5G Security from a Network Operator s Point of View · – Cloud, Big Data and SDN/NFV security:...
Transcript of 5G Security from a Network Operator s Point of View · – Cloud, Big Data and SDN/NFV security:...
5G Security from a Network Operator’s Point of View
China Mobile
2018.3.19 @ ITU Workshop on 5G Security
1
Outline
Evolution of trust model from 2G to 5G 1
Major 5G security issues 2
3
2
4 Some strategic thoughts of 5G security
Activities related to 5G security in SG17 and a proposed work plan
Evolution of Trust Model
3
Trust Mutual Trust Trust
User A MNO A MNO B User B
Closed Network Specialized Protocol
Closed Network Specialized Protocol
Distrust
Mutual Trust
User A MNO A MNO B User B
Closed Network Specialized Protocol
X X
X X
MNO/ 3rd Party Services
Distrust
Closed Network Specialized Protocol
MNO: Mobile Network Operator
Evolution of Trust Model
4
Distrust
User A MNO A MNO B User B
IP-based Protocols
X X
X IP-based Protocols
?
MNO/ 3rd Party Services/Applications
Distrust
X In Doubt
Evolution of Trust Model
5
Distrust
MNO A MNO B
Network Slicing IT-based networks
X X X
Ext. DN
Slice Tenents
Network Capability Exposure
Internet
MEC MEC
Common HW Platform
Verticals
Network Slicing IT-based networks
User B/ Device B
Distrust Distrust
User A/ Device A
• Evolution of trust model has a great influence on the security design of 5G, eg. – 5G AKA (previously called EPS-AKA*) is designed to mitigate the
distrust between MNOs, enhancing the control of home network when the user is roaming.
– Security isolation between network slices is vital for the success of the new 5G network architecture, and it is also a major concern for the verticals because they are supposed to be the mainstream of slice tenants.
– It is still in doubt whether the common HW(Hardware) platform could provide the same security as the traditional blackbox equipments, especially with the report on the recently disclosed CPU vulnerabilities (Meltdown and Spectre). So it is necessary to impose a security baseline for the network infrastructure , such as NFV SCAS (SeCurity ASsurance).
6
Evolution of Trust Model
Outline
Evolution of trust model from 2G to 5G 1
Major 5G security issues 2
7
3
4 Some strategic thoughts of 5G security
Activities related to 5G security in SG17 and a proposed work plan
Major 5G Security Issues
8
Service Based Architecture
SDN
Network Slicing
NF authorizaion and access control Security of interface protocols
Security isolation of slices Slice authentication and access control Privacy preservation for slice users
Decentralized authentication Security of 3rd party apps
MEC
RAN (CU/DU) Split
Multi Access Technologies
Unified authentication framework Air interface privacy Legacy USIM access to 5G Fake base stations
Termination point of UP security F1 interface security
Security of SDN Security by SDN
Network Capability Exposure
Securely expose network capabilities Expose security capabilities
Secu
rity e
nab
les &
se
curity
man
ag
em
en
t
UE
Security of User Equipment
Service
Security of traditional and vertical services
Cloud Computing
Security of cloud computing Trutsted computing
NFV
Security of NFV
9
International SDOs related to 5G Security
1986~ 1988~
• SCP Smart Card Platform
• SAGE Security Algorithm
Group of Experts
1995~
• FASG Fraud and Security Group
• SIM Subscriber Identity Module
1998~
• ipsecme IP Security
Maintenance and
Extensions
• tls Transport Layer
Security
2006~
• SCT Security Competence
Team
• SA3 Security
Outline
Evolution of trust model from 2G to 5G 1
Major 5G security issues 2
3
10
4
Activities related to 5G security in SG17 and a proposed work plan
Some strategic thoughts of 5G security
• Q2/17 (Security architecture and framework)
– network aspects including SDN for 5G security
– X.1038, X.sdnsec-3, X.ssc, X.srnv, etc
• Q6/17 (Security aspects of telecommunication services, networks and IoT)
– mobile and infrastructure aspects for 5G security
– X.1121 - X.1127, X.sdnsec-1, etc
• Q7/17 (Secure application services)
– application/service aspects for 5G security
– X.srfb, etc
• Q8/17 (Cloud Computing Security)
– Cloud computing and big data infrastracture for 5G security
– X.sgtBD, etc
• Q11/17 (Generic technologies to support secure applications)
– cryptographic profiles for 5G security
– X.509, etc
11
Activities related to 5G Security in SG17
• SG17’s opportunity in the 5G end-to-end security picture at least resides in: – Generic Security Enabler: Q4, Q9, Q10, Q11, etc. – Service/Application security: Q2, Q5, Q8, etc. – Cloud, Big Data and SDN/NFV security: Q2, Q3, Q6, Q7, Q13, etc.
• And here are some initial proposals for specific 5G security issues which SG17 may work on: – 5G security in Quantum Computing era – 5G IDM – 5G trust management, feasibility study on a global PKI to support 5G security,
optimization of PKI for IoT and ITS/V2X, etc. – 5G network infrastructure security, including SDN/NFV security, Cloud Computing
security, Big Data security, etc.
• China Mobile brings some new work item proposals in this area:
– Security Guideline for 5G Network in the Quantum Computing Era(C242) – Guideline on Software-defined Security in SDN/NFV Network (C249)
12
A proposed work plan on 5G security in SG17
Outline
Evolution of trust model from 2G to 5G 1
Major 5G security issues 2
3
13
4
Activities related to 5G security in SG17 and a proposed work plan
Some strategic thoughts of 5G security
5G proposes a vision of “Communications change the society”. It puts great
emphasis on the mutual trust and cooperation between telecom operators and the
verticals. It is an opppotunity of industry confusion, cross- border exploitation and
ecosystem reconstruction.
5G is the integration of various new radio, network and IT technologies. And it is an
important turning point for telecom network reconstruction.
Evolution of 5G security technologies are driven by two wheels:
The ever-lasiting and upgrading battles around vulnerabilites and amends
Great variety of use cases, and evolving new technologies
5G security design should be based on 3 important assumptions:
Upgrading of computing power
Change of trust model
Evolution of network architecture
The lifetime of 5G is still long. The whole 5G ecosystem shoud be prepared to
confront up-springing new risks .
14
Some Strategic Thoughts of 5G Security
Thank you
Merci Cпасибо 谢谢
شكرا Gracias ありがとう 감사합니다
15