This 5G-ENSURE document describes a number of use cases illustrating security and privacy aspects of 5G networks. The use cases are clustered based on similarities in technical, service and/or business-model related aspects, and cover a wide variety of deployments, such as the Internet of Things, Software Defined Networks and virtualisation, ultra-reliable and standalone operations. The use cases address security and privacy enhancements of current networks as well as security and privacy functionality needed by new 5G features.
Each use case is described in a common format where actors, assumptions and a sequence of steps characterising the use case are presented together with a short analysis of the security challenges and the properties of a security solution. Each use case cluster description concludes with a “5G Vision” outlining the associated enhancements in security and privacy anticipated in 5G networks and systems.
The use cases provide a starting point for further analysis by 5G-ENSURE for understanding 5G security. For example, defining a trust model between the various actors in a 5G system addressing the multiplicity of actors and also taking into account the machine-to-machine interactions characterising next generation networks, as well input for the security enablers.
New business models and new domains of operation in 5G networks facilitated by network function virtualisation and software defined networking bring increased dynamicity compared to 4G and an increase in the number of stakeholders and associated trust relationships.
New relationships bring new risks that must be understood and controlled and in a system as complex as 5G this implies the need for a trust model which can model the system, highlight potential risks and demonstrate the effect of adding controls or changing the design.
This document takes the first steps towards such a trust model. Firstly we discuss and define terminology. We then review the state of the art in trust modelling, firstly looking at human trust factors (as humans are essential components of 5G network scenarios), understanding how humans make decisions on whether to trust or not when dealing with other humans and when dealing with machines. Secondly we review work on machine trust and what the options are and the indicators for trustworthiness of entities, whether they are humans or machines. Finally we look at trust and trustworthiness by design techniques which we recommend for use both during the design of 5G and when changing the design of a 5G deployment by adding or removing elements.
This document takes the first steps towards the definition of a risk assessment and mitigation methodology to be followed for the specific task of evaluating the 5G security uses cases and architecture. Firstly we discuss and define terminology. This is essential, as common speech terminology can be quite inexact but in risk management we must be precise. We then review the state of the art in risk assessment and mitigation, understanding what existing methodology, or combination of, suits the evaluation of 5G-ENSURE proposed use cases.
The Risk Management Context is then defined, looking first at the 5G assets and actors, which is followed by the identification of threats. The 5G-ENSURE risk evaluation methodology for use case analysis is also introduced with some possible approaches to risk likelihood estimation. Nevertheless, the methodology will be refined in the final version of this document (M24), after examination of each of the approaches, especially for factors such as risk severity, impact and the level of control of remediation.
The core of this deliverable provides an initial threat analysis of representative use cases defined by the 5G ENSURE project, after the threat description formalism (template) is introduced. The focus is made on the ‘internal’ threats in this draft document, i.e. those derived from 5G-ENSURE specific use cases are only analyzed in this first version, as they capture the very essence of security and privacy aspects of 5G networks as seen by the project.
This deliverable describes a draft security architecture for 5G networks. The focus lies on a logical and functional architecture and omits (most) aspects related to physical/deployment architecture. This focus is motivated by general trends such as network de-perimetrization as well as 5G systems' strong dependency on software defined networking and virtualization in general.
The project's 5G security architecture builds on, extends (and in our opinion clarifies) the current 3GPP security architecture. The logical "dimension" of our architecture captures first of all security aspects associated with the various domains that are involved in delivering services over 5G networks. This part is therefore also strongly associated with the project’s trust model. Additionally, the logical part captures security aspects associated with network layers and/or special types of network traffic. This is in our architecture associated with different strata. The functional “dimension” of our architecture comprises a set of security capabilities required to protect and uphold the security of the various domains and strata. In the functional dimension, we build on the 3GPP defined security feature groups. We also here extend and refine to adapt to a 5G context.
