Benefits and Challenges of Applying Device-Level AI to 5G networks

I was part of Cambridge Wireless CWTEC 2018 organising committee where our event 'The inevitable automation of Next Generation Networks' covered variety of topics with AI, 5G, devices, network planning, etc. The presentations are available freely for a limited period here.

End-to-end #AI in telecoms will involve a mix of capabilities on devices, local RAN, core & NFV - @Samsung at #CWTEC

On-device AI can do all sorts of cool stuff eg on power-mgmt pic.twitter.com/SV26fLNnG3

— Dean Bubley (@disruptivedean) September 27, 2018

One of the thought provoking presentations was by Yue Wang from Samsung R&D. The presentation is embedded below and can be downloaded from Slideshare.

Device-level AI for 5G and beyond from 3G4G

This presentation also brought out some interesting thoughts and discussions:

• While the device-level AI and network-level AI would generally work cooperatively, there is a risk that some vendor may play the system to make their devices perform better than the competitors. Something similar to the signaling storm generated by SCRI (see here).
• If the device-level and network-level AI works constructively, an operator may be able to claim that their network can provide a better battery life for a device. For example iPhone XYZ has 25% better battery life on our network rather than competitors network.
• If the device-level and network-level AI works destructively for any reason then the network can become unstable and the other users may experience issues. 

I guess all these enhancements will start slowly and there will be lots of learning in the first few years before we have a stable, mutually beneficial solution.

Related Posts:

• Automating the 5G Core using Machine Learning and Data Analytics
• Telefonica: Big Data, Machine Learning (ML) and Artificial Intelligence (AI) to Connect the Unconnected
• ITU 'Network 2030': Initiative to support Emerging Technologies and Innovation looking beyond 5G advances
• End-to-end Network Slicing in 5G
• 5G New Radio Standards and other Presentations

5G and IoT Security Update from ETSI Security Week 2018

ETSI Security Week 2018 (link) was held at ETSI's Headquarters in Sophia Antipolis, South of France last week. It covered wide variety of topics including 5G, IoT, Cybersecurity, Middlebox, Distributed Ledger Technology (DLT), etc. As 5G and IoT is of interest to the readers of this blog, I am providing links to the presentations so anyone interested can check them out at leisure.

Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:

5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.

5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?

The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?

Event Objectives
The workshop intends to:

• Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain;
• Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure;
• Give an update of what is happening in 3GPP 5G security;
• Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials;
• Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches;
• Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs;
• Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.

So here are the relevant presentations:

Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson

Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC

Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters

Integrating the SIM (iUICC), Adrian Escott, QUALCOMM

Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman

Network Slicing, Anne-Marie Praden, Gemalto

Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet

5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo

Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies

ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17

Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO


Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems

Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems

5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup

Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs

Security Best Practises using RESTful APIs, Sven Walther, CA Technologies

Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence

Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)


Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson


Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal

Setting the Scene, Franck Boissière, European Commission

ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA

Smart City Aspects, Bram Reinders, Institute for Future of Living

The Network Operators Perspective on IoT Security, Ian Smith, GSMA


Related Links:

• Detecting false base stations in mobile networks - Ericsson Research Blog
• 5G Security Updates - March 2018 - 3G4G Blog
• Introduction to 3GPP Security in Mobile Cellular Networks - 3G4G Blog

Some interesting April Fools' Day 2018 Technology Jokes

This year April Fools' Day wasn't as fun as the last one. Couple of reasons being that it was on a Sunday and it coincided with Easter Sunday. Here are some of the jokes that I found interesting.

Sprint's Magic Ball:

It was good to see that the US mobile operator joined the party this year. Their magicball (based on their highly successful Magic Box) advert was really good. Here is the video:



Good to see that they managed to squeeze in references to 5G and small cells

Official site: http://newsroom.sprint.com/sprint-magic-ball.htm


T-Mobile Sidekicks Re-booted:

T-Mobile USA has consistently come up with the best tech pranks. Last year they had the OneSie with Human HotSpot and BingeOnUp the year before. This year the re-booted sidekicks was the joke of the day. The video is embedded below. As the description says, T-Mobile’s Sidekick gets a remake! Inspired by the past but stepping boldly into the future, it has revolutionary AI, headphones that double as chargers, personalized GPS guidance by John Legere, and more!



