5G ENSURE has received funding from the EU Framework Programme for Research and Innovation H2020 under grant agreement No 671562 | Duration November 2015 / October 2017
Deliverable D2.1 - Use Cases
This 5G-ENSURE document describes a number of use cases illustrating security and privacy aspects of 5G networks. The use cases are clustered based on similarities in technical, service and/or business-model related aspects, and cover a wide variety of deployments, such as the Internet of Things, Software Defined Networks and virtualisation, ultra-reliable and standalone operations. The use cases address security and privacy enhancements of current networks as well as security and privacy functionality needed by new 5G features.
Each use case is described in a common format where actors, assumptions and a sequence of steps characterising the use case are presented together with a short analysis of the security challenges and the properties of a security solution. Each use case cluster description concludes with a “5G Vision” outlining the associated enhancements in security and privacy anticipated in 5G networks and systems.
The use cases provide a starting point for further analysis by 5G-ENSURE for understanding 5G security. For example, defining a trust model between the various actors in a 5G system addressing the multiplicity of actors and also taking into account the machine-to-machine interactions characterising next generation networks, as well input for the security enablers.
Deliverable D2.2 - Trust model (draft)
New relationships bring new risks that must be understood and controlled and in a system as complex as 5G this implies the need for a trust model which can model the system, highlight potential risks and demonstrate the effect of adding controls or changing the design.
This document takes the first steps towards such a trust model. Firstly we discuss and define terminology. We then review the state of the art in trust modelling, firstly looking at human trust factors (as humans are essential components of 5G network scenarios), understanding how humans make decisions on whether to trust or not when dealing with other humans and when dealing with machines. Secondly we review work on machine trust and what the options are and the indicators for trustworthiness of entities, whether they are humans or machines. Finally we look at trust and trustworthiness by design techniques which we recommend for use both during the design of 5G and when changing the design of a 5G deployment by adding or removing elements.
Deliverable D2.3 - Risk Assessment, Mitigation and Requirements (draft)
This document takes the first steps towards the definition of a risk assessment and mitigation methodology to be followed for the specific task of evaluating the 5G security uses cases and architecture. Firstly we discuss and define terminology. This is essential, as common speech terminology can be quite inexact but in risk management we must be precise. We then review the state of the art in risk assessment and mitigation, understanding what existing methodology, or combination of, suits the evaluation of 5G-ENSURE proposed use cases.
The Risk Management Context is then defined, looking first at the 5G assets and actors, which is followed by the identification of threats. The 5G-ENSURE risk evaluation methodology for use case analysis is also introduced with some possible approaches to risk likelihood estimation. Nevertheless, the methodology will be refined in the final version of this document (M24), after examination of each of the approaches, especially for factors such as risk severity, impact and the level of control of remediation.
The core of this deliverable provides an initial threat analysis of representative use cases defined by the 5G ENSURE project, after the threat description formalism (template) is introduced. The focus is made on the ‘internal’ threats in this draft document, i.e. those derived from 5G-ENSURE specific use cases are only analyzed in this first version, as they capture the very essence of security and privacy aspects of 5G networks as seen by the project.
Deliverable D2.4 - Security Architecture (draft)
This deliverable describes a draft security architecture for 5G networks. The focus lies on a logical and functional architecture and omits (most) aspects related to physical/deployment architecture. This focus is motivated by general trends such as network de-perimetrization as well as 5G systems' strong dependency on software defined networking and virtualization in general.
The project's 5G security architecture builds on, extends (and in our opinion clarifies) the current 3GPP security architecture. The logical "dimension" of our architecture captures first of all security aspects associated with the various domains that are involved in delivering services over 5G networks. This part is therefore also strongly associated with the project’s trust model. Additionally, the logical part captures security aspects associated with network layers and/or special types of network traffic. This is in our architecture associated with different strata. The functional “dimension” of our architecture comprises a set of security capabilities required to protect and uphold the security of the various domains and strata. In the functional dimension, we build on the 3GPP defined security feature groups. We also here extend and refine to adapt to a 5G context.
Deliverable D2.5 - Trust model (Final)
New relationships bring new risks that must be understood and controlled and in a system as complex as 5G implies the need for a trust model that can model the system, highlight potential risks and demonstrate the effect of adding controls or changing the design.
