Showing posts with label SDN / NFV. Show all posts
Showing posts with label SDN / NFV. Show all posts

Monday 19 September 2022

Is there a compelling Business Case for 5G Network Slicing in Public Networks?

Since the industry realised how the 5G Network Architecture will look like, Network Slicing has been touted as the killer business case that will allow the mobile operators to generate revenue from new sources.

Last month ABI Research said in a press release:

According to global technology intelligence firm ABI Research, 5G slicing revenue is expected to grow from US$309 million in 2022 to approximately US$24 billion in 2028, at a Compound Annual Growth Rate (CAGR) of 106%. 

“5G slicing adoption falls into two main categories. One, there is no connectivity available. Two, there is connectivity, but there is not sufficient capacity, coverage, performance, or security. For the former, both private and public organizations are deploying private network slices on a permanent and ad hoc basis,” highlights Don Alusha, 5G Core and Edge Networks Senior Analyst at ABI Research. The second scenario is mostly catered by private networks today, a market that ABI Research expects to grow from US$3.6 billion to US$109 billion by 2023, at a CAGR of 45.8%. Alusha continues, “A sizable part of this market can be converted to 5G slicing. But first, the industry should address challenges associated with technology and commercial models. On the latter, consumers’ and enterprises’ appetite to pay premium connectivity prices for deterministic and tailored connectivity services remains to be determined. Furthermore, there are ongoing industry discussions on whether the value that comes from 5G slicing can exceed the cost required to put together the underlying slicing ecosystem.”

Earlier this year, Daryl Schoolar - Research Director at IDC tackled this topic in his blog post:

5G network slicing, part of the 3GPP standards developed for 5G, allows for the creation of multiple virtual networks across a single network infrastructure, allowing enterprises to connect with guaranteed low latency. Using principles behind software-defined network and network virtualization, slicing allows the mobile operator to provide differentiated network experience for different sets of end users. For example, one network slice could be configured to support low latency, while another slice is configured for high download speeds. Both slices would run across the same underlying network infrastructure, including base stations, transport network, and core network.

Network slicing differs from private mobile networks, in that network slicing runs on the public wide area network. Private mobile networks, even when offered by the mobile operator, use infrastructure and spectrum dedicated to the end user to isolate the customer’s traffic from other users.

5G network slicing is a perfect candidate for future business connectivity needs. Slicing provides a differentiated network experience that can better match the customers performance requirements than traditional mobile broadband. Until now, there has been limited mobile network performance customization outside of speeds. 5G network slicing is a good example of telco service offerings that meet future of connectivity requirements. However, 5G network slicing also highlights the challenges mobile operators face with transformation in their pursuit of remaining relevant.

For 5G slicing to have broad commercial availability, and to provide a variety of performance options, several things need to happen first.

  • Operators need to deploy 5G Standalone (SA) using the new 5G mobile core network. Currently most operators use the 5G non-standalone (NSA) architecture that relies on the LTE mobile core. It might be the end of 2023 before the majority of commercial 5G networks are using the SA mode.
  • Spectrum is another hurdle that must be overcome. Operators still make most of their revenue from consumers, and do not want to compromise the consumer experience when they start offering network slicing. This means operators need more spectrum. In the U.S., among the three major mobile operators, only T-Mobile currently has a nationwide 5G mid-band spectrum deployment. AT&T and Verizon are currently deploying in mid-band, but that will not be completed until 2023.
  • 5G slicing also requires changes to the operator’s business and operational support systems (BSS/OSS). Current BSS/OSS solutions were not designed to support the increased parameters those systems were designed to support.
  • And finally, mobile operators still need to create the business propositions around commercial slicing services. Mobile operators need to educate businesses on the benefits of slicing and how slicing supports their different connectivity requirements. This could involve mobile operators developing industry specific partnerships to reach different business segments. All these things take time to be put into place.

Because of the enormity of the tasks needed to make 5G network slicing a commercial success, IDC currently has a very conservative outlook for this service through 2026. IDC believes it will be 2023 until there is general commercial availability of 5G network slicing. The exception is China, which is expected to have some commercial offerings in 2022 as it has the most mature 5G market. Even then, it will take until 2025 before global revenues from slicing exceeds a billion U.S. dollars. In 2026 IDC forecasts slicing revenues will be approximately $3.2 billion. However, over 80% of those revenues will come out of China.