Official site: https://www.t-mobile.com/offers/sidekicks


The Chegg Osmosis Pillow:

"A top-secret team of Chegg engineers from Zurich spent two years developing a new patent-pending revolutionary proprietary method of making memory foam using special blends of matcha and lavender. Thanks to their discoveries, Chegg’s memory foam actually improves your memory. Got a final exam tomorrow? Sleep on it. Got a lab report due? Sleep on it. Need to outline your entire thesis? Sleep on it."

Official Website: https://www.chegg.com/play/memory-foam-pillow/


Pindrop TonguePrinting:

"Tongueprinting technology analyzes thousands of tiny bumps called papillae, as well as factors such as shape, size, and temperature to accurately identify yourself by licking your phone. This technology will be the mouthpiece of Pindrop’s latest authentication and anti-fraud solutions." Video:


Official website: https://www.pindrop.com/resources/video/video/tongueprinting/


Roku Happy Streaming Socks: "Do messy snack hands keep you from using your Roku remote? Meet the new Roku Happy Streaming Socks with built-in motion sensors, plus toe-toasting and anti-loss technology."


Official Website: https://blog.roku.com/roku-happy-streaming-socks


The other jokes were, well, not very funny but here are some worth mentioning...

Virgin Voyages Wa-Fi: "Here at Virgin Voyages we are excited to be bringing underwater WiFi, or as we call it “Wa-Fi” service, to all Virgin Voyages ships." Website: https://www.virginvoyages.com/wa-fi.html

Logitech BS Detection Software: "Today, I’m proud to announce that we are taking video calls to a whole new level with the introduction of Logitech Business Speak (BS) Detection software. Logitech BS Detection revolutionizes our meeting capabilities with built-in artificial intelligence (AI) that flags the…well…BS in business communications. "

Eager to eliminate the BS from your meetings? If so, be sure to check out Logitech's new Business Speak Detection software, which is now available on all @LogitechVC products. Learn more here: https://t.co/XuumeDrgme. pic.twitter.com/KP2ieuCXRi

— Logitech (@Logitech) April 1, 2018

Website: https://blog.logitech.com/2018/03/30/logitech-revolutionizes-business-communication-with-the-introduction-of-business-speak-detection-software/

Josh Ultra by Josh.Ai: https://www.cepro.com/article/josh.ai_josh_ultra_premium_voice_control

Jabra Sneakers: https://www.jabra.com/jabra-sneakers

INTRODUCING Jabra Speaker Sneaker - The world’s first stereo speakers included in footwear with voice assist. The detachable speakers ensure great sound and best of class battery life, allowing you to enjoy music all day long, wherever your feet take you. https://t.co/fO7TJp3KPp pic.twitter.com/1vmul0unAA

— Jabra US Team (@Jabra_US) April 1, 2018

Genetic Select by Lexus: Introducing Genetic Select by Lexus in partnership with 23andMe. The world’s first service that uses human genetics to match you with the car of your genes. http://www.lexus.com/geneticselect/

Google Maps is adding a Where’s Waldo? mini-game for the next week: Link.

Google Japan's Gboard: https://japan.googleblog.com/2018/04/tegaki.html

Google Cloud Hummus API - Find your Hummus!: https://www.youtube.com/watch?v=0_5X6N6DHyk

Tech21 Flexichoc case: https://twitter.com/Tech21Official/status/979392283106824192

Audi Downsizing Assistant: https://twitter.com/AudiOfficial/status/979991696657203201

Lego VacuSort: https://twitter.com/LEGO_Group/status/980369210789507072

Did I miss any good ones?


Related Posts:

• Some interesting April Fools' Day 2017 Technology Jokes
• Some interesting April Fools' Day 2016 Technology Jokes
• Some interesting April Fools' Day 2015 Technology Jokes
• Some interesting April Fools' Day 2014 Technology Jokes
• Qualcomm to put Femtocells in Mutant Animals ;)
• Just ate a Blackberry...and it was yummy!