D2.5 represents a step towards defining such a model. It reviews how the actors and business models are expected to change as we move to 5G, bringing in new domains and new opportunities for operators (both terrestrial and satellite). It summarises the use cases from 5G-ENSURE deliverable D2.1 and explains how this analysis has fed into the trust model development. It also brings new insights into procedures used to identify and analyse trust dependencies, with additional input concerning privacy aspects and from a survey of user attitudes conducted by 5G-ENSURE partners working on human factors related to trust.
Deliverable D2.6 - Risk Assessment, Mitigation and Requirements (final)
Risk Assessment, Mitigation and Requirements proposes a risk assessment and mitigation approach for the full set of 5G-ENSURE security use cases (D2.1). This document also investigates some intrinsic risks of new 5G infrastructure and network (which is not yet fully defined in standard bodies).
Firstly, it discusses and defines terminology. This is essential, as common speech terminology can be quite inexact but in risk management we must be precise. It then goes on to review the state of the art in risk assessment and mitigation, understanding what existing methodology, or combination of, suits the evaluation of 5G-ENSURE proposed use cases.
Deliverable D2.7 - SecurityArchitecture
The focus of the 5G-ENSURE Security Architecture lies on a logical and functional architecture and omits (most) aspects related to physical/deployment architecture. This focus is motivated by general trends such as network deperimeterisation as well as 5G systems strong dependency on software defined networking and virtualization in general. The security architecture builds on and extends the current 3GPP security architecture.
The logical dimension of our architecture first of all captures the security aspects associated with the various domains that are involved in delivering services over 5G networks. This part is therefore also strongly associated with the projects trust model. Additionally, the logical part captures the security aspects associated with network layers and/or special types of network traffic which, in our architecture, are associated with different strata. The functional dimension of our architecture comprises a set of security capabilities required to protect and uphold the security of the various domains and strata. In the functional dimension, we build on the 3GPP defined security feature groups and introduce security realms. We extend and refine these concepts to adapt to a 5G context.
Deliverable D3.1 - 5G-PPP security enablers technical roadmap (early vision)
This document provides an early vision of the 5G security and privacy enablers proposed by the 5G- ENSURE project, and that are planned to be developed through two major releases: v1.0 (R1) in September 2016 and v2.0 (R2) in August 2017. It details the Technical Roadmap for v1.0 (R1) in terms of enablers in scope and their features, while providing insights for v2.0 (R2) enablers.
The envisioned enablers are organized in categories, which represent the major security areas recognized as topmost priorities for 5G-PPP & 5G Security: (i) Authentication, Authorization and Accountability (AAA); (ii) Privacy; (iii) Trust; (iv) Security Monitoring; and (v) Network management & virtualization isolation. The description of the enablers covers the following key aspects: product vision, technology area, security aspects, security challenges, technical roadmap for first release vs. next release.
The document gives an overview of the initial set of enablers and security features envisaged/proposed by each category, together with the rationale behind them. It also details, at features level, the ones carefully selected for their relevance (especially from the 5G Use Cases perspective although if not uniquely), and in scope of the first release (v1.0/R1). Overall, this deliverable paves the way towards the first release of 5G-ENSURE security enablers and their open specifications.
This deliverable contributes to further progress on 5G Security Vision in terms of both the Technical Roadmap requested and its implementation. Last but not least it is also source for further collaboration with 5G-PPP Projects mainly through 5G-PPP Security Working Group about to be launched.
Deliverable D3.2 - 5G-PPP security enablers open specifications (v1.0)
This document describes the open specifications of 5G Security enablers planned to compose the first software release (i.e. v1.0) of 5G-ENSURE Project due in September 2016 (M11). The enablers' open specifications are presented per security areas in scope of the project, namely: Authentication, Authorization and Accounting (AAA), Privacy, Trust, Security Monitoring, and Network management & virtualisation isolation. For each of these categories the open specifications of all enablers planned in the project's Technical Roadmap for v1.0 and having features for v1.0 are detailed following the same template.
