Presentation from Digital Transformation World May 15th 2018 covering:
Understanding the reality of data breaches today
Virtualization security challenges for the CSP 5G network
Key capabilities to create trustworthy 5G virtualized networks
Usage of secure enclaves to create a fabric of trust within the network
How to protect VNFs and enterprise applications, leveraging Intel SGX technology
3. 5G system security and data protection
A new trust model for the 5G era3
The greatest risks to enterprise data:
CONFIDENTIALITY, INTEGRITY,
AVAILABILITY
6. CENTRAL
CLOUD
Fixed or
Mobile/
Backhaul Wide Area
Network
METRO
EDGES
LOCAL
EDGES UE
Local Access
Network
A new trust model for the 5G era6
What virtualization & 5G mean for security
RESOURCE
SHARING BETWEEN
THE TELECOM OPERATOR
AND
THE ENTERPRISE
ZERO-TOUCH
AUTOMATION
Softwarization
of the network Integration of existing
and new local access
networksMoving the intelligence
towards the edge
7. A new trust model for the 5G era7
Customer controlled encryption
of the VMs
or containers running
in the network
Encryption management
for centralized lifecycle
management leveraging
the most reliable root of trust
Stored database encryption
Secure enclaves at the edge
Ultra-low latency encryption
of ‘anyhaul’ transport
Key capabilities to create trustworthy 5G virtualized
networks
Softwarization
of the network
CENTRAL
CLOUD
Moving the intelligence
towards the edge
Integration of existing
and new local
access networks
Fixed or
Mobile/
Backhaul Wide
Area Network
METRO
EDGES
LOCAL
EDGES UE
Local Access
Network
8. Secure enclaves
A new trust model for the 5G era8
A local trusted execution environment is needed to protect keys thus preventing
unauthorized access to, and manipulation of VNFs, apps or sensitive data.
Secure enclave solutions are hardware encrypted zones created at the chip level
that give developers the means of leveraging the CPU to create
isolated, trusted, memory regions.
9.
10. 5G / NFV INFRASTRUCTURE
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
A hypervisor provides a first level of isolation between co-located functions,
based on logical separation secured by firewalls.
Multi
Access
EDGE
11. 5G / NFV INFRASTRUCTURE
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
Malicious code could leak data through the walls as functions are co-located
on the same machine. Data-centric protection is required.
Multi
Access
EDGE
12. 5G CORE / EDGE COMPUTE INFRASTRUCTURE
5G Network
Manager &
Orchestrator
(MANO)
ATTESTATION
SERVER
Intel® Software
Guard Extensions
(Intel® SGX)
The NFV and enterprise app security is provided by a Gemalto Protection Agent on each machine,
propagated into the Intel® SGX secure enclave and certified by an attestation server.
Gemalto Protection Agent
13. Simple Provisioning
eases OEM integration and
logistics
Dynamic, Seamless & Secure
migration of VNFs/apps from
one machine to another
Confidentiality and Integrity
protection of VNFs and apps is
assured at runtime
Agnostic
VM or Container-level protection
for VNFs and enterprise apps
High performance, secure
credential storage and key
management assured by a
Hardware Root of Trust
Protects NFVs and apps at the
core and at the edge of the
network
14. Download our whitepaper on 5G Network Security here
gemalto.com/5g
A new trust model for the 5G era14