5G Security Updates - March 2018

Its been a while since I wrote about 5G security in this fast changing 5G world. If you are new to 3GPP security, you may want to start with my tutorial here.

3GPP SA3 Chairman, Anand R. Prasad recently mentioned in his LinkedIn post:

5G security specification finalized! Paving path for new business & worry less connected technology use.

3GPP SA3 delegates worked long hours diligently to conclude the specification for 5G security standard during 26 Feb.-2 Mar. Several obstacles were overcome by focussed effort of individuals & companies from around the globe. Thanks and congrats to everyone!

All together 1000s of hours of work with millions of miles of travel were spent in 1 week to get the work done. This took 8 meetings (kicked off Feb. 2017) numerous on-line meetings and conference calls.

Excited to declare that this tremendous effort led to timely completion of 5G security specification (TS 33.501) providing secure services to everyone and everything!

The latest version of specs is on 3GPP website here.

ITU also held a workshop on 5G Security in Geneva, Switzerland on 19 March 2018 (link). There were quite a few interesting presentations. Below are some slides that caught my attention.

Major 5G Security Issues via Min Zuo, China Mobile #RANSplit #NetworkSlicing #SBA #NFV #SDN #CloudComputing #MEC pic.twitter.com/GD8EMNP1Fk

— 3G4G (@3g4gUK) March 20, 2018

The picture in the tweet above from China Mobile summarises the major 5G security issues very well. 5G security is going to be far more challenging than previous generations.

The presentation by Haiguang Wang, Huawei contained a lot of good technical information. The picture at the top is from that presentation and highlights the difference between 4G & 5G Security Architecture.

New entities have been introduced to make 5G more open.

EPS-AKA vs 5G-AKA (AKA = Authentication and Key Agreement) for trusted nodes

EAP-AKA' for untrusted nodes.

Slice security is an important topic that multiple speakers touched upon and I think it would continue to be discussed for a foreseeable future.

Dr. Stan Wing S. Wong from King’s College London has some good slides on 5G security issues arising out of Multi-Tenancy and Multi-Network Slicing.

Peter Schneider from Nokia-Bell Labs had good slides on 5G Security Overview for Programmable Cloud-Based Mobile Networks

Sander Kievit from TNO, a regular participant of working group SA3 of 3GPP on behalf of the Dutch operator KPN presented a view from 3GPP SA3 on the Security work item progress (slides). The slide above highlights the changes in 5G key hierarchy.

The ITU 5G Security Workshop Outcomes is available here.

ETSI Security Week 2018 will be held 11-15 June 2018. 5G security/privacy is one of the topics.

There is also 5GPPP Workshop on 5G Networks Security (5G-NS 2018), being held in Hamburg, Germany on August 27-30, 2018.

In the meantime, please feel free to add your comments & suggestions below.


Related Posts & Further Reading:

• Introduction to 3GPP Security in Mobile Cellular Networks - 3G4G
• 5G Security Updates - July 2017 - 3G4G
• 3GPP 5G Specifications - 3G4G
• Tutorial: Service Based Architecture (SBA) for 5G Core (5GC) - 3G4G

Introduction to 3GPP Security in Mobile Cellular Networks

I recently did a small presentation on 3GPP Security, looking at the how the security mechanism works in mobile cellular networks; focusing mainly on signaling associated with authentication, integrity protection and ciphering / confidentiality. Its targeted towards people with basic understanding of mobile networks. Slides with embedded video below.

Intermediate: Security in Mobile Cellular Networks from 3G4G

You can also check-out all such videos / presentations at the 3G4G training section.

Enhanced 5G Security via IMSI Encryption

Source: North Star Post

IMSI Catchers can be a real threat. It doesn't generally affect anyone unless someone is out to get them. Nevertheless its a security flaw that is even present in LTE. This presentation here is a good starting point on learning about IMSI Catcher and the one here about privacy and availability attacks.