Overall, this deliverable paves the way towards the development and demonstration of the first set of 5G-ENSURE security enablers as planned for v1.0 in the project's Technical Roadmap (i.e. D3.1). It is also a valuable input to both works on the 5G Security architecture and 5G Security testbed, since it provides the details regarding security enablers necessary in order to understand their mapping to 5G security architectural components, as well as their integration, testing, demonstration, and assessment on the 5G security testbed.
Deliverable D3.4 - 5G-PPP Security Enablers Documentation (v1.0)
This document contains the manuals of the first software releases of the 5G security enablers that are developed within the 5G-ENSURE project. Each enabler has its own separate manual, which comprises the following three main parts: (1) an installation and administration guide, (2) a user and programmer guide, and (3) a description of unit tests for the enabler's software. The enablers' manuals are an important input for the enablers' deployment in the project's testbed, where the enablers will be analyzed and evaluated.
Note that the software of the project's security enablers is part of the accompanying deliverable D3.3 "5G-PPP security enablers sw release (v1.0): reference implementations for the first set of the enablers."
Deliverable D3.5 - 5G PPP security enablers technical roadmap (Update)
This document (D3.5) is the update of the 5G-ENSURE security enablers Technical Roadmap previously delivered (i.e. D3.1). Compared to previous deliverable which was only detailing the features of 5G security enablers in scope of the first release (i.e. v1.0 (R1) released on M11/Sep’16), D3.5 is more complete in the sense it provides all the details regarding enablers (either in continuation or fully new) in scope of the second (also last) release (v2.0 (R2) due at M22/Aug’17) detailing for each of them the targeted features, while showing excellent coverage they have, individually but most importantly co-jointly, with respect to the use cases identified.
Overall D3.5 paves the way towards the second wave of 5G security enablers to be specified and then for most of them be software released by end of the project as part of v2.0. It also contributes to further advance 5G Security Vision within 5G PPP community and beyond.
Deliverable D3.6 - 5G PPP Security Enablers Open Specifications (v2.0)
This document describes the open specifications of 5G Security enablers planned to compose the second and final software release (i.e. v2.0) of 5G-ENSURE Project due in August 2017 (M22). The enablers’ open specifications are presented per security areas in scope of the project, namely: Authentication, Authorization and Accounting (AAA), Privacy, Trust, Security Monitoring, and Network management & Virtualisation isolation. For each of these categories the open specifications of all enablers planned in the project's Technical Roadmap for v2.0 and having features for v2.0 are detailed following the same template. Overall, this deliverable leverages the previous deliverable (i.e. D3.2) in that it extends and completes the open specification of security enablers in scope of the second release. It also paves the way towards the development and demonstration of the second and final set of 5G-ENSURE security enablers as planned for v2.0 in the project's Technical Roadmap(Update) (i.e. D3.5). D3.6 provides valuable input to work both on the 5G Security architecture and 5G Security testbed, since it provides details to link security enablers to the 5G security architecture so far defined (D2.4) and under consolidation (in the context of D2.7 to come), and also, to plan security enablers integration, testing, demonstration, and assessment on the 5G security testbed.
Deliverable D3.9 5G PPP Security Enablers Technical Roadmap (Final)
D3.9 is the final update of the 5G-ENSURE security enablers Technical Roadmap as a follow-up to D3.5. It opens with an overview of the features developed within 5G-ENSURE, explaining how they relate to the use cases identified in D2,1. Most importantly, the Roadmap provides recommendations and further insights on future work by partners or future projects based on the expertise and experience acquired by the consortium through participation in the 5G PPP. Firstly, for each enabler developed in 5G-ENSURE, we describe new relevant features to be further explored to meet new requirements that have been identified later in the project lifecycle. Secondly, for each of the thematic clusters (AAA, Privacy, Trust, Security monitoring, Security management), we call for additional enablers to be considered based on lessons learnt during the project. Thirdly, we highlight new research directions we believe are of interest to the 5G community, contributing to further progress 5G Security and meeting the requirements coming from the 5G PPP Community at large. Overall, this deliverable is expected to further advance the 5G Security Vision within the 5G-PPP community and beyond, taking advantage of the work performed at the project level, but also at the programme level, be that through 5G IA Security Work group (e.g. Security WG Whitepaper) or other joint activities performed (e.g. ETSI or EuCNC workshop, Open consultations on 5G Security, among others.