A goal of the architecture work within 5G-ENSURE has been to clearly provide rationale for the architecture's structure and features, i.e., instead of staring from detailed security requirements, we seek to motivate which high level security problem is relevant in a 5G context, and then break that down into a manageable set of security objectives for 5G. From these objectives, the high level architecture is derived, and only after that stage detailed requirements enter the discussion. Conversely, care has been taken to provide means for performance indicators such as measurability, i.e., simplifying the task of validating that the proposed architecture and its features meet the objectives, and, that the objectives appropriately address the security problem. This last aspect is not covered to any depth in this first draft.
This document provides an early vision of the 5G security and privacy enablers proposed by the 5G- ENSURE project, and that are planned to be developed through two major releases: v1.0 (R1) in September 2016 and v2.0 (R2) in August 2017. It details the Technical Roadmap for v1.0 (R1) in terms of enablers in scope and their features, while providing insights for v2.0 (R2) enablers.
The envisioned enablers are organized in categories, which represent the major security areas recognized as topmost priorities for 5G-PPP & 5G Security: (i) Authentication, Authorization and Accountability (AAA); (ii) Privacy; (iii) Trust; (iv) Security Monitoring; and (v) Network management & virtualization isolation. The description of the enablers covers the following key aspects: product vision, technology area, security aspects, security challenges, technical roadmap for first release vs. next release.
The present document gives an overview of the initial set of enablers and security features envisaged/proposed by each category, together with the rationale behind them. It also details, at features level, the ones carefully selected for their relevance (especially from the 5G Use Cases perspective although if not uniquely), and in scope of the first release (v1.0/R1). Overall, this deliverable paves the way towards the first release of 5G-ENSURE security enablers and their open specifications.
This deliverable contributes to further progress on 5G Security Vision in terms of both the Technical Roadmap requested and its implementation. Last but not least it is also source for further collaboration with 5G-PPP Projects mainly through 5G-PPP Security Working Group about to be launched.
This document describes the open specifications of 5G Security enablers planned to compose the first software release (i.e. v1.0) of 5G-ENSURE Project due in September 2016 (M11). The enablers' open specifications are presented per security areas in scope of the project, namely: Authentication, Authorization and Accounting (AAA), Privacy, Trust, Security Monitoring, and Network management & virtualisation isolation. For each of these categories the open specifications of all enablers planned in the project's Technical Roadmap for v1.0 and having features for v1.0 are detailed following the same template.
Overall, this deliverable paves the way towards the development and demonstration of the first set of 5G-ENSURE security enablers as planned for v1.0 in the project's Technical Roadmap (i.e. D3.1). It is also a valuable input to both works on the 5G Security architecture and 5G Security testbed, since it provides the details regarding security enablers necessary in order to understand their mapping to 5G security architectural components, as well as their integration, testing, demonstration, and assessment on the 5G security testbed.
This document contains the manuals of the first software releases of the 5G security enablers that are developed within the 5G-ENSURE project. Each enabler has its own separate manual, which comprises the following three main parts: (1) an installation and administration guide, (2) a user and programmer guide, and (3) a description of unit tests for the enabler's software. The enablers' manuals are an important input for the enablers' deployment in the project's testbed, where the enablers will be analyzed and evaluated.
Note that the software of the project's security enablers is part of the accompanying deliverable D3.3 "5G-PPP security enablers sw release (v1.0): reference implementations for the first set of the enablers."
This document (D3.5) is the update of the 5G-ENSURE security enablers Technical Roadmap previously delivered (i.e. D3.1). Compared to previous deliverable which was only detailing the features of 5G security enablers in scope of the first release (i.e. v1.0 (R1) released on M11/Sep’16), D3.5 is more complete in the sense it provides all the details regarding enablers (either in continuation or fully new) in scope of the second (also last) release (v2.0 (R2) due at M22/Aug’17) detailing for each of them the targeted features, while showing excellent coverage they have, individually but most importantly co-jointly, with respect to the use cases identified.
Overall D3.5 paves the way towards the second wave of 5G security enablers to be specified and then for most of them be software released by end of the project as part of v2.0. It also contributes to further advance 5G Security Vision within 5G PPP community and beyond.
One of the major challenges of the 5G-ENSURE project is to provide a testbed environment allowing to evaluate and validate the efficiency of the 5G-ENSURE security enablers in order to address the security requirements of 5G Networks.
