Insecurity By Design Or Insecurity By Ignorance?
When discussing 5G SA roaming, the main focus currently in GSMA Fraud and Security Group is on mutual TLS to prevent man-in-the-middle attacks and encrypt all the traffic between mobile operators, when Home PLMN exchanges traffic via Visited PLM or when an operator deploys 5G Core in a hybrid cloud. Whereby the AMF and SMF sitting in the public cloud need to exchange signaling traffic with network functions hosted in a private cloud.
It will be assumed that the reader has knowledge of PKI, mutual TLS, Oauth2.0 and 5G Core procedures.
Well, one can argue that mutual TLS enforces zero trust by ensuring that the identity of the network functions is authenticated via the exchange of identity certificates and the encryption of signaling traffic between two trusted roaming partners. However, mutual TLS cannot provide access control to the producer’s resources, in the absence of proper authorization the roaming partner will access services or data beyond the scope of their roaming agreement. Therefore, leading to security vulnerabilities.
How does authorization work in the 5G Core?
