January 28 2021

Global Best Practices in Securing 5G Voice Services

Global Best Practices in Securing 5G Voice Services

New European Regulations on 5G Network Security Possible Strategies and Measures

On the 20th of January 2021, Blue Telecom Consulting (in the following referred to as BlueTC) returned with its live webinar series for mobile operators, telecommunications networks equipment providers, industry analysts and regulators.

This time, our focus was on the new EU 5G Security Toolbox [i], which highlights the need and importance of network security and includes the guidelines which strengthen the role of the national authorities in ensuring operators take security more seriously and implement the toolbox.

Fraud, Overbilling, Reduced QoS or Outages

With several Wangiri fraud cases recently surfacing in the Nordics, it is easy to see the usefulness of operators securing and forensically monitoring their voice services. But fraud such as Wangiri that directly affects subscribers is not the only area that the telecom operators should focus on related to security. Successful attacks and security breaches may do much more harm than fraud as there is a multitude of ways such unwanted traffic can negatively affect the quality of voice services, deny access, divert calls or data and, in some cases may even cause network outages. 

The Renewed Importance of SIP and IMS

Within IP networks and within IP Multimedia Subsystems (IMS), the Session Initiation Protocol (SIP) is the signalling protocol used to deliver VoIP services, independently of whether the bearer is fixed, 4G (VoLTE or VoWi-Fi) or for that matter 5G. The SIP protocol gives great flexibility but will also, undoubtedly, lead to an increased number of vulnerabilities and open doors for attacks. Inbound signalling may, in contrary to former assumptions, be malicious or malformed, and as a direct consequence should be forensically analysed and secured.

As of 2020 it is mandatory for operators in the EU Member States, and the countries in the European Economic Area, to extend their security work and systems to include their own supply chains. This, according to Ian Ginn, BlueTC’s Business Development Director in Western and Central Europe, is a fundamental shift as the responsibility of this work now cannot be delegated.

Vendor Assessments Mandatory in Europe

In this first webinar in a series of three, BlueTC highlighted that operators have traditionally concentrated their security efforts in relation to level 1-5 of the ISO model’s layers, whereas BlueTC’s security services focuses on the service layer, level seven. With the move to cloud, by definition operators are outsourcing the management and security of their infrastructure, however the services still remain mission critical to their business. As of 2020 it is mandatory for operators in the EU Member States, and the countries in the European Economic Area, to extend their security work and systems to include their own supply chains. This, according to Ian Ginn, BlueTC’s Business Development Director in Western and Central Europe, is a fundamental shift as the responsibility of this work now cannot be delegated.

Security Assessments and IDS Tools for Operations

It turns out that with the fragmented and ever evolving threat landscape, that includes anything from misconfiguration and malformed messages through to more sophisticated attacks and fraud, devising and conducting comprehensive testing to identify IMS vulnerabilities has become more challenging. Detecting and addressing potential vulnerabilities in the exposed network elements requires expertise, appropriate tools, and processes. Also, due to the great variety and large volumes of security testing required for each IMS node assessed, automation needs to be put in place. Add to that that all the testing must be tailored to the mobile operator in question, its technical environment, type of vendor equipment and any specific configurations, and it becomes obvious that specialist expertise and experience are needed.

Therefore, together with our strategic partner in this area, NextGen, Inc., BlueTC has developed a service for securing voice over IP (VoIP) services by hardening the exposed network elements that is feasible and economically viable for mobile operators. This framework consists of an IMS Network Security Assessment carried out before the launch of voice services combined with Intrusion Detection Tools (IDS) for forensic SIP-aware network monitoring in live network operations.

More Efficient Testing and Security Work

These can be executed on traditional and virtual IMS nodes (vIMS), and normally also in cloud environments.

