5G比4G和3G更安全-事实上并非如此
5G Is More Secure Than 4G and 3G—Except When It’s Not
1034字
2019-12-16 22:32
64阅读
火星译客

You've probably been hearing the hype about lightning-fast 5G for years now. And while the new wireless networks still aren't ubiquitous in the United States, 5G is slowly cropping up in cities from Boston and Seattle to Dallas and Kansas City. With the faster connection speeds will come increased security and privacy protections for users, as the wireless industry attempts to improve on the defenses of 3G and 4G. But while 5G researchers say that the new network will bring major improvements, it still has some shortcomings of its own.

多年来,您可能已经听到了有关快如闪电的5G的炒作。尽管新型无线网络在美国仍不普及,但从波士顿和西雅图到达拉斯和堪萨斯城等城市,5G正在慢慢兴起。随着无线行业试图改善3G和4G的防御能力,随着连接速度的加快,用户的安全性和隐私保护也将得到提高。但是,尽管5G研究人员表示新网络将带来重大改进,但它仍然存在其自身的不足。

There are a few major security wins in 5G. Many relate to anti-tracking and spoofing features that make it harder for bad actors on a network to track and manipulate individual device connections. To do this, 5G encrypts more data, so less is flying around in the clear for anyone to intercept. 5G is also a much more software and cloud-based system than previous wireless networks, which will allow for better monitoring to spot potential threats. It will also enable operators to do what's called "network slicing"—segmenting the system in numerous virtual networks that can be managed and customized separately. This means that different "slices" could have different tailored protections for specifics types of devices.

5G在安全方面取得了一些重大成就。许多都与反跟踪和欺骗功能有关,这些特征使网络上的实施不良行为的人更难跟踪和操纵单个设备的连接。为此,5G可以加密更多的数据。因此,任何人都能截获的明码数据流减少。 同时,5G与以前的无线网络相比,有着更多的软件和基于云的系统,这将取得更好地监视以发现潜在威胁。它还将让运营商能够执行所谓的“网络切片”,即在可单独管理和定制的众多虚拟网络中对系统进行分段。这意味着对于特定类型的设备,不同的“切片”可能具有量身定制的保护。

"5G has really good promise for security," says Ravishankar Borgaonkar, a research scientist at the Norwegian tech analysis firm SINTEF Digital. "Encrypting identifiers is a really good thing, and network slicing is a network paradigm shift. But there are still other ways that users can be tracked and there are questions about how to guarantee the trustworthiness of the [5G] software. So there's always room for improvement."

挪威技术分析公司SINTEF Digital的研究科学家Ravishankar Borgaonkar说:“ 5G在安全方面确实有很好的前景。 “对标识符进行加密确实是一件好事,网络切片是网络范式的转变。但是,还有其他方法可以跟踪用户,并且还存在有关如何确保[5G]软件可信赖性的问题。因此,还存在一定的改善空间。”

Over the last year, Borgaonkar and other researchers have found and reported a number of security weaknesses in 5G to the mobile trade group GSMA, one of a group of organizations that manage the standard. Many of the findings focus on ways that users can still be tracked while connected to 5G, using information that remains unencrypted as it is transmitted or that leaks because of a flaw in the standard. This can allow attacks known as fake base station attacks with devices often called "stingrays" that trick target devices into thinking they are a cell tower and connecting. From there, attackers can intercept mobile traffic to spy on victims and even manipulate data.

去年,Borgaonkar和其他研究人员发现了5G的许多安全漏洞,并向移动贸易组织GSMA报告了这一问题,该组织是管理该标准的组织之一。许多研究发现,在使用5G连接时未加密或由于标准缺陷而泄漏的信息的情况下,仍可跟踪连接到5G时用户的方式。这可以让通常被称为“杂物”的设备进行假基站攻击 ,这些设备诱骗目标设备以为它们是蜂窝塔并正在连接。从那里,攻击者可以拦截移动通信以监视受害者 ,甚至操纵数据。

Researchers have also pointed out that some flaws in 5G allow for "downgrade" attacks in which a target's phone connection is manipulated to downgrade to 3G or 4G service, where hackers could use unresolved flaws in those older networks to carry out attacks.

研究人员还指出,5G中的某些缺陷会导致“降级”攻击,在这种攻击中,目标的电话连接将降级为3G或4G服务,从而使黑客可以利用那些较旧的网络中未解决的缺陷进行攻击。

The GSMA says that it welcomes scrutiny of the 5G standard, because it has allowed the organization to catch and fix potential vulnerabilities before the 5G networks are widely deployed.

