Secure 5G: Securing the Cloud with PKI

We recently talked about how PKI can secure 5G networks. An important aspect of securing 5G is the cloud, especially as mobile network operators (MNOs) move from physical deployments to virtual. 5G is not just changing a layer of the network, it’s rebuilding new base stations and antennas. Admins and devices accessing the cloud must be authenticated, they must ensure that communications between base stations and the 5G are not tampered with and data stored in the cloud there needs to be encrypted. And many MNOs are deploying networks across the cloud for the first time. Migrating networks to the cloud will require modern security solutions like PKI to keep them safe and secure.

Why the cloud?

Migrating to the cloud offers MNOs significant cost savings compared to managing and scaling physical environments of 4G. With a cloud network, 5G is easier to manage, networks can scale up or down, and MNOs can deploy in whatever environment they choose to meet their unique needs. They can also deliver services that were nearly impossible before — delivering a high volume of services efficiently and with low latency.

Rakuten, an MNO in Japan, launched the world’s first fully virtualized cloud-native 4G/5G network earlier this year. The network’s architecture cost 40% less than traditional physical infrastructure. And those savings are passed on to customers via plans as low as $28 per month for unlimited data, calls and text. “By decoupling expensive, proprietary hardware such as the baseband unit and converting it to software, we have achieved what most operators can only aspire to deploy in the future,” said Rakuten CTO Tareq Amin at the September 2020 launch event. “The transition towards 5G presents an opportune time to rethink the strategies and technology stack of next generation mobile networks.”

While it’s only been a few months since Rakuten deployed their virtualized network in Japan, they are already making plans to roll out cloud networks to the rest of the world. Meanwhile, MNOs around the world are quickly developing their own plans to migrate to the cloud. However, because it is new territory, securing the cloud will also require new solutions for MNOs.

PKI can secure the cloud

PKI meets 5G networks’ need for a security system that can authenticate, provide integrity and encrypt — all in the cloud and at a huge scale. Authenticating access to the cloud ensures that user or device identity is valid. Encryption encodes information in transit to ensure intercepted data cannot be read. And integrity ensures that data cannot be altered. To ensure that communications between the O&M systems and the gNB have confidentiality, integrity and be replay protected from unauthorized parties, MNOs need mutual authentication. PKI offers a secure, dynamic environment for 5G transformation to the cloud. And PKI is a key part of Rakuten’s solution for securing their cloud-native network.

Additionally, the security system MNOs use as they switch to the cloud needs to keep up with the expanding infrastructure as the network evolves over time. DigiCert’s PKI solution for 5G is flexible and can be scaled up or down to infrastructure needs and offers the strong authentication needed for cloud infrastructure, users and systems.

DigiCert 5G Network Solution — built on DigiCert ONE™

DigiCert 5G Network Solution is a modern container-based PKI solution that enables MNOs’ to authenticate, encrypt and verify the integrity of their cloud infrastructure and communications, so that they can deliver high performance, scalability and reliability for 5G products and services.

As a market leader for PKI, DigiCert has innovative solutions to apply PKI to 5G transformation, and all at high volume across a global network. DigiCert is the largest CA focused on PKI innovation and advancement, and it shows in our products. DigiCert offers strong authentication for cloud storage, users and systems, and support for things like Azure Conditional Access. Additionally, DigiCert 5G Network Solution supports operational integrity for Docker Notary so that developers can sign and authenticate their containerized code.

5G Network Solution also offers the customization to meet MNOs needs. It is flexible enough to deploy on-prem, private or hybrid cloud and easily transition between them as your network grows. Admins can also create custom certificate types and details to keep track of the information they need.

See the chart below for details on the solutions DigiCert provides for each aspect of cloud migration.

Cloud Migration

And with DigiCert automation, it’s even easier to manage. DigiCert 5G Network Solutions offer automation tools based on protocols such as SCEP, EST, CMPv2 and REST API, which enable the orchestration of secure services for dynamic scaling in 5G networks.

5G Network Solution is built on DigiCert ONE, a PKI management platform built with a new architecture and software to be the PKI infrastructure service for today’s cloud migration challenges. Released in 2020, DigiCert ONE offers multiple management solutions and is designed for all PKI use cases. It is flexible to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs. It also deploys extremely high volumes of certificates quickly using robust and highly scalable infrastructure. DigiCert ONE delivers end-to-end centralized user and device certificate management, a modern approach to PKI.

MNOs need to move fast to prepare for the 5G revolution. With a variety of use cases envisioned for 5G, authentication, encryption and operational integrity are necessary security enhancements to protect devices, end users and networks. Planning security into 5G migration now can avoid breaches, financial losses and ultimately lost trust later. Utilizing a modern PKI platform can also give MNOs confidence to deliver an excellent customer experience and minimize risks. For more information about DigiCert 5G Network Solution, contact us at pki_info@digicert.com or visit www.digicert.com. And stay tuned for our next 5G solutions blog, which will focus on securing connected devices.

Posted in 5G, Cloud Security, PKI, Privacy