securing future radio technologies in the virtualised …
TRANSCRIPT
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
SECURING FUTURE RADIO TECHNOLOGIES IN THE VIRTUALISED WORLD The RRS impact on Security in Radio
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Your speaker
Scott CADZOW• Director, Consultant, Security Expert, Standards developer, Pen‐tester,
Cryptanalyst (for fun), Writer/Blogger (not often), Husband, Father, Privacy standards advocate, Triathlete (barely competitive but enjoys it), Park runner
• Rapporteur of 55 ETSI standards (TETRA, NGN, HF‐UCI, MTS, AT‐D, ITS, eHEALTH, CYBER, LI, QSC)
• Chairman or vice chairman at various times of ETSI and ISO standards groups (TETRA, LI, ITS)
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Setting the tone
“Real knowledge is to know the extent of one’s ignorance”, Confucius“... as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns ‐ the ones we don't know we don't know”, Donald Rumsfeld (February 2002)“He that would perfect his work must first sharpen his tools”, Confucius
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Why standards?
Multi‐vendor market growth requires standards• One vendor can supply what he can manufacture and support• One open standard allows multiple suppliers, multiple supporting
organisations, greater intellectual involvement in the market
Security requirement is changing and radio is too• Increasing need to focus on holistic security taking account of changes in
platforms over the lifetime of a service• Radio platforms need to be considered as dynamic and reconfigurable• Feature sets and combinations of features will be dynamic
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Role of standards
To give assurance of semantic and syntactic interoperabilityTo guide – not to prescribe – builders and developers to conformClearly indicate what is mandatory and what is optional• Ideal standards are “tight” – few options and even where options are
described their behaviour is mandated
Designed for proof of functionality• Design for Test• Design for Assurance• Design for Privacy
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
RRS and Security
Reconfigurable Radio Systems (RRS)• Common hardware radio platform configured by software as a radio
Security in RRS• Delivery of the Radio App (more later)• Instantiation of the App• Proof of conformance of the App to the RED
Security within Apps• Apps when running have to perform with the native security functions of
their function (e.g. LTE in an App has to look to the network like an LTE terminal)
Role of STF502 in RRS• To support the ETSI TC RRS in delivering security specifications for RRS
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
RRS security approach
Follows the TVRA method from ETSI TS 102 165‐1• Risk based countermeasure deployment• Takes account of open interfaces, actors, identifiable relationships (and
their cardinality), target functionality• Stems from simple use case analysis
Two (2) core documents to be prepared• Security use cases (TR 103 097 – source of much of this presentation)
• Driven from RED and impact on future radio
• Security countermeasures and architecture (WI‐DTS/RRS‐03013)• In development but covers some of the following:
• Identity management framework• Digital signature framework• Non‐repudiation framework
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Root of trust and security
All security is dependent on trustCellular networks (e.g. 2G/3G) have the root of trust in the Authentication Centre of the core• Reinforced by trusted key storage and distribution through the SIM
App stores have a root of trust in the store itself• Reinforced through the Public Key Infrastructure and management used
in the digital signature of apps
Radio devices have a root of trust in the regulatory regime• The equipment the user has is trusted to conform to the regulation
Challenge is to maintain trust in the market and the devices when these are inherently dynamic in configuration
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Security and RRS ‐ the use cases
From draft of TR 103 087 prepared by STF502
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Radio app not an app‐store app?
Conventional view of apps?• A smartphone thing• Games, life enhancing, productivity …• Not overly serious? (getting better)
RRS view of apps?• Configuration of the platform• Delivery of radio service• Delivery of radio as a service
• Extension of existing virtualisation models (network as a service, storage as a service, processing as a service, etc.)
