ETSI Security Week 2018 (link) was held at ETSI's Headquarters in Sophia Antipolis, South of France last week. It covered wide variety of topics including 5G, IoT, Cybersecurity, Middlebox, Distributed Ledger Technology (DLT), etc. As 5G and IoT is of interest to the readers of this blog, I am providing links to the presentations so anyone interested can check them out at leisure.
Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:
5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.
5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?
The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?
Event Objectives
The workshop intends to:
So here are the relevant presentations:
Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson
Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC
Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters
Integrating the SIM (iUICC), Adrian Escott, QUALCOMM
Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman
Network Slicing, Anne-Marie Praden, Gemalto
Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet
5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo
Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies
ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17
Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO
Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems
Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems
5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup
Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs
Security Best Practises using RESTful APIs, Sven Walther, CA Technologies
Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence
Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)
Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson
Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal
Setting the Scene, Franck Boissière, European Commission
ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA
Smart City Aspects, Bram Reinders, Institute for Future of Living
The Network Operators Perspective on IoT Security, Ian Smith, GSMA
Related Links:
Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:
5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.
5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?
The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?
Event Objectives
The workshop intends to:
- Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain;
- Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure;
- Give an update of what is happening in 3GPP 5G security;
- Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials;
- Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches;
- Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs;
- Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.
Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson
Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC
Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters
Integrating the SIM (iUICC), Adrian Escott, QUALCOMM
Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman
Network Slicing, Anne-Marie Praden, Gemalto
Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet
5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo
Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies
ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17
Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO
Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems
Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems
5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup
Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs
Security Best Practises using RESTful APIs, Sven Walther, CA Technologies
Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence
Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)
Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson
Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal
Setting the Scene, Franck Boissière, European Commission
ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA
Smart City Aspects, Bram Reinders, Institute for Future of Living
The Network Operators Perspective on IoT Security, Ian Smith, GSMA
Related Links:
- Detecting false base stations in mobile networks - Ericsson Research Blog
- 5G Security Updates - March 2018 - 3G4G Blog
- Introduction to 3GPP Security in Mobile Cellular Networks - 3G4G Blog