Security Enablers

5G-ENSURE sets out to become the 5G PPP reference project for 5G security, privacy and trust. The 5G-ENSURE Security and Privacy Enablers are the major building blocks to achieve this goal. Grouped into five clusters, the enablers are all security features, products or services, developed within the project with two major software releases.

  • AAA – 5G-ENSURE has advanced secure functions to support 5G use cases. Impact: 5G support for IoT and satellite systems. Trust and liability levels.
  • Privacy – 5G-ENSURE has increased users’ assurance and confidence in 5G through enhanced user data protection implemented with solutions at several layers. Impact: Creation of services and business models on top of 5G.
  • Trust – 5G-ENSURE has delivered tools using new trust models, including M2M interactions. Impact: Trustworthy dynamic 5G multi-stakeholder system.
  • Security Monitoring – 5G-ENSURE has focused on security by operations, i.e., monitoring and auditing 5G security. Impact: Resilient 5G system to implement new services.
  • Network Management & Virtualisation Isolation – 5G-ENSURE has concentrated on a secure network control plane including virtualised networks and network services. Impact: Mitigate security threats in SDN.
Enabler Short Description Partner and contact for external use
AAA: Internet of Things

The Group-based AKA feature of this enabler is designed to support the novel requirements introduced by massive deployment of IoT devices and make 5G the network of excellence for IoT. In Release 2, improvements have been made by modifying the implementation with the support of native multiple devices and introducing a resynchronisation procedure into the protocol. Simplifying the deployment of AAA infrastructures is the main design goal behind the new Release 2 feature: Non-USIM based AKA. Another new feature is BYOI, designed to allow enterprises that already have an existing AAA infrastructure in place for devices and/or employees to re-use pre-existing identities as the basis for 5G network access. This is expected to reduce the administrative burden and lower the overall cost. Guide | Demo


Thomas Carnehult


AAA: Fine-grained authorisation

Early features in Release 1 include: Basic Authorization in Satellite systems Basic to support access control of multiple users with different rights in satellite devices and services and Basic Distributed Authorisation Enforcement for RCDs to support access control on RCDs based on existing http solutions using ABAC and adapted for these devices.

New features in Release 2 are: AAA integration with satellite systems to implement the policies for decision per user, resource and action, having a server with rationalities between all of them; Authorisation and authentication for RCD based on ongoing IETF standardisation to enable standards-based, fine-grained access control and authentication on resource constrained devices connected at the edge via low power lossy networks; Basic Distributed Authorisation Enforcement for RCDs based on exisiting web standards. This feature demonstrates how, through 5G networks, IoT devices can securely provide services based on existing web standards and relying on existing web access control architecture using a trusted third party authentication server and centralised access control policy without requiring more resource consumption.  Guide | Demo, Demo

Thales Services

Cyrille Martins


Privacy: Enhanced Identity Protection

The feature, Encryption of Long Term Identifiers (IMSI KPABE-based encryption), was developed for Release 1 to limit (and preferably totally avoid) exposing user permanent or long term identities on (at least) the air interface (i.e., in Attach requests, Identity responses).

The new Release 2 feature is Home Network centric IMSI protection, designed to preserve the confidentiality of the mobile subscriber’s identity in 5G network, thus preventing privacy violations, such as user tracking. The other new feature, IMSI Pseudonymisation, is designed to complement the “Encryption of Long Term Identifiers” feature in order to totally avoid exposing user permanent or long term identities on (at least) the air interface (i.e., in Attach Requests, Identity Responses, Paging Responses) by avoiding user traceability. Guide | Demo


Luciana Costa Madalina Baltatu

Privacy: Device Identifier Privacy

The Release 1 feature, privacy for network attachment protocols, is designed to limit exposure of device identifiers and prior points of attachment, and therefore, limit the ability to track a device. Release 2 encompasses the new feature, anonymous and optimised address selection for network attachment protocols. It is designed for enhanced address anonymity by providing for protection of device identifiers and prior points of attachment, and therefore, limit the ability to track a device. Guide | Demo

University of Oxford

Piers O'Hanlon

Device-based Anonymisation

This enabler was entirely developed for Release 2. Format preserving anonymisation algorithm is a feature designed to avoid disclosure of sensitive information to all or selected user space applications. The algorithm preserves the input data format for data such as the IMSI, IMEI, telephone number, etc.