Deliverable D4.1 - 5G Security testbed architecture
One of the major challenges of the 5G-ENSURE project is to provide a testbed environment allowing to evaluate and validate the efficiency of the 5G-ENSURE security enablers in order to address the security requirements of 5G Networks.
This deliverable provides the description of the testbed leveraging on results achieved at project level regarding both security enablers targeted but also security architecture as well as taking advantage of sources of information coming from 5G-PPP (e.g. taking into account the recommendations of 5G-PPP architecture Working Group see "5G-PPP Architecture whitepaper"). It also describes the framework provided by the partners involved in the testbed activities including the hardware and the proposed services.
Another important aspect covered by the document is the interconnection of the testbed at the following levels: partner's testbed facilities interconnection, partner's remote access, Internet access and possibly interconnection with other existing 5G-PPP testbeds.
The last topic covered by the deliverable is the operational procedures required to drive the common activities on the 5G security testbed and the different roles that have been yet identified to accomplish these activities.
Deliverable D4.2 - Test plan (draft): Draft descriptions of how to evaluate the selected security enablers
This document version provides a draft containing the basis to build the complete test plan, the procedures to deliver and integrate the software, and the integration roadmap.
Other WP4 deliverables will arrive afterwards, to provide the complete test plan (D4.3 in M18), and analyse the results of the test plan execution (D4.4 in M24).
This document presents templates and examples of 5G-Ensure tests. Evaluation tests will be described in an add-on document due to the fact the inter Work Packages validation process regarding the Enabler claims of Threats coverage (see chapter 4) has not been fully defined nor endorsed.
The D4.2 Test Plan document embeds a draft version of the “Testbed Terms of Use”, which is under Partners’ legal review before final approval.
Deliverable D4.3 - Test plan (final): Final description of how to evaluate the selected security enablers
This deliverable defines the procedures required to evaluate the enablers’ features in the testbed. It provides the test plan structures and some test case examples. The evaluation results from the test plan execution and the result analysis are provided in D4.4 “Evaluation of the security enablers: Results and analysis of the Testbed runs”.
The work reported in this document is based on applicable technical deliverables already produced by 5G-ENSURE. Key inputs include an analysis of Enabler’s security claims described in D3.2 and D3.6 in terms of the enabler features, while also checking against the different use cases defined in D2.1 and their associated security threats identified in D2.3. Finally, this document delivers the consolidated list of threats coverage by the Enabler features (both R1 and R2 enablers).
Deliverable D4.4 - Evaluation of the security enablers
A major output of 5G-ENSURE is a set of security enablers for next-generation networks. These enablers have been evaluated on the test-bed developed within the project.
The enabler's security claims have been tested against the security threats previously identified within the project in order to demonstrate the efficiency of the features developed. D4.4 reports on the results of the analysis based on the plan defined for the 5G security test-bed.
Deliverable D4.5 - Test-bed extension and operation plan
One of the major challenges of the 5G-ENSURE project was to provide a test-bed environment to evaluate and validate the efficiency of the 5G-ENSURE security enablers aimed at addressing the security requirements of 5G Networks. From there, the next coming challenge is to make the test-bed sustainable. This deliverable provides a marketing analysis of 5G-ENSURE test-bed including landscaping and positioning as the basis for sustainability beyond the duration of 5G-ENSURE project. It also includes a test-bed users survey covering the lessons learned from the current status and usage of the test-bed in the scope of 5G-ENSURE project.
Finally, the document considers the requirements for 5G test-bed architecture for the next phases of 5G research and innovation programmes. The resulting recommendation is for a 5G-ENSURE test-bed value proposition: ready to use pre-5G end-to-end integration (flexible, multi-tenant and neutral) environment, including various Radio Access Networks. b<>com is willing to build a service offer: b<>com *Flexible Netlab*, derived from 5G-ENSURE test-bed, focusing on security with product certification, such as an ITSEF partnership (Information Technology Security Evaluation Facility).
