SlideShare a Scribd company logo

Building a chain of trust from the device to the cloud in 5G

P
Paul Bradley

Building a chain of trust from the device to the cloud - Strong trust establishment between virtual functions - Virtualized network slicing security from the core to the mobile edge - Device level isolation and security segmentation

Technology
1 of 35
Download to read offline
Paul Bradley – Head of 5G Strategy 13th of June 2017 Building a chain of trust from the device to the cloud
Trust is vital – and it’s what we provide… …enabling our clients to deliver a vast range of trusted digital services for billions of individuals and things. 2 5G WORLD 2017 - PUBLIC
5G comes with new security challenges 5G WORLD 2017 - PUBLIC3 ENHANCED MOBILE BROADBAND CRITICAL COMMUNICATIONS AND V2X NETWORK OPERATIONS BUILD FROM SECURITY SOLUTIONS FROM 3G/4G NEW SEGMENT-SPECIFIC SECURITY NEEDS • Begin with principles of authentication, integrity, confidentiality and privacy from 3G/4G • Adapt for NFV and Multi-Access Edge Computing • Security Architecture should be adapted to the needs of each slice MASSIVE IoTIoT
Gemalto’s role in Network Security & Software Licensing 5G WORLD 2017 - PUBLIC4 Gemalto secures the device and enhances security of the virtualized network whilst guaranteeing licensing management OUR SOLUTIONS User authentication and trusted identities Data encryption and key management Cloud and virtualization security Software Monetization
Network Security Should Rely on Certified Elements such as Hardware Security Modules 5G WORLD 2017 - PUBLIC5 CERTIFICATIONS INTRUSION DETECTION SWITCHES ON LID TAMPER RESISTANT FAN MOUNTS TAMPER RESISTANT I/O MOUNTS SERIALIZED TAMPER EVIDENT STICKERS INTERNAL BAFFLES TO PREVENT PROBING TAMPER RESISTANT SCREWS CRYPTO HYPERVISOR HARDWARE SECURITY MODULE DYNAMIC CRYPTO RESOURCE
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 1 1 1 1 1
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 Virtualization security2 2 2 2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 3 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 4 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 5 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 6 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 7 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 8 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 9 Network slice isolation1 Virtualization security2
Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 Network slice isolation1 Virtualization security2
l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… 5G SERVICE PROVIDER Network slice isolation1
l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 15G SERVICE PROVIDER Network slice isolation1
l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 1 Slice 2 5G SERVICE PROVIDER Network slice isolation1
Strong Trust Establishment between Virtual Functions 5G WORLD 2017 - PUBLIC8 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Trigger Mutual Authentication between the MANO and resources Trigger Mutual Authentication between all virtualised elements on the same slice which interact Verify integrity of each function vs what was installed by the MANO vs image stored in VNF Manager 1 2 3 Virtualization security, VNF integrity verification during on boarding of VNF32
Strong Trust Establishment between Virtual Functions 5G WORLD 2017 - PUBLIC9 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Implement integrity and confidentiality protection so that instructions and data cannot be compromised/modified 4 Virtualization security, VNF integrity verification during on boarding of VNF32
Is the connection from the Core to the Multi-Access Edge Secure? 5G WORLD 2017 - PUBLIC10 https://youtu.be/cdoCeKOLij4 Low Latency Interconnect with Multi-Access Edge4
With 5G slicing… isolate the communications between functions 5G WORLD 2017 - PUBLIC11 Provide confidentiality and integrity protection for all data and virtual functions Provide confidentiality and integrity protection for all data and virtual functions HIGH SPEED ENCRYPTION MOBILE EDGES CORE HSE HSE Low Latency Interconnect with Multi-Access Edge4