The 'Outspoken Industry Analyst' Dean Bubley believes that Network Slicing is one of the worst strategic errors made by the mobile industry, since the catastrophic choice of IMS for communications applications. In a LinkedIn post he explains:

At best, slicing is an internal toolset that might allow telco operations or product teams (or their vendors) to manage their network resources. For instance, it could be used to separate part of a cell's capacity for FWA, and dynamically adjust that according to demand. It might be used as an "ingredient" to create a higher class of service for enterprise customers, for instance for trucks on a highway, or as part of an "IoT service" sold by MNOs. Public safety users might have an expensive, artisanal "hand-carved" slice which is almost a separate network. Maybe next-gen MVNOs.

(I'm talking proper 3GPP slicing here - not rebranded QoS QCI classes, private APNs, or something that looks like a VLAN, which will probably get marketed as "slices")

But the idea that slicing is itself a *product*, or that application developers or enterprises will "buy a slice" is delusional.

Firstly, slices will be dependent on [good] coverage and network control. A URLLC slice likely won't work reliably indoors, underground, in remote areas, on a train, on a neutral-host network, or while roaming. This has been a basic failure of every differentiated-QoS monetisation concept for many years, and 5G's often-higher frequencies make it worse, not better.

Secondly, there is no mature machinery for buying, selling, testing, supporting. price, monitoring slices. No, the 5G Network Exposure Function won't do it all. I haven't met a Slice salesperson yet, or a Slice-procurement team.

Thirdly, a "local slice" of a national 5G network will run headlong into a battle with the desire for separate private/dedicated local 5G networks, which may well be cheaper and easier. It also won't work well with the enterprise's IT/OT/IP domains, out of the box.

Also there's many challenges getting multi-operator slices, device OS links to slice APIs, slice "boundary controllers" between operators, aligning RAN and core slices, regulatory questionmarks and much more.

There are lots of discussion in the comments section that may be of interest to you, here.

My belief is that we will see lots of interesting use cases with slicing in public networks but it will be difficult to monetise. The best networks will manage to do it to create some plans with guaranteed rates and low latency. It would remain to be see whether they can successfully monetise it well enough. 

For technical people and newbies, there are lots of Network Slicing resources on this blog (see related posts 👇). Here is another recent video from Mpirical:

Related Posts

Tuesday 22 March 2022

Realizing Zero Trust Architecture for 5G Networks

Over the last couple of years, I keep on coming across Zero-Trust Architecture (ZTA). A simple way to explain is that the standard model of security is known as perimeter security model, where everything within the perimeter can be trusted. In zero-trust (ZT) model, no assumptions is made about trustworthiness and hence it is also sometimes known as perimeterless security model.

This short video from IBM clearly explains what ZT means:

This blog post from Palo Alto Networks also clearly explains ZT:

By definition, Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero Trust for 5G removes implicit trust regardless of what the situation is, who the user is, where the user is or what application they are trying to access.

The impact of Zero Trust on network security specifically protects the security of sensitive data and critical applications by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention and simplifying granular user-access controls. Where traditional security models operate under the assumption that everything inside an organization’s perimeter can be trusted, the Zero Trust model recognizes that trust is a vulnerability.

In short, Zero Trust for 5G presents an opportunity for service providers, enterprises and organizations to re-think how users, applications and infrastructure are secured in a way that is scalable and sustainable for modern cloud, SDN-based environments and open-sourced 5G networks. Delivering the Zero Trust Enterprise means taking Zero Trust principles, making them actionable and effectively rebuilding security to keep pace with digital transformation. 

A research paper looking at Intelligent ZTA (i-ZTA) provides an interesting approach to security in 5G and beyond. The paper can be downloaded from here. The abstract states:

While network virtualization, software-defined networking (SDN), and service-based architectures (SBA) are key enablers of 5G networks, operating in an untrusted environment has also become a key feature of the networks. Further, seamless connectivity to a high volume of devices in multi-radio access technology (RAT) has broadened the attack surface on information infrastructure. Network assurance in a dynamic untrusted environment calls for revolutionary architectures beyond existing static security frameworks. This paper presents the architectural design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks. We introduce key ZT principles as real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components. The envisioned architecture adopts an SBA-based design, similar to the 3GPP specification of 5G networks, by leveraging the open radio access network (O-RAN) architecture with appropriate real-time engines and network interfaces for collecting necessary machine learning data. The i-ZTA is also expected to exploit the multi-access edge computing (MEC) technology of 5G as a key enabler of intelligent MED components for resource-constraint devices.

