5G Security from a Network Operator s Point of View · – Cloud, Big Data and SDN/NFV security:...

5G Security from a Network Operator’s Point of View

China Mobile

2018.3.19 @ ITU Workshop on 5G Security

1

Outline

Evolution of trust model from 2G to 5G 1

Major 5G security issues 2

3

2

4 Some strategic thoughts of 5G security

Activities related to 5G security in SG17 and a proposed work plan

Evolution of Trust Model

3

Trust Mutual Trust Trust

User A MNO A MNO B User B

Closed Network Specialized Protocol


Distrust

Mutual Trust



X X

X X

MNO/ 3rd Party Services

Distrust


MNO: Mobile Network Operator


4

Distrust


IP-based Protocols

X X

X IP-based Protocols

?

MNO/ 3rd Party Services/Applications

Distrust

X In Doubt


5

Distrust

MNO A MNO B

Network Slicing IT-based networks

X X X

Ext. DN

Slice Tenents

Network Capability Exposure

Internet

MEC MEC

Common HW Platform

Verticals

Network Slicing IT-based networks

User B/ Device B

Distrust Distrust

User A/ Device A

• Evolution of trust model has a great influence on the security design of 5G, eg. – 5G AKA (previously called EPS-AKA*) is designed to mitigate the

distrust between MNOs, enhancing the control of home network when the user is roaming.

– Security isolation between network slices is vital for the success of the new 5G network architecture, and it is also a major concern for the verticals because they are supposed to be the mainstream of slice tenants.

– It is still in doubt whether the common HW(Hardware) platform could provide the same security as the traditional blackbox equipments, especially with the report on the recently disclosed CPU vulnerabilities (Meltdown and Spectre). So it is necessary to impose a security baseline for the network infrastructure , such as NFV SCAS (SeCurity ASsurance).

6


Outline



7

3

4 Some strategic thoughts of 5G security


Major 5G Security Issues

8

Service Based Architecture

SDN

Network Slicing

NF authorizaion and access control Security of interface protocols

Security isolation of slices Slice authentication and access control Privacy preservation for slice users

Decentralized authentication Security of 3rd party apps

MEC

RAN (CU/DU) Split

Multi Access Technologies

Unified authentication framework Air interface privacy Legacy USIM access to 5G Fake base stations

Termination point of UP security F1 interface security

Security of SDN Security by SDN

Network Capability Exposure

Securely expose network capabilities Expose security capabilities

Secu

rity e

nab

les &

se

curity

man

ag

em

en

t

UE

Security of User Equipment

Service

Security of traditional and vertical services

Cloud Computing

Security of cloud computing Trutsted computing

NFV

Security of NFV

9

International SDOs related to 5G Security

1986~ 1988~

• SCP Smart Card Platform

• SAGE Security Algorithm

Group of Experts

1995~

• FASG Fraud and Security Group

• SIM Subscriber Identity Module

1998~

• ipsecme IP Security

Maintenance and

Extensions

• tls Transport Layer

Security

2006~

• SCT Security Competence

Team

• SA3 Security

Outline



3

10

4


Some strategic thoughts of 5G security

• Q2/17 (Security architecture and framework)

– network aspects including SDN for 5G security

– X.1038, X.sdnsec-3, X.ssc, X.srnv, etc

• Q6/17 (Security aspects of telecommunication services, networks and IoT)

– mobile and infrastructure aspects for 5G security

– X.1121 - X.1127, X.sdnsec-1, etc

• Q7/17 (Secure application services)

– application/service aspects for 5G security

– X.srfb, etc

• Q8/17 (Cloud Computing Security)

– Cloud computing and big data infrastracture for 5G security

– X.sgtBD, etc

• Q11/17 (Generic technologies to support secure applications)

– cryptographic profiles for 5G security

– X.509, etc

11

Activities related to 5G Security in SG17

• SG17’s opportunity in the 5G end-to-end security picture at least resides in: – Generic Security Enabler: Q4, Q9, Q10, Q11, etc. – Service/Application security: Q2, Q5, Q8, etc. – Cloud, Big Data and SDN/NFV security: Q2, Q3, Q6, Q7, Q13, etc.

• And here are some initial proposals for specific 5G security issues which SG17 may work on: – 5G security in Quantum Computing era – 5G IDM – 5G trust management, feasibility study on a global PKI to support 5G security,

optimization of PKI for IoT and ITS/V2X, etc. – 5G network infrastructure security, including SDN/NFV security, Cloud Computing

security, Big Data security, etc.

• China Mobile brings some new work item proposals in this area:

– Security Guideline for 5G Network in the Quantum Computing Era(C242) – Guideline on Software-defined Security in SDN/NFV Network (C249)

12

A proposed work plan on 5G security in SG17

Outline



3

13

4


Some strategic thoughts of 5G security

5G proposes a vision of “Communications change the society”. It puts great

emphasis on the mutual trust and cooperation between telecom operators and the

verticals. It is an opppotunity of industry confusion, cross- border exploitation and

ecosystem reconstruction.

5G is the integration of various new radio, network and IT technologies. And it is an

important turning point for telecom network reconstruction.

Evolution of 5G security technologies are driven by two wheels：

The ever-lasiting and upgrading battles around vulnerabilites and amends

Great variety of use cases, and evolving new technologies

5G security design should be based on 3 important assumptions：

Upgrading of computing power

Change of trust model

Evolution of network architecture

The lifetime of 5G is still long. The whole 5G ecosystem shoud be prepared to

confront up-springing new risks .

14

Some Strategic Thoughts of 5G Security

Thank you

Merci Cпасибо 谢谢

شكرا Gracias ありがとう 감사합니다

15

5G Security from a Network Operator s Point of View · – Cloud, Big Data and SDN/NFV security:...

Documents

Transcript of 5G Security from a Network Operator s Point of View · – Cloud, Big Data and SDN/NFV security:...