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions Secured/measured boot & security enclaves for sensitive VNFs5
Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions A Virtual HSM can be tethered to real HSMs allowing for elasticity and scalability HSM VIRTUAL HSM Secured/measured boot & security enclaves for sensitive VNFs5
Software Licensing Management 5G WORLD 2017 - PUBLIC13 How to forge sustainable business relationships between multiple stakeholders in a complex 5G environment APPLICATION PROVIDERS On-premise and cloud B2B applications NETWORK VENDORS Virtual Network Function scalable licensing The importance of security, protection, licensing, usage and entitlement management solutions is critical in helping the industry monetize their software and driving disruptive business models CLOUD PROVIDERS Cloud services and applications
Data Protection / Confidentiality Privacy / Anonymity Denial of Service Protection Anti-Clone mechanism FOR THE ABOVE, WE NEED TO DETERMINE THE FOLLOWING REQUIREMENTS: Device Security per 5G Segment 5G WORLD 2017 - PUBLIC15 Device Capabilities (consumption/processing/memory...) Connectivity Cost (device) Connectivity Cost (recurring – subscription) Type of service provider data in transit FOR THE MAIN 5G SUB-SEGMENTS, WE NEED TO ANALYSE: WE THEN APPLY SECURITY SOLUTIONS (END-TO-END)
Segmenting Security Needs of Major 5G Use-Cases 5G WORLD 2017 - PUBLIC16 S.F.U.: Security Firmware Upgrade – A.R.M.: Active Risk Management Security Needs (MNO/SP) WALLED GARDEN / OUT-OF-BAND MGMT / TOKENISATION / A.R.M. / S.F.U. Complimentary Core Security to reinforce SOFTWARE IN TRUSTED ENCLAVE / SECURE ELEMENT Credentials Protection Sub. Authentication Anti-DoS Confidentiality Sub. Authentication Anti-DoS Authenticity ID/Privacy Sub. Authentication Confidentiality+ ID/Privacy+ Integrity+ Anti-DoS Authenticity Sub. Authentication Confidentiality++ ID/Privacy++ Integrity++ Device FW Integrity Anti-DoS Authenticity Sub. Authentication Confidentiality+++ ID/Privacy+++ Integrity+++ Device FW Integrity Anti-DoS Authenticity Basic Sensors Broadband Modem Set-Top Box Auto Info-tainment Industrial Basic Smart Wearable Retail (PoS) Laptop Smartphone/tablet Auto Telematics Home Automation Industrial Critical Medical Wearable Metering/CriticalSensors Public Safety/1st Resp. Military Remote Surgery V2X 1 2 3 54
PROTECT IDs device MANAGE IDs AND GRANT ACCESS core It’s important to find the right balance 5G WORLD 2017 - PUBLIC17 RISK END-TO-END MOBILE NETWORK + SERVICE PROVIDER SECURITY FRAMEWORK • Secure Element • Software in Trusted Enclave • Active Risk Management • Out of Band • Tokenisation • Security Firmware Upgrade
Weaker Security at Device: Reinforce Core 5G WORLD 2017 - PUBLIC18 RISK If a device does not support a Secure Element (cost, data worthless…) • Software in Trusted Enclave • Active Risk Management • Tokenisation • Security Firmware Upgrade PROTECT IDs device MANAGE IDs AND GRANT ACCESS core
PROTECT IDs device MANAGE IDs AND GRANT ACCESS core Stronger Device Security: Core adapted accordingly 5G WORLD 2017 - PUBLIC19 RISK If the SP data in transit requires normal to best-in-class security • Secure Element • Security Firmware Upgrade
To conclude… 5G WORLD 2017 - PUBLIC20 Virtualization brings new challenges in securing your core and edge clouds. Adapt appropriate security per network slice blueprint. Establish trust between functions, encrypt all data at rest or in transit. Choose your end-to-end security architecture wisely based upon the value of the data being transmitted and don’t only consider the device bill of materials. Gemalto is focused on security at the device, multi- access edge and the core with an appropriate footprint per 5G segment meeting both MNO and Service Provider requirements. We’re working with the entire industry to continue to secure next generation mobile communications.
Thank you Come and see us at Booth 5G 504 You can find me on 5G WORLD 2017 - PUBLIC21