Ericsson Technology Review covered Zero Trust in 5G Networks in one of their issues. Quoting from the article:

The 3GPP 5G standards define relevant network security features supporting a zero trust approach in the three domains: network access security, network domain security and service-based architecture (SBA) domain security. 

The network access security features provide users with secure access to services through the device (mobile phone or connected IoT device) and protect against attacks on the air interface between the device and the radio node. Network domain security includes features that enable nodes to securely exchange signaling data and user data, for example, between radio and core network functions (NFs).

The 5G SBA is built on web technology and web protocols to enable flexible and scalable deployments using virtualization and container technologies and cloud-based processing platforms. SBA domain security specifies the mechanism for secure communication between NFs within the serving network domain and with other network domains. 

While the new requirements and functionality introduced in the 5G specifications are already aligned with many of the zero trust tenets. It is already evident, however, that further technology development, standardization and implementation are needed in areas such as policy frameworks, security monitoring and trust evaluation to support the adoption of zero trust architecture in new telecom environments that are distributed, open, multi-vendor and/or virtualized.

While various technologies can support organizations in adhering to the guiding principles of zero trust as part of their total active defense strategy, it is important to remember that technology alone will never be sufficient to realize the full potential of zero trust. Successful implementation of a network based on zero trust principles requires the concurrent implementation of information security processes, policies and best practices, as well as the presence of knowledgeable security staff. Regardless of where a CSP is in its transition toward a zero trust architecture, the three pillars of people, processes and technology will continue to be the foundation of a robust security architecture.

Related Posts:

Thursday 22 July 2021

AT&T Cybersecurity Experts Provide 5G Security Overview

The National Governors Association (NGA) in the USA is the voice of the leaders of 55 states, territories, and commonwealths. On May 24th, the Resource Center for State Cybersecurity featured a panel of experts from AT&T for a conversation on understanding the 5G ecosystem, security risks, supply chain resilience and the challenges and opportunities that exist around deployment.

The talk highlighted top 5G security areas of concern. The top three being:

  • Increased attack surface due to massive increase in connectivity
  • Greater number & variety of devices accessing the network
  • Complexity of extending security policy to new types of non-traditional and IoT devices


Some of the Security Advantages with 5G are highlighted as follows:

  • Software Defined Networking/Virtualization
  • Stronger 3GPP encryption for over-the-air encryption
  • Subscriber Identity Privacy
  • Roaming or network-to-network protection
  • Network Slicing

The slides of the talk is available here and the video is as follows:

Related Posts:

Wednesday 7 July 2021

Different Types of RAN Architectures - Distributed, Centralized & Cloud


I come across a question relating to the different type of RAN architectures once per month on an average. Even though we have covered the topic as part of some or the other tutorial, we decided to do a dedicated tutorial on this.

The video and slides are embedded below

As always, feedback and comments welcome.

Related Posts:

Wednesday 30 June 2021

Open RAN Terminology and Players


When we made our little Open RAN explainer, couple of years back, we never imagined this day when so many people in the industry will be talking about Open RAN. I have lost track of the virtual events taking place and Open RAN whitepapers that have been made available just in the last month.

One of the whitepapers just released was from NTT Docomo, just in time for MWC 2021. You can see the link in the Tweet

Even after so much information being available, many people still have basic questions about Open RAN and O-RAN. I helped make an Open RAN explainer series and blogged about it here. Just last week, I blogged about the O-RAN explainer series that I am currently working on, here.

There were some other topics that I couldn't cover elsewhere so made some short videos on them for the 3G4G YouTube channel. The first video/presentation explains Open RAN terminology that different people, companies and organizations use. It starts with open interfaces and then looks at radio hardware disaggregation and compute disaggregation. Moving from 2G/3G/4G to 5G, it also explains the Open RAN approach to a decomposed architecture with RAN functional splits.

