021, for example, David Rupprecht and researchers at the Chair of Symmetric Cryptography were able to prove that the 2G mobile communications standard is very insecure. “We were able to show that there are even deliberately built-in vulnerabilities there that made it possible to spy on data,” he reports. The relevant encryption algorithms were so weak that this could not possibly be a coincidence – rather, it was a backdoor that had been deliberately decided upon and built in during the 1990s. Although the algorithm is still built into modern smartphones, these vulnerabilities probably no longer pose a threat, the researchers estimate. After all, 2G is long outdated and hardly in use anymore.
A new generation every ten years
“Every ten years, there is a new generation of mobile communications,” says Rupprecht. While 2G was primarily about mobile telephony, the 3G standard launches the mobile Internet. Since 4G, the focus has clearly been on using the Internet in the form of apps. “The iPhone came onto the market, mobile Internet became a mass phenomenon,” says David Rupprecht about the time around 2010 when the standard was introduced. To this day, most mobile connections run over 4G. In his doctoral thesis at the CASA cluster of excellence, Rupprecht looked at vulnerabilities of this generation.
5G is particularly interesting because it introduces many new applications, such as networking things. – David Rupprecht
“Meanwhile, with CASA, we found several vulnerabilities that actually affect every smartphone user. One of them allowed phone calls to be tapped. If possible, the vulnerabilities were closed accordingly by the manufacturers or operators,” explains David Rupprecht. Nevertheless, this does not provide ultimate security, because such an increase in security always comes at the expense of performance. “The 3GPP committee then has to weigh things up and include other important factors such as speed and battery life,” he explains. In addition, security-relevant settings that are included in the specifications can sometimes still be switched on and off by the network operator.
Nevertheless, the analysis of security deficiencies in the current mobile communications generation always helps the next one as well. “The corresponding countermeasures can be thought of right from the start and included in the next generation,” explains David Rupprecht.
For him, the focus is now already on the fifth generation (5G). “5G is particularly interesting because it introduces many new application possibilities, such as networking things. Cars can communicate with traffic lights, factories are improving their internal networks, critical infrastructure is getting new networking capabilities.” In the case of factory networking, it’s robots and industrial equipment being connected in local 5G campus networks, and for the first time privately. “This means that suddenly everyone can become a network operator,” David Rupprecht points out. The responsibility for the secure implementation and configuration of the 5G networks now lies with the private operators. This is where the company Radix Security, which Rupprecht is currently founding with Prof. Dr. Katharina Kohls, comes in.
“We have been dealing with security issues in 4G and 5G networks for years and have an enormous knowledge advantage,” says Rupprecht. The specifications are publicly available – but who can understand and implement thousands of pages of complex information? Radix Security has made it its mission to make 5G security accessible and to help campus network operators build and operate their networks securely. There are currently around 300 campus networks in Germany, and the Ruhr University also has one for research purposes.
“At this stage, when campus network technology is still quite young, we find that security plays little or no role,” says Rupprecht. That’s problematic because it’s much more resource-intensive to secure a network after the fact than to plan for security from the beginning. “After the initial discussions, we realize that the operators have very different ideas about security. This is where Radix Security will do a lot of outreach and education to educate about the security risks and opportunities of campus networks.”
We need to enable a campus network to detect and defend against attacks.
– David Rupprecht
The right tool is of great importance for securing a campus network. On the one hand, it is about preventing attacks and thus uncovering weaknesses in the implementation and configuration of network components. The Radix security test tool makes it possible to check components for their security properties beyond the standard. For example, it checks whether a component outputs important key material. If it does, the entire security of the network is compromised.
“In addition to testing, we need to enable a campus network to detect and defend against attacks,” explains David Rupprecht. To this end, Radix Security is developing an attack detection system tailored to campus network operators. The fundamental problem lies in the complexity of the networks and the open air interface. Unlike a wired network, an attacker only needs to be in the physical vicinity of the network to attack it. “In all of our developments and ideas, our proximity to the university helps,” Rupprecht said. “The university gives us an advantage over our competitors; through the research infrastructure, like through the CASA cluster of excellence, our customers can benefit from cutting-edge research to protect against the latest attacks.”
Funding
The launch of Radix Security is sponsored by Cube5 at Ruhr University and Mercator Launch at Radboud Universiteit
link to original news story by RUB