The document discusses a new trust model for 5G networks that addresses system security and data protection amidst the complexities of a 5G ecosystem. It emphasizes the importance of customer-controlled encryption, secure enclaves for sensitive data, and the role of virtualization and edge computing in creating trustworthy networks. Key technologies such as Intel® Software Guard Extensions (SGX) and dynamic provisioning are highlighted for securing network functions and applications.

1. Paul Bradley, Head of 5G Strategy & Partnerships
May 15th 2018
A New Trust Model for 5G Networks

2. A complex ecosystem emerges
A new trust model for the 5G era2

3. 5G system security and data protection
A new trust model for the 5G era3
The greatest risks to enterprise data:
CONFIDENTIALITY, INTEGRITY,
AVAILABILITY

4. What at
A new trust model for the 5G era4

5. A new trust model for the 5G era5

6. CENTRAL
CLOUD
Fixed or
Mobile/
Backhaul Wide Area
Network
METRO
EDGES
LOCAL
EDGES UE
Local Access
Network
A new trust model for the 5G era6
What virtualization & 5G mean for security
RESOURCE
SHARING BETWEEN
THE TELECOM OPERATOR
AND
THE ENTERPRISE
ZERO-TOUCH
AUTOMATION
Softwarization
of the network Integration of existing
and new local access
networksMoving the intelligence
towards the edge

7. A new trust model for the 5G era7
Customer controlled encryption
of the VMs
or containers running
in the network
Encryption management
for centralized lifecycle
management leveraging
the most reliable root of trust
Stored database encryption
Secure enclaves at the edge
Ultra-low latency encryption
of ‘anyhaul’ transport
Key capabilities to create trustworthy 5G virtualized
networks
Softwarization
of the network
CENTRAL
CLOUD
Moving the intelligence
towards the edge
Integration of existing
and new local
access networks
Fixed or
Mobile/
Backhaul Wide
Area Network
METRO
EDGES
LOCAL
EDGES UE
Local Access
Network

8. Secure enclaves
A new trust model for the 5G era8
A local trusted execution environment is needed to protect keys thus preventing
unauthorized access to, and manipulation of VNFs, apps or sensitive data.
Secure enclave solutions are hardware encrypted zones created at the chip level
that give developers the means of leveraging the CPU to create
isolated, trusted, memory regions.

10. 5G / NFV INFRASTRUCTURE
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
A hypervisor provides a first level of isolation between co-located functions,
based on logical separation secured by firewalls.
Multi
Access
EDGE

11. 5G / NFV INFRASTRUCTURE
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
Malicious code could leak data through the walls as functions are co-located
on the same machine. Data-centric protection is required.
Multi
Access
EDGE

12. 5G CORE / EDGE COMPUTE INFRASTRUCTURE
5G Network
Manager &
Orchestrator
(MANO)
ATTESTATION
SERVER
Intel® Software
Guard Extensions
(Intel® SGX)
The NFV and enterprise app security is provided by a Gemalto Protection Agent on each machine,
propagated into the Intel® SGX secure enclave and certified by an attestation server.
Gemalto Protection Agent

13. Simple Provisioning
eases OEM integration and
logistics
Dynamic, Seamless & Secure
migration of VNFs/apps from
one machine to another
Confidentiality and Integrity
protection of VNFs and apps is
assured at runtime
Agnostic
VM or Container-level protection
for VNFs and enterprise apps
High performance, secure
credential storage and key
management assured by a
Hardware Root of Trust
Protects NFVs and apps at the
core and at the edge of the
network

14. Download our whitepaper on 5G Network Security here
gemalto.com/5g
A new trust model for the 5G era14

15. Thank you
You can find me on
15 A new trust model for the 5G era