If you look at the Telecom Infra Project (TIP) OpenRAN group or O-RAN Alliance, the organizations driving the Open RAN vision and mission, you will notice many new small RAN players are joining one or both of them. In addition, you hear about other Open RAN consortiums that again include small innovative vendors that may not be very well known. 

The second video is an opinion piece looking at what is driving these companies to invest in Open RAN and what can they expect as return in future.

As always, all 3G4G videos' slides are available on our SlideShare channel.

Related Posts:

Friday 16 October 2020

Couple of Tutorials on ETSI NFV MANO


The premises of virtualization is to move physical network functions (PNF in hardware) into software and to design them in a way so that they can be deployed on a NFVI (Network Functions Virtualization Infrastructure, a.k.a. the cloud).

MANagement and Orchestration (MANO) is a key element of the ETSI network functions virtualization (NFV) architecture. MANO is an architectural framework that coordinates network resources for cloud-based applications and the lifecycle management of virtual network functions (VNFs) and network services. As such, it is crucial for ensuring rapid, reliable NFV deployments at scale. MANO includes the following components: the NFV orchestrator (NFVO), the VNF manager (VNFM), and the virtual infrastructure manager (VIM).

NFV MANO is broken up into three functional blocks:

  • NFV Orchestrator: Responsible for onboarding of new network services (NS) and virtual network function (VNF) packages; NS lifecycle management; global resource management; validation and authorization of network functions virtualization infrastructure (NFVI) resource requests.
  • VNF Manager: Oversees lifecycle management of VNF instances; fills the coordination and adaptation role for configuration and event reporting between NFV infrastructure (NFVI) and Element/Network Management Systems.
  • Virtualized Infrastructure Manager (VIM): Controls and manages the NFVI compute, storage, and network resources.

For the NFV MANO architecture to work properly and effectively, it must be integrated with open application program interfaces (APIs) in the existing systems. The MANO layer works with templates for standard VNFs and gives users the power to pick and choose from existing NFVI resources to deploy their platform or element.

Couple of good old tutorials, good as gold, explaining the ETSI NFV MANO concept. The videos are embedded below. The slides from the video are probably not available but there are other slides from ETSI here. If you are new to this, this is a good presentation to start with.

NFV MANO Part 1: Overview and VNF Lifecycle Management: Uwe Rauschenbach | Rapporteur | ETSI NFV ISG covers:

  • ETSI NFV MANO Concepts
  • VNF Lifecycle Management

NFV MANO Part 2: Network Service Lifecycle Management: Jeremy Fuller | Chair, IFA WG | ETSI NFV ISG covers:
  • Network Service Lifecycle Management

If you have any better suggestions for the slides / video, please feel free to add in the comments.

Related Posts:

Saturday 10 October 2020

What is Cloud Native and How is it Transforming the Networks?


Cloud native is talked about so often that it is assumed everyone knows what is means. Before going any further, here is a short introductory tutorial here and video by my Parallel Wireless colleague, Amit Ghadge.  

If instead you prefer a more detailed cloud native tutorial, here is another one from Award Solutions.

Back in June, Johanna Newman, Principal Cloud Transformation Manager, Group Technology Strategy & Architecture at Vodafone spoke at the Cloud Native World with regards to Vodafone's Cloud Native Journey 


Roz Roseboro, a former Heavy Reading analyst who covered the telecom market for nearly 20 years and currently a Consulting Analyst at Light Reading wrote a fantastic summary of that talk here. The talk is embedded below and selective extracts from the Light Reading article as follows:

While vendors were able to deliver some cloud-native applications, there were still problems ensuring interoperability at the application level. This means new integrations were required, and that sent opex skyrocketing.

I was heartened to see that Newman acknowledged that there is a difference between "cloud-ready" and "cloud-native." In the early days, many assumed that if a function was virtualized and could be managed using OpenStack, that the journey was over.

However, it soon became clear that disaggregating those functions into containerized microservices would be critical for CSPs to deploy functions rapidly and automate management and achieve the scalability, flexibility and, most importantly, agility that the cloud promised. Newman said as much, remarking that the jump from virtualized to cloud-native was too big a jump for hardware and software vendors to make.

