This blog is co-authored byJeff Lipton, Vice President, Strategy and Corporate Development, ArubaandDan Harkins, Hewlett-Packard Enterprise Fellow.
"Comparing 5G to Wi-Fi 6 from a security perspective“最初于2019年7月22日在SC MAG上出版
Enterprise-grade Wi-Fi systems have proven to be secure for thousands of demanding customers across virtually all industries. With the recent hype around 5G and service providers promoting 5G as an alternative to Wi-Fi in the enterprise, it pays to understand how 5G security stacks up against Wi-Fi security.
You can check out below video to get a quick information about 5G and Wi-Fi 6 security.
每一代都有蜂窝安全性提高了。基于AMP(高级手机系统)标准的第一代模拟蜂窝系统的安全性基本不存在。这些电话未加密,可以用基本的扫描仪拦截。当前部署的LTE网络的安全性要好得多。LTE使用加强的加密和一种身份验证算法(“又名”),该算法在客户端和接收基站之间共享密钥。但是,尽管LTE安全性很强,但并不是完美的。
根据普渡大学和爱荷华大学的研究人员的说法,LTE容易受到某些类型的网络攻击的影响,包括数据拦截和设备跟踪。美联社去年报道说,美国国土安全部(DHS)承认华盛顿特区的牢房模拟器的存在,称为“黄貂鱼。”that could track cellular devices, intercept calls, and potentially even plant malware. 5G security improves upon LTE security incrementally, with identical encryption, slightly hardened authentication, and better key management. But overall, 5G security is largely comparable to LTE security.
正如蜂窝安全性的改善一样,Wi-Fi安全性随着每一代的发展而发展。早期的Wi-Fi网络从90年代后期开始使用弱的加密和身份验证,称为“ WEP”。随后的WPA和WPA2标准具有改进的加密。使用WPA2的身份验证可以是企业级802.1X,也可以是较弱的PSK(预共享键),黑客可以通过运行可能的密码来破坏,直到他们可以使用猜测密码确认WPA2握手。这称为字典攻击。因此,我们的大多数企业客户用802.1X实现WPA2,这不容易进行字典攻击。尽管有些人声称Wi-Fi是不安全的,这表明实施的网络不佳,可以停用所有密码保护(例如,当地的咖啡店),但这并不代表企业实践。尽管如此,在15年前,Wi-Fi行业开发了WPA2,当时无线,计算和安全景观大不相同。
最近,Wi-Fi联盟标准机构以WPA3做出了响应,这是Wi-Fi安全性的重大更新。Aruba是WPA3发展的领导者。WPA3实现属于三个类别之一:(1)OWE(“增强开放”),该类别对流量进行加密以防止对没有密码保护的开放网络进行侦察攻击,(2)WPA3-Personal,它使用共享 - 销售的攻击以及具有抗词典攻击具有抵抗力的密钥交换,以及(3)WPA3-Enterprise,它大大增强了企业级802.1X,并且可选地包括相同的套件B/CSNA加密算法,用于副业或更高分类的政府网络。与5G不偏向兼容的5G不同,需要全新的手机和无线电网络,客户可以在Aruba当前部署的Wi-Fi网络上升级该软件,以包括WPA3(除非他们实现Suite B/CNSA)。我们预计,诸如Apple和Google之类的主要手机OS供应商将在2019年底之前推出WPA3并增强开放。WPA3认证将于今年晚些时候开始所有新的Wi-Fi 6设备。
同样值得注意的是细胞加密通用电气nerally has lagged Wi-Fi encryption. For example, LTE encryption is based on an algorithm that uses a 64-bit key length, while WPA2-AES encryption, part of Wi-Fi since 2004, uses 128-bit encryption. 5G uses 128-bit encryption and may, in a future release of the 5G standard, upgrade to 256-bit encryption. Wi-Fi already supports 256-bit encryption through the Suite B/CNSA extensions of WPA3.
直到这个时候,我们已经强调了进化and current state of authentication, encryption, and key management for cellular and Wi-Fi standards. These are important security design elements. But it’s also important to consider a customer’s ability to tailor its networks to suit its needs by applying specific security and compliance tools and policies. The average security buyer at a large enterprise uses more than 50 different security and compliance tools, and no two organizations have exactly the same needs. Our customers have been successfully deploying their chosen security and policy tools to enterprise Wi-Fi networks for decades. The architecture of these networks is flexible and allows customers to break out, analyze, and apply policy to traffic. Wi-Fi 6 and WPA3 completely retain this flexibility.
5G是另一个故事。如果企业想用5G替换Wi-Fi,则有几种不同的方法。每个都对安全自定义有影响。
- The first approach is to extend macro 5G service into the enterprise using DAS (Distributed Antenna Systems) or small cells. With this approach, it is difficult to break out traffic and implement specific security solutions. In other words, you get what you get.
- If your company is large enough, and your service provider is willing to sell and manage an individualizedNetwork Slice,,,,you could buy a slice specific to your company. Network slicing enables carriers to create customized virtual network overlays under one nationwide, physical network. With slicing, they can tune each of these virtual networks to serve business cases that require specific network characteristics. Your service provider may sell a low-latency network slice, or an IoT-oriented network slice. You could then have the service provider apply specific security solutions to that slice and possibly even manage it for you, as a part of their network. But all traffic passing over such a slice would be invisible to security appliances that are wired directly into an enterprise network.
- Your enterprise could choose to deploy a private 5G network on your premises, using either spectrum licensed from a service provider, or possibly other spectrum that is unlicensed (e.g., CBRS spectrum). You can apply security to a private 5G network in a similar way you can apply it to an enterprise Wi-Fi network, but this requires investing in completely separate, parallel network infrastructure. Consequently, this approach will likely be limited to very specific enterprise use cases.
安全is not a monolithic consideration. It includes elements like authentication, encryption, and key management. For well-designed and deployed networks, we believe these elements for Wi-Fi 6 are equal to, or better than, 5G. An equally important consideration is the ability of an enterprise to apply the specific security and policy tools to their network in a flexible way, tailored to its needs. Wi-Fi enterprise networks are highly flexible, as they always have been. But depending on the deployment approach for a 5G network, it may or may not be able to accommodate the level of security and compliance customization required by enterprise customers.
Aruba Executive Perspectives on 5G and Wi-Fi 6
Jeff Lipton: Making Sense of 5G and Wi-Fi in the Enterprise