Recommended

Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
Westermo Network Technologies
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
ShilaThak
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
UKTI2014
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
abhi75
 
Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)
Ari Zoldan
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Cohesive Networks
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allott
webinos project
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
Sylvain Martinez
 

Recommended

Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
Westermo Network Technologies
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
ShilaThak
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
UKTI2014
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
abhi75
 
Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)
Ari Zoldan
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Cohesive Networks
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allott
webinos project
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
Sylvain Martinez
 
CV Steve Shawcross
CV Steve ShawcrossCV Steve Shawcross
CV Steve Shawcross
steve shaw-cross
 
Vyatta 3500 Datasheet
Vyatta 3500 DatasheetVyatta 3500 Datasheet
Vyatta 3500 Datasheet
Abdelkarim Benabdallah
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
Bryan Len
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
Alexander Kravchenko
 
BlockchainLAB Hackathon
BlockchainLAB HackathonBlockchainLAB Hackathon
BlockchainLAB Hackathon
Aleksandr Kopnin
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
Alexander Kravchenko
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICs
Robb Boyd
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0
Shamal Abeyrathne
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
Westermo Network Technologies
 
SL1SL3 MixMode Feature
SL1SL3 MixMode FeatureSL1SL3 MixMode Feature
SL1SL3 MixMode Feature
NXP MIFARE Team
 
Mss solution guide
Mss solution guideMss solution guide
Mss solution guide
Arista Networks
 
Presentation cisco data center security deep dive
Presentation cisco data center security deep divePresentation cisco data center security deep dive
Presentation cisco data center security deep dive
xKinAnx
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoT
PositiveTechnologies
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2
Eduardo Narvaez
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Cisco Russia
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
armmbed
 
Ds e class-nsa_e8500_us
Ds e class-nsa_e8500_usDs e class-nsa_e8500_us
Ds e class-nsa_e8500_us
Yustinus Malawau
 
Secure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureSecure Dynamic Messaging Feature
Secure Dynamic Messaging Feature
NXP MIFARE Team
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013
juliankanarek
 
A New Trust Model for 5G Networks
A New Trust Model for 5G NetworksA New Trust Model for 5G Networks
A New Trust Model for 5G Networks
Paul Bradley
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
Cisco Canada
 

More Related Content

What's hot

CV Steve Shawcross
CV Steve ShawcrossCV Steve Shawcross
CV Steve Shawcross
steve shaw-cross
 
Vyatta 3500 Datasheet
Vyatta 3500 DatasheetVyatta 3500 Datasheet
Vyatta 3500 Datasheet
Abdelkarim Benabdallah
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
Bryan Len
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
Alexander Kravchenko
 
BlockchainLAB Hackathon
BlockchainLAB HackathonBlockchainLAB Hackathon
BlockchainLAB Hackathon
Aleksandr Kopnin
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
Alexander Kravchenko
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICs
Robb Boyd
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0
Shamal Abeyrathne
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
Westermo Network Technologies
 
SL1SL3 MixMode Feature
SL1SL3 MixMode FeatureSL1SL3 MixMode Feature
SL1SL3 MixMode Feature
NXP MIFARE Team
 
Mss solution guide
Mss solution guideMss solution guide
Mss solution guide
Arista Networks
 
Presentation cisco data center security deep dive
Presentation cisco data center security deep divePresentation cisco data center security deep dive
Presentation cisco data center security deep dive
xKinAnx
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoT
PositiveTechnologies
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2
Eduardo Narvaez
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Cisco Russia
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
armmbed
 
Ds e class-nsa_e8500_us
Ds e class-nsa_e8500_usDs e class-nsa_e8500_us
Ds e class-nsa_e8500_us
Yustinus Malawau
 
Secure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureSecure Dynamic Messaging Feature
Secure Dynamic Messaging Feature
NXP MIFARE Team
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013
juliankanarek
 

What's hot (20)

CV Steve Shawcross
CV Steve ShawcrossCV Steve Shawcross
CV Steve Shawcross
 
Vyatta 3500 Datasheet
Vyatta 3500 DatasheetVyatta 3500 Datasheet
Vyatta 3500 Datasheet
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
 
BlockchainLAB Hackathon
BlockchainLAB HackathonBlockchainLAB Hackathon
BlockchainLAB Hackathon
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICs
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
 
SL1SL3 MixMode Feature
SL1SL3 MixMode FeatureSL1SL3 MixMode Feature
SL1SL3 MixMode Feature
 
Mss solution guide
Mss solution guideMss solution guide
Mss solution guide
 
Presentation cisco data center security deep dive
Presentation cisco data center security deep divePresentation cisco data center security deep dive
Presentation cisco data center security deep dive
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoT
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
 
Ds e class-nsa_e8500_us
Ds e class-nsa_e8500_usDs e class-nsa_e8500_us
Ds e class-nsa_e8500_us
 
Secure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureSecure Dynamic Messaging Feature
Secure Dynamic Messaging Feature
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013
 

Similar to Building a chain of trust from the device to the cloud in 5G

A New Trust Model for 5G Networks
A New Trust Model for 5G NetworksA New Trust Model for 5G Networks
A New Trust Model for 5G Networks
Paul Bradley
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
Cisco Canada
 
NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia)
NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia) NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia)
NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia)
Christian Esteve Rothenberg
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
GAMO a.s.
 
cisco file
cisco filecisco file
cisco file
Srikrishna Komatineni
 
NFV and OpenStack
NFV and OpenStackNFV and OpenStack
NFV and OpenStack
Marie-Paule Odini
 