Deliverable D5.1 - Web platform as an interface with the umbrella 5G-PPP platform
In this document we describe the first rollout of the 5G-ENSURE website: http://www.5gensure.eu/. The platform offers a place for sharing 5G-ENSURE work on security and privacy to different members of the community, from businesses and the media to other projects forming part of the 5G infrastructure public-private partnership (5G-PPP). The platform will dynamically evolve over time, showcasing outputs and success stories.
Deliverable D5.2 - First report on communication, marketing and standardisation
The purpose of this deliverable is to provide the first report on communication, marketing and standardisation as core activities within the project. It provides a detailed analysis of the standardisation landscape, including on-going and planned work of particular relevance to 5G-ENSURE. It sets out an initial set of KPIs (for communications and marketing) and qualitative metrics against which to measure the impact and relevance of 5G-ENSURE. It also reports on the outcomes of the first six-monthly plan across four key activities: communication and community building, standardisation, joint activities with the 5G- PPP and the dissemination of results.
We identify and prioritise stakeholder engagement in the first year of the project, providing tangible evidence of relations established with peer projects, the media and policy decision makers, as well as targeted actions at events. We detail the strategy for the 1st International Workshop on Standardisation in June 2016, which will lead to the first iteration of a standards roadmap, as well as the imminent public consultation with the diverse stakeholders to collect and analyse their perspectives and priorities in relation to 5G security. Finally, we set out plans for the next six months.
Deliverable D5.3 - Second report on communication, marketing and standardisation
The purpose of this deliverable is to cover the results achieved for communication, marketing and standardisation as core activities within the 5G-ENSURE project in the period May to October 2016. The report measures the impact based on a core set of KPIs for communication and marketing and dissemination of results, with qualitative metrics for activities related to 5G security standardisation.
In terms of standardisation, the deliverable reports on the main findings of the open consultation on 5G security and the outcomes of the 1st International Workshop on 5G Security Standardisation, including results from stakeholder engagement and promotional activities. It also provides an analysis of the dissemination of project results through publications, technical conferences and across professional networks.
The document also provides an update on the joint activities within the 5G PPP, where 5G-ENSURE is now also supporting stakeholder engagement across different channels and at events to share advances and increase impact. A detailed analysis is given of the impact achieved through 5G-ENSURE community building, communications and engagement with primary and secondary stakeholders.
Finally, the deliverable covers current plans for the period November 2016 to April 2017, based on current opportunities. The overall aim is to increase stakeholder engagement and ensure the outputs of 5G-ENSURE for the benefit of 5G stakeholders in Europe and beyond, by building on the promising results to date.
Deliverable D5.4 - First Market Analysis & Exploitation Report
The present version of the deliverable D5.4 introduces a first market analysis, impact scenarios, regulatory landscape and some preliminary insights into market opportunities and Business Models for 5G-ENSURE enablers. It will be complemented by the subsequent extended versions, some of them being confidential since containing sensitive information provided by the partners.
Deliverable D5.5 - Final report on communication, marketing and standardisation
This deliverable reports on main results achieved by 5G-ENSURE for communication, dissemination and standardisation as core activities within the 5G-ENSURE project in the period December 2016 to October 2017. D5.5 also includes an additional report for the period May to October 2017 to present the final results achieved by the project. The report measures the impact based on a core set of KPIs for communication and marketing and dissemination of results, with qualitative metrics for activities related to 5G security standardisation.
In terms of standardisation, the deliverable reports on major activities within standards organisations by the consortium based on earlier analyses of the security standardisation landscape. It presents all the contributions made to the most relevant standards organisations identified for timely inputs in the early phase of 5G, notably 3GPP and ETSI CYBER. It also provides a detailed analysis of the dissemination of project results through publications, technical conferences and media coverage.
The document also provides an update on the joint activities within the 5G PPP, where 5G-ENSURE is now also supporting stakeholder engagement across different channels and at events to share advances and increase impact. A detailed analysis is given of the impact achieved through 5G-ENSURE community building, communications and engagement with primary and secondary stakeholders.
A key asset of 5G-ENSURE is its extensive community engagement, spanning stakeholders from industry, SMEs, standards, and research, which is reported in detail from November 2016 to October 2017. The 5G-ENSURE community is truly international spanning over 50 countries worldwide, highly representative of 5G also in terms of vertical industries engaged.
