Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management...
Transcript of Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management...
![Page 1: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/1.jpg)
IdentityManagementandDiscoveryinTransient5GNetworks�
ScottCadzow,C3L
©ETSI2017.Allrightsreserved
![Page 2: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/2.jpg)
The ScenarioTwo parties in a crowded room need to make a secure
connection but they don't know each other in advance, and they also don't actually know if they are in the room together. Thus the
parties have to find each other amongst a pool of adversaries each of whom has the opportunity to intercept the signals within
the discovery protocol and to attempt a masquerade
![Page 3: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/3.jpg)
😃
😇
![Page 4: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/4.jpg)
😃
😇
Bob
![Page 5: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/5.jpg)
😃
😇
Bob
Alice
![Page 6: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/6.jpg)
😃
😇
Bob
Alice
![Page 7: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/7.jpg)
😃
😇
Bob
Alice
![Page 8: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/8.jpg)
Discovery requirements
• No, or near zero, pre-configuration
• Assurance that Bob can actually find Alice irrespective of the presence of Eve
• Let Eve fade away as the Alice-Bob connection becomes more assured
• Build trust by selective revealing of attributes
![Page 9: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/9.jpg)
Solutions nearly exist• PYHLAWS and QKD offer physical isolation of
Alice and Bob from Eve - but for single links and without discovery
• DNS and PKI and PMI and Kerberos and cellular HLR/VLR … they all work but need significant a priori knowledge
• Universal plug and play near in spirit but misses the security link in the main
![Page 10: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/10.jpg)
Challenge in M2M and IoT• Bob has got no distributed a priori knowledge of
Alice
• Bob may only ever need to connect to Alice once
• Bob knows what kind of thing he needs to connect to, the class of things Alice is
• Bob may need to connect to millions of instances of an Alice thing as long as they are really an Alice thing but not a specific instance of Alice
![Page 11: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/11.jpg)
Our developing solution• Identity management and Discovery with
Obligations of Trust all wrapped up in a protocol
• Authority Attribute trees as the underlying data model
• Assertions of attribute backed up by authority
• Cryptographic models extending today’s best practices - need to consider QSC at the start
![Page 12: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/12.jpg)
Identity management - person with technology
![Page 13: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/13.jpg)
Identity management - device with authorities
![Page 14: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/14.jpg)
Application domains• IoT (Residential IoT?)
• M2M (Industrial IoT?)
• RRS
• ITS
• eHealth
• Social connectivity
• … nothing is being excluded for now
![Page 15: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/15.jpg)
The Standards response• ETSI CYBER
• Working on Identity Management, Attribute Based Access Control/Encryption, secure and privacy protecting by default
• ETSI RRS
• Working on secure distribution and updates to radio capability in a highly regulated environment
• ETSI eHEALTH
• Bringing together the human and machine for health - coordinating across the ETSI and SDO worlds
• Others including smartM2M, NGP, ENI where smart discovery is essential
![Page 16: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/16.jpg)
The take-away• Our next generation of communications technology
has to be trustworthy, confidential, of high integrity
• Our next generation of communications will be more transient, less “connected”, but more available.
• Discovery will be increasingly key
• ETSI is at the forefront of the R&D cycle for this coming generation
![Page 17: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/17.jpg)
–Donald Rumsfeld, 2002
“… there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the
ones we don't know we don't know.”
![Page 18: Identity Management and Discovery in Transient 5G Networks · 2017-06-15 · Identity Management and Discovery in Transient 5G Networks Scott Cadzow, C3L ... of an Alice thing as](https://reader034.fdocuments.us/reader034/viewer/2022042214/5eb8ead965468043f115817c/html5/thumbnails/18.jpg)
Thank you for listening