Digital Transformation Drives WAN Evolution
Digital Transformation Drives WAN EvolutionDigital Transformation Drives WAN Evolution
Digital Transformation Drives WAN Evolution
Marco
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislation
PositiveTechnologies
 
What you should pay attention to cisco aironet access point while purchasing
What you should pay attention to cisco aironet access point while purchasingWhat you should pay attention to cisco aironet access point while purchasing
What you should pay attention to cisco aironet access point while purchasing
IT Tech
 
Dedicated VNF Management - Why it's performance critical for PCRF
Dedicated VNF Management - Why it's performance critical for PCRFDedicated VNF Management - Why it's performance critical for PCRF
Dedicated VNF Management - Why it's performance critical for PCRF
Amdocs
 
TIME Journey to the SPACE
TIME Journey to the SPACETIME Journey to the SPACE
TIME Journey to the SPACE
MyNOG
 
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFVRevolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
PLUMgrid
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
kimw001
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
SDNRG ITB
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing
3G4G
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
TaherAzzam2
 
dan-web5g.pptx
dan-web5g.pptxdan-web5g.pptx
dan-web5g.pptx
UtkarshMishra600872
 
Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...
Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...
Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...
Cohesive Networks
 
네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성
NAIM Networks, Inc.
 

Similar to Building a chain of trust from the device to the cloud in 5G (20)

A New Trust Model for 5G Networks
A New Trust Model for 5G NetworksA New Trust Model for 5G Networks
A New Trust Model for 5G Networks
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia)
NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia) NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia)
NECOS Industrial Workshop lightning talk by Alessandro Nascimento (Nokia)
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
cisco file
cisco filecisco file
cisco file
 
NFV and OpenStack
NFV and OpenStackNFV and OpenStack
NFV and OpenStack
 
Digital Transformation Drives WAN Evolution
Digital Transformation Drives WAN EvolutionDigital Transformation Drives WAN Evolution
Digital Transformation Drives WAN Evolution
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislation
 
What you should pay attention to cisco aironet access point while purchasing
What you should pay attention to cisco aironet access point while purchasingWhat you should pay attention to cisco aironet access point while purchasing
What you should pay attention to cisco aironet access point while purchasing
 
Dedicated VNF Management - Why it's performance critical for PCRF
Dedicated VNF Management - Why it's performance critical for PCRFDedicated VNF Management - Why it's performance critical for PCRF
Dedicated VNF Management - Why it's performance critical for PCRF
 
TIME Journey to the SPACE
TIME Journey to the SPACETIME Journey to the SPACE
TIME Journey to the SPACE
 
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFVRevolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
 
dan-web5g.pptx
dan-web5g.pptxdan-web5g.pptx
dan-web5g.pptx
 
Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...
Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...
Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...
 
네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성네트워크 가상화 보안현황 및 보안연관성
네트워크 가상화 보안현황 및 보안연관성
 

Recently uploaded

Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 

Recently uploaded (20)

Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 

Building a chain of trust from the device to the cloud in 5G

  • 1. Paul Bradley – Head of 5G Strategy 13th of June 2017 Building a chain of trust from the device to the cloud
  • 2. Trust is vital – and it’s what we provide… …enabling our clients to deliver a vast range of trusted digital services for billions of individuals and things. 2 5G WORLD 2017 - PUBLIC
  • 3. 5G comes with new security challenges 5G WORLD 2017 - PUBLIC3 ENHANCED MOBILE BROADBAND CRITICAL COMMUNICATIONS AND V2X NETWORK OPERATIONS BUILD FROM SECURITY SOLUTIONS FROM 3G/4G NEW SEGMENT-SPECIFIC SECURITY NEEDS • Begin with principles of authentication, integrity, confidentiality and privacy from 3G/4G • Adapt for NFV and Multi-Access Edge Computing • Security Architecture should be adapted to the needs of each slice MASSIVE IoTIoT
  • 4. Gemalto’s role in Network Security & Software Licensing 5G WORLD 2017 - PUBLIC4 Gemalto secures the device and enhances security of the virtualized network whilst guaranteeing licensing management OUR SOLUTIONS User authentication and trusted identities Data encryption and key management Cloud and virtualization security Software Monetization
  • 5. Network Security Should Rely on Certified Elements such as Hardware Security Modules 5G WORLD 2017 - PUBLIC5 CERTIFICATIONS INTRUSION DETECTION SWITCHES ON LID TAMPER RESISTANT FAN MOUNTS TAMPER RESISTANT I/O MOUNTS SERIALIZED TAMPER EVIDENT STICKERS INTERNAL BAFFLES TO PREVENT PROBING TAMPER RESISTANT SCREWS CRYPTO HYPERVISOR HARDWARE SECURITY MODULE DYNAMIC CRYPTO RESOURCE
  • 6. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 1 1 1 1 1
  • 7. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER Network slice isolation1 Virtualization security2 2 2 2
  • 8. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 3 Network slice isolation1 Virtualization security2
  • 9. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 4 Network slice isolation1 Virtualization security2
  • 10. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 5 Network slice isolation1 Virtualization security2
  • 11. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 6 Network slice isolation1 Virtualization security2
  • 12. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 7 Network slice isolation1 Virtualization security2
  • 13. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 8 Network slice isolation1 Virtualization security2
  • 14. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 9 Network slice isolation1 Virtualization security2
  • 15. Key Issues in Virtualization Security 5G WORLD 2017 - PUBLIC6 NFV M&O VNF VNF 1 VNF 2 VNF 3 EMS 2 EMS 3EMS 1 OSS / BSS VNF MANAGERS SERVICE, VNF & INFRASTRUCTURE DESCRIPTION VIRTUAL COMPUTE VIRTUAL STORAGE VIRTUAL NETWORK VIRTUALISATION LAYER COMPUTING HARDWARE STORAGE HARDWARE NETWORK HARDWARE HARDWARE RESOURCES NFV1 ORCHESTRATOR VITUALISED INFRASTRUCTURE MANAGER VNF integrity verification during on boarding of VNF3 Low Latency Interconnect with Multi-Access Edge4 Secured/measured boot & security enclaves for sensitive VNFs5 Physical and logical protection of Security Assets on motherboard6 Discovery mechanism of Security Hardware & characteristics (Openstack EPA) 7 Run-time VNF Integrity verification8 Migration of VNF using security features9 Network slice isolation1 Virtualization security2
  • 16. l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… 5G SERVICE PROVIDER Network slice isolation1
  • 17. l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 15G SERVICE PROVIDER Network slice isolation1
  • 18. l MOBILE CORESERVICE PROVIDER Mobile security chain: key architectural elements 5G WORLD 2017 - PUBLIC7 Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs Conforms to SLA Applications are running and data analysis take place at core and the edge VNF1, VNF2… MOBILE EDGE MOBILE EDGE SERVICE PROVIDER MOBILE EDGE VNFa, VNFb… Slice 1 Slice 2 5G SERVICE PROVIDER Network slice isolation1
  • 19. Strong Trust Establishment between Virtual Functions 5G WORLD 2017 - PUBLIC8 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Trigger Mutual Authentication between the MANO and resources Trigger Mutual Authentication between all virtualised elements on the same slice which interact Verify integrity of each function vs what was installed by the MANO vs image stored in VNF Manager 1 2 3 Virtualization security, VNF integrity verification during on boarding of VNF32
  • 20. Strong Trust Establishment between Virtual Functions 5G WORLD 2017 - PUBLIC9 NFV MANAGEMENT & ORCHESTRATOR (MANO) HARDWARE SECURITY MODULE MULTI-ACCESS EDGES HARDWARE SECURITY MODULE CORE Implement integrity and confidentiality protection so that instructions and data cannot be compromised/modified 4 Virtualization security, VNF integrity verification during on boarding of VNF32
  • 21. Is the connection from the Core to the Multi-Access Edge Secure? 5G WORLD 2017 - PUBLIC10 https://youtu.be/cdoCeKOLij4 Low Latency Interconnect with Multi-Access Edge4
