5G-ENSURE Demo Stand: Security and Privacy Enablers for 5G

The 5G-ENSURE Demo Booth at EuCNC 2017 features security and privacy enablers for 5G developed within the project. Visitors will see these enablers in action in combined scenarios and as standalones, showing how they are key assets for improving access control, privacy, trust, as well as network management and virtualisation security.

The demos come from several project partners: VTT, Telecom Italia, NEC, SICS and Thales along with a geographically distributed 5G test-bed. With interconnected nodes in France and Finland, the test-bed enables the development and testing of complex end-to-end, multi-domain, multi-operator 5G oriented security scenarios.

Demo 1: Scenario for IoT Video Monitoring

In this demo, 5G-ENSURE demonstrates isolated, access controlled and monitored micro-segments enabling the fast detection of threats; recovering threats quickly and in a verified manner and how service providers and end-users can be made more aware of network trustworthiness. VTT and NEC.

The micro-segmentation enabler creates and deletes micro-segments, adding and deleting nodes from micro-segments, and providing strong access control to the micro-segment. The security monitoring enabler monitors behaviour inside the micro-segment and detects any anomalous behaviour. When an anomaly revealing such attack is detected, the micro-segmentation enabler quarantines suspected flows.

The trust metric enabler functions in unison with the security monitoring enabler. The trust metric enabler provides information about the trustworthiness of a micro-segment for the service provider, who is notified in case of an untrustworthy micro-segment.

The compliance checker verifies whether the micro-segmentation enabler quarantines the flows detected by the monitoring enabler. In particular, it checks at runtime that maliciously behaving nodes are removed from the micro-segment and that the data plane is reconfigured. If any of the steps is not performed, the compliance checker issues a warning, which is visualized by a red flag at the web service displaying the micro-segment.

Demo 2: Scenario for Remote IoT heating and alarm system with IMSI hiding mechanism

Using four enablers on a multi-domain test-bed, this demo shows how 1) we can provide services that are isolated and highly secure with strong access control; 2) privacy can he enhanced with the IMSI hiding mechanism and 3) service providers and end users can be made aware of current trust and privacy levels. The demo also shows how the test-bed enables the development of complex end-to-end, multi-operator security scenarios. VTT, Telecom Italia, b<>com test-bed.

The micro-segmentation enabler creates an isolated micro-segment for Alice's remote heating and alarm system into her house. The EAP-AKA implementation of the Privacy Enhanced Identity Protection enabler is used for access control. The enabler will protect the long-term identifier (IMSI) with asymmetric encryption. In this way, the IMSI is hidden and it is not visible for tracking by possible adversaries. The security monitoring enabler monitors behaviour inside the micro-segment and detect any anomalous behaviour. The trust metric enabler provides information about the trustworthiness of a micro-segment for Alice, who is notified if a micro-segment becomes untrustworthy. The trust metric enabler will state that privacy is adequate and trustworthiness of the micro-segment is true.

The b<>com side of the test-bed can be used to host a web service providing user interface to the heating system. The service is located inside a micro-segment. There could also be a micro-segment at the VTT site to illustrate end-to-end isolation.

Demo 3: Internet of Things Enabler

As part of the enablers for authentication, authorisation and accounting, the IoT enabler provides a new definition of protocols for credential management and authentication of users and devices, such as sensors and IoT devices in general. 5G-ENSURE demonstrates the capacity of the group-based AKA protocol to make simultaneous authentication of groups of devices.

Demo 4: VNF Certification Enabler

VNF certification is part of the 5G-ENSURE trust enablers. The enabler certifies trustworthy implementation of the VNF and exposes their characteristics through a Digital Trustworthiness Certificate. The demonstration will show how the certification is created.