Security Enablers

5G-ENSURE sets out to become the 5G PPP reference project for 5G security, privacy and trust. The 5G-ENSURE Security and Privacy Enablers are the major building blocks to achieve this goal.

  • AAA – 5G-ENSURE will advance secure functions to support 5G use cases. Impact: 5G support for IoT and satellite systems. Trust and liability levels.
  • Privacy – 5G-ENSURE will increase users’ assurance and confidence in 5G through enhanced user data protection implemented with solutions at several layers. Impact: Creation of services and business models on top of 5G.
  • Trust – 5G-ENSURE will deliver tools using new trust models, including M2M interactions. Impact: Trustworthy dynamic 5G multi-stakeholder system.
  • Security Monitoring – 5G-ENSURE will focus on security by operations, i.e., monitoring and auditing 5G security. Impact: Resilient 5G system to implement new services.
  • Network Management & Virtualisation Isolation – 5G-ENSURE will focus on a secure network control plane including virtualised networks and network services. Impact: Mitigate security threats in SDN.
Enabler Short Description Partner and contact for external use
AAA: Internet of Things (IoT) The IoT Enabler provides new definitions of protocols for credential management and authentication of users and devices, such as sensors, actuators, and IoT devices in general. The Enabler will look at the authentication of USIM-less devices, BYOi scenarios and group authentication as means to build specific support for IoT devices. Guide

SICS

Thomas Carnehult

Markus Ahlstrom

AAA: Fine-grained authorisation The goal of the fine-grained authorisation enabler is to provide a secure fine-grained access control to resource constrained devices. Access control paradigm based on RBAC and ABAC are taken into account by different standards and are common today. This enabler proposes to reuse these existing technologies for services and interconnected resource access control, with the constraints of these resources in mind. Guide

Thales Alenia Space

Gorka Lendrinovela  Sebastien Keller

Privacy Enabler: Enhanced Identity Protection The enabler aims to provide long term identifiers (IMSI) protection basically by means of asymmetric encryption techniques and use of dynamic random or pseudorandom pseudonyms instead of IMSIs. Guide

TIIT

Luciana Costa Madalina Baltatu

Privacy Enabler: Device Identifier Privacy The enabler aims to provide anonymisation techniques on the user’s device, offering Privacy Enhanced Attachment (PEA), which provides protection against device identity (and possibly also user identity) disclosure and unauthorised device/user tracking. Guide

University of Oxford

Piers O'Hanlon

Trust Enabler: Trust Builder Provides a knowledge base of 5G assets, threats and controls and a user interface to define a system, assess threats and choose controls. Guide

IT INNOVATION

Mike Surridge

Trust Enabler: Trust Metric Aggregates network monitoring data (related to trust) into a single trustworthiness metric. Focus is on micro-segmentation. Guide

VTT

Pekka Ruuska

Trust Enabler: VNF Certification Enabler Provides a Digital Trustworthiness Certificate (DTwC) to certtify trust aspects of a VNF. Guide

Thales Group (TCS)

Sebastien Keller

Security Monitoring Enabler: Satellite Network Monitoring (SatNav)

The main goal of this security enabler is to provide pseudo real-time monitoring and threat detection in 5G integrated satellite and terrestrial systems. Guide

Thales Alenia Space

Gorka Lendrinovela

Security Monitoring Enabler: PulSAR (Proactive Security Assessment and Remediation) The purpose of PulSAR is to provide a clear view on cyber attack’s progression though attack graphs. Guide

Thales Group (TS)

Olivier Bettan

 

Security Monitoring Enabler: Generic Collector Interface The enabler aims to enable the interoperability between events and logs, in order to allow FastData technologies to be deployed inside the 5G Network. The enabler provides a unique format of log and events. Guide

ORANGE

Jean-Philippe Wary

Security Monitoring Enabler: System Security State repository

​Captures the system state in a model that can be visualised and analysed to understand what threats are present and check compliance with the design. Guide

IT INNOVATION

Mike Surridge

 Network Management and VIrtualisation Enabler: Access Control Mechanisms Enforcement of access control policies that account for the southbound API of an SDN controller. A policy specifies which network applications, which run on top of the SDN controller, are allowed to send which OpenFlow messages to which data plane components. Guide

NEC

Felix Klaedtke

Network Management and Virtualisation Enabler: Component-interaction Audits Verification (during runtime or offline) of the interactions between multiple network components (e.g., network applications, controller, and switches) with respect to simple policies about the components' exchanged OpenFlow messages. Guide

NEC

Felix Klaedtke

Network Management and Virtualisation Enabler: Bootstrapping Trust This enabler addresses impersonation attacks on network components by attesting the integrity of network edge prior to enrolling them into the SDN deployment. Guide

SICS

Nicolae Paladi

Network Management and Virtualisation Enabler: Micro-segmentation Network management enabler for single and multi-domain software networks that will facilitate dynamic arrangement of micro-segmentation, i.e., creation deletion, merging, and splitting of micro-segments. With micro-segmentation it would be possible to create secure segments where more granular access controls and stricter security policies can be enforced. Guide

VTT

Kimmo Ahola | Olli Mammela