The emerging of open source within 5G networks — Part 3

Add alt text

Security is an essential part in 5G and open-source software due to increasing and evolving threats and dynamically changing the critical infrastructure that will carry massive amounts of traffic to service multiple use cases. Open source by definition provides transparency into the code logic so anybody can identify and exploit weaknesses by inspecting the code. While this can be perceived as a weakness, it is, in fact, one of the strengths of open-source especially when is being used and contributed to broadly. Instead of relying on a small, closed group to fix security issues, a community of development users can identify, fix and update vulnerabilities. As new features and functionalities are constantly added to the original open-source software stack, all software components along with platform code must have a clean baseline for continuous security and compliance validation. Operators, solution providers, and open source communities will have to manage accurate inventories of open-source software dependencies to mitigate the risk of code injection. Processes will have to be followed to receive and manage notifications concerning discovered vulnerabilities or security fixes from the community supporting the open-source. Risk management assessment will have to keep pace with all release cycles delivered at a rapid pace. The risk evaluation will need to integrate security planning and testing into the Continuous CI/CD pipeline so that risk evaluation is performed in parallel with all other software delivery processes. Mobile operators have a chance to derive the security technology requirements, development and deployment strategies rather than being forced to choose from proprietary solution options. For instance, open-source initiatives of SDN will facilitate prompt threat identification through a cycle of harvesting security intelligence from various network resources, states, and flows. The SDN inherently supports reactive and proactive security monitoring, traffic analysis and enables incident response systems to provide continuous network security policy updates, network forensics, and Security-as-a-Service (SecaaS) insertion where and when it is needed. SecaaS can be deployed across the network — including edge and/or centralized functions of the core network architecture — due to global network visibility, where as security systems such as firewalls, Intrusion Prevention Systems (IPS), and Intrusion Detection Systems (IDS) can be used for specific traffic by updating the flow tables of SDN network elements. 5G inherently provides unique architecture options that introduce default isolation of networks such as the introduction of virtual network slices. However, network slicing could require specific security capabilities as not all virtual network slices are always created the same. A key goal of the collaborative telecom industry effort is to encourage the implementation and growth of realizing the full potential of 5G working in tandem with the open-source ecosystem. However, most of the work in the past was concentrated on the interworking of some of the 5G elements and open-source capabilities with the aim to demonstrate them as viable technologies and to generate practical knowledge. Moving forward, it is important that the working standards and implementation activities include “security” as a top priority. The ongoing challenge will be the journey from the technical feasibility of various 5G and open source technologies to ensuring security is embedded as part of the technological maturation. Security tools for 5G and open source environments are still evolving. The security offerings have to include a mixture of centralized control and distributed and localized enforcement in the form of security services that can potentially be operated by the mobile operator’s orchestration, allowing for better visibility and ultimate granularity in technology deployment and operations. Security needs to be both horizontally and vertically distributed across the 5G environment to help enhance the end-to-end security posture.

An open-source project process must adopt the best practices for vulnerability detection, security must be designed into both architecture and a continuous development process, and security will be amplified through openness. Solid support mechanisms must also be in place for the project. Open source has been key to many recent advancements in high-performance and flexible packet processing, which is key to 5G use cases and services. There are already a number of open source projects that are well into their product cycles, and more will be emerging as 5G network deployments start. Analysis performed in this paper suggests infrastructure (therefore, programmable forwarding plane, general-purpose processing platforms), management and control (therefore, automation, orchestration, analytics, testing) are the key areas that, if open-sourced, could benefit mobile operators the most in their 5G deployments. Operators have different strategies for evolving their networks to 5G and each operator environment is different, there is no single open-source effort that meets the needs of all operators, and network evolution cannot be prescribed to apply to all deployments. Lastly the issue of using code that may be exposed to the use of undisclosed patents and other undisclosed licenses. Initial 5G deployments are expected to have the interoperability challenges similar to those that 3G and 4G faced. However, 5G system architecture gives mobile operators more openness than previous generations. Operators may leverage open-source principles in order to stay or become competitive in the marketplace.