securing future radio technologies in the virtualised …

ETSI Future Radio Workshop, Sophia Antipolis, 27‐28 January 2016

SECURING FUTURE RADIO TECHNOLOGIES IN THE VIRTUALISED WORLD The RRS impact on Security in Radio



Your speaker

Scott CADZOW• Director, Consultant, Security Expert, Standards developer, Pen‐tester,

Cryptanalyst (for fun), Writer/Blogger (not often), Husband, Father, Privacy standards advocate, Triathlete (barely competitive but enjoys it), Park runner

• Rapporteur of 55 ETSI standards (TETRA, NGN, HF‐UCI, MTS, AT‐D, ITS, eHEALTH, CYBER, LI, QSC)

• Chairman or vice chairman at various times of ETSI and ISO standards groups (TETRA, LI, ITS)


Setting the tone

“Real knowledge is to know the extent of one’s ignorance”, Confucius“... as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns ‐ the ones we don't know we don't know”, Donald Rumsfeld (February 2002)“He that would perfect his work must first sharpen his tools”, Confucius


Why standards?

Multi‐vendor market growth requires standards• One vendor can supply what he can manufacture and support• One open standard allows multiple suppliers, multiple supporting

organisations, greater intellectual involvement in the market

Security requirement is changing and radio is too• Increasing need to focus on holistic security taking account of changes in

platforms over the lifetime of a service• Radio platforms need to be considered as dynamic and reconfigurable• Feature sets and combinations of features will be dynamic


Role of standards

To give assurance of semantic and syntactic interoperabilityTo guide – not to prescribe – builders and developers to conformClearly indicate what is mandatory and what is optional• Ideal standards are “tight” – few options and even where options are

described their behaviour is mandated

Designed for proof of functionality• Design for Test• Design for Assurance• Design for Privacy


RRS and Security

Reconfigurable Radio Systems (RRS)• Common hardware radio platform configured by software as a radio

Security in RRS• Delivery of the Radio App (more later)• Instantiation of the App• Proof of conformance of the App to the RED

Security within Apps• Apps when running have to perform with the native security functions of

their function (e.g. LTE in an App has to look to the network like an LTE terminal)

Role of STF502 in RRS• To support the ETSI TC RRS in delivering security specifications for RRS


RRS security approach

Follows the TVRA method from ETSI TS 102 165‐1• Risk based countermeasure deployment• Takes account of open interfaces, actors, identifiable relationships (and

their cardinality), target functionality• Stems from simple use case analysis

Two (2) core documents to be prepared• Security use cases (TR 103 097 – source of much of this presentation)

• Driven from RED and impact on future radio

• Security countermeasures and architecture (WI‐DTS/RRS‐03013)• In development but covers some of the following:

• Identity management framework• Digital signature framework• Non‐repudiation framework


Root of trust and security

All security is dependent on trustCellular networks (e.g. 2G/3G) have the root of trust in the Authentication Centre of the core• Reinforced by trusted key storage and distribution through the SIM

App stores have a root of trust in the store itself• Reinforced through the Public Key Infrastructure and management used

in the digital signature of apps

Radio devices have a root of trust in the regulatory regime• The equipment the user has is trusted to conform to the regulation

Challenge is to maintain trust in the market and the devices when these are inherently dynamic in configuration


Security and RRS ‐ the use cases

From draft of TR 103 087 prepared by STF502


Expectations of apps?


Apps: The accepted view?


Radio app not an app‐store app?

Conventional view of apps?• A smartphone thing• Games, life enhancing, productivity …• Not overly serious? (getting better)

RRS view of apps?• Configuration of the platform• Delivery of radio service• Delivery of radio as a service

• Extension of existing virtualisation models (network as a service, storage as a service, processing as a service, etc.)

• Rethinking the link between radio and critical future network capability• Autonomic and virtualised networks


The target RRS environment

From discussions of RRS WG2 to be included in TR 103 087 prepared by STF502


Radio Application and Radio Application Package

The RAP is the delivery unit of RA from the Radio App Store to the RE. The RAP consists of:• The RA which contains RA codes made of UDFBs, SFBs, RC codes and

executable codes depending on the RA design choice;• Configuration metadata for the RE, including

• The RPI which is a descriptive interface detailing how the RA is structured and its sub‐components synchronised together;

• Bindings to the HAL, when applicable;• Bindings to linkable libraries, when applicable;• Pipeline configuration


The future platform

Radio platforms will changeSoftware Defined Radio Virtual Radio Machines Radio‐VMs VNFs (specifically Virtualised Radio Network Functions (VRNFs))Requirements on the hardware platform that arise• Hardware root of trust

• SIM model still dominant in subscription based telecommunications

• Wideband antenna• Radio capabilities from VRNFs will span all open radio bands

• Wideband linearization• Platform needs to be application neutral (not favour any application)


When RRS is widespread and sitting alongside VNF in the core of networks where will we be?• Can the network change the access technology?

• What will be used as the pilot channel?• Is there any interest in fully autonomic networks?

• Is the radio terminal special?• Maybe with respect to the RED• As a managed device maybe not

Does one security model support both NFV and RRS?• Maybe yes, maybe no• Authentication centre is a major function of core networks that will be

virtualised, credentials have to be distributed to end points

The future of radio networks


Evolution or revolution?

RRS can provide a platform for both evolution and revolutionEvolution is natural:• SDR RRS if the platform is stable• One platform for many SDRs• Many SDRs as RAPs co‐existing on one device• Enable/disable RAPs (SDRs?) as required• All combinations of RAP/RE conform to RED

Revolution is possible:• Radio access as part of network functionality• Multiple Radio access building into single transport and network

functional layer (MTCP is a step in this direction and designed to support WiFi and 3G for example acting in parallel to create a connection)

• On demand (by network) provisioning of radio capability


The security issues

Root of trust identification• For network centric and terminal centric security

Virtualisation of verticals into horizontal functional blocks• Not simply SDR but SDRF – Software Defined Radio Functions• Delivery of SDRFs as RAPs

Current radio security schemes not converging• ITS uses IEEE 802.16 PKCs for authentication and integrity, no

confidentiality• TETRA uses specific authentication, key management and confidentiality

mechanisms using symmetric key mechanisms with group communication at the core

• 3G and LTE use network centric AES based authentication and confidentiality

• … many other schemes in common use (802.1x, Bluetooth, ANT+, ...)


The challenge

Push RRS to centre of future radio designPush security rethinking to use a modular toolkit based on SDRFs as RAPs• Retain core concept of root of trust in the hardware platform


Are RRS and VNF converging?

Hypervisor

VNF‐C

OS

Hypervisor

Physical Network

HW RAM Storage NICsCPUsCPUs

VSw VSw

Hypervisor

OS

HW

Physical Net

VNF‐A

VNFCI

VNF‐B

RAM Stg NICsCPUs

Hypervisor

HW NICTEETPM

TEETPM

MANO

VNFCI

USER SERVICE

VNFCI VNFCI

vNICvNIC

HWNIC

MANO

USER SERVICE

LI

vNIC vNIC

USER SERVICE

TRA

NSP

ORT


RRS VNF Convergence

Is convergence useful?• Attestation: YES. Brings network functions together in a single abstract

platform

Is there a drive for such convergence?• Not yet. Very little crossover between radio and network expertise.

Are there any barriers to convergence?• Poor shared understanding of the regulatory environment (radio

regulation and network regulation not viewed as common world)


Our starting point

RRS is more than a proof of concept• The technology has been demonstrated

RRS can integrate other security models• PKI/PKC based app distribution – from many well proven sources• Secure VM distribution – from NFV domain• Linking VMs to hardware root of trust – from NFV domain• Core ideals of crypto‐agility – from many sources including ETSI’s CYBER,

QSC, NFV, from IoT, M2M, 3GPP …


The closing message

RRS is the futureRRS has embraced security as a key componentRRS offers the chance to revolutionise the future of communications in close alliance to the NFV revolution in the core of the network


Questions

securing future radio technologies in the virtualised …

Documents