The process of re-architecting VNFs to containerize them and make them cloud-native is non-trivial, and traditional VNF suppliers have not done so at the pace CSPs would like to see. I reference here my standard chicken and egg analogy: Suppliers will not go through the cost and effort to re-architect their software if there are no networks upon which to deploy them. Likewise, CSPs will not go through the cost and effort to deploy new cloud networks if there is no software ready to run on them. Of course, some newer entrants like Rakuten have been able to be cloud-native out of the gate, demonstrating that the promise can be realized, in the right circumstances.

Newman also discussed the integration challenges – which are not unique to telecom, of course, but loom even larger in their complex, multivendor environments. During my time as a cloud infrastructure analyst, in survey after survey, when asked what the most significant barrier to faster adoption of cloud-native architectures, CSPs consistently ranked integration as the most significant.

Newman spent a little time discussing the work of the Common NFVi Telco Taskforce (CNTT), which is charged with developing a handful of reference architectures that suppliers can then design to which will presumably help mitigate many of these integration challenges, not to mention VNF/CNF life cycle management (LCM) and ongoing operations.

Vodafone requires that all new software be cloud-native – calling it the "Cloud Native Golden Rule." This does not come as a surprise, as many CSPs have similar strategies. What did come as a bit of a surprise, was the notion that software-as-a-service (SaaS) is seen as a viable alternative for consuming telco functions. While the vendor with the SaaS offering may not itself be cloud-native (for example, it could still have hardware dependencies), from Vodafone's point of view, it ends up performing as such, given the lower operational and maintenance costs and flexibility of a SaaS consumption model.

If you have some other fantastic links, videos, resources on this topic, feel free to add in the comments.

Related Posts:

Friday 22 June 2018

5G and IoT Security Update from ETSI Security Week 2018

ETSI Security Week 2018 (link) was held at ETSI's Headquarters in Sophia Antipolis, South of France last week. It covered wide variety of topics including 5G, IoT, Cybersecurity, Middlebox, Distributed Ledger Technology (DLT), etc. As 5G and IoT is of interest to the readers of this blog, I am providing links to the presentations so anyone interested can check them out at leisure.


Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:

5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.

5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?

The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?

Event Objectives
The workshop intends to:

  • Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain;
  • Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure;
  • Give an update of what is happening in 3GPP 5G security;
  • Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials;
  • Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches;
  • Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs;
  • Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.


So here are the relevant presentations:

Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson

Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC

Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters

Integrating the SIM (iUICC), Adrian Escott, QUALCOMM

Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman

Network Slicing, Anne-Marie Praden, Gemalto

Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet

5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo

Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies

ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17

Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO


Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems

Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems

5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup

Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs

Security Best Practises using RESTful APIs, Sven Walther, CA Technologies

Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence

Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)


Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson


Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal

Setting the Scene, Franck Boissière, European Commission

ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA

Smart City Aspects, Bram Reinders, Institute for Future of Living

The Network Operators Perspective on IoT Security, Ian Smith, GSMA


Related Links:

Sunday 25 March 2018

5G Security Updates - March 2018


Its been a while since I wrote about 5G security in this fast changing 5G world. If you are new to 3GPP security, you may want to start with my tutorial here.

3GPP SA3 Chairman, Anand R. Prasad recently mentioned in his LinkedIn post:

5G security specification finalized! Paving path for new business & worry less connected technology use.

3GPP SA3 delegates worked long hours diligently to conclude the specification for 5G security standard during 26 Feb.-2 Mar. Several obstacles were overcome by focussed effort of individuals & companies from around the globe. Thanks and congrats to everyone!

All together 1000s of hours of work with millions of miles of travel were spent in 1 week to get the work done. This took 8 meetings (kicked off Feb. 2017) numerous on-line meetings and conference calls.

Excited to declare that this tremendous effort led to timely completion of 5G security specification (TS 33.501) providing secure services to everyone and everything!

The latest version of specs is on 3GPP website here.

ITU also held a workshop on 5G Security in Geneva, Switzerland on 19 March 2018 (link). There were quite a few interesting presentations. Below are some slides that caught my attention.

The picture in the tweet above from China Mobile summarises the major 5G security issues very well. 5G security is going to be far more challenging than previous generations.

