PB
Uploaded byPaul Bradley
PDF, PPTX265 views

Building a chain of trust from the device to the cloud in 5G

The document outlines the importance of security in 5G networks, emphasizing the need for a chain of trust from devices to the cloud. It discusses the essential security challenges and solutions, focusing on enhanced mobile broadband, network slicing, and the integration of software licensing management. Gemalto plays a crucial role in securing these networks by providing user authentication, data encryption, and comprehensive protection strategies tailored to various network segments.

Embed presentation

Download as PDF, PPTX
Paul Bradley – Head of 5G Strategy 13th of June 2017 Building a chain of trust from the device to the cloud
Trust is vital – and it’s what we provide… …enabling our clients to deliver a vast range of trusted digital services for billions of individuals and things. 2 5G WORLD 2017 - PUBLIC
5G comes with new security challenges 5G WORLD 2017 - PUBLIC3 ENHANCED MOBILE BROADBAND CRITICAL COMMUNICATIONS AND V2X NETWORK OPERATIONS BUILD FROM SECURITY SOLUTIONS FROM 3G/4G NEW SEGMENT-SPECIFIC SECURITY NEEDS • Begin with principles of authentication, integrity, confidentiality and privacy from 3G/4G • Adapt for NFV and Multi-Access Edge Computing • Security Architecture should be adapted to the needs of each slice MASSIVE IoTIoT
Gemalto’s role in Network Security & Software Licensing 5G WORLD 2017 - PUBLIC4 Gemalto secures the device and enhances security of the virtualized network whilst guaranteeing licensing management OUR SOLUTIONS User authentication and trusted identities Data encryption and key management Cloud and virtualization security Software Monetization
Network Security Should Rely on Certified Elements such as Hardware Security Modules 5G WORLD 2017 - PUBLIC5 CERTIFICATIONS INTRUSION DETECTION SWITCHES ON LID TAMPER RESISTANT FAN MOUNTS TAMPER RESISTANT I/O MOUNTS SERIALIZED TAMPER EVIDENT STICKERS INTERNAL BAFFLES TO PREVENT PROBING TAMPER RESISTANT SCREWS CRYPTO HYPERVISOR HARDWARE SECURITY MODULE DYNAMIC CRYPTO RESOURCE
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 1 1 1 1 1
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 Virtualization security2 2 2 2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 3 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 4 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 5 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 6 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 7 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 8 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 9 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 Network slice isolation1 Virtualization security2
l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… 5G SERVICE PROVIDER Network slice isolation1
l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 15G SERVICE PROVIDER Network slice isolation1
l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 1 Slice 2 5G SERVICE PROVIDER Network slice isolation1
Strong Trust Establishment between Virtual Functions 5G WORLD 2017 - PUBLIC8 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Trigger Mutual Authentication between the MANO and resources Trigger Mutual Authentication between all virtualised elements on the same slice which interact Verify integrity of each function vs what was installed by the MANO vs image stored in VNF Manager 1 2 3 Virtualization security, VNF integrity verification during on boarding of VNF32
Strong Trust Establishment between Virtual Functions 5G WORLD 2017 - PUBLIC9 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Implement integrity and confidentiality protection so that instructions and data cannot be compromised/modified 4 Virtualization security, VNF integrity verification during on boarding of VNF32
Is the connection from the Core to the Multi-Access Edge Secure? 5G WORLD 2017 - PUBLIC10 https://youtu.be/cdoCeKOLij4 Low Latency Interconnect with Multi-Access Edge4