  • 22. With 5G slicing… isolate the communications between functions 5G WORLD 2017 - PUBLIC11 Provide confidentiality and integrity protection for all data and virtual functions Provide confidentiality and integrity protection for all data and virtual functions HIGH SPEED ENCRYPTION MOBILE EDGES CORE HSE HSE Low Latency Interconnect with Multi-Access Edge4
  • 23. Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
  • 24. Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR Secured/measured boot & security enclaves for sensitive VNFs5
  • 25. Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs Secured/measured boot & security enclaves for sensitive VNFs5
  • 26. Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions Secured/measured boot & security enclaves for sensitive VNFs5
  • 27. Protection of Applications & VNFs 5G WORLD 2017 - PUBLIC12 NFV INFRASTRUCTURE A Hypervisor provides some level of isolation HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Malicious code could be implemented to hack through the walls HARDWARE RESOURCES (CPU, STORAGE, NETWORK) HYPERVISOR NFV INFRASTRUCTURE Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs HSM A HSM tethered to the Enclave could increase the security level of the system for operations such as Key Generation or Mutual Auth. between functions A Virtual HSM can be tethered to real HSMs allowing for elasticity and scalability HSM VIRTUAL HSM Secured/measured boot & security enclaves for sensitive VNFs5
  • 28. Software Licensing Management 5G WORLD 2017 - PUBLIC13 How to forge sustainable business relationships between multiple stakeholders in a complex 5G environment APPLICATION PROVIDERS On-premise and cloud B2B applications NETWORK VENDORS Virtual Network Function scalable licensing The importance of security, protection, licensing, usage and entitlement management solutions is critical in helping the industry monetize their software and driving disruptive business models CLOUD PROVIDERS Cloud services and applications
  • 29. Data Protection / Confidentiality Privacy / Anonymity Denial of Service Protection Anti-Clone mechanism FOR THE ABOVE, WE NEED TO DETERMINE THE FOLLOWING REQUIREMENTS: Device Security per 5G Segment 5G WORLD 2017 - PUBLIC15 Device Capabilities (consumption/processing/memory...) Connectivity Cost (device) Connectivity Cost (recurring – subscription) Type of service provider data in transit FOR THE MAIN 5G SUB-SEGMENTS, WE NEED TO ANALYSE: WE THEN APPLY SECURITY SOLUTIONS (END-TO-END)
  • 30. Segmenting Security Needs of Major 5G Use-Cases 5G WORLD 2017 - PUBLIC16 S.F.U.: Security Firmware Upgrade – A.R.M.: Active Risk Management Security Needs (MNO/SP) WALLED GARDEN / OUT-OF-BAND MGMT / TOKENISATION / A.R.M. / S.F.U. Complimentary Core Security to reinforce SOFTWARE IN TRUSTED ENCLAVE / SECURE ELEMENT Credentials Protection Sub. Authentication Anti-DoS Confidentiality Sub. Authentication Anti-DoS Authenticity ID/Privacy Sub. Authentication Confidentiality+ ID/Privacy+ Integrity+ Anti-DoS Authenticity Sub. Authentication Confidentiality++ ID/Privacy++ Integrity++ Device FW Integrity Anti-DoS Authenticity Sub. Authentication Confidentiality+++ ID/Privacy+++ Integrity+++ Device FW Integrity Anti-DoS Authenticity Basic Sensors Broadband Modem Set-Top Box Auto Info-tainment Industrial Basic Smart Wearable Retail (PoS) Laptop Smartphone/tablet Auto Telematics Home Automation Industrial Critical Medical Wearable Metering/CriticalSensors Public Safety/1st Resp. Military Remote Surgery V2X 1 2 3 54
  • 31. PROTECT IDs device MANAGE IDs AND GRANT ACCESS core It’s important to find the right balance 5G WORLD 2017 - PUBLIC17 RISK END-TO-END MOBILE NETWORK + SERVICE PROVIDER SECURITY FRAMEWORK • Secure Element • Software in Trusted Enclave • Active Risk Management • Out of Band • Tokenisation • Security Firmware Upgrade
  • 32. Weaker Security at Device: Reinforce Core 5G WORLD 2017 - PUBLIC18 RISK If a device does not support a Secure Element (cost, data worthless…) • Software in Trusted Enclave • Active Risk Management • Tokenisation • Security Firmware Upgrade PROTECT IDs device MANAGE IDs AND GRANT ACCESS core
  • 33. PROTECT IDs device MANAGE IDs AND GRANT ACCESS core Stronger Device Security: Core adapted accordingly 5G WORLD 2017 - PUBLIC19 RISK If the SP data in transit requires normal to best-in-class security • Secure Element • Security Firmware Upgrade
  • 34. To conclude… 5G WORLD 2017 - PUBLIC20 Virtualization brings new challenges in securing your core and edge clouds. Adapt appropriate security per network slice blueprint. Establish trust between functions, encrypt all data at rest or in transit. Choose your end-to-end security architecture wisely based upon the value of the data being transmitted and don’t only consider the device bill of materials. Gemalto is focused on security at the device, multi- access edge and the core with an appropriate footprint per 5G segment meeting both MNO and Service Provider requirements. We’re working with the entire industry to continue to secure next generation mobile communications.
  • 35. Thank you Come and see us at Booth 5G 504 You can find me on 5G WORLD 2017 - PUBLIC21