Following the framework that BlueTC has developed to provide global best practice voice security services to European operators has several benefits.  It is not uncommon to execute around 6 million tests in the assessment per node. This provides the operator with the knowledge that the assessed systems comply with the relevant standards and uncover and pinpoint vulnerabilities before taking the release to production. As a result of focusing on these vulnerabilities and implementing countermeasures, the operator should be confident that its baseline IMS network security is robust.  

The specific measures recommended as a direct result of the assessment include corrections that vendors will have to implement in their equipment and solutions, as well as improvements within the operator organisation itself. The fact that vendors often need to improve their own products allows us to conclude that our comprehensive in-depth testing is more thorough than that of many vendors.

To monitor live operations the SIP-aware IDS is deployed in stealth mode invisible to attackers, taking a copy of the real-time traffic with no effect on performance. When deploying the IDS, BlueTC’s customers will benefit from the access to a database of tens of millions of already known threats, which have been gathered and classified during work with 35 operators worldwide in more than 150 assessments. Any new or suspicious traffic which can be analysed, is triaged, and treated appropriately. For this process to work smoothly and efficiently, though, broad experience and know-how of IP security testing methods are needed.

Lower Total Cost of Ownership

BlueTC is convinced that the above approach of assessing the key nodes on a regular basis in a pre-production environment, combined with a SIP-aware IDS in operations will result in lower total cost of ownership within IP/IMS network security. It is all about how telecom operators can protect themselves and their customers in the most efficient and cost-effective way against identity theft, fraud, and loss of revenue or brand image and shareholder value. It should be a top priority for operators to maintain the highest level of quality of their voice services, independently if these are based on 4G or 5G networks. The importance of a high quality of service (QoS) is causally related to the market and technology evolution, and especially to the fierce competition that operators face from over-the-top (OTT) players. 

VoLTE and vIMS Forecasts

According to Roberto Kompany, senior researcher at Analysis Mason and a guest in our introductory 5G Voice Security Webinar, forecasts indicate that over time VoLTE and Voice over Wi-Fi (VoWi-Fi) will replace 2G and 3G voice services. Furthermore, OTT players will in many markets continue to increase their market share despite the lack of good network QoS and limited data allowances. Kompany estimates that out of the total voice traffic carried on smartphones in 2019, voice applications accounted for 22% in Emerging Asia Pacific, 12% in North America and 19% in Western Europe. In the latter region this figure will increase to 24% by 2024. So, to compete operators must continue to deliver voice services and migrate to VoLTE solutions.  

Kompany is the author behind a strategy report published by Analysis Mason, titled IMS: vendors must support MNOs’ voice strategies during the migration to 5G standalone [ii]. Interestingly, as of July 2020, when this research was first made public, it was reported that only 21% of operators have a vIMS in place. Analysis Mason forecasts that vendor vIMS revenue will grow to USD $5.4 billion worldwide in 2025 as operators migrate to vIMS and later to cloud-based IMS to support their 5G plans.

Join Our Next Webinars!

Would you like to learn more about BlueTC’s work in this area? In our next Webinars in this series, we will go more in-depth with the two main elements that conform BlueTC’s global best practice for securing 5G voice services: 

Register to Webinar (2/3): How to Carry Out Best Practice Assessments to Secure Critical Voice Services (February 10, 2021)

Register to Webinar (3/3): Operational Requirements and Tools to Secure Critical Voice Services (March 3, 2021)

In case you missed the introductory Webinar, on which the two above ones build, you may register to receive a recording below:

Request recording of Webinar (1/3): The EU 5G Security Tool Box and the Need to Secure Critical Voice Services

We look forward to your participation!

Cecilia Lie
Head of Nordics at Blue Telecom Consulting – BlueTC ®


[i] More information about the EU 5G Security Toolbox may be downloaded in 24 languages from this official website of the European Union: Secure 5G networks: the EU toolbox (europa.eu)

[ii] Analysys Mason’s strategy report published on 9 July 2020 is available here.


Leave a comment

Scroll to Top