Defense Advanced Research and Projects Agency aims to develop a secure, open-source, standards-compliant network stack for 5G networking.
As trade and technology policy experts across the globe consider the implications of possibly unsecured equipment being built into 5G networks, the Defense Advanced Research and Projects Agency has a plan of its own.
The Open, Programmable, Secure 5G (OPS-5G) program will address the risk that 5G networks designed to support critical infrastructure and mobile communications are used for cyberespionage and cyberwarfare. It is based on a portable, open-source, standards-compliant network stack for 5G mobile that is secure by design, DARPA said in broad agency announcement.
5G networks promise up to 100 times more bandwidth, 1,000 times greater network capacity for more connections with less latency. The technology will be foundational for smart cities, autonomous vehicles, industrial automation, medicine, augmented and virtual reality and a host of military applications.
The security risks of 5G have been well documented. Some critical network equipment is manufactured in China, the hardware and software are integrated, systems are proprietary and opaque – not to mention the massive numbers of unsecured devices expected to connect to 5G networks. All of which makes U.S. policy makers extremely cautious about transmitting sensitive information over 5G networks.
DARPA's OPS-5G research into a U.S.-friendly ecosystem will focus on four technical areas:
1. Standards meet software: Open source development typically lags commercial software development, so DARPA wants to decrease the time required to update to OPS-5G open source software when new versions of 5G standards are released. By using machine translations of natural language standards documents, DARPA hopes to quickly extract information that can be used as a foundation for automated compliance testing, partial proofs of correctness, protocol execution integrity checks and other critical aspects of software development.
2. Cross-scale 5G node and network security: Because the varying size, weight and power characteristics of 5G devices, DAPRA wants a usable “zero-trust” security architecture that will secure devices ranging from resource-constrained internet-of-things sensors to servers. Solutions must secure both permanent network installations and cases where IoT devices may be bought, sold, loaned and relocated. The security architectures must operate across all scales of nodes and networks, minimize the use of 5G core network services and maximize mobile edge computing to avoid performance bottlenecks.
3. Secure slices: Because the latency and bandwidth requirements of applications vary (e.g., video streaming vs. tele-robotic surgery), 5G uses network slicing, an architecture that allows virtual networks with different quality-of-service requirements to run on the same physical network. DARPA wants to develop secure slices that provide security over network resources provided by and shared with unknown or possibly adversarial entities and mitigate new attack surfaces (such as side-channels) introduced by virtualization and slicing.
4. Principled programmable defenses: The programmability of 5G networks raises the risk of attacks, as was seen in the Mirai IoT distributed denial of service attack that weaponized 600,000 nodes on cameras, routers and game boxes to overwhelm Dyn's managed DNS infrastructure. With 5G networks predicted to have 60 to 600 billion nodes by 2023, DARPA wants to use the programmable elements of 5G networks to ensure that in-network code is trustworthy and that in-network sensors can detect and identify attacks in real time so appropriate defenses can be deployed.
OPS-5G is a four-year program organized into three phases: two 18-month phases followed by a 12-month phase. Although DARPA anticipates multiple awards for each technical area, funding levels have not be determined and will depend on the quality of the proposals received and the availability of funds.