With 5G slicing… isolate the communications between functions 5G WORLD 2017 - PUBLIC11 Provide confidentiality and integrity protection for all data and virtual functions Provide confidentiality and integrity protection for all data and virtual functions HIGH SPEED ENCRYPTION MOBILE EDGES CORE HSE HSE Low Latency Interconnect with Multi-Access Edge4
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions A Virtual HSM can be tethered to real HSMs allowing for elasticity and scalability HSM VIRTUAL HSM Secured/measured boot & security enclaves for sensitive VNFs5
Software Licensing Management 5G WORLD 2017 - PUBLIC13 How to forge sustainable business relationships between multiple stakeholders in a complex 5G environment APPLICATION PROVIDERS On-premise and cloud B2B applications NETWORK VENDORS Virtual Network Function scalable licensing The importance of security, protection, licensing, usage and entitlement management solutions is critical in helping the industry monetize their software and driving disruptive business models CLOUD PROVIDERS Cloud services and applications
Data Protection / Confidentiality Privacy / Anonymity Denial of Service Protection Anti-Clone mechanism FOR THE ABOVE, WE NEED TO DETERMINE THE FOLLOWING REQUIREMENTS: Device Security per 5G Segment 5G WORLD 2017 - PUBLIC15 Device Capabilities (consumption/processing/memory...) Connectivity Cost (device) Connectivity Cost (recurring – subscription) Type of service provider data in transit FOR THE MAIN 5G SUB-SEGMENTS, WE NEED TO ANALYSE: WE THEN APPLY SECURITY SOLUTIONS (END-TO-END)
Segmenting Security Needs of Major 5G Use-Cases 5G WORLD 2017 - PUBLIC16 S.F.U.: Security Firmware Upgrade – A.R.M.: Active Risk Management Security Needs (MNO/SP) WALLED GARDEN / OUT-OF-BAND MGMT / TOKENISATION / A.R.M. / S.F.U. Complimentary Core Security to reinforce SOFTWARE IN TRUSTED ENCLAVE / SECURE ELEMENT Credentials Protection Sub. Authentication Anti-DoS Confidentiality Sub. Authentication Anti-DoS Authenticity ID/Privacy Sub. Authentication Confidentiality+ ID/Privacy+ Integrity+ Anti-DoS Authenticity Sub. Authentication Confidentiality++ ID/Privacy++ Integrity++ Device FW Integrity Anti-DoS Authenticity Sub. Authentication Confidentiality+++ ID/Privacy+++ Integrity+++ Device FW Integrity Anti-DoS Authenticity Basic Sensors Broadband Modem Set-Top Box Auto Info-tainment Industrial Basic Smart Wearable Retail (PoS) Laptop Smartphone/tablet Auto Telematics Home Automation Industrial Critical Medical Wearable Metering/CriticalSensors Public Safety/1st Resp. Military Remote Surgery V2X 1 2 3 54
PROTECT IDs device MANAGE IDs AND GRANT ACCESS core It’s important to find the right balance 5G WORLD 2017 - PUBLIC17 RISK END-TO-END MOBILE NETWORK + SERVICE PROVIDER SECURITY FRAMEWORK • Secure Element • Software in Trusted Enclave • Active Risk Management • Out of Band • Tokenisation • Security Firmware Upgrade
Weaker Security at Device: Reinforce Core 5G WORLD 2017 - PUBLIC18 RISK If a device does not support a Secure Element (cost, data worthless…) • Software in Trusted Enclave • Active Risk Management • Tokenisation • Security Firmware Upgrade PROTECT IDs device MANAGE IDs AND GRANT ACCESS core
PROTECT IDs device MANAGE IDs AND GRANT ACCESS core Stronger Device Security: Core adapted accordingly 5G WORLD 2017 - PUBLIC19 RISK If the SP data in transit requires normal to best-in-class security • Secure Element • Security Firmware Upgrade
To conclude… 5G WORLD 2017 - PUBLIC20 Virtualization brings new challenges in securing your core and edge clouds. Adapt appropriate security per network slice blueprint. Establish trust between functions, encrypt all data at rest or in transit. Choose your end-to-end security architecture wisely based upon the value of the data being transmitted and don’t only consider the device bill of materials. Gemalto is focused on security at the device, multi- access edge and the core with an appropriate footprint per 5G segment meeting both MNO and Service Provider requirements. We’re working with the entire industry to continue to secure next generation mobile communications.
Thank you Come and see us at Booth 5G 504 You can find me on 5G WORLD 2017 - PUBLIC21

More Related Content

PPTX
Build Redundant and Resilient Networks with Micro-Segmentation
byWestermo Network Technologies
 
