5G study raises security concerns for next generation of mobile communication

The next generation of mobile communication needs a security boost if it is to offer customers a safe and reliable service, according to a study by a team of international researchers including a University of Dundee academic.
 
Two-thirds of the world’s population use smartphones on a daily basis, connected across the planet by the mobile network via their SIM cards. For mobile providers, the business is worth billions. But it has also proved a fertile hunting ground for criminals who have been able to access the communication between a device and a network in order to intercept conversations or steal data.
 
The next generation of connectivity will come with the implementation of the 5G mobile communication standard, but now researchers are questioning whether it will be robust enough to offer strong security.
 
The research team from the ETH Zurich, the University of Lorraine/INRIA and the University of Dundee, subjected 5G mobile to a comprehensive security analysis, finding that while data protection has improved on that offered in the 3G and 4G versions, critical security gaps are present.
 
Dr Saša Radomirovic, Senior Lecturer of Computing in the School of Science and Engineering at the University of Dundee, is one of the research team.
 
He said, “People will use 5G like they use 4G now, to make calls, send texts, swap pictures, or make payments and purchases. But 5G will likely also be present in autonomous vehicles, Internet of Things devices, and industrial control systems, for example. It has been promised to be faster and more secure than previous networks but we’ve found that it isn’t as secure as hoped.
 
“In its current state, 5G does not close all the security gaps, which could result in numerous cyber-attacks and users being charged for the mobile phone usage of a third party. We have proposed a number of improvements to close these gaps. 

“What we remain concerned about are the less than perfect privacy protections it provides leaving users vulnerable to targeted attacks. 
 
“The most important takeaway from our work is that introducing a new technology without a rigorous formal analysis of its specifications may lead to serious consequences. Our formal verification methods and our Tamarin prover tool can help prevent that.”
 
The report, which will be presented at the ACM Conference on Computer and Communications Security in Toronto, Canada, also makes strong recommendations to the organisation responsible for the security specifications of 5G, the 3rd Generation Partnership Project (3GPP).
 
The team are currently working with 3GPP to implement the improvements in the weaknesses they found.


For media enquiries contact:
Dominic Younger
Media Relations Officer
University of Dundee
Nethergate, Dundee, DD1 4HN
Tel: +44 (0)1382 385131
Email: d.younger@dundee.ac.uk