5g security: forward thinking francis... · 5g security: forward thinking david francis european...

HUAWEI TECHNOLOGIES CO., LTD.

www.huawei.com


22nd July, 2015

5G Security: Forward

Thinking

David Francis European CSO

Huawei Technologies


www.huawei.com


• Security Challenges Ahead of 5G • Traditional Security Practice

• New Business Models

• IT-Driven Network Architecture

• Heterogeneous Access

• Privacy Protection

• 5G Security Goals • E2E Security for Vertical Industries

• Secure Infrastructure

• 5G Security Perspectives• New Trust Model and Identity Management

• Service-oriented Security

• Security Assessment

• Low-Delay Mobility Security

• User Privacy Protection

• Summary

5G Security: Forward Thinking


www.huawei.com


Traditional Security Practice

GSM

2G

CDMA

3G

LTE

4G

• Common security features• Identity management: USIM• Authentication: Mutual authentication

• Data encryption: hop-by-hop


www.huawei.com


Voice Smartphone

3G 4G

Security Challenges Ahead of 5G -- 5G New Business Models

5G Service Oriented

Mobile Internet (4 Billions@2020)

Mobile Internet replaced PC Internet

(100Billions New Devices@2025)

New Applications, New Business Models, and even New Industries

End-to-End Security Protection

TrustModel

LightweightSecurity

Mobility Security

…

Privacy Protection


www.huawei.com


Core network (NFV)

SDN

• Manage the isolation for control nodes and forwarding nodes

• Keep the SDN flow table securely and correctly enforced

NFV

• virtual NEs isolation and security management

Network slice isolation

• Each virtual network slice requires differentiated security capabilities

Security Challenges Ahead of 5G -- IT-Driven Network Architecture

Industry Defined Network Slicing One Infrastructure, Multiple Network Slices

DC

DC

DC

IOT Network Slice

X Gbps

1ms

End-to-End Security

Protection

End-to-End Security

Protection

Autonomous Driving

Network Slice

Content server

HSS MME AAA

eHealth office

Inteligent

traffice system

office

End-to-End Security

Protection


www.huawei.com


• 5G network is heterogeneous, security design need to

consider various access technologies and different types

of operators• Access technologies: 5G/LTE/3G/2G/Wi-Fi• Operators: MNO, MVNO, Local operators

Security Challenges Ahead of 5G -- Heterogeneous Access


www.huawei.com


Security Challenges Ahead of 5G -- Privacy Protection

Services

• New sensitive services to deploy

• More privacy information to transport

• Service sensing for differentiated QOS

• Location sensing for LBS

• User sensing for AAA and better QOE• Collect user data

• Mine privacy information

Public 5G network

Users

AttackerEavesdrop & Hack


www.huawei.com


Future challenges and opportunities

Security operation centers / cyber defense centers

Mobile access to Cloud and DC

Smart Cities / Energy / ..

Compliance + Technologies

Big Data

Cloud – do we have enough ?

Smart Home

Car-2-Car Communications

Industry 4.0

SCM Security

Smart devices

3G / 4G / 4.5G / 5G

Internet of Things / IoT

Ge

rma

n -

DP

A

Eu

rop

ea

n –

DP

A /

GD

PR

ISO

27

00

0 t

op

ics

Da

ta S

ec

uri

ty

Wo

rk C

om

mu

nit

y @

GS

MA

, IS

F, ..

(Se

cu

rity

) C

om

pli

an

ce

Co

nti

nu

ou

s A

dvan

ced

Th

reat

Pro

tecti

on

Eff

ec

tive

Vu

lne

rab

ilit

y M

an

ag

em

en

t

Eff

ec

tive

Cyb

er

Se

cu

rity

Aw

are

ne

ss

Da

ta R

es

ide

nc

y

Se

cu

rity

re

po

rtin

g (

KP

Is, M

etr

ics)

Collected and selected from multiple sources like conference

agendas, online webcast offerings, customer Q&A sessions.

(technology) topics

CS topics / challenges

technology &

organizational

topics

Ris

k M

etr

ics t

o in

flu

en

ce

bu

sin

es

s d

ec

isio

ns

Se

cu

rity

po

lic

y a

nd

co

mp

lain

ce

ma

na

ge

me

nt

No security – No future !


www.huawei.com














• Summary



www.huawei.com


5G Security Goals-- E2E Security for Vertical Industries

Differentiated

E2E security design caters to different vertical industries

Flexibility

Flexible and high efficient E2E security deployment and adaptation.

