5G Security 10-29-2020

5G Migration: Securing Connected Devices

Brian Trzupek

As we discussed in previous posts, 5G technology is transforming the way the world connects and communicates, and its scale demands increasing reliance on the cloud. Mobile Network Operators (MNOs) are focused on creating enhanced 5G product offerings for their customers, and a huge part of that is the ability to connect more devices, provision more bandwidth and provide reliable services with unprecedented performance metrics. Similar to how public key infrastructure (PKI) can help secure 5G networks and the cloud, it can also help secure those devices and services relying on the network.

An increasing threat landscape

Mobile networks are not just for smartphones anymore. Think smartwatches, smart cars, healthcare devices and more. Besides consumer devices, 5G will also open up the potential for smart cities and industrial IoT. With 5G technology, these devices will be able to perform quicker with faster data transfer speeds and become more reliable — ultimately delivering services we could only dream of just a few years ago.

Studies show that there will be 29.3 billion networked devices by 2023, up from 18.4 billion in 2018. And while today’s 4G networks can accommodate a few thousand devices per square mile, 5G will provide fast network connectivity for one million devices per square mile. However, more connected devices also will draw the attention of hackers looking to take advantage of increasing potential vulnerabilities across the entire network, device, application and services stack used by those devices.

Securing devices with PKI

A network is only as secure as its most vulnerable connected device. And the more connections you have, the more difficult it is to monitor and recognize weaknesses. Securing these devices will require signed, trusted code, and authentication and encryption.

Devices connecting to the network need to be authenticated to ensure they are the intended devices. This means security needs to be designed into the identity of the device — from the start. Devices should have a “birth certificate” when first manufactured to give them a unique identifier that can be verified. Then that identity needs to be tracked throughout the device lifecycle. PKI can authenticate that device identity and ensure that only verified devices connect to the network. PKI can also provide the ability to blacklist devices from services or networks, in just the same way it can authenticate them, so it is very flexible for these use cases.

Most often, when referring to the services behind a device or application on the network, application code is deployed in the cloud and in containers that require encryption to ensure that messages across networks are not tampered with. PKI provides encryption and integrity for securing these types of cloud-deployed applications. And when device software and services are upgraded, they also need to be cryptographically signed to ensure trust. Using PKI to cryptographically sign device software and services can ensure that software deployed to the device is the correct and trusted software and that it has not been tampered with. This helps provide a trusted computing environment on these devices.

PKI helps MNOs' secure their web of connected devices, backend applications and services, and backend network infrastructure because it can provide integrity for device application software and cloud applications and upgrades, authenticate connected devices, and encrypt data in transit and at rest.

When looking for a PKI solution, MNOs need one solution that simplifies management of a complex and siloed infrastructure into one point of control. DigiCert ONE™ offers just that. Whether authorizing code signing through Secure Software Manager or managing device identity in IoT Trust Manager, DigiCert ONE delivers end-to-end centralized user and device certificate management. And to help MNOs better manage the increasing stream of connected devices, DigiCert IoT Trust Manager allows administrators to assign and manage device identity at every stage of the device lifecycle.

DigiCert IoT Trust Manager

DigiCert IoT Trust Manager offers the scalability, flexibility, control and efficiency that MNOs need for a network of connected devices. It allows administrators to monitor the entire device lifecycle, facilitate secure updates and remain compliant all in one place.

Scaling with network growth using IoT Trust Manager is no problem. DigiCert can accommodate a huge volume of digital certificates at a global scale with cloud-native technology that easily scales up or down to meet the unique needs of the 5G networks and their applications. And IoT Trust Manager can process authentication requests for hundreds of thousands of gNBs at a single point in time.

MNOs can rollout their PKI infrastructure quickly and efficiently with IoT Trust Manager, relying on the containerized, cloud-native architecture. It’s easy to add capacity to support more gNBs and network products, by utilizing the dynamic scalability supported by the cloud-native application. And IoT Trust Manager offers the flexibility to transition easily and with minimal costs between cloud, on-prem, and hybrid deployments to fit MNOs’ needs as they grow.

Rather than building and maintaining a self-managed PKI, DigiCert IoT Trust Manager automates updates and orchestration, making it easy to manage a large network of devices. And admins can customize permissions and access control to segment administration for different user groups. Additionally, DigiCert offers award-winning support, available 24/7, to help MNOs wherever and whenever they need it.

IoT Trust Manager is built on DigiCert ONE, a modern PKI management platform built with a new architecture and software to be the PKI infrastructure service for today’s cloud migration challenges. Released in 2020, DigiCert ONE offers multiple management solutions and is designed for all PKI use cases.



3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 

Why Q-Day is closer than you think

The challenges of achieving crypto-agility for private keys