GSMA说,它欢迎对5G标准进行审查,因为它允许组织在5G网络广泛部署之前捕获并修复潜在的漏洞。

"The GSMA has been getting the industry ready for 5G, working on the security technology that underpins the standards which define the new secure-by-design 5G technologies," says Amy Lemberger, cybersecurity director, GSMA. She notes that since April, the GSMA's “5G Security Taskforce” has been bringing mobile operators and vendors together so they can coordinate proactively on issues like network slicing requirements and 5G fraud models.

GSMA网络安全总监Amy Lemberger表示:“ GSMA已经为5G做好了业界准备,致力于以设计安全5G技术为标准来定义和开发新的安全技术。”她指出,自4月以来,GSMA的“ 5G安全任务组”一直将移动运营商和供应商召集在一起,以便他们可以就网络切片要求和5G欺诈模型等问题进行主动协调。

LEARN MORE

了解更多

The WIRED Guide to 5G

有线5G指南

Researchers say that while collaborations with GSMA have been fruitful, they've identified problems that have yet to be completely resolved; in part, that's because of the difficulty of ensuring that 5G can interoperate with older wireless networks like 3G and 4G. Building out 5G while seamlessly integrating with the older generation networks is difficult and can erode privacy and security.

研究人员说,尽管与GSMA的合作取得了丰硕的成果,但他们已经发现了尚未完全解决的问题。在某种程度上,这是因为难以确保5G可以与3G和4G等较旧的无线网络相互操作。在与上一代网络无缝集成的同时构建5G既困难又会侵蚀隐私和安全性。

"5G is a big step forward on several fronts, but won't actually provide a full security upgrade until we see pure 5G networks with no legacy tech—so not for another 10 years or more," says Karsten Nohl, founder of the security research firm SRLabs.

“ 5G在几个方面都迈出了一大步,但实际上我们不会提供全面的安全升级,除非我们看到纯净的5G网络没有传统技术,这将经过10年甚至更长的时间,”安全创始人Karsten Nohl说。研究公司SRLabs。

This raises another potential security issue that isn't specific to 5G, but will be a major factor for the new wireless networks as well: implementation. While groups like GSMA can groom the 5G standard to be as secure as possible, network operators will actually deploy 5G in practice. If they make mistakes or cut corners in how they set up the technology they can introduce new and unforeseen risks and vulnerabilities into the system, like missing authentication checks or data protections. And for customers, it's almost impossible to know whether networks are adhering to best practices.

这带来了另一个潜在的安全问题,该问题不是5G特有的,而是新无线网络的一个主要因素:实施。虽然像GSMA这样的组织可以提高5G标准的安全性,但网络运营商实际上将在实践中部署5G。如果他们在设置技术方面犯错误或偷工减料,则会给系统带来新的、无法预料的风险和漏洞,例如缺少身份验证检查或数据保护。对于客户而言,几乎不可能知道网络是否遵循最佳实践。

"Even 4G was relatively secure, but many operators were not implementing certain recommended protocols at all, because it was costly," SINTEF Digital's Borgaonkar says. "We have seen that operators aren't always implementing features, even when a standard calls them mandatory, and that's where the problem lies usually in mobile networks. The same thing will come up in 5G as well. It really comes down to government regulations or another authority to enforce it." In the United States, for example, the FCC can enforce how a technical standard is implemented.

SINTEF Digital的Borgaonkar说:“即使4G也是相对安全的,但是许多运营商根本没有实施某些推荐的协议,因为这很昂贵。” “我们已经看到,即使标准要求它们是强制性的,运营商也并不总是落到实处,而这通常是移动网络存在的问题。5G中也将出现同样的问题。这实际上取决于政府法规。或其他执行它的机构。”例如,在美国,FCC可以强制实施技术标准。

The security and privacy gains of 5G will make a real difference in protecting users from manipulation and threats like tracking attacks. And as a massive horde of new internet connected devices comes online through 5G, features like network slicing will hopefully help manage their security. But there's never a magic security solution that solves every problem. And it seems likely that 5G has its own challenges on the horizon.

5G的安全性和隐私保护将在保护用户免受操纵和跟踪攻击之类的威胁方面真正发挥作用。随着大量新型互联网连接设备通过5G上网,网络切片等功能有望帮助管理其安全性。但是,从来没有一个神奇的安全解决方案可以解决所有问题。 5G似乎有了自己的挑战。

More Great WIRED Stories

更多精彩的故事

0 条评论
评论不能为空
Federico (译员)
中文
订 阅
找他翻译
英语
双语
汉语