D2.3 Risk Assessment, Requirements

This first draft of the Risk Assessment, Mitigation and Requirements deliverable mainly addresses the first two aspects, by proposing a risk assessment and mitigation approach for the selected 5G- ENSURE security use cases. This document is not investigating in this first version the intrinsic risks of new 5G infrastructure and network (which is not yet fully defined). Those investigations will be delivered in subsequent iterations of this document, in particular to address such security issues as those related to the 5G network segments and trust boundaries, 5G slicing concept (RAN and core level and interaction between slices) and issues related to the level of isolation and associated proofs needed, along with efficient remediation capabilities. This document takes the first steps towards the definition of a risk assessment and mitigation methodology to be followed for the specific task of evaluating the 5G security uses cases and architecture. Firstly we discuss and define terminology. This is essential, as common speech terminology can be quite inexact but in risk management we must be precise. We then review the state of the art in risk assessment and mitigation, understanding what existing methodology, or combination of, suits the evaluation of 5G-ENSURE proposed use cases. To understand 5G networks we must first understand the proposed architectural framework and its differences when compared to the previous 4G networks. We therefore introduce the conceptual 5G security framework proposed until the present moment within the 5G-ENSURE project (work ongoing). The Risk Management Context is then defined, looking first at the 5G assets and actors, which is followed by the identification of threats. The 5G-ENSURE risk evaluation methodology for use case analysis is also introduced with some possible approaches to risk likelihood estimation. Nevertheless, the methodology will be refined in the final version of this document (M24), after examination of each of the approaches, especially for factors such as risk severity, impact and the level of control of remediation. The core chapter provides an initial threat analysis of representative use cases defined by the 5G ENSURE project, after the threat description formalism (template) is introduced. As agreed by the 5G-ENSURE partners, the focus is made on the ‘internal’ threats in this draft document, i.e. those derived from 5G-ENSURE specific use cases are only analyzed in this first version, as they capture the very essence of security and privacy aspects of 5G networks as seen by the project. The chapter 6 gives some initial design recommendations with respect to the analyzed 5G threats. As this document is a “draft” risk assessment methodology, the next steps to be done are set out alongside the conclusions chapter. In particular, the final version of the deliverable ‘D2.3 Risk Assessment, Mitigation and Requirements’ will comprise the following parts: full threat analysis (including ‘external’ threats coming from other sources than 5G-ENSURE use cases), their categorization, prioritization with regard to severity and impact, complete mitigation and remediation recommendations, functional requirements and architectural options (towards T2.4), definition of relevant metrics for use of security monitoring, as well as penetration tests over the security testbed and gap analysis (related to WP4)

Terrestrial-satellite integration in dynamic 5G backhaul networks

This paper presents a dynamic backhaul network in order to face some of the main 5G challenges such as 100% coverage, improved capacity or reduction in energy consumption. The proposed solution, elaborated within the SANSA H2020 project, is based on the seamless integration of the satellite component in a terrestrial network capable of reconfiguring its topology according to the traffic demands. The paper highlights the benefits of this hybrid network and describes the technology enablers to bring it to the reality. Finally, the SANSA's network simulation framework based on ns3 is presented, jointly with a preliminary analysis of the routing and load balancing needs for a hybrid and dynamic network.Peer ReviewedPostprint (published version

Terrestrial-satellite integration in dynamic 5G backhaul networks

This paper presents a dynamic backhaul network in order to face some of the main 5G challenges such as 100% coverage, improved capacity or reduction in energy consumption. The proposed solution, elaborated within the SANSA H2020 project, is based on the seamless integration of the satellite component in a terrestrial network capable of reconfiguring its topology according to the traffic demands. The paper highlights the benefits of this hybrid network and describes the technology enablers to bring it to the reality. Finally, the SANSA's network simulation framework based on ns3 is presented, jointly with a preliminary analysis of the routing and load balancing needs for a hybrid and dynamic network.Peer Reviewe

5G-ENSURE - D2.2 Trust model (draft)

