5g security: forward thinking francis... · 5g security: forward thinking david francis european...
Post on 20-Mar-2020
23 Views
Preview:
TRANSCRIPT
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 1HUAWEI TECHNOLOGIES CO., LTD.
22nd July, 2015
5G Security: Forward
Thinking
David Francis European CSO
Huawei Technologies
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 2HUAWEI TECHNOLOGIES CO., LTD.
• Security Challenges Ahead of 5G • Traditional Security Practice
• New Business Models
• IT-Driven Network Architecture
• Heterogeneous Access
• Privacy Protection
• 5G Security Goals • E2E Security for Vertical Industries
• Secure Infrastructure
• 5G Security Perspectives• New Trust Model and Identity Management
• Service-oriented Security
• Security Assessment
• Low-Delay Mobility Security
• User Privacy Protection
• Summary
5G Security: Forward Thinking
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 3HUAWEI TECHNOLOGIES CO., LTD.
Traditional Security Practice
GSM
2G
CDMA
3G
LTE
4G
• Common security features• Identity management: USIM• Authentication: Mutual authentication
• Data encryption: hop-by-hop
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 4HUAWEI TECHNOLOGIES CO., LTD.
Voice Smartphone
3G 4G
Security Challenges Ahead of 5G -- 5G New Business Models
5G Service Oriented
Mobile Internet (4 Billions@2020)
Mobile Internet replaced PC Internet
(100Billions New Devices@2025)
New Applications, New Business Models, and even New Industries
End-to-End Security Protection
TrustModel
LightweightSecurity
Mobility Security
…
Privacy Protection
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 5HUAWEI TECHNOLOGIES CO., LTD.
Core network (NFV)
SDN
• Manage the isolation for control nodes and forwarding nodes
• Keep the SDN flow table securely and correctly enforced
NFV
• virtual NEs isolation and security management
Network slice isolation
• Each virtual network slice requires differentiated security capabilities
Security Challenges Ahead of 5G -- IT-Driven Network Architecture
Industry Defined Network Slicing One Infrastructure, Multiple Network Slices
DC
DC
DC
IOT Network Slice
X Gbps
1ms
End-to-End Security
Protection
End-to-End Security
Protection
Autonomous Driving
Network Slice
Content server
HSS MME AAA
eHealth office
Inteligent
traffice system
office
End-to-End Security
Protection
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 6HUAWEI TECHNOLOGIES CO., LTD.
• 5G network is heterogeneous, security design need to
consider various access technologies and different types
of operators• Access technologies: 5G/LTE/3G/2G/Wi-Fi• Operators: MNO, MVNO, Local operators
Security Challenges Ahead of 5G -- Heterogeneous Access
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 7HUAWEI TECHNOLOGIES CO., LTD.
Security Challenges Ahead of 5G -- Privacy Protection
Services
• New sensitive services to deploy
• More privacy information to transport
• Service sensing for differentiated QOS
• Location sensing for LBS
• User sensing for AAA and better QOE• Collect user data
• Mine privacy information
Public 5G network
Users
AttackerEavesdrop & Hack
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 8HUAWEI TECHNOLOGIES CO., LTD.
Future challenges and opportunities
Security operation centers / cyber defense centers
Mobile access to Cloud and DC
Smart Cities / Energy / ..
Compliance + Technologies
Big Data
Cloud – do we have enough ?
Smart Home
Car-2-Car Communications
Industry 4.0
SCM Security
Smart devices
3G / 4G / 4.5G / 5G
Internet of Things / IoT
Ge
rma
n -
DP
A
Eu
rop
ea
n –
DP
A /
GD
PR
ISO
27
00
0 t
op
ics
Da
ta S
ec
uri
ty
Wo
rk C
om
mu
nit
y @
GS
MA
, IS
F, ..
(Se
cu
rity
) C
om
pli
an
ce
Co
nti
nu
ou
s A
dvan
ced
Th
reat
Pro
tecti
on
Eff
ec
tive
Vu
lne
rab
ilit
y M
an
ag
em
en
t
Eff
ec
tive
Cyb
er
Se
cu
rity
Aw
are
ne
ss
Da
ta R
es
ide
nc
y
Se
cu
rity
re
po
rtin
g (
KP
Is, M
etr
ics)
Collected and selected from multiple sources like conference
agendas, online webcast offerings, customer Q&A sessions.
(technology) topics
CS topics / challenges
technology &
organizational
topics
Ris
k M
etr
ics t
o in
flu
en
ce
bu
sin
es
s d
ec
isio
ns
Se
cu
rity
po
lic
y a
nd
co
mp
lain
ce
ma
na
ge
me
nt
No security – No future !
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 9HUAWEI TECHNOLOGIES CO., LTD.
• Security Challenges Ahead of 5G • Traditional Security Practice
• New Business Models
• IT-Driven Network Architecture
• Heterogeneous Access
• Privacy Protection
• 5G Security Goals • E2E Security for Vertical Industries
• Secure Infrastructure
• 5G Security Perspectives• New Trust Model and Identity Management
• Service-oriented Security
• Security Assessment
• Low-Delay Mobility Security
• User Privacy Protection
• Summary
5G Security: Forward Thinking
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 10HUAWEI TECHNOLOGIES CO., LTD.
5G Security Goals-- E2E Security for Vertical Industries
Differentiated
E2E security design caters to different vertical industries
Flexibility
Flexible and high efficient E2E security deployment and adaptation.
Privacy protection
massive personal privacy data, including device identifiers, user IDs, and user preference.
Security as service
5G will continue to extend the user trust by opening up security capabilities as a service to individual users and vertical industries.
Application and Service
Security
Manager
End-to-End Security
Requirement
Key
Management
EncryptionSecurity
Protocol
Integrity
Protection
Security
Assessment
ID
Management
Trust
Module
Privacy
Protection
Security Info
& Event
ManagementIOT Network Slice
X Gbps
1ms
1MConnections/km2
End-to-End Security
Protection
End-to-End Security
Protection
End-to-End Security
Protection
Security as a Service
Security Capability
Open-up
Autonomous Driving
Network Slice
8K/Holographic
Video Network Slice
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 11HUAWEI TECHNOLOGIES CO., LTD.
5G Security Goals – Secure Infrastructure
Diversified system level protection of IT-aware infrastructure
Identity management
Data Protection
DC
DC
DC
Central Office DC
Local DC
Region DCRAN Switch
Physical Infrastructure
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 12HUAWEI TECHNOLOGIES CO., LTD.
• Security Challenges Ahead of 5G • Traditional Security Practice
• New Business Models
• IT-Driven Network Architecture
• Heterogeneous Access
• Privacy Protection
• 5G Security Goals • E2E Security for Vertical Industries
• Secure Infrastructure
• 5G Security Perspectives• New Trust Model and Identity Management
• Service-oriented Security
• Security Assessment
• Low-Delay Mobility Security
• User Privacy Protection
• Summary
5G Security: Forward Thinking
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 13HUAWEI TECHNOLOGIES CO., LTD.
• Authentication• Two parties multi-parties:
• user, network, and service providers will be actively involved in the authentication.
• Flexible access and services authentication• authentication by carriers alone, by service alone, or by both of them.
• Identity management• Combination of device and service identity
• From device-based to user-based management
Trust
Trust
5G Network4G Network
Service
User User
Service
Network Network
Trust
5G Security Perspectives --New Trust Model and Identity Management
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 14HUAWEI TECHNOLOGIES CO., LTD.
5G Security Perspectives--Service-oriented Security
Application and Service
End-to-End Security
Protection
End-to-End Security
Protection
End-to-End Security
Protection
End-to-End Security
Requirement
End-to-End Security
Requirement
End-to-End Security
Requirement
Network Slice Network Slice Network Slice
Build E2E securityDifferentiated security for different services
Flexible security architecture to support security attributes for different network slices
A Uniformed security management framework for multi-vendor environment
Open Up Security Capabilities ,and provide security as a Service
Isolate Virtual Network Slices
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 15HUAWEI TECHNOLOGIES CO., LTD.
Security Assessment on 5G system:
Assessment on interfaces
Interoperable for different vendors
Assessment on network function unit
Private keys storage
Encryption/integration protection
operation
password length and its
complexity, etc
Automatic verification
Certificate granted after success
assessment
5G Security Perspectives -- Security Assessment
Security Assessment on 5G system
Unit tested by
Security
Assessment
standard
Interface
assessment
Certified unit
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 16HUAWEI TECHNOLOGIES CO., LTD.
5G Security Perspectives --Low-Delay Mobility Security
Mission Critical ConnectivityAutonomous driving
Industrial automation and process control
Remote control
•Manufacturing•Medicine•Maintenance
Traffic intensity monitoring
Security RequirementsLow DelayUltra-High ReliableUltra-High Availability
Security TargetsBuild an efficient, lightweight, and compatible mobility security
management mechanismHigh Reliability while providing QoS guarantee with a delay not more
than 1 millisecond
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 17HUAWEI TECHNOLOGIES CO., LTD.
Security Perspectives -- Privacy Protection
Services
• Sensing user/service information
for AAA and better service
Public 5G network
Users
Big data techniques make privacy breach easier.
• Attacker may collect user information from
multiple channels.
• Sensitive user information can be mined
from seemingly harmless user information.
The 5G network needs to manage the use of
privacy information.
• Define sensing rule clearly
• Stipulate the use, storage and deletion of
user information
The 5G network needs to provide a more
rigorous privacy protection scheme.
• Protect user information in heterogeneous
access networks
• Protect user information in network
functional entities from different vendors
• Mine privacy
information from
collected user data
AttackerCollect data
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Page 18HUAWEI TECHNOLOGIES CO., LTD.
Summary
• Security and privacy protection need to be part of the system design at the beginning• Cannot be properly built as an add-on
• Security and privacy community need to start active dialog with 5G stakeholders
• High level agreement can be obtained at the current stage• Including service layers in the security and privacy protection solutions.
• Extend the hop-by-hop security to end-to-end security
• Security as services provides additional competitive strength to operators• Security is not a burden
• Security provides competitive strength in 5G
• It ‘s time for security community and other stake holders of 5G to work together and
come out a robust and proper security solution for 5G.
HUAWEI TECHNOLOGIES CO., LTD. Page 19
Thank you
Copyright©2015 Huawei Technologies Co., Ltd. All Rights Reserved.The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
top related