PDF
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
byShilaThak
 
PPTX
Isf 2015 continuous diagnostics monitoring may 2015
byabhi75
 
PPT
Cevn Vibert. Thales UK. 28th January
byUKTI2014
 
PDF
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
byCohesive Networks
 
PDF
Talk2 esc2 muscl-wifi_v1_2b
bySylvain Martinez
 
PDF
Alcatel Wimax Whitepaper (quantumwimax.com)
byAri Zoldan
 
PPTX
iotmaship - Webinos iot and m2m - allott
bywebinos project
 
Build Redundant and Resilient Networks with Micro-Segmentation
byWestermo Network Technologies
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
byShilaThak
 
Isf 2015 continuous diagnostics monitoring may 2015
byabhi75
 
Cevn Vibert. Thales UK. 28th January
byUKTI2014
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
byCohesive Networks
 
Talk2 esc2 muscl-wifi_v1_2b
bySylvain Martinez
 
Alcatel Wimax Whitepaper (quantumwimax.com)
byAri Zoldan
 
iotmaship - Webinos iot and m2m - allott
bywebinos project
 

What's hot

PPTX
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
byBryan Len
 
PDF
Telecom Security in the Era of 5G and IoT
byPositiveTechnologies
 
PDF
Presentation cisco data center security deep dive
byxKinAnx
 
PDF
Mss solution guide
byArista Networks
 
PPTX
4 Easy Steps for Increased Industrial Cybersecurity
byWestermo Network Technologies
 
PDF
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
byAlexander Kravchenko
 
PDF
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
byAlexander Kravchenko
 
PDF
TechWiseTV Workshop: Programmable ASICs
byRobb Boyd
 
PDF
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
byAlexander Kravchenko
 
PDF
Hillstone-Corporate-Overview-EN-V3.0
byShamal Abeyrathne
 
DOC
CV Steve Shawcross
bysteve shaw-cross
 
PDF
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
PDF
Secure Dynamic Messaging Feature
byNXP MIFARE Team
 
PDF
Vyatta 3500 Datasheet
byAbdelkarim Benabdallah
 
PPTX
Fortinet ixia ottawa, june 2013
byjuliankanarek
 
PPTX
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
byarmmbed
 
PDF
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
byCisco Russia
 
PDF
Ds e class-nsa_e8500_us
byYustinus Malawau
 
PDF
BlockchainLAB Hackathon
byAleksandr Kopnin
 
DOCX
How to use mtr 2
byEduardo Narvaez
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
byBryan Len
 
Telecom Security in the Era of 5G and IoT
byPositiveTechnologies
 
Presentation cisco data center security deep dive
byxKinAnx
 
Mss solution guide
byArista Networks
 
4 Easy Steps for Increased Industrial Cybersecurity
byWestermo Network Technologies
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
byAlexander Kravchenko
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
byAlexander Kravchenko
 
TechWiseTV Workshop: Programmable ASICs
byRobb Boyd
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
byAlexander Kravchenko
 
Hillstone-Corporate-Overview-EN-V3.0
byShamal Abeyrathne
 
CV Steve Shawcross
bysteve shaw-cross
 
SL1SL3 MixMode Feature
byNXP MIFARE Team
 
Secure Dynamic Messaging Feature
byNXP MIFARE Team
 
Vyatta 3500 Datasheet
byAbdelkarim Benabdallah
 
Fortinet ixia ottawa, june 2013
byjuliankanarek
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
byarmmbed
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
byCisco Russia
 
Ds e class-nsa_e8500_us
byYustinus Malawau
 
BlockchainLAB Hackathon
byAleksandr Kopnin
 
How to use mtr 2
byEduardo Narvaez
 

Similar to Building a chain of trust from the device to the cloud in 5G

PDF
A New Trust Model for 5G Networks
byPaul Bradley
 
PDF
NFV and OpenStack
byMarie-Paule Odini
 
PDF
Virtualizing 5g And Beyond 5g Mobile Networks Larry J Horner
byanaxorbeziat
 
PDF
FRntelecommminucation xdxzV sdf vzxdgfbOG_38-6.pdf
byblueteam1405
 
PPTX
SDN and NFV integrated OpenStack Cloud - Birds eye view on Security
byTrinath Somanchi
 
