23 April 2019

A Risk Analysis of Huawei 5G

By Nicholas Weaver 

Telecommunications networks are special—they are designed to enable wiretapping. Mandates such as the Communications Assistance for Law Enforcement Act (CALEA) in the U.S. and similar requirements elsewhere effectively require that the network operator use equipment that contains surveillance hooks to answer government requests. The Greek government personally experienced the drawbacks inherent in this design when unknown parties compromised the Athens cellular network to spy on government officials.

Because of this, telecommunications companies and countries that upgrade their networks must consider the risk of wiretapping when deploying new cellular equipment. Right now, this calculation is playing out in the debate around whether the U.S. and others should use Huawei 5G equipment. There are effectively three options: use Huawei equipment, ban Huawei equipment or simply not upgrade to 5G.

Recently, the U.K.’s Huawei Cyber Security Evaluation Centre Oversight Board released a new report—its fifth—which makes clear that it is impossible to mitigate these risks technically. According to the board, the code that Huawei uses, like so much of the rest of the code running the world, is simply a nightmare: It is complex, written in an “unsafe” manner, using “unsafe” languages. The scale and complexity make it impossible to analyze the code to look for new bugs, let alone efforts at sabotage. Sabotage can be particularly sneaky and very hard to detect even when one does have source code, and even if discovered it can also be almost indistinguishable from a “mistake.”


Even if the U.K. could fully inspect the code and know it is free from sabotage, the build process—the steps that turn the source code into something the computer actually runs—is “nondeterministic.” Each time the code is built, it produces something different, so there is no way to be sure that the final code running on a device is the same code that passed inspection. And even if the builds were deterministic, this couldn’t stop sabotage in the manufacturing process or prevent an unvetted fix from including something extra. I don’t believe these risks are unique to Huawei—the dirty secret is that most of the world’s computing infrastructure is a similar nightmare. But this does mean that nobody can provide technical assurance that particular Huawei networking equipment is free from sabotage.

So the risks of Huawei equipment can be managed only by understanding the political risks: How much is a country willing to bet that Huawei will resist Chinese government pressure? Given that the U.S.’s National Security Agency is known to sabotage equipment in transit, bribe companies to deploy sabotaged standards, and compel cooperation of U.S. companies in intelligence activities, it would be naive to expect any less of China. Further magnifying the risk is that Huawei may actually be a state-owned company.

This leaves three options for countries considering what to do about 5G. First, a country can decide to buy Huawei equipment and save a considerable amount of money in doing so. The risk is simply that every high-level political figure and executive may have their calls monitored by Chinese intelligence. This may actually be a worthwhile trade-off—after all, the damage done by Chinese spies would have to be weighed against the potentially billions of dollars saved from purchasing Huawei equipment. That trade-off just needs to be acknowledged when making purchase decisions.

The second option is to purchase equipment from Huawei’s European competitors, Ericsson or Nokia. These manufacturers are more expensive than Huawei but provide the greatest political assurance: None of the major spying nations can exert the same pressure on Nokia (Finnish) or Ericsson (Swedish) that they can on domestic companies.

The final option is simply to avoid the hype. The claims about 5G being “20x faster” than preexisting 4G are effectively disingenuous marketing as real-world performance rarely reaches the theoretical peak bandwidth but, rather, is limited by the shared communication spectrum. 4G systems are already effectively at the “Shannon limit”— that is, the limitation on the ability to transmit information within a given amount of radio spectrum at a given power. 5G can’t break fundamental laws of nature. Instead, 5G’s greater performance comes from three factors: The first is that 5G adds additional frequencies, providing a greater number of potential channels. These are a major improvement but have limitations, including being significantly more sensitive to rain. The second is improved antennas, which allow a single base-station to talk more efficiently to multiple handsets. The final improvement is smaller cells, so that each tower is providing coverage for a smaller area. All but the additional frequency bands apply just as easily to 4G networks.

So an optimal strategy may be simply to improve 4G by increasing the density of 4G cells: If each cell can move the same amount of traffic, this will substantially improve the total throughput that the network can support. It will also speed most individual connections as most users never experience the full bandwidth on 4G because it is shared with other users. Smaller cells reduce the sharing, giving all the users more potential bandwidth. Then one can simply follow the lead of AT&T, which rebranded its 4G as a “5Ge network”—most of the real advantages of a 5G upgrade are gained at a much lower cost.

The actual decisions will need to be country specific. With any luck, the European nations will use Nokia or Ericsson, while other countries may be wise to simply hold off on upgrading to 5G. But many will undoubtedly chose Huawei. I only hope they make the selection with their eyes open.

No comments: