5g and the future of security in...
TRANSCRIPT
1
Dr. David Soldani• CTO and CSO Huawei (Australia)
• CTO Office Huawei (Southern Pacific)
• Adj. Professor, UNSW (Australia)
Auckland, 28/11/2019
5G and the
Future of Security in ICT
2
The “Flag of Origin” is not critical a element of cybersecurity
Route cause categories
66% (90% in UK) System failures: hardware
failures (36%) and software bugs (29%)
17% human errors
The country of origin of suppliers not among main causes for concern in how attacks are carried out... [UK NCSC]
The “Flag of origin” for Telco equipment is not the critical element in determining cyber security [UK ISC]
9% Natural phenomena
4% malicious actions: 2/3
Denial of Service (DoS)
attacks, and the rest are
mainly damage to physical
infrastructure
3
Cyber Supply Chain Risk Management June 2019Practitioners guide by ACSC
Know the likely supply chain threats – intent and technical means [ACSC]
38. Be cautious of making decisions solely based on nationality of a vendor. A vendor from a country whose laws are not likely contrary to Australian law, does lower the immediate elevation of risk associated with likely adverse extrajudicial control in nationally critical systems. …
43. Threat to supply chain is not limited to extrajudicial influence. Foreign interference is not just related to a vendor’s country of origin. As the case studies demonstrate, it is usually simpler to compromise another product or service in the supply chain without lawful interference, in order to achieve the required outcome.
4
Key security risks are associated with Telco supply chain*
1. National dependence on any one vendor, as vendors’ supply chain may have the
same level of risk, see: https://www.auscert.org.au/resources/security-bulletins/
2. Faults or vulnerabilities in network equipment Harms (impact)
3. The ‘backdoor’ threat – the embedding of malign functionality in vendor
equipment
4. Vendor administrative access to provide equipment support or as part of a
managed services contract
*) Telco Supply Chain: Includes the design, manufacture, delivery, deployment, support and decommissioning of equipment
(hardware and software) or services that are utilised within an organisations cyber ecosystem. Supply chain must consider
the whole life of an IT product or service in an organisation [ACSC]
5
Telecoms supply chain is of major concern in UK 09/2019
• The UK takes the security of telecoms networks extremely
seriously
• Next generation networks like 5G raise security risks as well as
economic opportunities
• This is why the Government has undertaken a comprehensive
review of the supply arrangements for the UK telecoms Critical
National Infrastructure (CNI)
• The Review has addressed three key questions:
• How should we incentivise telecoms operators to improve
security standards and practices in 5G and full fibre
networks?
• How should we address the security challenges posed
by vendors?
• How can we create sustainable diversity in the telecoms
supply chain?
6
EU coordinated risk assessment 5G cybersecurity 09/10/2019https://eu2019.fi/en/article/-/asset_publisher/member-states-publish-a-report-on-eu-coordinated-risk-assessment-of-5g-networks-security
This document follows the approach set out in the ISO/IEC: 27005 risk
assessment methodology, and reflects the assessment of a set of parameters:
the main types of threats posed to 5G networks,
the main threat actors,
the main assets and their degree of sensitivity,
the main vulnerabilities,
the main risks and related scenarios.
Conclusions based on capabilities (resources) and intention/attempt (motivation):
• Integrity and availability of 5G is the major concerns, on top of the existing confidentiality and privacy requirements
• Threats posed by States or State-backed actors, are perceived to be of highest relevance by exploiting undocumented functions or attacking interdependent critical infrastructures (e.g. power supply)
• Other more severe threats included compromised confidentiality and availability associated with an insider within a telecom operator/subcontractor, and associated with an organized crime group
• Most critical 5G assets: Core Network Functions, NFV MANO
• Vulnerability: Dependency on any one supplier, i.e. lack of diversity in equipment or solutions used both within individual networks and nationally Resiliency, investments, systemic failure, hostile exploitation, business continuity risks
7
How to cope with Cyber Security?
5 Eyes• “There is agreement between the Five
Countries of the need to ensure supply
chains are trusted and reliable to protect
our networks from unauthorized access or
interference
• They recognize the need for a rigorous risk-based evaluation of a range
of factors which may include, but not be limited to, control by foreign
governments
• They also recognize the need for evidence-based risk assessment to
support the implementation of agreed-upon principles for setting
international standards for securing cyber networks”
8
Statements on 5G suppliers 07/2019 [UK STC and ISC]
Carrier network to be resilient to any attack, such that no single action could
disable the system, can be best achieved by diversifying suppliers:
1. Reducing over-dependence from a single vendor: The network should not
be dependent on just one vendor, as this would render it less resilient
2. Increasing competition: Requiring operators to use equipment from more
than one vendor increases competition between those vendors, which will
force them to improve their security standards
9
EU: Joint efforts on unified cyber security verification standard
EU Cybersecurity Act (ENISA – EU Commission) NESAS: Network Equipment Security Assurance Scheme
Drive
NESAS/SCAS
to become
mature
international
standards
Gain
regulators'
recognition on
NESAS/SCAS
NESAS/SCAS are authoritative
security standards built by
3GPP/GSMA for the
communication industry
Engage more
industry
partners
including
labs/auditing
companies
3GPP / SCAS Product security
testing
GSMA / NESAS Audits of product
development and
lifecycle processes
NESAS officially released in August 2019.