The presentation by Haiguang Wang, Huawei contained a lot of good technical information. The picture at the top is from that presentation and highlights the difference between 4G & 5G Security Architecture.


New entities have been introduced to make 5G more open.


EPS-AKA vs 5G-AKA (AKA = Authentication and Key Agreement) for trusted nodes


EAP-AKA' for untrusted nodes.


Slice security is an important topic that multiple speakers touched upon and I think it would continue to be discussed for a foreseeable future.

Dr. Stan Wing S. Wong from King’s College London has some good slides on 5G security issues arising out of Multi-Tenancy and Multi-Network Slicing.

Peter Schneider from Nokia-Bell Labs had good slides on 5G Security Overview for Programmable Cloud-Based Mobile Networks

Sander Kievit from TNO, a regular participant of working group SA3 of 3GPP on behalf of the Dutch operator KPN presented a view from 3GPP SA3 on the Security work item progress (slides). The slide above highlights the changes in 5G key hierarchy.

The ITU 5G Security Workshop Outcomes is available here.

ETSI Security Week 2018 will be held 11-15 June 2018. 5G security/privacy is one of the topics.

There is also 5GPPP Workshop on 5G Networks Security (5G-NS 2018), being held in Hamburg, Germany on August 27-30, 2018.

In the meantime, please feel free to add your comments & suggestions below.


Related Posts & Further Reading:

Tuesday 13 February 2018

Artificial Intelligence - Beyond SON for Autonomous Networks


What is the next step in evolution of SON? Artificial Intelligence obviously. The use of artificial intelligence (AI) techniques in the network supervisory system could help solve some of the problems of future network deployment and operation. ETSI has therefore set up a new 'Industry Specification Group' on 'Experiential Networked Intelligence' (ISG ENI) to develop standards for a Network Supervisory assistant system.


The ISG ENI focuses on improving the operator experience, adding closed-loop artificial intelligence mechanisms based on context-aware, metadata-driven policies to more quickly recognize and incorporate new and changed knowledge, and hence, make actionable decisions. ENI will specify a set of use cases, and the generic technology independent architecture, for a network supervisory assistant system based on the ‘observe-orient-decide-act’ control loop model. This model can assist decision-making systems, such as network control and management systems, to adjust services and resources offered based on changes in user needs, environmental conditions and business goals.


The introduction of technologies such as Software-Defined Networking (SDN), Network Functions Virtualisation (NFV) and network slicing means that networks are becoming more flexible and powerful. These technologies transfer much of the complexity in a network from hardware to software, from the network itself to its management and operation. ENI will make the deployment of SDN and NFV more intelligent and efficient and will assist the management and orchestration of the network.


We expect to complete the first phase of ENI work in 2019. It will include a description of use cases and requirements and terminology, including a definition of features, capabilities and policies, which we will publish in a series of informative best practice documents (Group Reports (GRs)).
This will of course require co-operation from many different industry bodies including GSMA, ITU-T, MEF, IETF, etc.

Will see how this goes.

Further reading:



Tuesday 25 July 2017

5G Security Updates - July 2017


Its been nearly 2 years since I last blogged about ETSI Security workshop. A lot has changed since then, especially as 5G is already in the process of being standardised. This is in addition to NFV / SDN that also applied to 4G networks.

ETSI Security Week (12 - 16 June) covered lot more than 5G, NFV, SDN, etc. Security specialists can follow the link to get all the details (if they were not already aware of).

I want to quickly provide 3 links so people can find all the useful information:

NFV Security Tutorialdesigned to educate attendees on security concerns facing operators and providers as they move forward with implementing NFV. While the topics are focused on security and are technical in nature we believe any individual responsible for designing, implementing or operating a NFV system in an organization will benefit from this session. Slides here.

NFV Security: Network Functions Virtualization (NFV), leveraging cloud computing, is set to radically change the architecture, security, and implementation of telecommunications networks globally. The NFV Security day will have a sharp focus on the NFV security and will bring together the world-wide community of the NFV security leaders from the industry, academia, and regulators. If you want to meet the movers and shakers in this field, get a clear understanding of the NFV security problems, challenges, opportunities, and the state of the art development of security solutions, this day is for you. Slides here.