Privacy configuration is the other feature of this enabler, designed to make active use of the anonymisation capabilities to protect sensitive data and thus avoid its disclosure to user space applications if user desires so. Guide | Demo


Luciana Costa Madalina Baltatu

Privacy Policy Analysis

This is a new enabler for Release 2. The Privacy Policy Specification supports the loading of a privacy policy into the enabler as a requirement for a privacy analysis of service offerings. The Privacy Preferences Specification feature encodes users’ preferences as a requirement for comparison with service offerings.The preferences offered to the user are generated by the amount of policy-affecting actions described in each policy, making the process flexible and able to cope with multiple domains and varying services managed.

The comparison of policies and preferences service allows policies managed by the system to be compared with a user’s expressed preferences, with the analysis presented to the user in a clearly understandable form. Policies with offending actions (i.e. actions which do not comply with the user’s preferences) are classified as noncompliant, and all the policies are given, and ordered by, a preference score which is produced taking into account the user’s preferences. Guide | Demo


Mike Surridge

Trust: Trust Builder Extended features in Release 2 include 5G asset model (v2), an ontology which contains the typical assets in a 5G network and the different possible relations between them. V2 is updated with information (specific assets and relationships) from the 5G-ENSURE security architecture and through further discussions on the architecture. Another extended feature is the Graphical modelling tool (v2), where the editor allows the system designer to model their system and analyse potential threats and their mitigation controls. The second version of the tool also includes usability enhancements for dealing with complex models, a re-architected back-end for persisting and processing the models and user management facilities. A new feature is the 5G threat and trust knowledgebase, which is a second part of the ontology. It includes a first pass at the description of the threats and how they apply onto a 5G system alongside descriptions of trust relationships. The threats are mapped to some of the controls that can be used to manage them. The threat knowledge base supports the automated identification of threats in designed or existing 5G systems. The trust data highlights trust relationships between assets and stakeholders. Guide | Demo


Mike Surridge

Trust: Trust Metric

Release 1 of this enabler was a prototype for calculating a trust metric value from (static) simulated input data. Its main feature was a Trust metric based network domain security policy management, conceived to offer trust based services for customers in mass market and industry.

Release 2 includes an improved trust metric based on extended data. its purpose is to collect monitoring data and KPI from the micro-segment to enable near real-time operation. The main driver is providing quick detection of trust level changes (e.g. due to attacks and risks) in 5G networks. Guide


Pekka Ruuska

Trust: VNF Certification

Release 1 feature is a VNF Trustworthiness to certify the trustworthy implementation of the VNF and to expose characteristics through a Digital Trustworthiness Certificate.

In Release 2 work has focused on providing a more complete prototype by adding new trustworthiness evidence like “VNF hardening”, “kind of communication” (secured or not) and “Runtime environment reference”; a complete certification process; a secured repository (especially with access control addition). Guide | Demo

Thales Group (TCS)

Sebastien Keller

Trust: Security Indicator

This is a new enabler under Release 2. Its main feature is a security indicator subscriber display, which provides a mobile application utilising a new security indicator received via an API. The main motivation for this enabler is to increase the visibility of security in the serving network, and improve  trust in the network. Guide | Demo

Univeristy of Oxford

Ravi Borgaonkar

Security Monitoring: Satellite Network Monitoring (SatNav)

Release 1 features include Pseudo real-time monitoring of the satellite network. It provides a prototype to monitor indicators (including the credentials management) in a quick, effective and intuitive manner. These indicators are collected in a heterogeneous 5G satellite system and are periodically delivered to the monitoring system in a secure way. The second feature is threat detection. It provides a prototype with information on the likeliest cause of failure and course of actions to follow by the operator.

Features in Release 2 are: Active security analysis, providing a complete solution including detection, investigation and response to the threats identified. Integration of R1 features enables a threat and monitoring system to detect possible failures and prevent/inform the operator.  Pre-emptive mitigation security actions provide predictive capabilities to the system in order to execute mitigations actions before possible security threats occur.  Guide | Demo, Demo

Thales Alenia Space

Gorka Lendrinovela


Security Monitoring: PulSAR (Proactive Security Assessment and Remediation)

Release 1 of this enabler focused on a 5G specific vulnerability schema as a first implementation. The main purpose was to extend the Cyber-attack modelling.

Release 2 features an enhanced 5G specific vulnerability schema implementation as 5G networks face novel complex cyber-attacks that will combine vulnerabilities of its different management components and systems. Another feature is the PulSAR interface with Generic Collector used to analyse more data on going attacks. Guide | Demo

Thales Group (TS)

Olivier Bettan

Security Monitoring: Generic Collector Interface

This is primarily a Release 1 enabler, where the main feature is Log and Event Processing aimed at interoperability between events and logs format, allowing FastData technologies to be deployed inside the 5G Network. Its main driver is tackling novel and complex incidents, cyber-attacks, as well as fraud in a multi-tenant and technology environment.