PDF
NFV evolution towards 5G
byMarie-Paule Odini
 
PDF
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
bySecurityGen1
 
PDF
Open Source in the Era of 5G
byAll Things Open
 
DOCX
Virtualization
byarnoldstreeservice02
 
DOCX
5 g core
byarnoldstreeservice02
 
PDF
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
byVMworld
 
PDF
Wholesale network slicing for 5G access
byADVA
 
PDF
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
byMarco De Benedictis
 
PDF
Enabling 5G with NFV: New Joint White Paper Outlining Network Operator Perspe...
byOpen Networking Summit
 
PPTX
Acceleration_and_Security_draft_v2
bySrinivasa Addepalli
 
PDF
Carrier Grade MANO for Service Agility - Presented at NFV World Congress 2015
bySean Chen
 
PDF
Securing the 5G growth story with NFVi.pdf
bySecurity Gen
 
PDF
Securing the 5G growth story with NFVi (1).pdf
bySecurity Gen
 
PPTX
Open Source in the Era of 5G - All Things Open 2018
byMark Voelker
 
PPTX
Zero Touch 5G Slicing Infrastructure Management | Thủy Đặng, Trinh Nguyen
byVietnam Open Infrastructure User Group
 
A New Trust Model for 5G Networks
byPaul Bradley
 
NFV and OpenStack
byMarie-Paule Odini
 
Virtualizing 5g And Beyond 5g Mobile Networks Larry J Horner
byanaxorbeziat
 
FRntelecommminucation xdxzV sdf vzxdgfbOG_38-6.pdf
byblueteam1405
 
SDN and NFV integrated OpenStack Cloud - Birds eye view on Security
byTrinath Somanchi
 
NFV evolution towards 5G
byMarie-Paule Odini
 
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
bySecurityGen1
 
Open Source in the Era of 5G
byAll Things Open
 
Virtualization
byarnoldstreeservice02
 
5 g core
byarnoldstreeservice02
 
VMworld 2013: Network Function Virtualization in the Cloud: Case for Enterpri...
byVMworld
 
Wholesale network slicing for 5G access
byADVA
 
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
byMarco De Benedictis
 
Enabling 5G with NFV: New Joint White Paper Outlining Network Operator Perspe...
byOpen Networking Summit
 
Acceleration_and_Security_draft_v2
bySrinivasa Addepalli
 
Carrier Grade MANO for Service Agility - Presented at NFV World Congress 2015
bySean Chen
 
Securing the 5G growth story with NFVi.pdf
bySecurity Gen
 
Securing the 5G growth story with NFVi (1).pdf
bySecurity Gen
 
Open Source in the Era of 5G - All Things Open 2018
byMark Voelker
 
Zero Touch 5G Slicing Infrastructure Management | Thủy Đặng, Trinh Nguyen
byVietnam Open Infrastructure User Group
 

Recently uploaded

PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
API-First Architecture in Financial Systems
bycyy111112
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 

