Spirent circle logo

The Essentials of Next-Gen 5G Security Testing


New cybersecurity frameworks were developed to address the new class of vulnerabilities within 5G networks, far more complex than the earlier generation of physical networks. With the goal of fostering innovation while accounting for an entirely new holistic security architecture, having the right testing strategy at the right time is the key to 5G success. Learn more and read the white paper.

Network operators are deploying 5G networks around the globe on a widespread scale. This technology trend is defining and transforming the technological landscape for the foreseeable future. Meanwhile, a myriad of new 5G devices is appearing in the market, with many more to come. The requirements for 5G security are continually evolving, as is the attack surface.

To face that challenge, 5G security was substantially redesigned to address the known vulnerabilities that existed within the architecture of earlier networks. New cybersecurity frameworks were developed which include:

  • Zero Trust and Zero Trust Network Access (ZTNA)

  • Use of encryption on the transport level

  • Mutual authentication

  • Secure Access Secure Edge (SASE)

The new complexity in these 5G security frameworks, however, must also account for the continuous and growing number of new vulnerabilities. Therefore, building security from the beginning of 5G architecture development, rather than bolting it on later, is key.

The goal is to not only be capable of implementing trustworthy 5G services, but to also foster innovation, keep pace with it, and add new value continuously. To achieve this, a comprehensive testing strategy is required, right from the start. This facilitates timely test campaign development to validate and in turn ensure trust in the security measures you put in place. This validation must identify vulnerabilities and test to ensure the 5G architecture is secure.

Typical vulnerabilities and impact

Through Spirent SecurityLabs engagements, an array of vulnerability categories has been identified during the assessment phase. They include:

  • Hardware/Firmware/Software

  • Signaling/Control Plane protocols

  • Public Key Infrastructure (PKI)/Network function (NF)

  • Operations, Administration and Management

If vulnerabilities remain unaddressed in these areas, the impact can affect an organization in a host of ways, some more severe than others, yet all impacting the ability to conduct an organization’s business operations as planned. The domains these threats occur in include:

  • Core network

  • Access network

  • Multi-edge computing

  • Virtualization

  • Physical infrastructure

Top five 5G security threats discovered by Spirent SecurityLabs

Through Spirent’s extensive global SecurityLabs engagements, the top five 5G vulnerabilities exposed were:

  1. Unauthenticated remote code execution (RCE) – Allows for a full compromise by a remote unauthenticated malicious user

  2. Authentication bypass (Unauthorized User) – Unauthorized direct access to restricted resources

  3. Broken access control – Unauthenticated access leaves compromised access to NF functionality

  4. Services running as root user – Unrestricted access to network resources

  5. Information disclosure (pre-auth) – Insecure encryption at rest leaves insecure storage of sensitive data

If these vulnerabilities remain undiscovered or are unaddressed, they can place an organization’s business operations in a position of severe risk from both an operational and data security perspective.

Fundamentals of a 5G security testing strategy

The optimal starting point in crafting a 5G security strategy is to include 5G security in every business conversation from the outset and work with vendors you can trust to deliver security across all categories, particularly across the supply chain.

Recognizing the magnitude of vulnerabilities, any comprehensive 5G cybersecurity testing strategy must be aimed at ensuring the security of modern complex 5G infrastructure. This should incorporate security analysis and testing at different layers including hardware, firmware, operating system, middleware, application, and protocol stacks (e.g., signaling and control plane). The testing strategy should include:

  • Security Compliance Testing (CST)

  • Basic Vulnerability Assessment (VA)

  • Enhanced Security Assessment and Penetration Testing (PT)

  • Incorporating Public Key Information (PKI) security

Integrated 5G Security Testing

Test automation for 5G security

The move to 5G standalone (SA) requires a new approach to validation. In the networking space, testing of previous generations of network equipment has focused on validation of well-defined physical network elements. With the new 5G Core and its cloud-native architecture, these monolithic network elements are superseded by individual CNFs (Cloud-Native Network Functions) that may be deployed in traditional centralized locations or closer to the network edge to enhance performance. Likewise, SD-WAN introduces multiple layers to the network with CNFs distributed across the end-to-end network from the core to customer premises, with releases that can occur on a weekly basis.

This variability requires that individual CNFs are validated both in isolation and as part of an end-to-end cloud network. To enable rapid collaboration and development, CNF validation must be automated and seamlessly integrated into systems for tracking feature requests, creating new builds and managing the status of testing and bug fixes. This cohesive and holistic approach is called Continuous Integration / Continuous Development (CI/CD) and is considered a best practice for accelerating cloud software releases. On top of this, test suites must be automated and integrated with CI/CD test environments, so that as new CNFs become available, they are rapidly validated.

A mature testing strategy should be designed to address this complex range of technology challenges and requirements. Many organizations struggle to build their own CI/CD environments. Too often, they don’t have the internal expertise or toolsets to do this on their own, nor do they have the time or budget to acquire them. On top of this, 5G brings diverse new testing demands that span cloud environments, network functions, transport layer and security. Building automated test suites that cover these diverse needs, especially security, is a challenge for many providers. At times, this entails bringing in third-party expertise.

For 5G, the industry has few proof points of deploying a fully virtualized, disaggregated mobile network, with advanced and complex security requirements implications. Having the right 5G testing strategy from the beginning can be the key to go-to-market success. To learn more, read our white paper, Keeping Pace with the Requirements of 5G Security.

Like our content?

Subscribe to our blogs here.

Blog Newsletter Subscription

Sameer Dixit

VP, Security Consulting

Sameer is Vice President of Security Consulting at Spirent Communications, leading the Spirent SecurityLabs ethical hacking and security research team. Sameer is recognized a leader in cyber security, with 20 years’ of experience in penetration testing and security research. Sameer has contributed research for leading industry groups such as OWASP and CTIA, and regularly contributes on security-related topics to leading publications and outlets such as Security Week, Business Insider, ZDnet, SC Magazine and Security Boulevard. He has also spoken at cyber security conferences such as DefCon, CyberSecurity Chicago, BlockCon, MilCis, Arm Tech Con, SINET Innovation Summit and IoT Slam etc. on security trends related to the emerging web, mobile communications, IoT, Cloud, 5G and the automotive industry. Prior to Spirent, Sameer has worked for a number of leading security companies, including Trustwave-SpiderLabs and Cenzic Inc., where he led the incident response, penetration testing, vulnerability scanning and managed security testing services team.