This article by Ericsson is a good starting point on how 5G will enhance security by IMSI encryption. From the article:

The concept we propose builds on an old idea that the mobile device encrypts its IMSI using home network’s asymmetric key before it is transmitted over the air-interface. By using probabilistic asymmetric encryption scheme – one that uses randomness – the same IMSI encrypted multiple times results in different values of encrypted IMSIs. This makes it infeasible for an active or passive attacker over the air-interface to identify the subscriber. Above is a simplified illustration of how a mobile device encrypts its IMSI. 

Each mobile operator (called the ‘home network’ here) has a public/private pair of asymmetric keys. The home network’s private asymmetric key is kept secret by the home network, while the home network’s public asymmetric key is pre-provisioned in mobile devices along with subscriber-specific IMSIs (Step 0). Note that the home network’s public asymmetric key is not subscriber-specific. 

For every encryption, the mobile device generates a fresh pair of its own public/private asymmetric keys (Step 1). This key pair is used only once, hence called ephemeral, and therefore provide probabilistic property to the encryption scheme. As shown in the figure, the mobile device then generates a new key (Step 2), e.g., using Diffie–Hellman key exchange. This new key is also ephemeral and is used only once to encrypt the mobile device’s IMSI (Step 3) using symmetric algorithm like AES. The use of asymmetric and symmetric crypto primitives as described above is commonly known as integrated/hybrid encryption scheme. The Elliptic Curve Integrated Encryption Scheme (ECIES) is a popular scheme of such kind and is very suitable to the use case of IMSI encryption because of low impact on radio bandwidth and mobile device’s battery. 

The nicest thing about the described concept is that no public key infrastructure is necessary, which significantly reduces deployment complexity, meaning that mobile operators can start deploying IMSI encryption for their subscribers without having to rely on any external party or other mobile operators.

'3GPP TR 33.899: Study on the security aspects of the next generation system' lists one such approach.

The Key steps are as follows:

1. UE is configured with 5G (e)UICC with ‘K’ key, the Home Network ID, and its associated public key.
2. SEAF send Identity Request message to NG-UE. NG-UE considers this as an indication to initiate Initial Authentication.
3. NG-UE performs the following:
1. Request the (e)UICC application to generate required security material for initial authentication, RANDUE, , COUNTER, KIARenc, and KIARInt.
2. NG-UE builds IAR as per MASA. In this step NG-UE includes NG-UE Security Capabilities inside the IAR message. It also may include its IMEI. 
3. NG-UE encrypts the whole IAR including the MAC with the home network public key.
4. NG-UE sends IAR to SEAF.
4. Optionally, gNB-CP node adds its Security Capabilities to the transposrt message between the gNB-CP and the SEAF (e.g., inside S1AP message as per 4G).
5. gNB-CP sends the respective S1AP message that carries the NG-UE IAR message to the SEAF.
6. SEAF acquirs the gNB-CP security capabilities as per the listed options in clause 5.2.4.12.4.3and save them as part of the temporary context for the NG-UE.
7. SEAF follows MASA and forward the Authentication and Data Request message to the AUSF/ARPF.
8. When AUSF/ARPF receives the Authentication and Data Request message, authenticates the NG-UE as per MASA and generates the IAS respective keys. AUSF/ARPF may recover the NG-UE IMSI and validate the NG-UE security capabilities.
9. AUSF/ARPF sends Authentication and Data Response to the SEAF as per MASA with NG-UE Security Capabilities included.
10. SEAF recovers the Subscriber IMSI, UE security Capabilities, IAS keys, RANDHN, COUNTER and does the following:
1. Examine the UE Security Capabilities and decides on the Security parameters.
2. SEAF may acquire the UP-GW security capabilities at this point after receiving the UP-GW identity from AUSF/ARPF or allocate it dynamically through provisioning and load balancing.
11. SEAF builds IAS and send to the NG-UE following MASA. In addition, SEAF include the gNB-CP protocol agreed upon security parameters in the S1AP message being sent to the gNB-CP node.
12. gNB-CP recovers gNB-CP protocol agreed upon security parameters and save it as part of the NG-UE current context.
13. gNB-CP forwards the IAS message to the NG-UE.
14. NG-UE validates the authenticity of the IAS and authenticates the network as per MASA. In addition, the UE saves all protocols agreed upon security parameters as part of its context. NG-UE sends the Security and Authentication Complete message to the SEAF.
15. SEAF communicates the agreed upon UP-GW security parameters to the UP-GW during the NG-UE bearer setup.

