Unleashing 5G Core: Overcoming the barriers of decryption and data visibility

By Rob Pocock, Technical Director, Red Helix.

  • 2 years ago Posted in

The rollout of next generation network connectivity is always a source of excitement for businesses and users alike, introducing us to heighted capabilities and conveniences. 3G technology brought us new levels of connectivity when on the move, then 4G arrived to greatly improve our connection speeds. Now we have 5G, and 6G is already being discussed

5G is set to provide even more opportunities for users through enhanced mobile broadband offerings, the reality of massive Machine Type Communications (mMTC) and ultra-reliable low latency communications. This offers a breadth of new possibilities from industrial automation to self-driving vehicles and connecting a network of IoT devices with ease.

However, for businesses and users to reap the true benefits of 5G, operators and those delivering the service have some fundamental challenges to overcome. 5G rollouts are already behind where they need to be, due to delays caused by the pandemic, skills shortages, and a lack of resources, such as silicon chips, causing extended delivery times – not to mention the phasing out of Huawei.

These delays are now being exacerbated by the fact that control plane data in the 5G core requires higher levels of encryption due to new security risks brought about by the growth in use cases for 5G. Legislation requires that data be encrypted on the control plane using the latest version of transport layer security _ TLS1.3. However, this is harder to decrypt, meaning operators have to either sacrifice visibility or commit to testing using unencrypted data – with many holding back on introducing this strong new encryption standard.

On top of this, capacity remains largely untested, as the expansion and adaptation of new devices that could use 5G hasn’t existed before. This means there is no model to follow, leaving operators in the dark when it comes to knowing how robust and reliable their network really is. Instead of offering customers untold opportunities to scale through 5G and beyond, they could leave them with ineffective solutions and highly vulnerable to cyberattack.

The impact of 5G delays

5G is set to revolutionise the way we connect. Not only is it faster, with speeds projected to be upwards of 100 times quicker than that of 4G, but it also offers low latency and high bandwidths, allowing applications and communications running on 5G networks to share data in near real-time – holding huge potential for the Internet of Things (IoT) and automation, and acting as a driving force for the Fourth Industrial Revolution.

Yet, with such prominent implications, delays to the implementation of 5G hold severe consequences. In a report from the Centre for Policy Studies (CPS) it was found that a potential £34.1bn of additional economic output could be created if the government delivers its 5G target of covering the majority of the population by 2027. But the key to achieving this is speed, with networks built faster leading to higher regional gains, and there are concerns around whether the UK will be able to meet these deadlines.

If these targets aren’t met, not only do we face the potential of missing out on this huge economic boost, but we also risk dampening the UK’s position as a world leader in connectivity. A large part of those concerns came from delays caused by the COVID-19 pandemic, which of course had huge

ramifications for numerous industries across the board and was responsible for a great deal of disruption.

On top of this, while trying to make their recovery, network operators are now being faced with new challenges posed by legislation around the security of data exchanged across the network. With various mission-critical use cases, security for 5G needs to be tighter, leading to a global mandate for the 5G core to use the newest and highest level of control plane encryption and privacy, TLS 1.3.

What TLS 1.3 means for network operators TLS 1.3 and PFS (perfect forward secrecy) is a major improvement on its predecessor, TLS 1.2, offering increased performance and security. It brings about faster handshakes between client and server, improved latency times, and removes several security vulnerabilities found in the previous version. The issue for network operators, however, is that TLS 1.3 also poses several new decryption challenges.

Due to its high-speed, low-latency infrastructure, inline passive devices can no longer be used to efficiently decrypt network traffic visibility at the control plane. Additionally, with the higher levels of encryption and PFS, passive inspection monitoring is no longer a viable option for TLS 1.3. This has meant that network operators are left with limited options, to either down-rev the TLS 1.3 standard protocol to allow for network visibility but expose the network to security risks, or to implement TLS 1.3 encryption but sacrifice the ability to inspect and monitor traffic. Alternatively, they can implement complex measures into the service mesh, but this brings its own complications and security issues.

To be able to keep up with demand and achieve the targets set by the UK government, network operators need a more robust solution that will enable acceptance of modern TLS 1.3 encryption, yet still grants the carrier visibility over their network for security, inspection, and monitoring purposes.

Breaking down the decryption barrier: introducing SKI

In order to bypass the additional challenges to 5G rollout brought on by the TLS 1.3 standard protocol, network operators need a pure-play decryption solution that will show complete details of traffic without security risks. In its 2019 workshop on enterprise visibility, the Center for Cybersecurity Policy and Law set a baseline criteria for the acceptability of solutions for visibility challenges. In keeping with these criteria, any proposed solution to the challenges associated with TLS 1.3 must be scalable, relatively easy to implement/deploy, usable in real time and post-packet capture, effective for both security and troubleshooting purposes, and widely available and supported in mainstream commercial products and services.

Such a solution exists in Session Key Intercept (SKI). It builds on the previous concept of Keylogging, the basic idea of getting and using keys to decrypt sessions and makes it a viable solution for scaled and secure mission-critical use. SKI works by extracting the individual TLS session encryption keys developed during the handshake and using these to bulk decrypt the communication – discarding them after use. Once these keys become accessible, then bulk, fast, and low CPU power decryption is achievable.

The solution plugs into existing tools already in use and works in any environment where TLS encryption is used, providing a plug-and-play style solution to network operators which allows them to bypass the complexities of trying to decrypt traffic using a native service mesh technology.

By implementing SKI, network operators can break down the barriers of TLS 1.3 decryption and keep full visibility over their networks, which will allow them to accelerate the roll out of 5G without sacrificing security or the ability to inspect and monitor traffic.

Red Helix is working to demystify the challenges associated with the implementation of the 5G network, if you would like any further information or support get in touch with us here.

By Aleksi Helakari, Head of Technical Office, EMEA, Spirent and Patrick Johnson, CMO, APNT - a...
By Jonathan Wright, Director of Products and Operations at GCX.
By Narek Tatevosyan, Product Director at Nebius AI.
By Amit Sanyal, Senior Director of Data Center Product Marketing at Juniper Networks.
By Alan Stewart-Brown, vice president EMEA, Opengear.
By Sam Colley, Digital Connectivity Portfolio Strategist at Giesecke+Devrient.
By Isaac Douglas, CRO at global IaaS hosting platform Servers.com.
By Paul Gray, Chief Product Officer, LiveAction.