Privacy protection

massive personal privacy data, including device identifiers, user IDs, and user preference.

Security as service

5G will continue to extend the user trust by opening up security capabilities as a service to individual users and vertical industries.

Application and Service

Security

Manager

End-to-End Security

Requirement

Key

Management

EncryptionSecurity

Protocol

Integrity

Protection

Security

Assessment

ID

Management

Trust

Module

Privacy

Protection

Security Info

& Event

ManagementIOT Network Slice

X Gbps

1ms

1MConnections/km2

End-to-End Security

Protection

End-to-End Security

Protection

End-to-End Security

Protection

Security as a Service

Security Capability

Open-up

Autonomous Driving

Network Slice

8K/Holographic

Video Network Slice


www.huawei.com


5G Security Goals – Secure Infrastructure

Diversified system level protection of IT-aware infrastructure

Identity management

Data Protection

DC

DC

DC

Central Office DC

Local DC

Region DCRAN Switch

Physical Infrastructure


www.huawei.com














• Summary



www.huawei.com


• Authentication• Two parties multi-parties:

• user, network, and service providers will be actively involved in the authentication.

• Flexible access and services authentication• authentication by carriers alone, by service alone, or by both of them.

• Identity management• Combination of device and service identity

• From device-based to user-based management

Trust

Trust

5G Network4G Network

Service

User User

Service

Network Network

Trust

5G Security Perspectives --New Trust Model and Identity Management


www.huawei.com


5G Security Perspectives--Service-oriented Security

Application and Service

End-to-End Security

Protection

End-to-End Security

Protection

End-to-End Security

Protection

End-to-End Security

Requirement

End-to-End Security

Requirement

End-to-End Security

Requirement

Network Slice Network Slice Network Slice

Build E2E securityDifferentiated security for different services

Flexible security architecture to support security attributes for different network slices

A Uniformed security management framework for multi-vendor environment

Open Up Security Capabilities ,and provide security as a Service

Isolate Virtual Network Slices


www.huawei.com


Security Assessment on 5G system:

Assessment on interfaces

Interoperable for different vendors

Assessment on network function unit

Private keys storage

Encryption/integration protection

operation

password length and its

complexity, etc

Automatic verification

Certificate granted after success

assessment

5G Security Perspectives -- Security Assessment

Security Assessment on 5G system

Unit tested by

Security

Assessment

standard

Interface

assessment

Certified unit


www.huawei.com


5G Security Perspectives --Low-Delay Mobility Security

Mission Critical ConnectivityAutonomous driving

Industrial automation and process control

Remote control

•Manufacturing•Medicine•Maintenance

Traffic intensity monitoring

Security RequirementsLow DelayUltra-High ReliableUltra-High Availability

Security TargetsBuild an efficient, lightweight, and compatible mobility security

management mechanismHigh Reliability while providing QoS guarantee with a delay not more

than 1 millisecond


www.huawei.com


Security Perspectives -- Privacy Protection

Services

• Sensing user/service information

for AAA and better service

Public 5G network

Users

Big data techniques make privacy breach easier.

• Attacker may collect user information from

multiple channels.

• Sensitive user information can be mined

from seemingly harmless user information.

The 5G network needs to manage the use of

privacy information.

• Define sensing rule clearly

• Stipulate the use, storage and deletion of

user information

The 5G network needs to provide a more

rigorous privacy protection scheme.

• Protect user information in heterogeneous

access networks

• Protect user information in network

functional entities from different vendors

• Mine privacy

information from

collected user data

AttackerCollect data


www.huawei.com


Summary

• Security and privacy protection need to be part of the system design at the beginning• Cannot be properly built as an add-on

• Security and privacy community need to start active dialog with 5G stakeholders

• High level agreement can be obtained at the current stage• Including service layers in the security and privacy protection solutions.

• Extend the hop-by-hop security to end-to-end security

• Security as services provides additional competitive strength to operators• Security is not a burden

• Security provides competitive strength in 5G

• It ‘s time for security community and other stake holders of 5G to work together and

come out a robust and proper security solution for 5G.


Thank you

Copyright©2015 Huawei Technologies Co., Ltd. All Rights Reserved.The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.

5g security: forward thinking francis... · 5g security: forward thinking david francis european...

Documents