ARPF - Authentication Credential Repository and Processing Function 
AUSF - Authentication Server Function 
SCMF - Security Context Management Function
SEAF - Security Anchor Function
NG-UE - NG UE
UP - User Plane 
CP - Control Plane
IAR - Initial Authentication Request 
IAS - Initial Authentication Response
gNB - Next Generation NodeB

You may also want to refer to the 5G Network Architecture presentation by Andy Sutton for details.

See also:

• 5G Security Updates - July 2017
• 5G: Architecture, QoS, gNB, Specifications - April 2017 Update
• 5G – Beyond the Hype
• 5G Network Architecture and Design Update - Jan 2017

5G Security Updates - July 2017

Its been nearly 2 years since I last blogged about ETSI Security workshop. A lot has changed since then, especially as 5G is already in the process of being standardised. This is in addition to NFV / SDN that also applied to 4G networks.

ETSI Security Week (12 - 16 June) covered lot more than 5G, NFV, SDN, etc. Security specialists can follow the link to get all the details (if they were not already aware of).

I want to quickly provide 3 links so people can find all the useful information:

NFV Security Tutorial, designed to educate attendees on security concerns facing operators and providers as they move forward with implementing NFV. While the topics are focused on security and are technical in nature we believe any individual responsible for designing, implementing or operating a NFV system in an organization will benefit from this session. Slides here.

NFV Security: Network Functions Virtualization (NFV), leveraging cloud computing, is set to radically change the architecture, security, and implementation of telecommunications networks globally. The NFV Security day will have a sharp focus on the NFV security and will bring together the world-wide community of the NFV security leaders from the industry, academia, and regulators. If you want to meet the movers and shakers in this field, get a clear understanding of the NFV security problems, challenges, opportunities, and the state of the art development of security solutions, this day is for you. Slides here.

5G Security: The objectives of this event are to:

• Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views will shape together in order to understand the challenges, threats and the security requirements that the 5G scenarios will be bringing.
• Give an update of what is happening in:
• 5G security research: Lot of research is on-going on 5G security and several projects exist on the topic.
• 5G security standards: Standardization bodies have already started working 5G security and their work progress will be reviewed. Also any gap or additional standardization requirements will be discussed.
• Verticals and business (non-technical) 5G security requirements: 5G is playground where different verticals besides the telecom industry is playing a role and their requirements will be key for the design of 5G security. In addition 5G is where "security" will become the business driver.
• Debate about hot topics such as: IoT security, Advances in lightweight cryptography, Slicing security. Privacy. Secure storage and processing. Security of the interconnection network (DIAMETER security). Relevance of Quantum Safe Cryptography for 5G, Authorization concepts....

Slides for 5G Security here.

In addition, Jaya Baloo, CISO, KPN Telecom talks about 5G network security at TechXLR8 2017. Embedded is a video of that:

5G, Hacking & Security

It looks like devices that are not manufactures with security and privacy in mind are going to be the weakest link in future network security problems. I am sure you have probably read about how hacked cameras and routers enabled a Mirai botnet to take out major websites in October. Since then, there has been no shortage of how IoT devices could be hacked. In fact the one I really liked was 'Researchers hack Philips Hue lights via a drone; IoT worm could cause city blackout' 😏.

Enter 5G and the problem could be be made much worse. With high speed data transfer and signalling, these devices can create an instantaneous attack on a very large scale and generating signalling storm that can take a network down in no time.

Giuseppe TARGIA, Nokia presented an excellent summary of some of these issues at the iDate Digiworld Summit 2016. His talk is embedded below:



You can check out many interesting presentations from the iDate Digiworld Summit 2016 on Youtube and Slideshare.

