Showing posts with label SDN / NFV. Show all posts
Showing posts with label SDN / NFV. Show all posts

Monday, 15 July 2024

Disaggregation of 5G Core (5GC) Network

When talking about mobile networks, we generally talk about disaggregation and virtualization of the RAN rather than the core. The 5G Core Network was also designed with disaggregation in mind, supporting service-based architecture (SBA) where Network Functions (NFs) are modular and can be deployed as microservices.

The 5G Core (5GC) is the foundation for Standalone 5G (5G SA) networks where the end users can experience the power of 'real' 5G. A newly published forecast report by Dell’Oro Group pointed out that the Mobile Core Network (MCN) market 5-year cumulative revenue forecast is expected to decline 10 percent (2024-2028). The reduction in the forecast is caused by severe economic headwinds, primarily the high inflation rates, and the slow adoption of 5G SA networks by Mobile Network Operators (MNOs).

While most people think of 5G Core Network as a single entity, in reality it contains many different network functions that can be supplied by different vendors. One way to select the vendors is based on grouping of NFs based on functionality as shown in the picture above. Here we have categorised them into User Plane & Mobility, Subscriber Data Management, Routing & Selection, and Policy & Charging. 

An example of of this disaggregation can be seen in the image above where Telenor worked with partners to build a truly multi-vendor, 5G core environment running on a vendor-neutral platform. According to their announcement

“The main component of 5G-SA is the 5G mobile core, the ‘brain’ of the 5G system. Unfortunately, most 5G core deployments are still single vendor dependent, with strong dependencies on that vendor’s underlying proprietary architecture. This single-vendor dependency can be a killer for innovation. It restricts open collaboration from the broader 5G ecosystem of companies developing new technology, use cases, and services that the market expects,” explains Patrick Waldemar, Vice President and Head of Technology in Telenor Research.

As an industry first, Telenor, along with partners, have established to build a truly multi-vendor, 5G core environment running on a vendor-neutral platform. The multi-vendor environment consists of best of breed Network Functions from Oracle, Casa-Systems, Enea and Kaloom, all running on Red Hat Openshift, the industry’s leading enterprise Kubernetes platform.

“To protect the 5G infrastructure from cyber threats, we deployed Palo Alto Networks Prisma Cloud Compute, and their Next Generation Firewall is also securing Internet connectivity for mobile devices. Red Hat Ansible Automation Platform is being used as a scalable automation system, while Emblasoft is providing automated network testing capabilities. The 5G New Radio (NR) is from Huawei,” says Waldemar.

In their whitepaper on "How to build the best 5G core", Oracle does a very similar grouping of the NFs like the way I have shown at the top and highlights what they supply and which partner NFs they use.

When the mobile operator Orange announced the selection of suppliers for their 5G SA networks in Europe, the press release said the following:

Orange has chosen the following industrial partners:

  • Ericsson’s 5G SA core network for Belgium, Spain, Luxembourg and Poland
  • Nokia’s 5G SA core network for France and Slovakia 
  • Nokia’s Subscriber Data Management for all countries
  • Oracle Communications for 5G core signaling and routing in all countries

I was unable to find out exactly which NFs would be supplied by which vendor but you get an idea.

Finally, I have depicted four scenarios for deployment and which Cloud Native Environment (CNE) would be used. In a single vendor core, the CNE, even though from a third party, could belong to either the vendor themselves (scenario 1) or may be suggested by the operator (scenario 2). 

In case of a multi-vendor deployment, it is very likely that each vendor would use their own CNE (scenario 4) rather than one suggested by the operator or belonging to the lead vendor (scenario 3).

If you have been involved in trial/test/deployment of a multi-vendor 5G Core, would love to hear your feedback on that as well as this post.

Related Posts

Wednesday, 22 March 2023

An Introduction to Multi-access Edge Computing (MEC) in 5G

We have covered some detailed webinars and presentations on MEC (Multi-access Edge Computing) but people have often asked us to add some basic tutorial on this topic. Wray Castle hosted a webinar last year on this topic. The abstract of that says: 

MEC extends the NFV concept to deploy the virtualization resources at the network edge rather than in the core/public network. MEC thus provides a significant opportunity to offer hosting for a range of novel applications, including those deployed by third parties, but it introduces new challenges in terms of the capabilities needed, and need to deploy applications onto the right edge systems for these benefits to be realised. This webinar explores these topics and presents an overview of the ETSI standardised architecture for MEC.

