Takeaways from 5G-ENSURE Workshop on 5G Security Standardisation

From Research to Standardisation: 5G-ENSURE 2nd International Workshop, 16 June 2017 during ETSI Security Week

The 5G-ENSURE 2nd International workshop was an opportunity to share the 5G-ENSURE security vision and showcase achievements to date, including on-going standardisation work to over 60 participants, spanning standards representatives, device and infrastructure manufacturers, network operators and SMEs.

5G Security architecture

The Trust Model led by the University of Southampton and Risk Model led by NOKIA Bell Labs were among the forthcoming outputs of 5G-ENSURE presented at the event.

  • 5G Security Architecture: designed according to the principles agreed with the 5G PPP Security Work Group, benefitting from phase 1 co-operation between 9 projects involved or interested in 5G security.
  • Alireza Ranjbar, Ericsson talked the audience through the main building blocks of the security architecture proposed for 5G networks based on the concepts from 3GPP TS23.101.
  • The rational is to "not reinvent the wheel" but revise and extend existing concepts to capture all the 5G technical characteristics, such as virtualisation and management, multi-access, multi-domains and trust aspects.

5G Security and Privacy Enablers

  • 5G Security Enablers: some of the technological security enablers developed around Privacy, Network Management and Virtualisation were showed in presentations and demos to provide a concrete demonstration about how they address user/subscriber pain points.
  • Felix Klaedtke, NEC, showed the proof of concept in the context of software defined and virtualisation network, illustrating the concept of micro-segmentation of 5G networks where strict security policies can be enforced. The video was a concrete demonstration of this, showing the benefits of integrating and combining the security functionalities of other security enablers, such as authentication, privacy and trust monitoring.
  • Nicolae Paladi, RISE SICS, presented the bootstrapping trust enabler, a mechanism to verify the integrity of software network components prior to enrolment into the infrastructure.
  • Next up was Madalina Baltatu, Telecom Italia, who desctibed the enablers related to privacy with a focus on identity enhancement protection mechanisms.

These enablers are among a set of 17 enablers, which will be available as Release-2 by the end of August and will include additional security features and other completely new solutions. A total of 24 enablers for 5G security and privacy will be part of the 5G-ENSURE portfolio of exploitable products and services.

5G Security Standardisation

Future priorities and collaborative work were also among the discussion topics, taking stock of 5G-ENSURE results so far and ensuring the transfer of relevant research results into the standardisation process. The presentation by Anand Prasad, chairman of 3GPP SA3, was very insightful in this respect. In reporting the updated timeline for 5G security standardisation work, Dr Prasad also gave the view of 3GPP SA3 work and its approach to security areas in next-generation networks.

There is a match between the security areas covered by 5G-ENSURE and 3GPP SA3 work on 5G security. This means great opportunities for 5G-ENSURE to contribute. Architectural aspects of Next Generation Security, Authentication, RAN Security, Network Slicing security and Subscription Privacy are the areas where 5G-ENSURE can contribute within 3GPP SA3, Anand Prasad, chairman of 3GPP SA3.

  • In this context, Paolo De Lutiis from TIM showed the 5G-ENSURE Standardisation Plan and the approach taken by the project in the area of 5G security standardisation.
  • 5G-ENSURE has elaborated and presented over 30 direct contributions focusing on issues and solutions related to privacy. The plan is to build on this with contributions to the security architecture. Within the ETSI umbrella, TC CYBER is also seen as relevant for privacy aspects, and 5G-ENSURE has also provided contributions to this group.
  • 5G-ENSURE Open Consultation is open until the end of September to collect views on security from a range of 5G stakeholders, from operators and vendors, vertical industries, R&I projects, policy makers and regulators.

5G Security White Paper - a result of 5G PPP collaborative work

Jean Philippe from Orange and Pascal Bisson from Thales provided an overview of the 5G Security WG, which 5G-ENSURE has created with the main objective of bringing together 5G PPP Phase I projects with an interest in the development and progression of 5G security.

  • 5G PPP White Paper 5G Security: Phase 1 Landscape, covering major 5G security risks and requirements, the security architecture, access control, privacy, trust model, security monitoring and management, slicing, virtualisation and isolation, standardisation.
  • The white paper has been very well received: "very realistic vision on security".

Other impressions on 5G-ENSURE.

  • 5G-ENSURE is helping 3GPP standardisation work on privacy thanks to the proof of concepts that help to understand the trade-off between solution and security.
  • The work on privacy is appreciated and very useful.
  • The concept of micro-segmentation is very interesting and a potential player for developers and designers.

International Panel on the way forward for 5G security and related standardisation

Charles Brookson, Chair ETSI TC CYBER; Roberto Cascella, Senior Policy Officer at the European Cyber Security Organisation (ECSO), Jovan Golic, Lead NGMN Security Competence Team, Telecom Italia and Anand Prasad, Chairman 3GPP SA3. Moderated by Pascal Bisson, technical coordinator of 5G-ENSURE project, panellists discussed priority actions towards security research on 5G network.

  • More work needs to be done in standardisation on slicing, IoT security aspects and virtualisation.
  • The security of the data lifecycle needs a lot of attention in the context of 5G. Security relays on digital infrastructure, network and computers and also data. Big data is driving the economy of new applications but they are the most critical. In the lifecycle of data, 4 stages are relevant: data collection, data transmission, data storage and sharing, and data processing. Data collection very much relates to user’s control on privacy in terms of user consent. The research is there but improvements are needed. Data storage and sharing can use encryption but there is the problem of key management. Sophisticated encryption mechanisms like searchable encryption and Attribute Base Encryption for data sharing are available. Data processing basically the computing processing runs the data so it should be trusted. To protect data, enhanced techniques like homorphic encryption and fully homorphic encryption are needed. This is where more work is required in terms of techniques to process or elaborate encrypted data, to not having to trust the server with regard to the confidentiality of data.
  • Most of the relevant 5G security topics, like trust, risks, liability and data, were covered during the workshop. Applications are another important thing to consider for the 5G enablers. Investigations are needed into what will be provided by the application layer, understanding also the impacts in terms of data with regard to privacy, authentication and protection against potential Denial of Service (DoS) because the application does not function as it should. This calls for a cross layer investigation in terms of what is provided at the application layer that affect security at the lower layer.
  • Several projects in Phase 2 of the 5G PPP are expected to address currently missing solutions for physical security. There are big issues around data and the need for data protection techniques. Work is necessary to speed up standards for data protection techniques and to ensure secure data access. However, encrypting everything in the network will not work very well. How do we give quality of services if everything is encrypted?

Finally, the workshop was an excellent opportunity to take forward on-going discussions with the National Institute of Standards and Technology (NIST), with Nelson Hastings from the Computer Security Division in attendance. One of the follow-up actions is a webinar on Release 2 of the 5G-ENSURE Security Enablers of interest to NIST, to be organised in late July 2017.

5G-ENSURE extends its thanks to NIST, our Advisory Board members, ETSI, who kindly hosted the workshop, and to all participants, for making the event such a success.

All 5G-ENSURE presentations are available online