5G SCAS specifications completed in Q3 of 2019.
Security Assurance Specs
Security Assurance Methodology
Security Assurance Standards Package
Set into effect by Article (EU) No 69/2019 since 27 June 2019
Step 1: Creation & Governance of a new Certification Scheme at EU Level –
Voluntary scheme for the industry but mandatory that member states put it into
place (By 28 June 2020)
Step 2: Enforcement of the new Certification Scheme at the national level (e.g.
Actors in France) (By 28 June 2024, and every five years thereafter)
Step 3: Introduction of new Certification Schemes (created in the Step 1) to
make it mandatory in the industry : Using the sectorial regulation from the
different DG ( FIMA, Home, Move, etc.) (By 31 December 2023)
Supporting Cybersecurity authorities (in the Union) - selected:
Supervisory authorities:
CERT-EU EC3 BEREC EDPB
EU Cybersecurity Act key milestones and activities
EDA
10
The benefits of 5G technology: fundamental enabler of the 4IR
Benefits from 5G to global manufacturing (USD Billions) by use case
5G will contribute around USD1.4 trillion to global GDP by 2030 Global impact of 5G on healthcare (annual cost savings USD Billions)
Annual global CO2 emissions from mobile networks (tonnes of CO2)
5.3% GDP Growth in
15 years [GSMA 2019] $US 90+ Billion cost saving
on healthcare in 10 years
400+ M Tonnes CO2
reduction in 10 years$US 700+ Billions benefits to
manufacturing in 10 years
[Philip Laidler, Partner & Consulting Director | [email protected] | October 2019]
11
5G requirements to enable the 4th industrial revolution• Slicing as a Service + Agile Operation + Superior New Experiences NB-IoT eMTC eMBB URLLC NR-Light
Low Latency
Coverage
Battery
Life
Reliability
Peak Data
RateCost
NB-IoT eMTC (IoT) eMBB (Consumers) URLLC (Robotic platforms) NR-Light (IIoT)
12
5G RAN and CORE are separated and won’t ever overlap
S1-C S1-U
eNB gNBX2
EPC
5G NSA
5G UE
5G Wireless
base station
4G Core
Network
4G Wireless
base station
NGC
NG-C NG-U
5G SA
5G Core
Network
gNB
5G Wireless
base station
5G UE
• Basis for eMBB Service • Enhancement for URLLC services
• Enhancement for mMTC services
20202018 20192017
Rel-15 Rel-16 Rel-17+
NSA: Non-standalone SA: Standalone
eMBB: Enhanced Mobile Broadband URLLC: Ultra-Reliable and Low-Latency Communications mMTC: Massive Machine-Type Communications
5G future usage
Operator Third party
Specific area
Remote Driving Power Distribution Control Smart Factory
13
5G Networks: Threat Landscape
Air Interface Threats• Eavesdropping• Impersonation• Data Tampering• Jamming• Rough BTS• SON Attacks
O&M Threats• Unauthorized access• Data Leakage• Malware• API attacks.• OSS Services Integration.
gNB Threats• Tampered SW/HW• Unauthorized access• Data Leakage• RAN DDoS (From UE)
Threats
Backhaul Threats• Tampering• Eavesdropping• Protocol Modification• Protocol downgrade• SDN Threats
Air Interface• mMTC• uRRLC• eMBB
gNB Assets• New Radio• CU/DU Split• eCPRI
Transport• Optical• Microwave• SDN
O&M• Hardware• OSS & EMS software• O&M data
MEC Threats• Untrusted 3rd APP • DDoS UPF• Malware• Virtualization attacks• App layer attacks• API Attacks
MEC Assets• UPF• NFV• COTS
5G Core• User data• OS/Software • O&M data
5G Core Threats• NFV-based attacks• Roaming (Fraud, Abuse)• Roaming Protocol attacks
(SS7-like attacks)• Malicious AF/VNF• Unauthorized Access• Data Tempering• Eavesdropping• DDOS• OSS/5GC Attacks
UE• mMTC• uRRLC• eMBB
UE Threats• Malware• Cloning• Bot Hijacking• Rough BTS• Protocol Downgrade• FW/HW/SW (Supply Chain) Poisoning• IMSI Catching
Assets
14
5G Inherited and Improved Security
3GPP Security Architecture
(I) Network access security, (II) network domain security, (III) user domain
security, (IV) application domain security, (V) service domain security
User Application Provider Application
SN
HE
3GPP AN
Non-3GPP AN
(I) (I)
(I)
(II)
(IV)
(V)
ApplicationStratum
Home Stratum/Serving Stratum
Transport Stratum
(II)
(I)
(III)
(I)
ME USIM
(I)
UE RAN Core network
5GC DN
Source: 3GPP TS 33.501
UDMAMF
UPF
SMF
AUSF
• Core network authenticates users and protects
subscription information
• RAN is unaware of user data and uses PDCP
encryption and IPsec to ensure transmission security
Improvements in 5G Security
Access Network
Enhanced Air Interface and Transport Security on 5G
CU/DU Split Architecture supported but not mandatory
Encryption schemes for SUPI to protect privacy in initial access
mMTC standards to be further defined in 3GPP R17
Base Station identification/control of DDOS attack from malicious UEs - Huawei
Core Network
Enhancements to key hierarchy, roaming, and transport security
Cloud Security implementation
Industry standard compliance (ETSI for NFV, SEC009, SEC002)
NFV isolation End-to-end (intra DC, service domain, host groups, VMs)
Mobile Edge Computing (MEC) security measures
Slicing security for improved service security assurance
Resilience in Deployment and Operations
Security by design principles for Secure and Security-enabled solutions
Utilize NIST CSF fundamental approach to control key risks in live operations
Identify, Protect, Detect, Respond, Recover
Support monitoring, auditing and traceability.
Secure boot and file/code integrity verification.
15
4G
5G
BetterPrivacy Protection
IMSI Exposure
User Plane no Integrity Protection
Encrypted Subscribers’ ID
User plane integrity protection
EnhancedInterconnection Security
SS7 re-routing
Diameter Message Spoofing
E2E security
between PLMNs
EffectiveAuthentication framework
Various Authentication
LTE
5G
Wi-Fi
Unified Authentication
CN
StrongerSecurity Algorithm
L=256
e.g.
L=256
L=128
128-bit Key Length
256-bit Key Length
Years of common contributions by dozens of vendors/operators/regulators…
3GPP Security Improvements in 5G
16
5G network assets and security control zone
SBA : Service Based Architecture CDR: Charging Data Record
UE RAN 5GC(SBA)Bearer network
Internet/ 5G service
FirewallSecurity gateway
EMS + Security Management Platform
MEC
NEF NRF UDM PCF
SEPP
AMF SMF AUSF
UE RAN Transmission MEC 5GC 5G service Operation & Mgmt.
USIM RAN
BBU/RRU
hardware
Router and
switch
hardware
Cabinet
COTS server
Firewall and security
gateway hardware
UPF:
Can NOT touch subscriber ID
Can NOT touch root key
COTS server
Operator's data: reports and
CDRs
Some User privacy information:
subscription information, location
information, etc;
UDM, AUSF:
Process subscriber ID
Process root key
AMF, SMF:
Process subscriber ID
Can NOT touch root key
User’s service
information: ID, location,
key, password, state info,
health data etc.
(The data above are stored
in 5G service Database)
Password
Certificate
Configuration
Monitoring data
(By network carriers)
17
5G Security is a Shared Responsibility…
Delivery
Deployment & Operation Security
Operators
Standard OrganizationsDefine requirement & standard
scheme
GovernmentDevelop legislation and
regulations
Implement E2E security
supervision
Application Security
Service Provider & Customers
8
Eco
Sec
Eco
Sec
Product Security
Vendor
E2E Supply Chain Risk Management
E2
E S
up
ply
Ch
ain
Ris
k M
an
ag
em
ent
18
New Network Drives Down the Cost/bit/km and E2E Latency
DCN
100G 200/400G
User Experience
10G PON OLTOTN200/400G/λ
IP
SR/EVPN
5G Microwave: 10-20 Gbps
Gbps 5G UE
GE-10GE LL
Giga to Home
4K IP Camera
100Mbps UL
10Gbps/Sector
EGW
10G PON ONT
WiFi 6: 1+ Gbps
50G Ring10Gbps to Site
5G Core
User Plane5G Core
CP/UP
Site/GW Access Ring UL Edge DC Metro/Backbone Ring DCI
Segment Routing (SR/SRv6): Up to 80% network utilization
Access Backhaul Edge Metro/Backbone Central
19
Outdoor: Massive MIMO [UK]
20
Indoor: All-in-One solution [China]
21
Huawei has deeply contributed to
3GPP security standardization
35 CC certifications
15 FIPS certifications
# 3GPP study Item (Huawei as Rapporteur)
1 Security Assurance Specification for 5G
2 Study on the security of the Wireless and Wireline
Convergence for the 5G system architecture
3 Study of KDF negotiation for 5G System Security
4 The SID on security for 5G URLLC
Huawei has deployed 329 LTE commercial
networks with good security records
2013
2014
2018
2019
R15 to enhance security
• eMBB
R16/R17 to enhance security
• URLLC
• mMTC
Huawei EPC obtained
CC EAL3 certification
Huawei LTE obtained
CC EAL4+ certification
…
Security standard roadmap and Huawei 4G security experience
22
Cloud Infra. Threats
• Compute
• Storage
• Network
• CloudOS
3GPP
definition
Enhanced
by Huawei
Resilience
Recover Identify
Detect
Respond Protect
RAN Threats
• User Data Leakage
• DDoS Attack
Common Threats
• Illegal Access
• Malicious Software
• Data Tamper/Leakage
• DDoS Attack
• O&M Security Threat
5GC Threats
• SBA
• Roaming
• Network Slice
• MEC
NEF NRF UDM PCF
SEPP
AMF SMF AUSF
UPF UPF/MEC
Internet
5G wireless
base station
5G UE
Transmission
5GC
NFV
3-plane Isolation
Built-in firewall
Authentication
Transport Security Malicious Signaling Detect
DDoS Detect (Overload)
Slice resource isolation KPIs monitoring
Slice authentication
Access Authentication Service security auditService access
authorization
Slice key
Topology hiding
Signaling audit
Application layer security
Air Interface Encryption & Integrity Protection
Digital Signature, Secure Boot and DIM
Hardware RoT and HSM Anonymization
IPsec TLS//SSH
Slice resource reserve
Communication
encryption
Target
encryption
Software
security
E2E Data lifecycle
Security Protection
VNF/Application
hardening
Automatic security policy
Vulnerabilities Management
Intrusion detection
big data security and correlation analysis
Multi-layer Isolation
MechanismsSystem hardening
ACL blocking
VM migration
VM rebuilding
Periodic VM restoration
Blacklist and whitelist
Access control
Flow control
Network isolation
Remote attestation
Configuration correction
Account disabling
Patch/upgrade
Port disable
Configuration rollback
Data recovery
Identify Protect DetectRespond/
Recover
Comprehensive security portfolio for 5G
23
R&D Centers Worldwide: The Best Resources for Innovation
MathematicsCloud, AI, software, architecture,
innovation, devices
Wireless, devices, engineering
Fixed networks,
engineering, quality
Microwave
Mathematics,
aesthetics, imaging
Wireless, systems
Wireless
(short-distance)Software
Optical networks,
devices
Engineering, components,
audio & video, quality
San Diego
Silicon Valley
Seattle
Vancouver
Dallas
Ottawa
New Jersey
Chicago MunichParis
Moscow
Stockholm
Milan
Helsinki
London
Bangalore
Singapore
Beijing
SuzhouChengdu
Xi'anNanjing
Hangzhou
YokohamaShanghai
ShenzhenWuhan
Germany Russia Shanghai, China Bangalore, IndiaUKSweden
https://youtu.be/af0tj0Nd3tk
?
24
Huawei Cyber Security Transparency Center is to Serve as an Open,
Transparent and Collaborative Exchange Platform with Key Stakeholders
Banbury, UK
Brussels, Belgium
Bonn, Germany
Dubai, UAE
Shenzhen,China
Toronto, Canada
Global Hub
Regional Hub HCSTC Brussels:Communication, Innovation and Verification
https://youtu.be/yMBu5bvfTPM
?
25
How to improve the security of business and communities
and ensure the future prosperity of a country?https://www-file.huawei.com/-/media/corporate/PDF/News/huawei-technologies-australia-submission-to-the-department-of-home-affairs.pdf
1. Reduce the risk of national dependency on any one supplier, regardless their country
of origin, to improve 5G and fibre networks resilience
2. Ensure more competitive, sustainable and diverse Telecoms supply chain, to drive
higher quality, innovation, and more investments in Cybersecurity
3. Define network security and resilience requirements on 5G and fibre networks;
contribute to unified standards; identify toolbox of appropriate, effective risk
management measures; and enforce tailored and risk-based certification schemes
4. Ensure effective assurance testing for equipment, systems and software and support
specific evaluation arrangements. (The assessment and evaluation of products from
different vendors shall be the same, as their supply chain has the same level of risk.)
5. Develop industrial capacity in terms of software development, equipment
manufacturing, laboratory testing, conformity evaluation, etc., looking at end-to-end
cybersecurity system assurance; new architecture and business models; tools for risk
mitigation and transparency, and greater interoperability and more open interfaces;
and share results, in closed loop (3.)
Copyright©2018 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without
limitation, statements regarding the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that could cause actual
results and developments to differ materially from those expressed or implied in the
predictive statements. Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei may change the
information at any time without notice.
Thank You.
https://onlinelibrary.wiley.com/doi/abs/10.1002/9781119515579.ch7