Is security really important in 5G? This is the question we will try to answer in this video. You can probably already guess that the answer is yes. Let's see why. As we have already said, 5G is a first step towards an ultra-connected society. It would be used in a wide variety of fields. For example, economically speaking, as part of industry 4.0, we will have factories that will have manufacturing lines with connected automated guided vehicles, making it possible to transport materials. In the medical field, there are health care applications, for example, remote diagnosis which will be widespread. Vehicles, whether autonomous or enabled with assisted driving, will increasingly be connected both to each other and to a wireless network. In the environmental field, temperature or pollution connected sensors, for example, will be increasingly implemented in cities. Other applications include connected homes and connected clothing. All of these applications require different KPIs or Key Performance Indicators. Remember, we saw KPIs in the first week. Examples include maximum latency or a certain network availability that needs to be guaranteed or reliability, namely the absence of transmission errors. In some cases, operators have to commit to a certain KPI level, and guaranteeing a given KPI isn't just to satisfy users or make them happy, it can actually be a question of life or death. This is clear when we talk about connected vehicles or health care applications. A hospital in Rouen (France) was attacked in 2019, for example, which had significant consequences and brought health care entirely to a halt for a period of time. There is a growing influence of cyber attacks that can put human lives at risk. At the same time, we have a 5G network that is more complex than the previous 4G generation. This means that there are more risks of flaws in the dialogue protocols or in the implementation of these protocols. 5G network is more open than a 4G network. The objective is to allow third-party service providers to develop their own applications and services by reusing the transmission capabilities of 5G. The attack surface of the 5G network is therefore larger than for previous generations of networks. Finally, a 5G network is more flexible, for example, an SMF can control one or more UPF. Software-defined networking is ideal for attackers because if they can take control of node remotely, the influence on the network can be major. There is also network function virtualization and the principle of network elasticity that we have seen before. It's also ideal for attackers because if an attacker manages to access the NRF, which is the directory of active network functions instances, he or she can declare instances that do not exist or simulate the shutdown of an active network instance. It is therefore imperative to guarantee security in 5G. We have both an evolution in the different generations of networks and a change in philosophy. 5G is built on the experience gained from the previous generations since the first generations in the '80s up to the fourth generation. This is true when we look at the radio interface and the architecture, but it's also true when it comes to security. However, compared to the '80s, the situation is completely different. In the '80s, especially in Europe, we typically had one telephone operator per country, which was a national operator dependent on the state. The different networks were interconnected, but the Internet hardly even existed. There was an a priori trust between the operators. The term cyber attack was not even in the dictionary. From a technological point of view, we had low data rates between the different switches. Typically, 64 kilobits per second in 1985 was considered high throughput. Computing power was limited. We typically had 10 million instructions per second or 10 MIPS for a CPU. Despite these limited capacities, the constraint when specifying the network was to offer an acceptable level of performance, i.e. to minimize message size and to minimize the number of messages exchanged between network nodes. Now, it's the 2020s and the situation is completely different. We have much higher transmission rates, or more than 10 gigabits and sometimes, quite a bit higher, up to terabit/s. Typically, CPUs are no longer 10 MIPS, but rather one million MIPS. The main constraint is, first security, second security, third security. For people writing the specifications, it's better to had 10 additional messages in an exchange if this makes it possible to overcome a security hole. In conclusion, security plays a more significant role in 5G compared to previous generations mainly because of the multiple possible effects of attacks. That, as we have said, can put human lives at risk. People who specified 5G reuse the security toolbox of 4G and previous generations. But they tried to identify the weaknesses and to correct them, and generally strengthen the security procedures. That is, the focus is more on security than simplicity. In the following video, we will take a look at a few security holes in 4G.
