A New Trust Model For Securing 5G Networks

5G promises rich new business models for enterprises. However, these benefits come with risks to the confidentiality and integrity of sensitive data if security challenges are not addressed with a new trust model for the 5G era.

5G Data Security Threats and Vulnerabilities

Growing number of connected devices (IoT)
Storing more consumer data
Network functionality virtualization (NFV)
Use of open-source platforms and multi-vendor networks
Distributed nature of 5G networks (multi-cloud, multi-sites, hybrid)
Disaggregated RAN and network slicing

Thales 5G security solutions deliver end-to-end encryption and authentication to protect data across fronthaul, midhaul, and backhaul operations as data moves from users and IoT, to radio access, to the edge (including multi-user edge computing), and finally, in the core network and data stores, including containers.

Protect data in motion

Secure data in motion from the RAN/O-RAN to the edge datacenter and back to the core of the network with Thales High Speed Encryptors (HSE).

  1. Built for modern networks like 5G to provide ultra-low latency, improved performance, compatibility with 5G network architecture, and scalability.
  2. HSE hardware and virtual appliances provide a multi-point solution and support a wide range of RAN/O-RAN network requirements such as network slicing and are equipped with Transport Independent Mode (TIM), for concurrent encryption over network Layers 2, 3 and 4.

Protect virtualized data-at-rest across hybrid IT

  1. CTE provides consistent encryption of sensitive data across all 5G network configurations and virtual network functions with granular access control. This solution encrypts data generated from containerized applications without any change to application business logic.
  2. CipherTrust Manager centralizes cryptographic key management across multiple cloud vendors and hardware storage providers.
  3. DevOps, Secrets Management and Kubernetes Security: Secure, deploy and run cloud-native workloads across environments by transparently protecting sensitive data with RESTful calls, secrets management, and establish strong safeguards around data stored in Kubernetes environments.
  4. Ensure strict access controls and the capability to audit all file operation/access events to protected data (users can monitor usage via SIEMs to better understand who is accessing the information).
Protect PKI, critical infrastructure and networks

Secure 5G virtual network functions (VNFs), protect the entire PKI-based telco infrastructure and provide a FIPS 140 validated hardware root of trust for the entire network.

  1. PKI Root of Trust: It is paramount to execute all cryptographic functions within a secure environment to ensure both the integrity and the confidentiality of the keys used to encrypt and decrypt data and perform functions such as code signing. Luna HSMs provide extra security to public key infrastructures (PKIs), including digital certificate management for cell towers.
  2. Compliance and Quantum Readiness: Luna HSMs provide a FIPS 140 validated and Common Criteria EAL 4+ certified crypto agile solution, enabling quantum safe algorithms to secure users and data today and into the future.
  3. Thales has optimized its Luna Network Hardware Security Modules (HSMs) to meet the performance, flexibility, scalability, and high availability needed to secure the 5G core network and entire PKI-based telco infrastructure.

Protect subscriber privacy, identities and authentication

Provide end-to-end security of 5G subscriber identifiers (SUCI de-concealment), and subscriber authentication (subscriber authentication vector generation and subscriber keys provisioning flow protection).
  1. Protect Subscriber Privacy and Identities: Generate encryption keys, store home network private keys, and perform crypto operations to de-conceal SUCI within the Luna HSM to ensure subscriber identities and privacy, including the SUPI, are protected with a hardware root of trust.
  2. Secure Authentication Vector Generation: Store master keys and run authentication algorithms within the secure confines of the Luna HSM to protect authentication related keys during the authentication execution process.
  3. Key Provisioning: Store encryption keys for provisioning and storage systems and perform encryption/decryption of provisioning and storage system keys for secure authentication-related keys during SIM personalization and provisioning

Related products

Luna General Purpose HSM

Versatile and compact, entry-level 10 Mbps-1 Gbps network encryptors provide security without comprising network performance.

CipherTrust Data Security Platform

Addressing the security and performance demands of the largest, most performance-intensive environments, including those of enterprises, government agencies, and cloud service providers, the CN6000 Series encryptors offer variable-speed licenses up to 10 Gbps.

High Speed Encryption

Delivering 100,000,000,000 bits per second of high-assurance and ultra-low latency, the CN9000 Series provides mega data security (100 Gbps) and high speed network performance with the lowest latency in the industry (<2µs).

/ Try It now

Wherever your data resides we can help you own your data

Get a Demo
Products
Payment HSMGeneral Purposed HSMData SecuritySecure File SharingNetwork Encryption
Services
ConsultingSupport & MaintenanceDeployment & InstallationRenew & WarrantyTraining & TransformationHardware Replacement
Company
About usNews & EventsCustomersCareers
Resources
BlogsCase StudiesDocuments
Follow Us on
Copyright © 2024 HPID. All rights reserved
DisclaimerSitemapTerms & ConditionsPrivacy Policy