Wireless Communications Security

What kind of security is needed for wireless communications in the 2030s? The rapid development of communications networks challenges developers to assume possible new vulnerabilities and security threats.
Mika Ylianttila tietokoneen äärellä.

The history of science and technology has resembled the process of evolution: previous findings have laid the foundation for new ones. Theoretical research has preceded, and applied research has followed. In the 19th century, Scottish physicist James Maxwell published the theory that light is the form of electromagnetic waves. Much of today’s electrical technology, such as electric motors, power generation fiber optics, and all radio frequency wireless communications, is based on the electromagnetism described by Maxwell’s equations. In the second half of the 19th century, the first experimental radio equipment was built, by icons such as Hertz, Marconi and Tesla. In the 20th century, while radio and telephone technologies continued to evolve also the first computers were developed. Since then, microcircuits using semiconductor technology have enabled to manufacture more advanced devices.

Wireless communications using electricity and information technology have created unprecedented new opportunities for humanity, often linked in some way to people’s safety and well-being. While in ancient times, using fire, smoke signals, or mirrors, wireless communications were used to warn against enemy forces approaching, the first time in World War II, a computer was used for the first time to find out the enemy’s movements. With the lead of the mathematician Alan Turing, the British developed the first programmable digital computer to break the German cryptographic code and thus discover the strategic communication of enemies. This research paved the way for modern computer sciences and the development of cryptographic systems central to modern information networks and information system security.

A significant step in the development of communications networks was seen when the U.S. began to develop a decentralized communication system in the 1960s that connected different computers in the network using packet-switched communication methods. Computers on the network form a chain in which the transmitted data packets move from one network node to another until they reach their intended destination. This network and the protocols defined therein, i.e., the agreed communication rules, also known as the TCP/IP protocol family, form the basis of the current Internet. At that time, it wasn’t yet known that this packet-switched mode of communication would later grow global and merge into wireless communications.

Especially at the turn of the 21st century, mobile phone and computer networks, previously implemented with quite different technologies, began to converge. Concepts of mobile or wireless Internet became prevalent. The protocols and architectures familiar with computer networks merged into the cellular network architecture. Especially in the fifth generation of mobile telephone networks, this development has been the most advanced so far: the computing power of cloud computing has been brought closer to the base stations, referred to as edge computing. In addition, the internal functions of the network have been virtualized, enabling their use with more cost-effective, non-proprietary computing server infrastructure.

Modern mobile networks consist of two parts: radio access network and core network connecting the network elements, which is also connected to the rest of the internet. The name Internet refers to a network of networks which brings together different networks, both wireless and wired. Specific features of wireless communications include changing location information and mobility when a wireless device moves from one area to another. My doctoral thesis focused on these topics. Since the 1990s, mobile networks have evolved so that a new generation has emerged approximately every ten years. They have evolved to support new applications like video streaming and social media applications. Now most cellular subscribers have a 4G connection, and 5G provides the fastest connections in the network coverage range. Aligned with Nokia’s and other companies’ success, Finland has been one of the global leaders in technology evolution. The success of companies is partly driven by advances in research and product development and their knowledge of new technologies. Today’s research already focuses on the technology of the 2030s and 6G networks.

Emerging new network technologies necessitate consideration of network security already with design

Wireless communication security includes not only radio access but also the core network connecting wireless devices, as an attacker can lurk anywhere in the network. As mobile phones and other devices that are wirelessly connected to the Internet as computing devices, they and mobile phone networks can also be hacked. Potential vulnerabilities and security vulnerabilities in mobile phones and mobile networks can be exploited, private data can be unlawfully accessed, or vulnerabilities can be used for more serious attacks. Cyber security as a concept proclaims the need to defend against cyber-attacks and build defense strategies with software, network protocols, encryption methods and digital signatures. Serious cyber-attacks usually proceed so that they first aim to break a weak point of defense, then reach a bridgehead position and advance in the system, acquiring information and access rights. For example, a typical vulnerability may be that the home WLAN base station administrator password has not been changed from the default password. In other areas, such as internet protocols and web browser technologies, several vulnerabilities have been discovered and reported in their history. It is a competitive race to find and fix vulnerabilities as they are discovered. The EU’s new security standards for wireless devices also improve privacy, prevent fraud, and protect communications networks.

6G technology offers a leap forward in latency, capacity, and reliability. At the same time, the amount of data flowing through the network is increasing, and new applications and services are being developed. Automation of the network’s internal operations is increasing, which aims to increase efficiency and cost savings. Artificial intelligence and its utilization in various network functions is a growing trend. AI methods, which are based on machine learning and statistical mathematics, are currently researched and developed widely. They have many application areas, such as facial and pattern recognition, optimization of data search services, and industrial processes. In communications networks, they can be used, for example, for radio network resource optimization.

Our AI methods-related research focuses on identifying their vulnerabilities and, on the other hand, utilizing their strengths when used in the context of security, trust, and privacy for wireless communications. The University of Oulu and Finland carry out high-quality basic and applied research in artificial intelligence methods. My group is conducting applied research in this area, focusing on the security of selected AI methods when used in wireless systems. A concrete example of the AI methods we have studied is federated learning, which has many application areas. It is a data minimization technology developed by Google that combines anonymized data from different devices to train machine learning models. Its advantages include in-built privacy features which can keep as much information as possible on the end-user’s device. There is no need to send all data over the network; instead, the parameters of the machine learning model are transferred over the network.

On the other hand, advanced cyber-attacks can exploit federated learning vulnerabilities through so-called machine learning model poisoning or inference attacks. These can disrupt the functions of the network, which can harm the performance of the network services and, at worst, paralyze the network's performance. Our research includes how to protect against such advanced attacks and how they can be detected as soon as possible.

Engineers designing networks and services must thus ensure that different security threats are already considered when designing technologies. The prevailing security design principle is “never trust, always verify.” This principle refers to the fact that, in principle, it is almost always possible to penetrate the various functions or data of the network to some extent, but this must, through careful planning and monitoring, make it as difficult as possible for attackers. We need to react quickly to problems identified and prevent issues with, for example, more effective trust mechanisms. Examples of new trust mechanisms include blockchain technologies, which may be more widely known as the enabling technology of cryptocurrencies, but which also have multiple applications in wireless systems and can be combined with AI methods. The advantage of blockchain-based transactions is their ability to produce and maintain network databases in a decentralized manner so that information can always be verified. Thus, the reliability of shared data increases. Databases are distributed in several locations simultaneously, making them more difficult to falsify.

The design of wireless communication protocols and algorithms must also meet the latency and energy efficiency requirements of 5G and 6G systems. This can make some network functions more vulnerable to new denial-of-service attacks. These new threats to the cyber security of wireless communications need to be understood and mitigated in the design and implementation of the wireless system. Therefore, new wireless systems must always be developed by also considering their security.

The blog text is based on a talk given by Professor Mika Ylianttila at the New Professors Inaugural Lectures event on 24 April 2023.