The webinar video is embedded below:

Related Posts

Monday, 19 September 2022

Is there a compelling Business Case for 5G Network Slicing in Public Networks?

Since the industry realised how the 5G Network Architecture will look like, Network Slicing has been touted as the killer business case that will allow the mobile operators to generate revenue from new sources.

Last month ABI Research said in a press release:

According to global technology intelligence firm ABI Research, 5G slicing revenue is expected to grow from US$309 million in 2022 to approximately US$24 billion in 2028, at a Compound Annual Growth Rate (CAGR) of 106%. 

“5G slicing adoption falls into two main categories. One, there is no connectivity available. Two, there is connectivity, but there is not sufficient capacity, coverage, performance, or security. For the former, both private and public organizations are deploying private network slices on a permanent and ad hoc basis,” highlights Don Alusha, 5G Core and Edge Networks Senior Analyst at ABI Research. The second scenario is mostly catered by private networks today, a market that ABI Research expects to grow from US$3.6 billion to US$109 billion by 2023, at a CAGR of 45.8%. Alusha continues, “A sizable part of this market can be converted to 5G slicing. But first, the industry should address challenges associated with technology and commercial models. On the latter, consumers’ and enterprises’ appetite to pay premium connectivity prices for deterministic and tailored connectivity services remains to be determined. Furthermore, there are ongoing industry discussions on whether the value that comes from 5G slicing can exceed the cost required to put together the underlying slicing ecosystem.”

Earlier this year, Daryl Schoolar - Research Director at IDC tackled this topic in his blog post:

5G network slicing, part of the 3GPP standards developed for 5G, allows for the creation of multiple virtual networks across a single network infrastructure, allowing enterprises to connect with guaranteed low latency. Using principles behind software-defined network and network virtualization, slicing allows the mobile operator to provide differentiated network experience for different sets of end users. For example, one network slice could be configured to support low latency, while another slice is configured for high download speeds. Both slices would run across the same underlying network infrastructure, including base stations, transport network, and core network.

Network slicing differs from private mobile networks, in that network slicing runs on the public wide area network. Private mobile networks, even when offered by the mobile operator, use infrastructure and spectrum dedicated to the end user to isolate the customer’s traffic from other users.

5G network slicing is a perfect candidate for future business connectivity needs. Slicing provides a differentiated network experience that can better match the customers performance requirements than traditional mobile broadband. Until now, there has been limited mobile network performance customization outside of speeds. 5G network slicing is a good example of telco service offerings that meet future of connectivity requirements. However, 5G network slicing also highlights the challenges mobile operators face with transformation in their pursuit of remaining relevant.

For 5G slicing to have broad commercial availability, and to provide a variety of performance options, several things need to happen first.

  • Operators need to deploy 5G Standalone (SA) using the new 5G mobile core network. Currently most operators use the 5G non-standalone (NSA) architecture that relies on the LTE mobile core. It might be the end of 2023 before the majority of commercial 5G networks are using the SA mode.
  • Spectrum is another hurdle that must be overcome. Operators still make most of their revenue from consumers, and do not want to compromise the consumer experience when they start offering network slicing. This means operators need more spectrum. In the U.S., among the three major mobile operators, only T-Mobile currently has a nationwide 5G mid-band spectrum deployment. AT&T and Verizon are currently deploying in mid-band, but that will not be completed until 2023.
  • 5G slicing also requires changes to the operator’s business and operational support systems (BSS/OSS). Current BSS/OSS solutions were not designed to support the increased parameters those systems were designed to support.
  • And finally, mobile operators still need to create the business propositions around commercial slicing services. Mobile operators need to educate businesses on the benefits of slicing and how slicing supports their different connectivity requirements. This could involve mobile operators developing industry specific partnerships to reach different business segments. All these things take time to be put into place.

Because of the enormity of the tasks needed to make 5G network slicing a commercial success, IDC currently has a very conservative outlook for this service through 2026. IDC believes it will be 2023 until there is general commercial availability of 5G network slicing. The exception is China, which is expected to have some commercial offerings in 2022 as it has the most mature 5G market. Even then, it will take until 2025 before global revenues from slicing exceeds a billion U.S. dollars. In 2026 IDC forecasts slicing revenues will be approximately $3.2 billion. However, over 80% of those revenues will come out of China.