Building a chain of trust from the device to the cloud in 5G

  • 1.
    Paul Bradley –Head of 5G Strategy 13th of June 2017 Building a chain of trust from the device to the cloud
  • 2.
    Trust is vital– and it’s what we provide… …enabling our clients to deliver a vast range of trusted digital services for billions of individuals and things. 2 5G WORLD 2017 - PUBLIC
  • 3.
    5G comes withnew security challenges 5G WORLD 2017 - PUBLIC3 ENHANCED MOBILE BROADBAND CRITICAL COMMUNICATIONS AND V2X NETWORK OPERATIONS BUILD FROM SECURITY SOLUTIONS FROM 3G/4G NEW SEGMENT-SPECIFIC SECURITY NEEDS • Begin with principles of authentication, integrity, confidentiality and privacy from 3G/4G • Adapt for NFV and Multi-Access Edge Computing • Security Architecture should be adapted to the needs of each slice MASSIVE IoTIoT
  • 4.
    Gemalto’s role inNetwork Security & Software Licensing 5G WORLD 2017 - PUBLIC4 Gemalto secures the device and enhances security of the virtualized network whilst guaranteeing licensing management OUR SOLUTIONS User authentication and trusted identities Data encryption and key management Cloud and virtualization security Software Monetization
  • 5.
    Network Security ShouldRely on Certified Elements such as Hardware Security Modules 5G WORLD 2017 - PUBLIC5 CERTIFICATIONS INTRUSION DETECTION SWITCHES ON LID TAMPER RESISTANT FAN MOUNTS TAMPER RESISTANT I/O MOUNTS SERIALIZED TAMPER EVIDENT STICKERS INTERNAL BAFFLES TO PREVENT PROBING TAMPER RESISTANT SCREWS CRYPTO HYPERVISOR HARDWARE SECURITY MODULE DYNAMIC CRYPTO RESOURCE
  • 6.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 1 1 1 1 1
  • 7.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 Virtualization security2 2 2 2
  • 8.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 3 Network slice isolation1 Virtualization security2
  • 9.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 4 Network slice isolation1 Virtualization security2
  • 10.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 5 Network slice isolation1 Virtualization security2
  • 11.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 6 Network slice isolation1 Virtualization security2
  • 12.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 7 Network slice isolation1 Virtualization security2
  • 13.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 8 Network slice isolation1 Virtualization security2
  • 14.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 9 Network slice isolation1 Virtualization security2
  • 15.
    Key Issues inVirtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 Network slice isolation1 Virtualization security2
  • 16.
    l MOBILE CORESERVICE PROVIDER Mobile security chain:key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… 5G SERVICE PROVIDER Network slice isolation1
  • 17.
    l MOBILE CORESERVICE PROVIDER Mobile security chain:key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 15G SERVICE PROVIDER Network slice isolation1
  • 18.
    l MOBILE CORESERVICE PROVIDER Mobile security chain:key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 1 Slice 2 5G SERVICE PROVIDER Network slice isolation1
  • 19.
    Strong Trust Establishmentbetween Virtual Functions 5G WORLD 2017 - PUBLIC8 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Trigger Mutual Authentication between the MANO and resources Trigger Mutual Authentication between all virtualised elements on the same slice which interact Verify integrity of each function vs what was installed by the MANO vs image stored in VNF Manager 1 2 3 Virtualization security, VNF integrity verification during on boarding of VNF32
  • 20.
    Strong Trust Establishmentbetween Virtual Functions 5G WORLD 2017 - PUBLIC9 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Implement integrity and confidentiality protection so that instructions and data cannot be compromised/modified 4 Virtualization security, VNF integrity verification during on boarding of VNF32
  • 21.
    Is the connectionfrom the Core to the Multi-Access Edge Secure? 5G WORLD 2017 - PUBLIC10 https://youtu.be/cdoCeKOLij4 Low Latency Interconnect with Multi-Access Edge4
  • 22.
    With 5G slicing… isolatethe communications between functions 5G WORLD 2017 - PUBLIC11 Provide confidentiality and integrity protection for all data and virtual functions Provide confidentiality and integrity protection for all data and virtual functions HIGH SPEED ENCRYPTION MOBILE EDGES CORE HSE HSE Low Latency Interconnect with Multi-Access Edge4