In Release 2, the Generic Collector Interface has been integrated into System Security State Repository enabler R2: System Security State Repository service and PulSAR: Proactive Security Analysis and Remediation enabler R2: PulSAR interface with Generic Collector. Guide | Demo


Jean-Philippe Wary


Security Monitoring: System Security State Repository

Release 1 provides a deployment model ontology (also known as 5G asset model) to enable modelling a system at deployment stage. This deployment model allows capturing the asset and control instances information in a semantic model that bridges the design phase and the operation phase later. It responds to the need for a clear reference security model for a deployed 5G systems.

Release 2 brings the System Security State Repository service to create, update and query the runtime model. The SSSR enabler provides a query interface to allow other enablers’ access to asset status, and a visualisation interface showing the location of any deficiencies in the system. Guide | Demo


Mike Surridge

Security Monitoring: Malicious Traffic Generator for 5G protocols

​This is a new enabler under Release 2. Hostile Evolved Node B (eNodeB) and Hostile User Equipment (UE): which generates malicious, unusual or Denial of Service (DoS) type of traffic to 5G network. The enabler works in the following modes: Traffic Generator Engine, the Malicious Pattern Library and the Fuzzing Engine. The Traffic Generator Engine generates a large amount of formally correct messages in rapid succession to overload network interfaces i.e. performing a DoS attack. The Malicious Pattern Library is a library of message anomalies of accepted protocols. This feature is used to test the node interface protocol parsing and resilience to protocol message anomalies. The Fuzzing Engine generates random input to a node interface, and is used to test the interface resilience to garbage input. Guide


Tommi Pernila

 Network Management and Virtualisation: Access Control Mechanisms

Southbound Reference Monitor is the main feature in Release 1. Its purpose is to enforce access control policies that account for the southbound API of an SDN controller. The reference monitor restricts access to the network components according to a given policy.

Access Requirements for VNF Container Resources was developed for Release 2. Its purpose is to enforce policies for containers that host VNFs and restrict their access to other network resources. The first prototype of this feature will be able to limit the network connections of Docker containers that host VNFs. Furthermore, it will allow one to specify and enforce simple requirements and policies for container instantiation and migration. Guide


Felix Klaedtke


Network Management and Virtualisation: Component-interaction Audits

Release 1 and 2 feature, Basic OpenFlow Compliance Checker is based on continuous development. Its purpose is to verify interaction between multiple network components with respect to policies about the components’ exchanged OpenFlow messages.

Release 2 feature, Basic NFV Reconfiguration Compliance Checker serves to verify reconfigurations on NFV deployments with respect to policies or workflows. A key driver for this feature is identifying non-compliant behaviour to triggers by the orchestrator, making a network less vulnerable to intended or unintended misconfigurations. Guide | Demo


Felix Klaedtke

Network Management and Virtualisation: Bootstrapping Trust

Integrity Attestation of virtual switches is the Release 1 feature. Its main purpose is verifying the virtual switch configuration using trust agents running in trusted execution environments. Verifying the integrity of virtual switches and related assets prior to enrollment in the SDN deployment is a key requirement to mitigate malicious behaviour.

The new feature in Release 2 is Integrity Attestation of VNFs running in Docker containers. While similar to the R1 feature, it targets VNFs deployed in lightweight virtualisation containers, in order to verify the integrity of specified, security-critical software components (assets) on platforms hosting the lightweight containers with NVFs. Guide | Demo


Nicolae Paladi

Network Management and Virtualisation: Micro-segmentation

This enabler is based on the framework defined in Release 1 for distributed monitoring, inference, and reactions to security incidents. It enables the development of components that will detect selected on-going attacks in micro-segments, in order to adapt 5G networks or segments’ defences and topology. The main Release 1 feature is Complex Event Processing Framework for Security Monitoring and Inferencing.

Release 2 provides three features: Risk-based adaptation of micro-segments for fast security responses to attacks/risks in 5G micro-segments; extended data gathering to enable extensive awareness over security state of 5G application; cross-domain information exchange to enable interconnection between heterogeneous administrative domains that support different monitoring enablers. Guide


Kimmo Ahola | Olli Mammela

Network Management and Virtualisation: Flow Control This is a new enabler under Release 2. Its main features are: Detection of malicious behaviours in virtual networks and Mitigation of detected network threats, working in conjunction. This enabler is a virtualised function operating to detect threats on the network’s data plane. A key driver is identifying network-based menaces without resorting to a continuous supervision by the network controller makes the virtual network less vulnerable and more responsive to network-based threats. The second feature allows to act appropriately whenever a menace is identified in order to minimise its impact on critical VNF. Guide | Demo


Filippo Rebecchi