The 'Outspoken Industry Analyst' Dean Bubley believes that Network Slicing is one of the worst strategic errors made by the mobile industry, since the catastrophic choice of IMS for communications applications. In a LinkedIn post he explains:

At best, slicing is an internal toolset that might allow telco operations or product teams (or their vendors) to manage their network resources. For instance, it could be used to separate part of a cell's capacity for FWA, and dynamically adjust that according to demand. It might be used as an "ingredient" to create a higher class of service for enterprise customers, for instance for trucks on a highway, or as part of an "IoT service" sold by MNOs. Public safety users might have an expensive, artisanal "hand-carved" slice which is almost a separate network. Maybe next-gen MVNOs.

(I'm talking proper 3GPP slicing here - not rebranded QoS QCI classes, private APNs, or something that looks like a VLAN, which will probably get marketed as "slices")

But the idea that slicing is itself a *product*, or that application developers or enterprises will "buy a slice" is delusional.

Firstly, slices will be dependent on [good] coverage and network control. A URLLC slice likely won't work reliably indoors, underground, in remote areas, on a train, on a neutral-host network, or while roaming. This has been a basic failure of every differentiated-QoS monetisation concept for many years, and 5G's often-higher frequencies make it worse, not better.

Secondly, there is no mature machinery for buying, selling, testing, supporting. price, monitoring slices. No, the 5G Network Exposure Function won't do it all. I haven't met a Slice salesperson yet, or a Slice-procurement team.

Thirdly, a "local slice" of a national 5G network will run headlong into a battle with the desire for separate private/dedicated local 5G networks, which may well be cheaper and easier. It also won't work well with the enterprise's IT/OT/IP domains, out of the box.

Also there's many challenges getting multi-operator slices, device OS links to slice APIs, slice "boundary controllers" between operators, aligning RAN and core slices, regulatory questionmarks and much more.

There are lots of discussion in the comments section that may be of interest to you, here.

My belief is that we will see lots of interesting use cases with slicing in public networks but it will be difficult to monetise. The best networks will manage to do it to create some plans with guaranteed rates and low latency. It would remain to be see whether they can successfully monetise it well enough. 

For technical people and newbies, there are lots of Network Slicing resources on this blog (see related posts 👇). Here is another recent video from Mpirical:

Related Posts

Tuesday, 22 March 2022

Realizing Zero Trust Architecture for 5G Networks

Over the last couple of years, I keep on coming across Zero-Trust Architecture (ZTA). A simple way to explain is that the standard model of security is known as perimeter security model, where everything within the perimeter can be trusted. In zero-trust (ZT) model, no assumptions is made about trustworthiness and hence it is also sometimes known as perimeterless security model.

This short video from IBM clearly explains what ZT means:

This blog post from Palo Alto Networks also clearly explains ZT:

By definition, Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero Trust for 5G removes implicit trust regardless of what the situation is, who the user is, where the user is or what application they are trying to access.

The impact of Zero Trust on network security specifically protects the security of sensitive data and critical applications by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention and simplifying granular user-access controls. Where traditional security models operate under the assumption that everything inside an organization’s perimeter can be trusted, the Zero Trust model recognizes that trust is a vulnerability.

In short, Zero Trust for 5G presents an opportunity for service providers, enterprises and organizations to re-think how users, applications and infrastructure are secured in a way that is scalable and sustainable for modern cloud, SDN-based environments and open-sourced 5G networks. Delivering the Zero Trust Enterprise means taking Zero Trust principles, making them actionable and effectively rebuilding security to keep pace with digital transformation. 

A research paper looking at Intelligent ZTA (i-ZTA) provides an interesting approach to security in 5G and beyond. The paper can be downloaded from here. The abstract states:

While network virtualization, software-defined networking (SDN), and service-based architectures (SBA) are key enablers of 5G networks, operating in an untrusted environment has also become a key feature of the networks. Further, seamless connectivity to a high volume of devices in multi-radio access technology (RAT) has broadened the attack surface on information infrastructure. Network assurance in a dynamic untrusted environment calls for revolutionary architectures beyond existing static security frameworks. This paper presents the architectural design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks. We introduce key ZT principles as real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components. The envisioned architecture adopts an SBA-based design, similar to the 3GPP specification of 5G networks, by leveraging the open radio access network (O-RAN) architecture with appropriate real-time engines and network interfaces for collecting necessary machine learning data. The i-ZTA is also expected to exploit the multi-access edge computing (MEC) technology of 5G as a key enabler of intelligent MED components for resource-constraint devices.