Related posts:

• Three Presentations on 5G Security
• New whitepaper on Narrowband Internet of Things
• 5G New Radio (NR), Architecture options and migration from LTE
• M2M vs IoT
• Some more thoughts on 5G
• LTE, 5G and V2X
• 5G, Debates, Predictions and Stories

Quantum Technology and Future Telecommunications

Last year I posted an excerpt from an article in FT which implied that Quantum technology will play a big role in post-5G world. Earlier this month CW held their annual Technology & Engineering Conference (CW TEC). The topic was "The Quantum Revolution is coming". I have to admit that I knew next to nothing before the conference, however now I hope I know just enough to dabble in quantum technology related discussions.

The main question that I had before the conference was 'when will quantum technology be here?'. While there were different answers, depending on what you think Quantum is, I think the answer I feel comfortable is more like 2030 (just in time for 6G?)

There are already some great write-ups of the conference by others, please see links at the bottom of the post. Here are the presentations from the event:

• How to build a universal quantum computer by John Morton, University College London
  
• The end of cryptography as we know it by Michael Brown, Isara Corporation
  
• The quantum challenge and opportunity by Paul Martin, Plextek
  
• The UK Quantum Technology Programme and Funding Opportunities by Richard Murray, Innovate UK
  
• Quantum sensing, positioning and navigation by Trevor Cross, e2v
  
• The quantum challenge and opportunity by Zhiliang Yuan, Toshiba

Related Articles:

• TelcoFuturism - the impact of Quantum Technology - Dean Bubley, Disruptive Analysis
• Is Quantum Computing the future? Cambridge conference has the answers - Cambridge News
• Quantum 2.0 has potential to create step change in computing and communications - Cambridge Wireless
• Are you ready for the Quantum Revolution? - Mark England, Cambridge Consultants
• Does cryptography offer data protection a quantum of solace? - David Reed, DataIQ
• CW TEC 2016: The Quantum Revolution is coming! Quantum Communications & Computing: How will quantum technologies disrupt wireless?
• CW TEC main page

Three Presentations on 5G Security

Here are three presentations from the 5G Huddle in April, looking at 5G security aspects. As I have repeatedly mentioned, 5G is in process of being defined so these presentations are just presenting the view from what we know about 5G today.

Some interesting presentations from ETSI Security workshop

ETSI held their security week from 22-26 June 2015 at their headquarters. There are lots of interesting presentations (see agenda [PDF]); I am embedding some here.

IETF and IoT Security from Zahid Ghadialy

This is a good presentation providing a summary of the reasons for IoT security issues and some of the vulnerabilities that have been seen as a result of that.

Aircraft cyber-security - no need to panic...just yet! pic.twitter.com/hZABvW539B

— Zahid Ghadialy (@zahidtg) August 18, 2015

The next one is The Threat landscape of connected vehicles and ITS (Intelligent Transportation Systems) integration in general

THE THREAT LANDSCAPE … of connected vehicles and ITS integration in general from Zahid Ghadialy

This presentation provides a good summary of the threats in the connected cars/vehicles which is only going to become more common. Some of these issues will have to be solved now before we move on to the autonomous vehicles in future. Security issues there will be catastrophic and many lives can be lost.

The final presentation is from 3GPP SA3 that provides a quick summary of security related work in 3GPP.

The SS7 flaws that allows hackers to snoop on your calls and SMS

By now I am aware that most people have heard of the flaws in SS7 networks that allow hackers to snoop, re-route calls and read text messages. For anyone who is not aware of these things, can read some excellent news articles here:

• Hackers Can Read Your Texts Thanks to Huge Security Flaw - Gizmodo
• German researchers discover a flaw that could let anyone listen to your cell calls. - Washington Post
• White hats do an NSA, figure out LIVE PHONE TRACKING via protocol vuln - The Register
• 1980s technology can be used to hack any smartphone - Beta News

Our trusted security expert, Ravi Borgaonkar, informs us that all these flaws have already been discussed back in May, as part of Positive Hack Days (PHDays).

