your123 - stock.adobe.com
As enterprise interest in private 5G deployments expands, many are also examining how 5G and Wi-Fi security stack up.
Comparisons between 5G and Wi-Fi are nothing new. Whether it's speed, signal penetration, device density or some other measurement, IT leaders constantly analyze the two wireless access standards to determine which technology works best in specific use cases.
Wi-Fi security evolved; 5G security baked in
To help set the record straight, I reached out to Mehmet Yavuz, co-founder and CTO of Celona, a private mobile network integrator based in Cupertino, Calif. Yavuz said one of the key differences is that Wi-Fi security evolved over time, while 5G security was built in from day one.
"Wi-Fi hasn't always been secure," he said. "Original Wi-Fi authentication and encryption methods were quickly compromised, forcing enterprise vendors and their customers to upgrade their security mechanisms or risk the threat of network or data compromise."
Additionally, even though Wi-Fi networks can be configured to be highly secure, that doesn't mean they are, he said. "Choosing which Wi-Fi encryption and authentication functions are enabled is completely up to the person setting up the network. Thus, there is always a concern that a Wi-Fi network may not be as secure as one would hope."
When the fifth generation of cellular technology was first developed into a standard, it was done so with sophisticated security included. With Wi-Fi, administrators sometimes mistakenly configured networks with inferior authentication and encryption protections. With 5G, by default, only the most secure methods and protocols are used and enabled.
While Yavuz's point is valid, most network and security administrators tasked with deploying and protecting Wi-Fi understand the shortcomings of obsolete Wi-Fi security techniques. Insecure protocols and encryption mechanisms can be easily avoided to deliver a Wi-Fi LAN that is as secure as any 5G-deployed network.
Authenticating users, not devices
From an authentication perspective of 5G vs. Wi-Fi security, the two standards use different approaches to ensure the identity of users and devices. While most enterprise Wi-Fi deployments authenticate users, 5G authenticates devices.
With Wi-Fi, user authentication can be as simple as a username and password or as complex as a multifactor authentication process that requires several pieces of user-identifiable information before access is granted. While these authentication techniques indeed work and provide sufficient levels of network access control, user authentication requires more administrative overhead than other options. Autonomous IoT poses a significant challenge, for example; for these deployments, it makes far more sense to authenticate the device, as opposed to authenticating a user who does not exist.
At the same time, there is nothing inherently wrong or insecure with the way Wi-Fi handles authentication. As long as users and authentication methods are properly managed from an onboarding and offboarding perspective -- and if enhanced authentication methods are put in place -- Wi-Fi authentication remains as secure as any other wireless authentication method.
5G authentication, on the other hand, operates strictly at the device level. "Physical SIM cards or eSIMs [embedded SIMs] are used to provide credentials on the user's or device's behalf," Yavuz said. "The process is completely seamless to the end user and far easier to manage from an administration perspective." Once a device is authenticated, he said, the infrastructure relies on individual or single sign-on application authentication mechanisms that already exist within the corporate enterprise.
Dividing the network for additional security
Another 5G vs. Wi-Fi security aspect is 5G network slicing. The creation of a network slice is a way to logically segment traffic flows based on several factors, among them source and destination IP address. Multiple slices are configured to share the physical 5G radio access network (RAN) construct but are logically segmented from each other. Each slice can have its own quality of service (QoS) policies applied to ensure performance. A slice can also contain network access policies that permit or deny traffic flows to provide an added layer of security. This level of access control starts with RAN slicing over the air at Layer 1 of the Open Systems Interconnection model.
In cellular wireless, understand there is no concept of service set identifiers. Instead, remotely controlled SIM authentication and authorization credentials take the guesswork out of policy management, access control and QoS mechanisms. As a result, security and policy enforcement per device becomes more deterministic with less chances for misconfiguration. Because all devices on a cellular wireless network have to use SIM cards to gain access onto a private 5G network, the overall environment becomes more secured.
Both are secure -- one slightly more so
Wi-Fi can be configured to be highly secure, from both an authentication and encryption perspective. That said, in situations where network access and data security are of utmost importance, 5G's baked-in authentication, encryption and network slicing capabilities will be hard to ignore.