Ericsson Technology Review covered Zero Trust in 5G Networks in one of their issues. Quoting from the article:

The 3GPP 5G standards define relevant network security features supporting a zero trust approach in the three domains: network access security, network domain security and service-based architecture (SBA) domain security. 

The network access security features provide users with secure access to services through the device (mobile phone or connected IoT device) and protect against attacks on the air interface between the device and the radio node. Network domain security includes features that enable nodes to securely exchange signaling data and user data, for example, between radio and core network functions (NFs).

The 5G SBA is built on web technology and web protocols to enable flexible and scalable deployments using virtualization and container technologies and cloud-based processing platforms. SBA domain security specifies the mechanism for secure communication between NFs within the serving network domain and with other network domains. 

While the new requirements and functionality introduced in the 5G specifications are already aligned with many of the zero trust tenets. It is already evident, however, that further technology development, standardization and implementation are needed in areas such as policy frameworks, security monitoring and trust evaluation to support the adoption of zero trust architecture in new telecom environments that are distributed, open, multi-vendor and/or virtualized.

While various technologies can support organizations in adhering to the guiding principles of zero trust as part of their total active defense strategy, it is important to remember that technology alone will never be sufficient to realize the full potential of zero trust. Successful implementation of a network based on zero trust principles requires the concurrent implementation of information security processes, policies and best practices, as well as the presence of knowledgeable security staff. Regardless of where a CSP is in its transition toward a zero trust architecture, the three pillars of people, processes and technology will continue to be the foundation of a robust security architecture.

Related Posts:

Thursday, 22 July 2021

AT&T Cybersecurity Experts Provide 5G Security Overview

The National Governors Association (NGA) in the USA is the voice of the leaders of 55 states, territories, and commonwealths. On May 24th, the Resource Center for State Cybersecurity featured a panel of experts from AT&T for a conversation on understanding the 5G ecosystem, security risks, supply chain resilience and the challenges and opportunities that exist around deployment.

The talk highlighted top 5G security areas of concern. The top three being:

  • Increased attack surface due to massive increase in connectivity
  • Greater number & variety of devices accessing the network
  • Complexity of extending security policy to new types of non-traditional and IoT devices


Some of the Security Advantages with 5G are highlighted as follows:

  • Software Defined Networking/Virtualization
  • Stronger 3GPP encryption for over-the-air encryption
  • Subscriber Identity Privacy
  • Roaming or network-to-network protection
  • Network Slicing

The slides of the talk is available here and the video is as follows:

Related Posts:

Wednesday, 7 July 2021

Different Types of RAN Architectures - Distributed, Centralized & Cloud


I come across a question relating to the different type of RAN architectures once per month on an average. Even though we have covered the topic as part of some or the other tutorial, we decided to do a dedicated tutorial on this.

The video and slides are embedded below

As always, feedback and comments welcome.

Related Posts:

Wednesday, 30 June 2021

Open RAN Terminology and Players


When we made our little Open RAN explainer, couple of years back, we never imagined this day when so many people in the industry will be talking about Open RAN. I have lost track of the virtual events taking place and Open RAN whitepapers that have been made available just in the last month.

One of the whitepapers just released was from NTT Docomo, just in time for MWC 2021. You can see the link in the Tweet

Even after so much information being available, many people still have basic questions about Open RAN and O-RAN. I helped make an Open RAN explainer series and blogged about it here. Just last week, I blogged about the O-RAN explainer series that I am currently working on, here.

There were some other topics that I couldn't cover elsewhere so made some short videos on them for the 3G4G YouTube channel. The first video/presentation explains Open RAN terminology that different people, companies and organizations use. It starts with open interfaces and then looks at radio hardware disaggregation and compute disaggregation. Moving from 2G/3G/4G to 5G, it also explains the Open RAN approach to a decomposed architecture with RAN functional splits.

If you look at the Telecom Infra Project (TIP) OpenRAN group or O-RAN Alliance, the organizations driving the Open RAN vision and mission, you will notice many new small RAN players are joining one or both of them. In addition, you hear about other Open RAN consortiums that again include small innovative vendors that may not be very well known. 

The second video is an opinion piece looking at what is driving these companies to invest in Open RAN and what can they expect as return in future.

As always, all 3G4G videos' slides are available on our SlideShare channel.