• Rethinking the link between radio and critical future network capability• Autonomic and virtualised networks
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
The target RRS environment
From discussions of RRS WG2 to be included in TR 103 087 prepared by STF502
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Radio Application and Radio Application Package
The RAP is the delivery unit of RA from the Radio App Store to the RE. The RAP consists of:• The RA which contains RA codes made of UDFBs, SFBs, RC codes and
executable codes depending on the RA design choice;• Configuration metadata for the RE, including
• The RPI which is a descriptive interface detailing how the RA is structured and its sub‐components synchronised together;
• Bindings to the HAL, when applicable;• Bindings to linkable libraries, when applicable;• Pipeline configuration
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
The future platform
Radio platforms will changeSoftware Defined Radio Virtual Radio Machines Radio‐VMs VNFs (specifically Virtualised Radio Network Functions (VRNFs))Requirements on the hardware platform that arise• Hardware root of trust
• SIM model still dominant in subscription based telecommunications
• Wideband antenna• Radio capabilities from VRNFs will span all open radio bands
• Wideband linearization• Platform needs to be application neutral (not favour any application)
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
When RRS is widespread and sitting alongside VNF in the core of networks where will we be?• Can the network change the access technology?
• What will be used as the pilot channel?• Is there any interest in fully autonomic networks?
• Is the radio terminal special?• Maybe with respect to the RED• As a managed device maybe not
Does one security model support both NFV and RRS?• Maybe yes, maybe no• Authentication centre is a major function of core networks that will be
virtualised, credentials have to be distributed to end points
The future of radio networks
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Evolution or revolution?
RRS can provide a platform for both evolution and revolutionEvolution is natural:• SDR RRS if the platform is stable• One platform for many SDRs• Many SDRs as RAPs co‐existing on one device• Enable/disable RAPs (SDRs?) as required• All combinations of RAP/RE conform to RED
Revolution is possible:• Radio access as part of network functionality• Multiple Radio access building into single transport and network
functional layer (MTCP is a step in this direction and designed to support WiFi and 3G for example acting in parallel to create a connection)
• On demand (by network) provisioning of radio capability
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
The security issues
Root of trust identification• For network centric and terminal centric security
Virtualisation of verticals into horizontal functional blocks• Not simply SDR but SDRF – Software Defined Radio Functions• Delivery of SDRFs as RAPs
Current radio security schemes not converging• ITS uses IEEE 802.16 PKCs for authentication and integrity, no
confidentiality• TETRA uses specific authentication, key management and confidentiality
mechanisms using symmetric key mechanisms with group communication at the core
• 3G and LTE use network centric AES based authentication and confidentiality
• … many other schemes in common use (802.1x, Bluetooth, ANT+, ...)
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
The challenge
Push RRS to centre of future radio designPush security rethinking to use a modular toolkit based on SDRFs as RAPs• Retain core concept of root of trust in the hardware platform
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Are RRS and VNF converging?
Hypervisor
VNF‐C
OS
Hypervisor
Physical Network
HW RAM Storage NICsCPUsCPUs
VSw VSw
Hypervisor
OS
HW
Physical Net
VNF‐A
VNFCI
VNF‐B
RAM Stg NICsCPUs
Hypervisor
HW NICTEETPM
TEETPM
MANO
VNFCI
USER SERVICE
VNFCI VNFCI
vNICvNIC
HWNIC
MANO
USER SERVICE
LI
vNIC vNIC
USER SERVICE
TRA
NSP
ORT
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
RRS VNF Convergence
Is convergence useful?• Attestation: YES. Brings network functions together in a single abstract
platform
Is there a drive for such convergence?• Not yet. Very little crossover between radio and network expertise.
Are there any barriers to convergence?• Poor shared understanding of the regulatory environment (radio
regulation and network regulation not viewed as common world)
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
Our starting point
RRS is more than a proof of concept• The technology has been demonstrated
RRS can integrate other security models• PKI/PKC based app distribution – from many well proven sources• Secure VM distribution – from NFV domain• Linking VMs to hardware root of trust – from NFV domain• Core ideals of crypto‐agility – from many sources including ETSI’s CYBER,
QSC, NFV, from IoT, M2M, 3GPP …
ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016
The closing message
RRS is the futureRRS has embraced security as a key componentRRS offers the chance to revolutionise the future of communications in close alliance to the NFV revolution in the core of the network