Here are the slides on SS7 hack from PHDays, http://t.co/VwUwtFVqyc mentions all flaws reveals in 3 #31c3 talks on SS7 security.
— Ravishankar Borgaonk (@raviborgaonkar) December 28, 2014

The presentation is embedded below and can be downloaded from Slideshare:

How to Intercept a Conversation Held on the Other Side of the Planet from Positive Hack Days

xoxoxo Added this new information on the 4th Jan 2015 oxoxox

The following is this presentation and video by Tobias Engel from the 31st Chaos Communication Congress

SS7: Locate. Track. Manipulate. from 3G4G

4G Security and EPC Threats for LTE

This one is from the LTE World Summit 2014. Even though I was not there for this, I think this has some useful information about the 4G/LTE Security. Presentation as follows:

4G Security - Fortinet from Zahid Ghadialy

LTE Device-to-device (D2D) Use Cases

Device-to-device is a popular topic. I wrote a post, back in March on LTE-Radar (another name) which has already had 10K+ views. Another post in Jan, last year has had over 13K views. In the LTE World Summit, Thomas Henze from Deutsche Telekom AG presented some use cases of 'proximity services via LTE device broadcast'

While there are some interesting use cases in his presentation (embedded below), I am not sure that they will necessarily achieve success overnight. While it would be great to have a standardised solution for applications that rely on proximity services, the apps have already come up with their own solutions in the meantime.



The dating app Tinder, for example, finds a date near where you are. It relies on GPS and I agree that some people would say that GPS consumes more power but its already available today.



Another example is "Nearby Friends" from Facebook that allows to find your friends if they are nearby, perfect for a day when you have nothing better to do.

With an App, I can be sure that my location is being shared only for one App. With a standardised solution, all my Apps have info about location that I may not necessarily want. There are pros and cons, not sure which will win here.

Anyway, the complete presentation is embedded below:

Enabling proximity services via LTE device broadcast from Zahid Ghadialy

For anyone interested in going a bit more in detail about D2D, please check this excellent article by Dr. Alastair Bryon, titled "Opportunities and threats from LTE Device-to-Device (D2D) communication"

Do let me know what you think about the use cases.

AT&T on Mobile Security

Nice presentation from Ed Amoroso from AT&T outlining how the security is evolving to cope with the new technologies and threats. He points to encryption, containerization, proxy & virtualization as the four key pillars of technology for enabling operators to protect the network in a mobility era where the perimeter can no longer do the job it used to do.

Here is the video:

If you cant see the video, click on this link to watch it on Light Reading's website.

Connected and Autonomous Car Revolution

Last week we had the Automotive and Transport SIG event in Cambridge Wireless. There is already some good writeup on that event here and here. In this post my interest in looking at the technologies discussed.

R&S (who were the sponsors) gave their introduction presentation quite well highlighting the need and approaches for the connected car. He also introduced the IEEE 802.11p to the group.

As per Wikipedia, "IEEE 802.11p is an approved amendment to the IEEE 802.11 standard to add wireless access in vehicular environments (WAVE), a vehicular communication system. It defines enhancements to 802.11 (the basis of products marketed as Wi-Fi) required to support Intelligent Transportation Systems (ITS) applications. This includes data exchange between high-speed vehicles and between the vehicles and the roadside infrastructure in the licensed ITS band of 5.9 GHz (5.85-5.925 GHz). IEEE 1609 is a higher layer standard based on the IEEE 802.11p."

Back in December, Dr. Paul Martin did an equally useful presentation in the Mobile Broadband SIG and his presentation is equally relevant here as he introduced the different terms live V2X, V2i, V2V, V2P, etc. I have embedded his presentation below:

Roger Lanctot from Strategy Analytics, gave us some interesting facts and figures. Being based in the US, he was able to give us the view of both US as well as Europe. According to him, “LTE is the greatest source of change in value proposition and user experience for the customer and car maker. Bluetooth, Wi-Fi, NFC and satellite connectivity are all playing a role, but LTE deployment is the biggest wave sweeping the connected car, creating opportunities for new technologies and applications.” His officially released presentation is embedded below (which is much smaller than his presentation on that day.

