Let's talk about the near future of cellular networks, shall we ? The race to the "5G Logo" is raging, yet 5GSA (Stand-Alone, fully featured network, not 5G New Radio on 4G Core) is still far down the roadmap. Why is that ? 1/18
First off, 4G core networks are already running, mostly on single or dual vendor proprietary software stacks. Why change something that "works" ? For new features, to whom commercial uses have not yet been built by marketing. 2/18
Next is the "disruption" provoked by the Sino-American economical war : while Asian vendors have their proprietary stacks up and running, 'muricans want to "break them open" by promoting Open RAN instead. The thinking is simple : 3/18
Open RAN promise is to disaggregate the network functions into smaller blocks, creating new interfaces, to lower the barrier of entry to the 5GSA core software market, hence their reliance on Asian vendors. But it's not yet ready. 4/18
See, new interfaces means larger overall code-base. More code means more bugs. More interfaces means more attack-surface. And interoperability requires heavy testing, so the barrier is not that lower and the result far from optimal. 5/18
When it comes to mobile networks, the security scheme is mostly that we inherited from fixed TDM network : there's none, but perimeter measures. Participants in core-network signalling (eg. MVNOs) are "contractually trusted" 6/18
Still, if an MVNO' EPC, or even just its public facing IMS (for VoWiFi and the likes) got breached, that's a serious threat like MitM SMS-based 2FAs. Control SMS are generally filtered, so basebands should be safe on 4G. 7/18
When it comes to Open RAN, the problem is slightly more insidious : numerous vendors will each play their part in the stack, which is far larger and will take years to mature to decent security standards. 8/18
Remember, the original motive for it is purely strategic between US and China. EU hasn't been involved, but its MNOs and vendors began to follow the 'murican shepherd by fear of Huawei being too effective. 9/18
"Security By Design" is a set of principles that imply always getting to the most simplistic design for a given purpose, as per RFC1925. Open RAN is the opposite of that : it is structurally unsafe by it's implied complexity. 10/18
Would an All-In-One blackbox sold by Huawei be safer than that ? Sure ! What is not is having 40 of their engineers on your floors running the network they sold to you. At that point your organization is breached. 11/18
In the EU, we do have small tech companies that do abide the proper design principles. @EuclidiaEurope members have been working on Simple RAN handbook.rapid.space/RS-Presentatio… 12/18
The good thing with simplicity is that it leads to shorter Time To Market. Simple RAN works _today_, not in two years. Sure, there's always room for improvement, but the fun part is that it's used in Asia and Africa, not EU yet 13/18
5GNR offers more bandwidth, but the political game makes Open RAN or Huawei proprietary 5G-SA unavailable yet. If we want the full promise of 5G (splicing, efficient M2M, Mobile Edge Compute), we maybe should reconsider… 14/18
First, security comes from simplicity and transparency. When you can read the code (possible with Simple RAN, not with the others) it's easier to spot and fix bugs. 15/18
Second, safety also comes from simplicity and transparency : when you operate a network with shared open processes, you'll iterate and better them faster. 16/18
Third, why having to choose between US or CN sides when we have our own stacks already available ? And why do EU vendors and MNOs waste time with a bad-by-design approach instead of pitching in ? 17/18
I'm talking to you @ThierryBreton @BERECeuropaeu @nokia @EricssonLabs @Arcep @orange : when shall we start working towards proper solutions ? Thanks to @p1security @elenaneira and many others for the inputs and inspiration. 18/18
• • •
Missing some Tweet in this thread? You can try to
force a refresh
