Info Image

Securing the Skies: 5G, Drones and the Need for Platform Integrity

Securing the Skies: 5G, Drones and the Need for Platform Integrity Image Credit: ktsdesign/Bigstockphoto.com

Security has been thought of in the same basic way for thousands of years: build strong perimeters that let the good guys in while keeping the bad guys out. Sure, our human ancestors dealt with things like armed invaders and the Trojan Horse, and today most of us run anti-virus software to protect our computers, because experience has shown that a strong perimeter approach works reasonably well. But what happens when our valuable platforms and future 5G networks don’t have a physical perimeter to defend themselves?

History has shown that a medieval castle could be protected fairly well by a moat and that a corporate IT network can be acceptably secured through firewalls, anti-malware technology and some other defensive strategies. That all changes with 5G.

As our mobile networks move toward 5G and tens of billions of devices are projected to come online in the next decade or so, we are faced with a question of scale. Securing those devices - which are the endpoints of the network - isn't feasible in traditional ways. In fact, authenticating a billion devices simultaneously through a centralized function would probably cause even the most robust networks to crash.

It’s no longer enough to merely ensure the security of the perimeter. With 5G we will need to truly ensure the security, or integrity, of the entire platform. Platform integrity is about much more than just a secure perimeter, it's about a new paradigm in which we think about the health of the network platform - and the devices and network nodes that run on it - as a whole. Unlike the traditional view of security, platform integrity isn't only about keeping bad guys out. It's about how to produce measurable indications of whether the platform is consistently operating in the way it is expected.

Platform integrity is imperative in a 5G world because networks and their functionalities will become software-defined, diverse, and virtualized like never before. Cloud software and off-the-shelf equipment will enable practically anyone to become a mobile network operator and each instance of the Virtualized Network Function (VNF) could run on a different server, potentially in a different jurisdiction or country. The jurisdictional possibilities alone make perimeter security an insufficient paradigm.

Effective platform integrity must also consider the complexity of the architecture of the use cases and the networks they use. Unmanned Aerial Vehicles (UAVs or drones, as they are commonly called) are an excellent way to illustrate this complexity.

UAVs have evolved considerably in recent years with real-world commercial applications going far beyond their more entertaining uses. Package delivery is one application that has garnered a lot of early attention, but other use cases are being explored as well, including industrial monitoring (pipeline leak detection, roof, wind turbine and railway line inspection), public safety (flash flood warning, emergency services, shark attack detection and prevention) and media applications in journalism and cinematography. Though all of these activities use a UAV, each different application would have several components that must be secured individually to complete the Unmanned Aerial System (UAS) and UAV platform integrity.

Source: InterDigital

The UAV example shows there is a need to bind together the different assertions of platform integrity for the various equipment with the certifications/registrations involved. This is more complex than it might seem on the surface. In order for the UAV to fly on its intended mission, all of the following elements must attest their integrity to the system:

The UAV airframe itself must have a certification and be authenticated to the UAV Traffic Management (UTM) application and, potentially, the network

The UAV must be registered and that registration (essentially a license plate) must be attested to the application

The approved flight plan must be attested to the UTM

The UTM itself must have a security attestation to interwork with the mobile network operator

The application servers for all applications used by the system must have security attestations

If the drone is piloted, the pilot must hold an appropriate certification/license, which must be attested to the UTM to demonstrate their qualifications and approval

The pilot's identity must be verified and attested to the UTM

The controller module ("remote control") device needs a security attestation, and

Payloads carried by the UAV (e.g., dangerous or hazardous cargo cases) must have security attestations, as well

To approve the UAV to fly in a truly secure system with complete platform integrity, all of these aspects of the system must match expected values - for example, the UAV pilot’s license is in a good order - and be bound together. If one aspect does not match, the drone should not be allowed to take off. What's more, the UTM or an appropriate law enforcement agency must be able to override the controller in the event of a breach of platform integrity or violation of the pre-filed flight plan, because in the air anything can happen: a device could malfunction, a pilot could become distracted, or a strong wind could blow an airborne UAV into the airspace of an airport or other secure facility. In any of these cases, it’s important to ensure the UAV can make a safe landing without risking anyone's safety.

Furthermore, there are various communications and command and control systems that must be considered because each contributes to the overall platform integrity. Air traffic control communications, UAV telemetry systems, and vehicle-to-vehicle communications systems each need to have appropriate security and platform integrity attestation in a functioning UAS.

UAVs are by no means the only systems that will require such an approach to platform integrity. As we move further along our 5G journey, we'll see similar security models in autonomous cars, telemedicine and medical devices, and a range of mission-critical and various vertical industrial applications. Although such scenarios may seem futuristic today, use cases like the UAV/UTM example above are being examined by major standards organizations, and these types of platform integrity considerations will likely be included in future cellular technology standards.  

As time and technology change, and as standards evolve, so too will our methods of ensuring security. For these complex systems comprised of so many human and technological components that use different protocols, communication, computing platforms, and software defined ultra-low latency 5G networks, it's easy to see why the traditional model of perimeter security simply is insufficient. Modern platform integrity will enable us to appreciate the opportunities of the 5G future in a way that supports both security and safety.

Author

Alec Brusilovsky is a Manager of Security Standardization at Interdigital. He has extensive experience in security architecture, design, consulting, and applications development for wireline, wireless, and IP networks for key operators, as well as major vendors. His interests include NFV security, platform integrity, security and privacy for 4G/5G wireless networks, and associated standardization issues.

PREVIOUS POST

Will 5G Replace Wi-Fi?

NEXT POST

Achieving Network Resilience in the Telecoms Industry