Related Posts:

Friday, 16 October 2020

Couple of Tutorials on ETSI NFV MANO


The premises of virtualization is to move physical network functions (PNF in hardware) into software and to design them in a way so that they can be deployed on a NFVI (Network Functions Virtualization Infrastructure, a.k.a. the cloud).

MANagement and Orchestration (MANO) is a key element of the ETSI network functions virtualization (NFV) architecture. MANO is an architectural framework that coordinates network resources for cloud-based applications and the lifecycle management of virtual network functions (VNFs) and network services. As such, it is crucial for ensuring rapid, reliable NFV deployments at scale. MANO includes the following components: the NFV orchestrator (NFVO), the VNF manager (VNFM), and the virtual infrastructure manager (VIM).

NFV MANO is broken up into three functional blocks:

  • NFV Orchestrator: Responsible for onboarding of new network services (NS) and virtual network function (VNF) packages; NS lifecycle management; global resource management; validation and authorization of network functions virtualization infrastructure (NFVI) resource requests.
  • VNF Manager: Oversees lifecycle management of VNF instances; fills the coordination and adaptation role for configuration and event reporting between NFV infrastructure (NFVI) and Element/Network Management Systems.
  • Virtualized Infrastructure Manager (VIM): Controls and manages the NFVI compute, storage, and network resources.

For the NFV MANO architecture to work properly and effectively, it must be integrated with open application program interfaces (APIs) in the existing systems. The MANO layer works with templates for standard VNFs and gives users the power to pick and choose from existing NFVI resources to deploy their platform or element.

Couple of good old tutorials, good as gold, explaining the ETSI NFV MANO concept. The videos are embedded below. The slides from the video are probably not available but there are other slides from ETSI here. If you are new to this, this is a good presentation to start with.

NFV MANO Part 1: Overview and VNF Lifecycle Management: Uwe Rauschenbach | Rapporteur | ETSI NFV ISG covers:

  • ETSI NFV MANO Concepts
  • VNF Lifecycle Management

NFV MANO Part 2: Network Service Lifecycle Management: Jeremy Fuller | Chair, IFA WG | ETSI NFV ISG covers:
  • Network Service Lifecycle Management

If you have any better suggestions for the slides / video, please feel free to add in the comments.

Related Posts:

Saturday, 10 October 2020

What is Cloud Native and How is it Transforming the Networks?


Cloud native is talked about so often that it is assumed everyone knows what is means. Before going any further, here is a short introductory tutorial here and video by my Parallel Wireless colleague, Amit Ghadge.  

If instead you prefer a more detailed cloud native tutorial, here is another one from Award Solutions.

Back in June, Johanna Newman, Principal Cloud Transformation Manager, Group Technology Strategy & Architecture at Vodafone spoke at the Cloud Native World with regards to Vodafone's Cloud Native Journey 


Roz Roseboro, a former Heavy Reading analyst who covered the telecom market for nearly 20 years and currently a Consulting Analyst at Light Reading wrote a fantastic summary of that talk here. The talk is embedded below and selective extracts from the Light Reading article as follows:

While vendors were able to deliver some cloud-native applications, there were still problems ensuring interoperability at the application level. This means new integrations were required, and that sent opex skyrocketing.

I was heartened to see that Newman acknowledged that there is a difference between "cloud-ready" and "cloud-native." In the early days, many assumed that if a function was virtualized and could be managed using OpenStack, that the journey was over.

However, it soon became clear that disaggregating those functions into containerized microservices would be critical for CSPs to deploy functions rapidly and automate management and achieve the scalability, flexibility and, most importantly, agility that the cloud promised. Newman said as much, remarking that the jump from virtualized to cloud-native was too big a jump for hardware and software vendors to make.

The process of re-architecting VNFs to containerize them and make them cloud-native is non-trivial, and traditional VNF suppliers have not done so at the pace CSPs would like to see. I reference here my standard chicken and egg analogy: Suppliers will not go through the cost and effort to re-architect their software if there are no networks upon which to deploy them. Likewise, CSPs will not go through the cost and effort to deploy new cloud networks if there is no software ready to run on them. Of course, some newer entrants like Rakuten have been able to be cloud-native out of the gate, demonstrating that the promise can be realized, in the right circumstances.