This deliverable provides the description of the testbed leveraging on results achieved at project level regarding both security enablers targeted but also security architecture as well as taking advantage of sources of information coming from 5G-PPP (e.g. taking into account the recommendations of 5G-PPP architecture Working Group see "5G-PPP Architecture whitepaper"). It also describes the framework provided by the partners involved in the testbed activities including the hardware and the proposed services.
Another important aspect covered by the document is the interconnection of the testbed at the following levels: partner's testbed facilities interconnection, partner's remote access, Internet access and possibly interconnection with other existing 5G-PPP testbeds.
The last topic covered by the deliverable is the operational procedures required to drive the common activities on the 5G security testbed and the different roles that have been yet identified to accomplish these activities.
Deliverable D4.2 - Test plan (draft): Draft descriptions of how to evaluate the selected security enablers
This document version provides a draft containing the basis to build the complete test plan, the procedures to deliver and integrate the software, and the integration roadmap.
Other WP4 deliverables will arrive afterwards, to provide the complete test plan (D4.3 in M18), and analyse the results of the test plan execution (D4.4 in M24).
This document presents templates and examples of 5G-Ensure tests. Evaluation tests will be described in an add-on document due to the fact the inter Work Packages validation process regarding the Enabler claims of Threats coverage (see chapter 4) has not been fully defined nor endorsed.
In this document we describe the first rollout of the 5G-ENSURE website: http://www.5gensure.eu/. The platform offers a place for sharing 5G-ENSURE work on security and privacy to different members of the community, from businesses and the media to other projects forming part of the 5G infrastructure public-private partnership (5G-PPP). The platform will dynamically evolve over time, showcasing outputs and success stories.
The purpose of this deliverable is to provide the first report on communication, marketing and standardisation as core activities within the project. It provides a detailed analysis of the standardisation landscape, including on-going and planned work of particular relevance to 5G-ENSURE. It sets out an initial set of KPIs (for communications and marketing) and qualitative metrics against which to measure the impact and relevance of 5G-ENSURE. It also reports on the outcomes of the first six-monthly plan across four key activities: communication and community building, standardisation, joint activities with the 5G- PPP and the dissemination of results.
We identify and prioritise stakeholder engagement in the first year of the project, providing tangible evidence of relations established with peer projects, the media and policy decision makers, as well as targeted actions at events. We detail the strategy for the 1st International Workshop on Standardisation in June 2016, which will lead to the first iteration of a standards roadmap, as well as the imminent public consultation with the diverse stakeholders to collect and analyse their perspectives and priorities in relation to 5G security. Finally, we set out plans for the next six months.
The purpose of this deliverable is to cover the results achieved for communication, marketing and standardisation as core activities within the 5G-ENSURE project in the period May to October 2016. The report measures the impact based on a core set of KPIs for communication and marketing and dissemination of results, with qualitative metrics for activities related to 5G security standardisation.
In terms of standardisation, the deliverable reports on the main findings of the open consultation on 5G security and the outcomes of the 1st International Workshop on 5G Security Standardisation, including results from stakeholder engagement and promotional activities. It also provides an analysis of the dissemination of project results through publications, technical conferences and across professional networks.
The document also provides an update on the joint activities within the 5G PPP, where 5G-ENSURE is now also supporting stakeholder engagement across different channels and at events to share advances and increase impact. A detailed analysis is given of the impact achieved through 5G-ENSURE community building, communications and engagement with primary and secondary stakeholders.
Finally, the deliverable covers current plans for the period November 2016 to April 2017, based on current opportunities. The overall aim is to increase stakeholder engagement and ensure the outputs of 5G-ENSURE for the benefit of 5G stakeholders in Europe and beyond, by building on the promising results to date.
The present version of the deliverable D5.4 introduces a first market analysis, impact scenarios, regulatory landscape and some preliminary insights into market opportunities and Business Models for 5G-ENSURE enablers. It will be complemented by the subsequent extended versions, some of them being confidential since containing sensitive information provided by the partners.