5G Security: The objectives of this event are to:
  • Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views will shape together in order to understand the challenges, threats and the security requirements that the 5G scenarios will be bringing.
  • Give an update of what is happening in:
    • 5G security research: Lot of research is on-going on 5G security and several projects exist on the topic.
    • 5G security standards: Standardization bodies have already started working 5G security and their work progress will be reviewed. Also any gap or additional standardization requirements will be discussed.
    • Verticals and business (non-technical) 5G security requirements: 5G is playground where different verticals besides the telecom industry is playing a role and their requirements will be key for the design of 5G security. In addition 5G is where "security" will become the business driver.
  • Debate about hot topics such as: IoT security, Advances in lightweight cryptography, Slicing security. Privacy. Secure storage and processing. Security of the interconnection network (DIAMETER security). Relevance of Quantum Safe Cryptography for 5G, Authorization concepts....
Slides for 5G Security here.

In addition, Jaya Baloo, CISO, KPN Telecom talks about 5G network security at TechXLR8 2017. Embedded is a video of that:


Friday 2 September 2016

Some more thoughts on 5G

5G is often seen as a panacea for everything that is imperfect in mobile technology. Any issues with coverage, capacity, connectivity and speed are all expected to be solved with the arrival of 5G. While I don’t think we will be able to solve all the issues on the table, 5G will hopefully resolve quite a few of them.

Back in June I did an interview with the organizers of 5G World Series where I expressed my views for the questions that were posed to me. You can see this interview below.


Now that I have had time to think about the questions, here are a bit more detailed thoughts. As always, feedback, comments & suggestions welcome


Q: What will network architecture look like in the 5G era?

I have long argued that 5G will not be a single technology but a combination of multiple old and new technologies. You will often find various terms like Multi-stream Aggregation (MSA), Opportunistic Aggregation and Multi-connectivity being used to explain this. Not only will 2G, 3G and 4G have a role to play, Wi-Fi and other unlicensed technologies would be a part of 5G too.

I have had many discussions on this topic with respected analysts and many of them agree.
One of the approaches being proposed for the initial version of 5G is the non-standalone version of 5G which will use LTE as the control plane anchor and new 5G radio for user plane. Not only will this be easier to deploy along with the existing LTE network, it would be faster and hopefully less costly.

Q: To what extent is 5G dependent on virtualization?

Networks and Network Functions are progressively being virtualized, independently of 5G. Having said that, virtualization will play a big role in achieving the 5G architecture. Mobile operators can’t be expected to keep paying for proprietary hardware; virtualization would help with cost reduction and quick deployments.

Network slicing for instance will help partition the network for different requirements, on the fly depending on what is going on at any particular time.

Related post: 5G, NFV and Network Slicing


Q: What is your view on the interplay between standards and open-source developments?

Standards enable cost reduction by achieving economy of scale whereas open-source development enable innovation and quick deployment. They are both needed and they will willingly or unwillingly co-exist.


Q: What do you see as the 3 greatest technical uncertainties or challenges on route to 5G?

While there are many known and unknown challenges with 5G, some obvious ones that we can see are:

  • Spectrum identification and harmonization.
  • Getting to the right architecture which is backward compatible and future proof, without making it too complex
  • SON – Once you have everything in place you have to make many different parts of the network work together with different kinds of loads and traffic. SON will play a crucial role here.


Q: What would 5G actually mean for consumers, business and IoT? / What will 5G allow me to do that I can’t right now with 4G?

There are a lot of interesting use cases being discussed like remote operations and remote controlled cars but most of them do not represent the general consumers and some of them are just gimmicks.

NGMN - 5G Use case families and related examples

I really like the NGMN whitepaper that laid out some simple use cases.

If done properly, 5G will allow:

  • Simplification of the network resulting in low latency – this means that your content will load faster and the delay between requests and responses are small. 
  • Reasonable speed broadband everywhere - This will also depend on the operators’ rollouts plan but different technologies in 5G network would (should) enable a good speed reliable broadband not just in the middle of the cell but also on the edges. In fact, the concept of edges should be looked at in 5G and a solution to avoid data rates falling off should be found.
  • Connectivity on the move – Whether we are talking about connectivity in trains/buses or from public safety point of view, it is important to define group connectivity, direct communications, etc.


