Devices on 5G networks demand differentiated security solutions

There will be 8.3 billion mobile broadband subscriptions by the end of 2024, which translates to 95 percent of all subscriptions by then, according to the SMU Office of Research & Tech Transfer.

Total mobile data traffic will reach 131 exabytes per month (1 exabyte = 1 billion gigabytes), with 35 percent carried by 5G networks.

While mobile phones will consume the bulk of the data, the sheer number and wide variety of devices that will be connected via 5G technology is likely to pose security threats not faced by previous generations of mobile networks, explains Professor Robert Deng at the SMU School of Information Systems.

“When 5G becomes pervasive, the majority of the devices connected to mobile networks will not be mobile devices anymore,” he says, referring to things such as household appliances, lightbulbs, or indeed something mobile like an autonomous car that is itself filled with smaller IoT devices such as sensors.

“Some of them will be as powerful as the mobile device we’re using today, while some will have minimal computational and communication capability. Given the variety of IoT devices, given their different capabilities and deployment environments, the security requirement of solutions will be very, very different.”

Solving cybersecurity concerns, in the mobile world and on the cloud

As he runs the research initiative aimed at building “a mobile system security and mobile cloud security technology pipeline for smart nation applications”, Professor Deng points out the main questions that need answering when designing security solutions:

• What is the application context?
• What is the threat model, i.e. who is going to attack you?
• What are the risks?

He elaborates: “When the IoT becomes pervasive, the requirements will be very different from those for today’s mobile applications. You have to come up with new security solutions for any particular type of IoT application, [which necessitates] differentiated security services.”

The resource constraint of some IoT devices also poses cybersecurity challenges. A lot of existing security solutions would not work on a surveillance camera mounted on a lamp post, which is much more limited in computational and storage capabilities.

“Given that kind of devices, how do you add in security?” Professor Deng points out. “I have the IoT devices but there’s no user interface. How do I perform user authentication? Those are the new requirements we are going to deal with.”

Cars and drones also demand attention

Bigger devices such as cars and drones also demand attention, Professor Deng says. With the advent of autonomous cars, vehicles need to have the capability to stop themselves in the event of emergencies even if they are infected by malware. Similarly, a drone must be able to execute critical operations such as returning to home base in the event it is hacked.

The other main concern of the NSoE MSS-CS is mobile cloud security, especially when “data records in real time monitoring system may contain sensitive information”.

“As a data owner, I upload my data to the cloud. How do I know that data is still under my control and not under the control of the service provider or my adversaries?” asks Professor Deng, who is also the AXA Chair Professor of Cybersecurity at SMU. That is the reason for cybersecurity experts’ continuing efforts to build stronger encryption capabilities, but which also leads to the difficulty in sharing critical data. He notes:

“My folder is encrypted and I want to share my folder with you, but you must have the decryption key. But how do I pass the key to you? We are designing a solution where I don’t even have to pass the key to you, but it automatically gives you all the permission to access my folder even if it’s encrypted. The other issue is how do you do the computation to process and access the data that is encrypted? Those are the things we do.”