There were also interesting presentations that I have not embedded but other may find useful. One was from Mike Short, VP of Telefonica and the other was from Dr. Ireri Ibarra of MIRA.

The final presentation by Martin Green of Visteon highlighted some interesting discussions regarding handovers that may be required when the vehicle (and the passengers inside) is moving between different access networks. I for one believe that this will not be an issue as there may be ways to work the priorities of access networks out. Anyway, his presentation included some useful nuggets and its embedded below:

Securing the backhaul with the help of LTE Security Gateway

An excellent presentation from the LTE World Summit last year, that is embedded below. The slide(s) that caught my attention was the overhead involved when using the different protocols. As can be seen in the picture above, the Ethernet MTU is 1500 bytes but after removing all the overheads, 1320 bytes are left for data. In case you were wondering, MTU stands for 'maximum transmission unit' and is the largest size packet or frame, specified in octets (8-bit bytes), that can be sent in a packet or frame based network such as the Internet.

Anyway, the presentation is embedded below:

Securing the backhaul from 3G4G Blogs

Security and other development on the Embedded SIM

Its no surprise that GSMA has started working on Embedded SIM specifications. With M2M getting more popular every day, it would make sense to have the SIM (or UICC) embedded in them during the manufacturing process. The GSMA website states:

The GSMA’s Embedded SIM delivers a technical specification to enable the remote provisioning and management of Embedded SIMs to allow the “over the air” provisioning of an initial operator subscription and the subsequent change of subscription from one operator to another.

The Embedded SIM is a vital enabler for Machine to Machine (M2M) connections including the simple and seamless mobile connection of all types of connected vehicles. In the M2M market the SIM may not easily be changed via physical access to the device or may be used in an environment that requires a soldered connection, thus there is a need for ‘over the air’ provisioning of the SIM with the same level of security as achieved today with traditional “pluggable” SIM. It is not the intention for the Embedded SIM to replace the removable SIM currently used as the removable SIM still offers many benefits to users and operators in a number of different ways – for example, the familiarity of the form factor, easy of portability, an established ecosystem and proven security model.

The last time I talked about embedded SIM was couple of years back, after the ETSI security workshop here. Well, there was another of these workshops recently and an update to these information.

The ETSI presentation is not embedded here but is available on Slideshare here. As the slide says:

An embedded UICC is a “UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions” (ETSI TS 103 383)

Finally, Embedded SIM should not be confused with Soft-SIM. My last post on Soft-SIM, some couple of years back here, has over 15K views which shows how much interest is there in the soft SIM. As the slide says:

Soft or Virtual SIM is a completely different concept that does not use existing SIM hardware form factors and it raises a number of strong security issues:

• Soft SIM would store the Operator secret credentials in software within the Mobile device operating system - the same system that is often attacked to modify the handset IMEI, perform SIM-Lock hacking and ‘jail-break’ mobile OS’s
• Operators are very concerned about the reduction in security of their credentials through the use of Soft SIM. Any SIM approach not based on a certified hardware secure element will be subject to continual attack by the hacking community and if compromised result in a serious loss of customer confidence in the security of Operator systems
• Multiple Soft SIM platforms carrying credentials in differing physical platforms, all requiring security certification and accreditation would become an unmanageable overhead – both in terms of resource, and proving their security in a non-standardised virtual environment

The complete GSMA presentation is as follows:

GSMA Embedded SIM from Zahid Ghadialy

You may also like my old paper:

• M2M, Cellular and Small Cells

3GPP Rel-12 and Future Security Work

Here is the 3GPP presentation from the 9th ETSI Security workshop. Quite a few bits on IMS and IMS Services and also good to see new Authentication algorithm TUAK as an alternative to the widely used Milenage algorithm.

3GPP Rel-12 Security, and Future 3GPP Security Work from Zahid Ghadialy