Newman also discussed the integration challenges – which are not unique to telecom, of course, but loom even larger in their complex, multivendor environments. During my time as a cloud infrastructure analyst, in survey after survey, when asked what the most significant barrier to faster adoption of cloud-native architectures, CSPs consistently ranked integration as the most significant.

Newman spent a little time discussing the work of the Common NFVi Telco Taskforce (CNTT), which is charged with developing a handful of reference architectures that suppliers can then design to which will presumably help mitigate many of these integration challenges, not to mention VNF/CNF life cycle management (LCM) and ongoing operations.

Vodafone requires that all new software be cloud-native – calling it the "Cloud Native Golden Rule." This does not come as a surprise, as many CSPs have similar strategies. What did come as a bit of a surprise, was the notion that software-as-a-service (SaaS) is seen as a viable alternative for consuming telco functions. While the vendor with the SaaS offering may not itself be cloud-native (for example, it could still have hardware dependencies), from Vodafone's point of view, it ends up performing as such, given the lower operational and maintenance costs and flexibility of a SaaS consumption model.

If you have some other fantastic links, videos, resources on this topic, feel free to add in the comments.

Related Posts:

Friday, 22 June 2018

5G and IoT Security Update from ETSI Security Week 2018

ETSI Security Week 2018 (link) was held at ETSI's Headquarters in Sophia Antipolis, South of France last week. It covered wide variety of topics including 5G, IoT, Cybersecurity, Middlebox, Distributed Ledger Technology (DLT), etc. As 5G and IoT is of interest to the readers of this blog, I am providing links to the presentations so anyone interested can check them out at leisure.


Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:

5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.

5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?

The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?

Event Objectives
The workshop intends to:

  • Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain;
  • Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure;
  • Give an update of what is happening in 3GPP 5G security;
  • Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials;
  • Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches;
  • Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs;
  • Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.


So here are the relevant presentations:

Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson

Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC

Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters

Integrating the SIM (iUICC), Adrian Escott, QUALCOMM

Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman

Network Slicing, Anne-Marie Praden, Gemalto

Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet

5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo

Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies

ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17

Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO


Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems

Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems

5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup

Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs

Security Best Practises using RESTful APIs, Sven Walther, CA Technologies

Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence

Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)


Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson


Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal

Setting the Scene, Franck Boissière, European Commission

ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA

Smart City Aspects, Bram Reinders, Institute for Future of Living

The Network Operators Perspective on IoT Security, Ian Smith, GSMA


Related Links:

Sunday, 25 March 2018

5G Security Updates - March 2018


Its been a while since I wrote about 5G security in this fast changing 5G world. If you are new to 3GPP security, you may want to start with my tutorial here.

3GPP SA3 Chairman, Anand R. Prasad recently mentioned in his LinkedIn post:

5G security specification finalized! Paving path for new business & worry less connected technology use.

3GPP SA3 delegates worked long hours diligently to conclude the specification for 5G security standard during 26 Feb.-2 Mar. Several obstacles were overcome by focussed effort of individuals & companies from around the globe. Thanks and congrats to everyone!

All together 1000s of hours of work with millions of miles of travel were spent in 1 week to get the work done. This took 8 meetings (kicked off Feb. 2017) numerous on-line meetings and conference calls.

Excited to declare that this tremendous effort led to timely completion of 5G security specification (TS 33.501) providing secure services to everyone and everything!

The latest version of specs is on 3GPP website here.

ITU also held a workshop on 5G Security in Geneva, Switzerland on 19 March 2018 (link). There were quite a few interesting presentations. Below are some slides that caught my attention.

The picture in the tweet above from China Mobile summarises the major 5G security issues very well. 5G security is going to be far more challenging than previous generations.

The presentation by Haiguang Wang, Huawei contained a lot of good technical information. The picture at the top is from that presentation and highlights the difference between 4G & 5G Security Architecture.


New entities have been introduced to make 5G more open.


EPS-AKA vs 5G-AKA (AKA = Authentication and Key Agreement) for trusted nodes


EAP-AKA' for untrusted nodes.


Slice security is an important topic that multiple speakers touched upon and I think it would continue to be discussed for a foreseeable future.

Dr. Stan Wing S. Wong from King’s College London has some good slides on 5G security issues arising out of Multi-Tenancy and Multi-Network Slicing.

Peter Schneider from Nokia-Bell Labs had good slides on 5G Security Overview for Programmable Cloud-Based Mobile Networks

Sander Kievit from TNO, a regular participant of working group SA3 of 3GPP on behalf of the Dutch operator KPN presented a view from 3GPP SA3 on the Security work item progress (slides). The slide above highlights the changes in 5G key hierarchy.