Q: What will set companies apart in the development of 5G?

The days of vendor lock-ins are over. What will set companies apart is their willingness to be open to working with other companies by having open API’s and interfaces. Operator networks will include solutions from many different vendors. For them to be quick to bring innovative solutions to the market, they need vendors to work together rather than against each other.


Q: There is a lot of talk about the vision for 2020. What do you think the world will look like in terms of connectivity in 2030?

It would be fair to say that by 2030, connectivity would have reached a completely new dimension. One of the big areas of development that is being ignored by mainstream mobile community is the development of satellite communications. There are many low earth orbit (LEO) constellations and high-throughput satellites (HTS) being developed. These LEO and HTS combination can provide high speed connectivity with 4G like latency and high throughputs for planes/ships which cannot be served by ground based mobile technology. Broadband access everywhere will only become a reality with satellite technology complementing mobile technology.

Related Post: The role of satellites in 5G world

Disclaimer: This blog is maintained in my personal capacity and this post expresses my own personal views, not the views of my employer or anyone else. 

Sunday 21 February 2016

Possible 5G Network Architecture Evolution


Came across this interesting Network Architecture evolution Roadmap by Netmanias. Its embedded below and available to download from the Netmanias website.



Saturday 30 January 2016

SDN & NFV lecture

I have been meaning to add this interesting lecture delivered by Dr. Yaakov Stein of RAD at IETF.

The video, which cannot be embedded, is available here. If you cant wait to get into the main presentation, jump to 19.40 on the time bar at the bottom.

The slides from the presentation are embedded below.



Assuming that you understand NFV and SDN well, have a look at another interesting whitepaper that was published by Signals Research group, "Bending Iron – Software Defined Networks & Virtualization for the Mobile Operator", available here.

Saturday 28 November 2015

5G, NFV and Network Slicing


5G networks have multifaceted requirements where the network needs to be optimised for data rate, delay and connection numbers. While some industry analysts suspect that these requirements cannot be met by a single network, vendors suggest that Network Slicing will allow all these requirements to be met by a single network.

Ericsson's whitepaper provides a good definition of what network slicing means:

A logical instantiation of a network is often called a network slice. Network slices are possible to create with both legacy platforms and network functions, but virtualization technologies substantially lower barriers to using the technology, for example through increased flexibility and decreased costs.
...
Another aspect of management and network slicing is setting up separate management domains for different network slices. This may allow for completely separate management of different parts of the network that are used for different purposes. Examples of use cases include mobile virtual network operators (MVNOs) and enterprise solutions. This kind of network slice would, in current Evolved Packet Core (EPC) networks, only cover the PDN gateway (PGW) and the policy control resource function (PCRF). However, for machine type communication (MTC) and machine-tomachine (M2M) solutions, it is likely that it would also cover the Mobile Management Entities (MMEs) and Serving Gateways (SGWs).


NGMN came out with the 5G whitepaper which touched on this subject too: 

Figure above illustrates an example of multiple 5G slices concurrently operated on the same infrastructure. For example, a 5G slice for typical smartphone use can be realized by setting fully-fledged functions distributed across the network. Security, reliability and latency will be critical for a 5G slice supporting automotive use case. For such a slice, all the necessary (and potentially dedicated) functions can be instantiated at the cloud edge node, including the necessary vertical application due to latency constraints. To allow on-boarding of such a vertical application on a cloud node, sufficient open interfaces should be defined. For a 5G slice supporting massive machine type devices (e.g., sensors), some basic C-plane functions can be configured, omitting e.g., any mobility functions, with contentionbased resources for the access. There could be other dedicated slices operating in parallel, as well as a generic slice providing basic best-effort connectivity, to cope with unknown use cases and traffic. Irrespective of the slices to be supported by the network, the 5G network should contain functionality that ensures controlled and secure operation of the network end-to-end and at any circumstance.


Netmanias has a detailed article on this topic which is quite interesting too, its available here.

Recently, South Korean operator SK Telecom and Ericsson concluded a successful trial of this technology, see here. Ericsson is also working with NTT Docomo on 5G including network slicing, see here.