  • 23.
    Protection of Applications& VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
  • 24.
    Protection of Applications& VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
  • 25.
    Protection of Applications& VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs Secured/measured boot & security enclaves for sensitive VNFs5
  • 26.
    Protection of Applications& VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions Secured/measured boot & security enclaves for sensitive VNFs5
  • 27.
    Protection of Applications& VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions A Virtual HSM can be tethered to real HSMs allowing for elasticity and scalability HSM VIRTUAL HSM Secured/measured boot & security enclaves for sensitive VNFs5
  • 28.
    Software Licensing Management 5GWORLD 2017 - PUBLIC13 How to forge sustainable business relationships between multiple stakeholders in a complex 5G environment APPLICATION PROVIDERS On-premise and cloud B2B applications NETWORK VENDORS Virtual Network Function scalable licensing The importance of security, protection, licensing, usage and entitlement management solutions is critical in helping the industry monetize their software and driving disruptive business models CLOUD PROVIDERS Cloud services and applications
  • 29.
    Data Protection /Confidentiality Privacy / Anonymity Denial of Service Protection Anti-Clone mechanism FOR THE ABOVE, WE NEED TO DETERMINE THE FOLLOWING REQUIREMENTS: Device Security per 5G Segment 5G WORLD 2017 - PUBLIC15 Device Capabilities (consumption/processing/memory...) Connectivity Cost (device) Connectivity Cost (recurring – subscription) Type of service provider data in transit FOR THE MAIN 5G SUB-SEGMENTS, WE NEED TO ANALYSE: WE THEN APPLY SECURITY SOLUTIONS (END-TO-END)
  • 30.
    Segmenting Security Needsof Major 5G Use-Cases 5G WORLD 2017 - PUBLIC16 S.F.U.: Security Firmware Upgrade – A.R.M.: Active Risk Management Security Needs (MNO/SP) WALLED GARDEN / OUT-OF-BAND MGMT / TOKENISATION / A.R.M. / S.F.U. Complimentary Core Security to reinforce SOFTWARE IN TRUSTED ENCLAVE / SECURE ELEMENT Credentials Protection Sub. Authentication Anti-DoS Confidentiality Sub. Authentication Anti-DoS Authenticity ID/Privacy Sub. Authentication Confidentiality+ ID/Privacy+ Integrity+ Anti-DoS Authenticity Sub. Authentication Confidentiality++ ID/Privacy++ Integrity++ Device FW Integrity Anti-DoS Authenticity Sub. Authentication Confidentiality+++ ID/Privacy+++ Integrity+++ Device FW Integrity Anti-DoS Authenticity Basic Sensors Broadband Modem Set-Top Box Auto Info-tainment Industrial Basic Smart Wearable Retail (PoS) Laptop Smartphone/tablet Auto Telematics Home Automation Industrial Critical Medical Wearable Metering/CriticalSensors Public Safety/1st Resp. Military Remote Surgery V2X 1 2 3 54
  • 31.
    PROTECT IDs device MANAGE IDsAND GRANT ACCESS core It’s important to find the right balance 5G WORLD 2017 - PUBLIC17 RISK END-TO-END MOBILE NETWORK + SERVICE PROVIDER SECURITY FRAMEWORK • Secure Element • Software in Trusted Enclave • Active Risk Management • Out of Band • Tokenisation • Security Firmware Upgrade
  • 32.
    Weaker Security atDevice: Reinforce Core 5G WORLD 2017 - PUBLIC18 RISK If a device does not support a Secure Element (cost, data worthless…) • Software in Trusted Enclave • Active Risk Management • Tokenisation • Security Firmware Upgrade PROTECT IDs device MANAGE IDs AND GRANT ACCESS core
  • 33.
    PROTECT IDs device MANAGE IDsAND GRANT ACCESS core Stronger Device Security: Core adapted accordingly 5G WORLD 2017 - PUBLIC19 RISK If the SP data in transit requires normal to best-in-class security • Secure Element • Security Firmware Upgrade
  • 34.
    To conclude… 5G WORLD2017 - PUBLIC20 Virtualization brings new challenges in securing your core and edge clouds. Adapt appropriate security per network slice blueprint. Establish trust between functions, encrypt all data at rest or in transit. Choose your end-to-end security architecture wisely based upon the value of the data being transmitted and don’t only consider the device bill of materials. Gemalto is focused on security at the device, multi- access edge and the core with an appropriate footprint per 5G segment meeting both MNO and Service Provider requirements. We’re working with the entire industry to continue to secure next generation mobile communications.
  • 35.
    Thank you Come andsee us at Booth 5G 504 You can find me on 5G WORLD 2017 - PUBLIC21