The ITU 5G Security Workshop Outcomes is available here.

ETSI Security Week 2018 will be held 11-15 June 2018. 5G security/privacy is one of the topics.

There is also 5GPPP Workshop on 5G Networks Security (5G-NS 2018), being held in Hamburg, Germany on August 27-30, 2018.

In the meantime, please feel free to add your comments & suggestions below.


Related Posts & Further Reading:

Tuesday, 13 February 2018

Artificial Intelligence - Beyond SON for Autonomous Networks


What is the next step in evolution of SON? Artificial Intelligence obviously. The use of artificial intelligence (AI) techniques in the network supervisory system could help solve some of the problems of future network deployment and operation. ETSI has therefore set up a new 'Industry Specification Group' on 'Experiential Networked Intelligence' (ISG ENI) to develop standards for a Network Supervisory assistant system.


The ISG ENI focuses on improving the operator experience, adding closed-loop artificial intelligence mechanisms based on context-aware, metadata-driven policies to more quickly recognize and incorporate new and changed knowledge, and hence, make actionable decisions. ENI will specify a set of use cases, and the generic technology independent architecture, for a network supervisory assistant system based on the ‘observe-orient-decide-act’ control loop model. This model can assist decision-making systems, such as network control and management systems, to adjust services and resources offered based on changes in user needs, environmental conditions and business goals.


The introduction of technologies such as Software-Defined Networking (SDN), Network Functions Virtualisation (NFV) and network slicing means that networks are becoming more flexible and powerful. These technologies transfer much of the complexity in a network from hardware to software, from the network itself to its management and operation. ENI will make the deployment of SDN and NFV more intelligent and efficient and will assist the management and orchestration of the network.


We expect to complete the first phase of ENI work in 2019. It will include a description of use cases and requirements and terminology, including a definition of features, capabilities and policies, which we will publish in a series of informative best practice documents (Group Reports (GRs)).
This will of course require co-operation from many different industry bodies including GSMA, ITU-T, MEF, IETF, etc.

Will see how this goes.

Further reading:



Tuesday, 25 July 2017

5G Security Updates - July 2017


Its been nearly 2 years since I last blogged about ETSI Security workshop. A lot has changed since then, especially as 5G is already in the process of being standardised. This is in addition to NFV / SDN that also applied to 4G networks.

ETSI Security Week (12 - 16 June) covered lot more than 5G, NFV, SDN, etc. Security specialists can follow the link to get all the details (if they were not already aware of).

I want to quickly provide 3 links so people can find all the useful information:

NFV Security Tutorialdesigned to educate attendees on security concerns facing operators and providers as they move forward with implementing NFV. While the topics are focused on security and are technical in nature we believe any individual responsible for designing, implementing or operating a NFV system in an organization will benefit from this session. Slides here.

NFV Security: Network Functions Virtualization (NFV), leveraging cloud computing, is set to radically change the architecture, security, and implementation of telecommunications networks globally. The NFV Security day will have a sharp focus on the NFV security and will bring together the world-wide community of the NFV security leaders from the industry, academia, and regulators. If you want to meet the movers and shakers in this field, get a clear understanding of the NFV security problems, challenges, opportunities, and the state of the art development of security solutions, this day is for you. Slides here.



5G Security: The objectives of this event are to:
  • Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views will shape together in order to understand the challenges, threats and the security requirements that the 5G scenarios will be bringing.
  • Give an update of what is happening in:
    • 5G security research: Lot of research is on-going on 5G security and several projects exist on the topic.
    • 5G security standards: Standardization bodies have already started working 5G security and their work progress will be reviewed. Also any gap or additional standardization requirements will be discussed.
    • Verticals and business (non-technical) 5G security requirements: 5G is playground where different verticals besides the telecom industry is playing a role and their requirements will be key for the design of 5G security. In addition 5G is where "security" will become the business driver.
  • Debate about hot topics such as: IoT security, Advances in lightweight cryptography, Slicing security. Privacy. Secure storage and processing. Security of the interconnection network (DIAMETER security). Relevance of Quantum Safe Cryptography for 5G, Authorization concepts....
Slides for 5G Security here.

In addition, Jaya Baloo, CISO, KPN Telecom talks about 5G network security at TechXLR8 2017. Embedded is a video of that: