1

Dr. David Soldani• CTO and CSO Huawei (Australia)

• CTO Office Huawei (Southern Pacific)

• Adj. Professor, UNSW (Australia)

Auckland, 28/11/2019

5G and the

Future of Security in ICT

2

The “Flag of Origin” is not critical a element of cybersecurity

Route cause categories

66% (90% in UK) System failures: hardware

failures (36%) and software bugs (29%)

17% human errors

The country of origin of suppliers not among main causes for concern in how attacks are carried out... [UK NCSC]

The “Flag of origin” for Telco equipment is not the critical element in determining cyber security [UK ISC]

9% Natural phenomena

4% malicious actions: 2/3

Denial of Service (DoS)

attacks, and the rest are

mainly damage to physical

infrastructure

3

Cyber Supply Chain Risk Management June 2019Practitioners guide by ACSC

Know the likely supply chain threats – intent and technical means [ACSC]

38. Be cautious of making decisions solely based on nationality of a vendor. A vendor from a country whose laws are not likely contrary to Australian law, does lower the immediate elevation of risk associated with likely adverse extrajudicial control in nationally critical systems. …

43. Threat to supply chain is not limited to extrajudicial influence. Foreign interference is not just related to a vendor’s country of origin. As the case studies demonstrate, it is usually simpler to compromise another product or service in the supply chain without lawful interference, in order to achieve the required outcome.

4

Key security risks are associated with Telco supply chain*

1. National dependence on any one vendor, as vendors’ supply chain may have the

same level of risk, see: https://www.auscert.org.au/resources/security-bulletins/

2. Faults or vulnerabilities in network equipment Harms (impact)

3. The ‘backdoor’ threat – the embedding of malign functionality in vendor

equipment

4. Vendor administrative access to provide equipment support or as part of a

managed services contract

*) Telco Supply Chain: Includes the design, manufacture, delivery, deployment, support and decommissioning of equipment

(hardware and software) or services that are utilised within an organisations cyber ecosystem. Supply chain must consider

the whole life of an IT product or service in an organisation [ACSC]

5

Telecoms supply chain is of major concern in UK 09/2019

• The UK takes the security of telecoms networks extremely

seriously

• Next generation networks like 5G raise security risks as well as

economic opportunities

• This is why the Government has undertaken a comprehensive

review of the supply arrangements for the UK telecoms Critical

National Infrastructure (CNI)

• The Review has addressed three key questions:

• How should we incentivise telecoms operators to improve

security standards and practices in 5G and full fibre

networks?

• How should we address the security challenges posed

by vendors?

• How can we create sustainable diversity in the telecoms

supply chain?

6

EU coordinated risk assessment 5G cybersecurity 09/10/2019https://eu2019.fi/en/article/-/asset_publisher/member-states-publish-a-report-on-eu-coordinated-risk-assessment-of-5g-networks-security

This document follows the approach set out in the ISO/IEC: 27005 risk

assessment methodology, and reflects the assessment of a set of parameters:

the main types of threats posed to 5G networks,

the main threat actors,

the main assets and their degree of sensitivity,

the main vulnerabilities,

the main risks and related scenarios.

Conclusions based on capabilities (resources) and intention/attempt (motivation):

• Integrity and availability of 5G is the major concerns, on top of the existing confidentiality and privacy requirements

• Threats posed by States or State-backed actors, are perceived to be of highest relevance by exploiting undocumented functions or attacking interdependent critical infrastructures (e.g. power supply)

• Other more severe threats included compromised confidentiality and availability associated with an insider within a telecom operator/subcontractor, and associated with an organized crime group

• Most critical 5G assets: Core Network Functions, NFV MANO

• Vulnerability: Dependency on any one supplier, i.e. lack of diversity in equipment or solutions used both within individual networks and nationally Resiliency, investments, systemic failure, hostile exploitation, business continuity risks

7

How to cope with Cyber Security?

5 Eyes• “There is agreement between the Five

Countries of the need to ensure supply

chains are trusted and reliable to protect

our networks from unauthorized access or

interference

• They recognize the need for a rigorous risk-based evaluation of a range

of factors which may include, but not be limited to, control by foreign

governments

• They also recognize the need for evidence-based risk assessment to

support the implementation of agreed-upon principles for setting

international standards for securing cyber networks”

8

Statements on 5G suppliers 07/2019 [UK STC and ISC]

Carrier network to be resilient to any attack, such that no single action could

disable the system, can be best achieved by diversifying suppliers:

1. Reducing over-dependence from a single vendor: The network should not

be dependent on just one vendor, as this would render it less resilient

2. Increasing competition: Requiring operators to use equipment from more

than one vendor increases competition between those vendors, which will

force them to improve their security standards

9

EU: Joint efforts on unified cyber security verification standard

EU Cybersecurity Act (ENISA – EU Commission) NESAS: Network Equipment Security Assurance Scheme

Drive

NESAS/SCAS

to become

mature

international

standards

Gain

regulators'

recognition on

NESAS/SCAS

NESAS/SCAS are authoritative

security standards built by

3GPP/GSMA for the

communication industry

Engage more

industry

partners

including

labs/auditing

companies

3GPP / SCAS Product security

testing

GSMA / NESAS Audits of product

development and

lifecycle processes

NESAS officially released in August 2019.

5G SCAS specifications completed in Q3 of 2019.

Security Assurance Specs

Security Assurance Methodology

Security Assurance Standards Package

Set into effect by Article (EU) No 69/2019 since 27 June 2019

Step 1: Creation & Governance of a new Certification Scheme at EU Level –

Voluntary scheme for the industry but mandatory that member states put it into

place (By 28 June 2020)

Step 2: Enforcement of the new Certification Scheme at the national level (e.g.

Actors in France) (By 28 June 2024, and every five years thereafter)

Step 3: Introduction of new Certification Schemes (created in the Step 1) to

make it mandatory in the industry : Using the sectorial regulation from the

different DG ( FIMA, Home, Move, etc.) (By 31 December 2023)

Supporting Cybersecurity authorities (in the Union) - selected:

Supervisory authorities:

CERT-EU EC3 BEREC EDPB

EU Cybersecurity Act key milestones and activities

EDA

10

The benefits of 5G technology: fundamental enabler of the 4IR

Benefits from 5G to global manufacturing (USD Billions) by use case

5G will contribute around USD1.4 trillion to global GDP by 2030 Global impact of 5G on healthcare (annual cost savings USD Billions)

Annual global CO2 emissions from mobile networks (tonnes of CO2)

5.3% GDP Growth in

15 years [GSMA 2019] $US 90+ Billion cost saving

on healthcare in 10 years

400+ M Tonnes CO2

reduction in 10 years$US 700+ Billions benefits to

manufacturing in 10 years

[Philip Laidler, Partner & Consulting Director | philip.laidler@stlpartners.com | October 2019]

11

5G requirements to enable the 4th industrial revolution• Slicing as a Service + Agile Operation + Superior New Experiences NB-IoT eMTC eMBB URLLC NR-Light

Low Latency

Coverage

Battery

Life

Reliability

Peak Data

RateCost

NB-IoT eMTC (IoT) eMBB (Consumers) URLLC (Robotic platforms) NR-Light (IIoT)

12

5G RAN and CORE are separated and won’t ever overlap

S1-C S1-U

eNB gNBX2

EPC

5G NSA

5G UE

5G Wireless

base station

4G Core

Network

4G Wireless

base station

NGC

NG-C NG-U

5G SA

5G Core

Network

gNB

5G Wireless

base station

5G UE

• Basis for eMBB Service • Enhancement for URLLC services

• Enhancement for mMTC services

20202018 20192017

Rel-15 Rel-16 Rel-17+

NSA: Non-standalone SA: Standalone

eMBB: Enhanced Mobile Broadband URLLC: Ultra-Reliable and Low-Latency Communications mMTC: Massive Machine-Type Communications

5G future usage

Operator Third party

Specific area

Remote Driving Power Distribution Control Smart Factory

13

5G Networks: Threat Landscape

Air Interface Threats• Eavesdropping• Impersonation• Data Tampering• Jamming• Rough BTS• SON Attacks

O&M Threats• Unauthorized access• Data Leakage• Malware• API attacks.• OSS Services Integration.

gNB Threats• Tampered SW/HW• Unauthorized access• Data Leakage• RAN DDoS (From UE)

Threats

Backhaul Threats• Tampering• Eavesdropping• Protocol Modification• Protocol downgrade• SDN Threats

Air Interface• mMTC• uRRLC• eMBB

gNB Assets• New Radio• CU/DU Split• eCPRI

Transport• Optical• Microwave• SDN

O&M• Hardware• OSS & EMS software• O&M data

MEC Threats• Untrusted 3rd APP • DDoS UPF• Malware• Virtualization attacks• App layer attacks• API Attacks

MEC Assets• UPF• NFV• COTS

5G Core• User data• OS/Software • O&M data

5G Core Threats• NFV-based attacks• Roaming (Fraud, Abuse)• Roaming Protocol attacks

(SS7-like attacks)• Malicious AF/VNF• Unauthorized Access• Data Tempering• Eavesdropping• DDOS• OSS/5GC Attacks

UE• mMTC• uRRLC• eMBB

UE Threats• Malware• Cloning• Bot Hijacking• Rough BTS• Protocol Downgrade• FW/HW/SW (Supply Chain) Poisoning• IMSI Catching

Assets

14

5G Inherited and Improved Security

3GPP Security Architecture

(I) Network access security, (II) network domain security, (III) user domain

security, (IV) application domain security, (V) service domain security

User Application Provider Application

SN

HE

3GPP AN

Non-3GPP AN

(I) (I)

(I)

(II)

(IV)

(V)

ApplicationStratum

Home Stratum/Serving Stratum

Transport Stratum

(II)

(I)

(III)

(I)

ME USIM

(I)

UE RAN Core network

5GC DN

Source: 3GPP TS 33.501

UDMAMF

UPF

SMF

AUSF

• Core network authenticates users and protects

subscription information

• RAN is unaware of user data and uses PDCP

encryption and IPsec to ensure transmission security

Improvements in 5G Security

Access Network

Enhanced Air Interface and Transport Security on 5G

CU/DU Split Architecture supported but not mandatory

Encryption schemes for SUPI to protect privacy in initial access

mMTC standards to be further defined in 3GPP R17

Base Station identification/control of DDOS attack from malicious UEs - Huawei

Core Network

Enhancements to key hierarchy, roaming, and transport security

Cloud Security implementation

Industry standard compliance (ETSI for NFV, SEC009, SEC002)

NFV isolation End-to-end (intra DC, service domain, host groups, VMs)

Mobile Edge Computing (MEC) security measures

Slicing security for improved service security assurance

Resilience in Deployment and Operations

Security by design principles for Secure and Security-enabled solutions

Utilize NIST CSF fundamental approach to control key risks in live operations

Identify, Protect, Detect, Respond, Recover

Support monitoring, auditing and traceability.

Secure boot and file/code integrity verification.

15

4G

5G

BetterPrivacy Protection

IMSI Exposure

User Plane no Integrity Protection

Encrypted Subscribers’ ID

User plane integrity protection

EnhancedInterconnection Security

SS7 re-routing

Diameter Message Spoofing

E2E security

between PLMNs

EffectiveAuthentication framework

Various Authentication

LTE

5G

Wi-Fi

Unified Authentication

CN

StrongerSecurity Algorithm

L=256

e.g.

L=256

L=128

128-bit Key Length

256-bit Key Length

Years of common contributions by dozens of vendors/operators/regulators…

3GPP Security Improvements in 5G

16

5G network assets and security control zone

SBA : Service Based Architecture CDR: Charging Data Record

UE RAN 5GC(SBA)Bearer network

Internet/ 5G service

FirewallSecurity gateway

EMS + Security Management Platform

MEC

NEF NRF UDM PCF

SEPP

AMF SMF AUSF

UE RAN Transmission MEC 5GC 5G service Operation & Mgmt.

USIM RAN

BBU/RRU

hardware

Router and

switch

hardware

Cabinet

COTS server

Firewall and security

gateway hardware

UPF:

Can NOT touch subscriber ID

Can NOT touch root key

COTS server

Operator's data: reports and

CDRs

Some User privacy information:

subscription information, location

information, etc;

UDM, AUSF:

Process subscriber ID

Process root key

AMF, SMF:

Process subscriber ID

Can NOT touch root key

User’s service

information: ID, location,

key, password, state info,

health data etc.

(The data above are stored

in 5G service Database)

Password

Certificate

Configuration

Monitoring data

(By network carriers)

17

5G Security is a Shared Responsibility…

Delivery

Deployment & Operation Security

Operators

Standard OrganizationsDefine requirement & standard

scheme

GovernmentDevelop legislation and

regulations

Implement E2E security

supervision

Application Security

Service Provider & Customers

8

Eco

Sec

Eco

Sec

Product Security

Vendor

E2E Supply Chain Risk Management

E2

E S

up

ply

Ch

ain

Ris

k M

an

ag

em

ent

18

New Network Drives Down the Cost/bit/km and E2E Latency

DCN

100G 200/400G

User Experience

10G PON OLTOTN200/400G/λ

IP

SR/EVPN

5G Microwave: 10-20 Gbps

Gbps 5G UE

GE-10GE LL

Giga to Home

4K IP Camera

100Mbps UL

10Gbps/Sector

EGW

10G PON ONT

WiFi 6: 1+ Gbps

50G Ring10Gbps to Site

5G Core

User Plane5G Core

CP/UP

Site/GW Access Ring UL Edge DC Metro/Backbone Ring DCI

Segment Routing (SR/SRv6): Up to 80% network utilization

Access Backhaul Edge Metro/Backbone Central

19

Outdoor: Massive MIMO [UK]

20

Indoor: All-in-One solution [China]

21

Huawei has deeply contributed to

3GPP security standardization

35 CC certifications

15 FIPS certifications

# 3GPP study Item (Huawei as Rapporteur)

1 Security Assurance Specification for 5G

2 Study on the security of the Wireless and Wireline

Convergence for the 5G system architecture

3 Study of KDF negotiation for 5G System Security

4 The SID on security for 5G URLLC

Huawei has deployed 329 LTE commercial

networks with good security records

2013

2014

2018

2019

R15 to enhance security

• eMBB

R16/R17 to enhance security

• URLLC

• mMTC

Huawei EPC obtained

CC EAL3 certification

Huawei LTE obtained

CC EAL4+ certification

…

Security standard roadmap and Huawei 4G security experience

22

Cloud Infra. Threats

• Compute

• Storage

• Network

• CloudOS

3GPP

definition

Enhanced

by Huawei

Resilience

Recover Identify

Detect

Respond Protect

RAN Threats

• User Data Leakage

• DDoS Attack

Common Threats

• Illegal Access

• Malicious Software

• Data Tamper/Leakage

• DDoS Attack

• O&M Security Threat

5GC Threats

• SBA

• Roaming

• Network Slice

• MEC

NEF NRF UDM PCF

SEPP

AMF SMF AUSF

UPF UPF/MEC

Internet

5G wireless

base station

5G UE

Transmission

5GC

NFV

3-plane Isolation

Built-in firewall

Authentication

Transport Security Malicious Signaling Detect

DDoS Detect (Overload)

Slice resource isolation KPIs monitoring

Slice authentication

Access Authentication Service security auditService access

authorization

Slice key

Topology hiding

Signaling audit

Application layer security

Air Interface Encryption & Integrity Protection

Digital Signature, Secure Boot and DIM

Hardware RoT and HSM Anonymization

IPsec TLS//SSH

Slice resource reserve

Communication

encryption

Target

encryption

Software

security

E2E Data lifecycle

Security Protection

VNF/Application

hardening

Automatic security policy

Vulnerabilities Management

Intrusion detection

big data security and correlation analysis

Multi-layer Isolation

MechanismsSystem hardening

ACL blocking

VM migration

VM rebuilding

Periodic VM restoration

Blacklist and whitelist

Access control

Flow control

Network isolation

Remote attestation

Configuration correction

Account disabling

Patch/upgrade

Port disable

Configuration rollback

Data recovery

Identify Protect DetectRespond/

Recover

Comprehensive security portfolio for 5G

23

R&D Centers Worldwide: The Best Resources for Innovation

MathematicsCloud, AI, software, architecture,

innovation, devices

Wireless, devices, engineering

Fixed networks,

engineering, quality

Microwave

Mathematics,

aesthetics, imaging

Wireless, systems

Wireless

(short-distance)Software

Optical networks,

devices

Engineering, components,

audio & video, quality

San Diego

Silicon Valley

Seattle

Vancouver

Dallas

Ottawa

New Jersey

Chicago MunichParis

Moscow

Stockholm

Milan

Helsinki

London

Bangalore

Singapore

Beijing

SuzhouChengdu

Xi'anNanjing

Hangzhou

YokohamaShanghai

ShenzhenWuhan

Germany Russia Shanghai, China Bangalore, IndiaUKSweden

https://youtu.be/af0tj0Nd3tk

?

24

Huawei Cyber Security Transparency Center is to Serve as an Open,

Transparent and Collaborative Exchange Platform with Key Stakeholders

Banbury, UK

Brussels, Belgium

Bonn, Germany

Dubai, UAE

Shenzhen,China

Toronto, Canada

Global Hub

Regional Hub HCSTC Brussels：Communication, Innovation and Verification

https://youtu.be/yMBu5bvfTPM

?

25

How to improve the security of business and communities

and ensure the future prosperity of a country?https://www-file.huawei.com/-/media/corporate/PDF/News/huawei-technologies-australia-submission-to-the-department-of-home-affairs.pdf

1. Reduce the risk of national dependency on any one supplier, regardless their country

of origin, to improve 5G and fibre networks resilience

2. Ensure more competitive, sustainable and diverse Telecoms supply chain, to drive

higher quality, innovation, and more investments in Cybersecurity

3. Define network security and resilience requirements on 5G and fibre networks;

contribute to unified standards; identify toolbox of appropriate, effective risk

management measures; and enforce tailored and risk-based certification schemes

4. Ensure effective assurance testing for equipment, systems and software and support

specific evaluation arrangements. (The assessment and evaluation of products from

different vendors shall be the same, as their supply chain has the same level of risk.)

5. Develop industrial capacity in terms of software development, equipment

manufacturing, laboratory testing, conformity evaluation, etc., looking at end-to-end

cybersecurity system assurance; new architecture and business models; tools for risk

mitigation and transparency, and greater interoperability and more open interfaces;

and share results, in closed loop (3.)

Copyright©2018 Huawei Technologies Co., Ltd. All Rights Reserved.

The information in this document may contain predictive statements including, without

limitation, statements regarding the future financial and operating results, future product

portfolio, new technology, etc. There are a number of factors that could cause actual

results and developments to differ materially from those expressed or implied in the

predictive statements. Therefore, such information is provided for reference purpose

only and constitutes neither an offer nor an acceptance. Huawei may change the

information at any time without notice.

Thank You.

https://onlinelibrary.wiley.com/doi/abs/10.1002/9781119515579.ch7