Addressing the Evolving Security Needs of 5G Networks and ORAN with FPGAs
Posted 09/30/2022 by Mamta Gupta, Director of Security & Comms Segment Marketing, Lattice Semiconductor
Ahead of National Cybersecurity Awareness month in October, Lattice held its latest security seminar focusing on the evolving security landscape of 5G networks and ORAN. If you missed the live event, you can watch a recording of the “Reimagining Telecom Security Solutions for 5G Networks & ORAN with FPGAs” seminar here, or read on to explore some of the highlights.
Centralized network security models of the past are becoming increasingly vulnerable as the rollout of 5G and ORAN continues to decentralize virtually all aspects of the network. Between the exponential growth of firmware attacks every year, increasing amounts of IoT device connections expanding the network attack surface, legacy network risks, and rising compliance standards — cyber resilience is demanded by the 5G ecosystem. Without cyber resilience, telecommunication networks will be unprepared to respond to inevitable security attacks.
To achieve cyber resilience, network architects must focus on Root of Trust (RoT) foundations and automating the cyber resilience cycle of protection, detection, and recovery on these RoT components. This includes leveraging Zero Trust security models, and “securing the wire™” by encrypting and authenticating all data traffic to protect the integrity of the network. Zero Trust is based on identity attestation that is used as a major technique to establish the identity of users and devices connecting to the network.
Security risks are evolving at such a rapid pace that crypto agility, the ability to securely update network hardware components already in the field vs. waiting for a new tapeout, must be considered by network architects as they design and deploy equipment that will likely stay in the field for years to come as quantum computing comes online.
FPGAs are designed for such flexible implementation while still maintaining security. Lattice FPGAs and comprehensive solution stacks are ideally suited to implement new security controls thanks to their programmability, Root of Trust foundations, and cryptography capabilities. Most of Lattice’s control and security FPGAs, the Lattice Mach™ family -- including the latest Lattice MachXO5™-NX -- serve as a hardware root of trust. MachXO5 FPGA’s secure design includes ECDSA bitstream authentication, AES256 encryption, and cryptographic extensions to help transition to Post Quantum Cryptography.
Governments and regulatory bodies have traditionally been slow to respond in creating secure guidelines for telecom hardware and service providers to implement strict security controls such as PFR and zero-trust models, but that is beginning to change. Attacks are getting so egregious that governments are now responding with more aggressive timelines and prescriptive requirements, such as the United States’ recent executive order on improving national cyber security that requires response times by 2024. Also, the European Commission’s Cyber Resilience Act is laying a foundation on the other side of the Atlantic for these desperately needed security requirements.
Key emerging standards also include NIST 800-193 PFR and NIST 800-207 Zero Trust Architecture, as well as recommendations from the TCG Cyber Resilient Technology workgroup. As standards are still coalescing, short term risks must not be taken lightly. Proper attention must be paid to all 5G and ORAN deployments to ensure they employ the highest level of security.
5G systems that are built with Lattice’s FPGAs coupled with the Lattice Sentry™ solution stack for PFR Root of Trust, or Lattice ORAN™ solution stack for secure, synchronized, and low power ORAN deployments, provide the robust security features telecom vendors need to continually respond to evolving security threats, particularly in a post quantum computing environment.
As a reminder, if you weren’t able to join the live event, please watch the video of the seminar. If you have questions about Lattice solutions, submit your query here, and stay tuned for our next security seminar coming next quarter!