5G-ENSURE Security and Privacy Enablers
5G-ENSURE sets out to become the 5G PPP reference project for 5G security, privacy and trust through iterative releases of its enablers based on a series of Technical Roadmaps. An initial set of enablers has been released and are openly specified, developed, released and documented in manuals.
The enablers focus on five technologies:
- Authentication, Authorisation and Accounting (AAA): 5G-ENSURE will advance secure functions to support 5G use cases. Impact: 5G support for IoT and satellite systems. Trust and liability levels.
- Privacy: 5G-ENSURE will increase users’ assurance and confidence in 5G through enhanced user data protection implemented with solutions at several layers. Impact: Creation of services and business models on top of 5G.
- Trust: 5G-ENSURE will deliver tools using new trust models, including M2M interactions. Impact: Trustworthy dynamic 5G multi-stakeholder system.
- Security Monitoring: 5G-ENSURE will focus on security by operations, i.e., monitoring and auditing 5G security. Impact: Resilient 5G system to implement new services.
- Network Management & Virtualisation Isolation: 5G-ENSURE will focus on a secure network control plane including virtualised networks and network services. Impact: Mitigate security threats in SDN.
The second wave of 5G security enablers is now under specification and most of them be software released by end of the project in October 2017, thus contributing to further advance 5G Security Vision within 5G-PPP community and beyond.
| Enabler | Short Description | Partner and contact for external use | |
|---|---|---|---|
| AAA: Internet of Things (IoT) | The IoT Enabler provides new definitions of protocols for credential management and authentication of users and devices, such as sensors, actuators, and IoT devices in general. The Enabler will look at the authentication of USIM-less devices, BYOi scenarios and group authentication as means to build specific support for IoT devices. Guide | SICS thomas.carnehult(Replace this parenthesis with the @ sign)ri.se | |
| AAA: Fine-grained authorisation | The goal of the fine-grained authorisation enabler is to provide a secure fine-grained access control to resource constrained devices. Access control paradigm based on RBAC and ABAC are taken into account by different standards and are common today. This enabler proposes to reuse these existing technologies for services and interconnected resource access control, with the constraints of these resources in mind. Guide | Thales Alenia Space | |
| Privacy Enabler: Enhanced Identity Protection | The enabler aims to provide long term identifiers (IMSI) protection basically by means of asymmetric encryption techniques and use of dynamic random or pseudorandom pseudonyms instead of IMSIs. Guide | TIIT | |
| Privacy Enabler: Device Identifier Privacy | The enabler aims to provide anonymisation techniques on the user’s device, offering Privacy Enhanced Attachment (PEA), which provides protection against device identity (and possibly also user identity) disclosure and unauthorised device/user tracking. Guide | University of Oxford | |
| Trust Enabler: Trust Builder | Provides a knowledge base of 5G assets, threats and controls and a user interface to define a system, assess threats and choose controls. Guide | IT INNOVATION | |
| Trust Enabler: Trust Metric | Aggregates network monitoring data (related to trust) into a single trustworthiness metric. Focus is on micro-segmentation. Guide | VTT | |
| Trust Enabler: VNF Certification Enabler | Provides a Digital Trustworthiness Certificate (DTwC) to certtify trust aspects of a VNF. Guide | Thales Group (TCS) | |
| The main goal of this security enabler is to provide pseudo real-time monitoring and threat detection in 5G integrated satellite and terrestrial systems. Guide | Thales Alenia Space | |
| Security Monitoring Enabler: PulSAR (Proactive Security Assessment and Remediation) | The purpose of PulSAR is to provide a clear view on cyber attack’s progression though attack graphs. Guide | Thales Group (TS)
| |
| Security Monitoring Enabler: Generic Collector Interface | The enabler aims to enable the interoperability between events and logs, in order to allow FastData technologies to be deployed inside the 5G Network. The enabler provides a unique format of log and events. Guide | ORANGE | |
| Security Monitoring Enabler: System Security State repository | Captures the system state in a model that can be visualised and analysed to understand what threats are present and check compliance with the design. Guide | IT INNOVATION | |
| Network Management and VIrtualisation Enabler: Access Control Mechanisms | Enforcement of access control policies that account for the southbound API of an SDN controller. A policy specifies which network applications, which run on top of the SDN controller, are allowed to send which OpenFlow messages to which data plane components. Guide | NEC | |
| Network Management and Virtualisation Enabler: Component-interaction Audits | Verification (during runtime or offline) of the interactions between multiple network components (e.g., network applications, controller, and switches) with respect to simple policies about the components’ exchanged OpenFlow messages. Guide | NEC | |
| Network Management and Virtualisation Enabler: Bootstrapping Trust | This enabler addresses impersonation attacks on network components by attesting the integrity of network edge prior to enrolling them into the SDN deployment. Guide | SICS | |
| Network Management and Virtualisation Enabler: Micro-segmentation | Network management enabler for single and multi-domain software networks that will facilitate dynamic arrangement of micro-segmentation, i.e., creation deletion, merging, and splitting of micro-segments. With micro-segmentation it would be possible to create secure segments where more granular access controls and stricter security policies can be enforced. Guide | VTT |
