Views: 180
The interior ministers want to weaken the security of 5G, to give authorities the opportunity to listen. Experts remind: That has happened long ago.
Article Heise Online by Monika Ermert: Great excitement of security politicians: The German interior ministers want to prevent a strong encryption in the upcoming mobile standard 5G. The 3GPP, the standardization body responsible, frowns on this: Governments and government agencies have long since ensured that 5G gets the same monitoring standards as its predecessors.
No hard encryption
An end-to-end encryption was almost no topic in the standardization, criticized Alf Zugenmaier, Professor of mobile networks and security at the University of Munich: “The race was lost before it started properly.” Encryption of the network traffic, which can no longer be decrypted by the network operator, was prohibited by existing monitoring laws from the point of view of the companies involved in standardization.
According to Zugenmaier, the 3GPP Law Enforcement Working Group has ensured that the interests of the investigative authorities are recognized. The expert therefore does not see any big differences between 5G and older mobile phone standards. Listening interfaces for the release of traffic in accordance with the relevant ETSI standards – drafted by 3GPP – have long been part of the specifications.
Looking at failing IMSI catchers, Zugenmaier says the changes have also been modest compared to 3G and LTE. For 5G, the “International Mobile Subscriber Identity” numbers (IMSI) are to be transmitted in encrypted form. IMSI catchers, who fool a base station and capture their existing devices using their IMSI, fail to authenticate. With a court order, however, access to the movement and traffic data is no problem for the providers, emphasizes Zugenmaier.
Services have long been participants in standardization
The technical experts are astonished to observe the proposals that are now on the table in Luxemberg and Berlin. EU terrorism coordinator Gilles de Kerchove acknowledges in his report for telecom ministers that end-to-end encryption is not part of the standard. However, it can not be ruled out that this will eventually be included in the standard.
To prevent this from happening, Kerchove suggests that Europol’s 5G working group work with the major network operators to help bring prosecutors’ concerns to standardization. In addition, Europol could become a member of the European Telecommunication Standardization Institute (ETSI) and influence the 3GPP law enforcement group.
In fact, authorities such as the Federal Office for the Protection of the Constitution, the British National Cyber Security Center (NCSC) or the Dutch Ministry of the Interior have participated intensively in the discussions of the standardizers. In other standardization committees, such as the Internet Engineering Task Force, security authorities are also trying to secure interceptions and prevent encryption. With the transport encryption TLS1.3 the IETF remained hard at the end.
End-to-end then at 6G?
End-to-end security in mobile telephony could take a new run for 6G at the earliest, estimates Zugenmaier. The 5G standard is ready, only bugs are fixed. This does not stand in the way of 5G activism in politics. Member States should complete their national risk assessments by the end of June. On 1 October, the EU Commission, supported by the European Network and Information Security Agency (ENISA), wants to deliver a pan-European risk assessment.
A spokesman for the Interior Ministry said on request from heise online, we welcome the European initiative. The issue of the impact of 5G on the work of the security agencies will affect all member states. “The ever increasing diversity of services and the spread of encryption in day-to-day communications are already posing significant challenges for security authorities today,” the spokesman said. This will be reinforced with 5G. (Vbr)
Leave a Reply