Trust is a response to risk. A decision to trust someone (or something) is a decision to accept the risk that they will not perform as expected. To manage risk in a socio-technical system such as a mobile network we need to understand what trust decisions are being made, the consequences of those trust decisions and we need information on the trustworthiness of other parties in order to make better decisions.New business models and new domains of operation in 5G networks facilitated by network function virtualisation and software defined networking bring increased dynamicity compared to 4G and an increase in the number of stakeholders and associated trust relationships. New relationships bring new risks that must be understood and controlled and in a system as complex as 5G this implies the need for a trust model which can model the system, highlight potential risks and demonstrate the effect of adding controls or changing the design.This document takes the first steps towards such a trust model. Firstly we discuss and define terminology. This is essential, as in common speech terminology can be quite muddled but in trust modelling we must be precise. We then review the state of the art in trust modelling, firstly looking at human trust factors (as humans are essential components of 5G network scenarios), understanding how humans make decisions on whether to trust or not when dealing with other humans and when dealing with machines. Secondly we review work on machine trust: machines of course only follow the instructions given to them through their software code by humans, but we review what the options are and the indicators for trustworthiness of other entities, whether they are humans or machines. Finally we look at trust and trustworthiness by design techniques which we recommend for use both during the design of 5G and when changing the design of a 5G deployment by adding or removing elements.To understand 5G networks we must first understand 4G networks, and this is what is covered in the next chapter, looking first at the actors and business models of 4G (including where they touch on satellite services) and then extracting the trust aspects of the 4G network. Following this we review how the actors and business models are expected to change as we move to 5G, bringing in new domains and new opportunities for operators (both terrestrial and satellite). Here we also review the majority of the 5G use cases identified by 5G-ENSURE in an earlier document, identifying the entities involved and the trust issues in each one.The final chapter brings all this information together to firstly discuss privacy aspects, then analyse the relationships between 4G stakeholders (demonstrating surprising complexity even there) and finally lay out a proposed approach for the work in 5G-ENSURE which will culminate in a machine understandable trust model able to assist stakeholders in managing risk.As this document is a “draft” trust model, the next steps to be done are set out alongside the conclusions

5G-ENSURE - D2.1 Use Cases

This document describes a number of use cases illustrating security and privacy aspects of 5G networks. Based on similarities in technical, service and/or business-model related aspects, the use cases are grouped into use case clusters covering a wide variety of deployments including, for example, the Internet of Things, Software Defined Networks and virtualization, ultra-reliable and standalone operations. The use cases address security and privacy enhancements of current networks as well as security and privacy functionality needed by new 5G features. Each use case is described in a common format where actors, assumptions and a sequence of steps characterising the use case are presented together with a short analysis of the security challenges and the properties of a security solution. Each use case cluster description is concluded with a “5G Vision” outlining the associated enhancements in security and privacy anticipated in 5G networks and systems. A summary of the 5G visions and conclusions are provided at the end of the document

5G-ENSURE D3.4: 5G-PPP Security Enablers Documentation (v1.0)

This document contains the manuals of the first software releases of the 5G security enablers that are developed within the 5G-ENSURE project. Each enabler has its own separate manual, which comprises the following three main parts: (1) an installation and administration guide, (2) a user and programmer guide,and (3) a description of unit tests for the enabler’s software. The enablers’ manuals are an important input for the enablers’ deployment in the project’s testbed (WP4), where the enablers will be analyzed and evaluated.Note that the software of the project’s security enablers is part of the accompanying deliverable D3.3 “5GPPP security enablers sw release (v1.0): reference implementations for the first set of the enablers.” Both deliverables D3.3 and D3.4 complete the prior WP3 deliverables of the first year of the project, namely, D3.1 “5G-PPP security enablers technical roadmap (early vision)” and D3.2 “5G-PPP security enablers open specifications (v1.0)”

5G-ENSURE - D3.2 5G-PPP security enablers open specifications (v1.0)

This document describes the open specifications of 5G Security enablers planned to compose the first software release (i.e. v1.0) of 5G-ENSURE Project due in September 2016 (M11). The enablers’ open specifications are presented per security areas in scope of the project, namely: Authentication, Authorization and Accounting (AAA), Privacy, Trust, Security Monitoring, and Network management & virtualisation isolation. For each of these categories the open specifications of all enablers planned in the project's Technical Roadmap for v1.0 and having features for v1.0 are detailed following the same template. Overall, this deliverable paves the way towards the development and demonstration of the first set of 5G-ENSURE security enablers as planned for v1.0 in the project's Technical Roadmap (i.e. D3.1). It is also a valuable input to both works on the 5G Security architecture and 5G Security testbed, since it provides the details regarding security enablers necessary in order to understand their mapping to 5G security architectural components, as well as their integration, testing, demonstration, and assessment on the 5G security testbe

5G-ENSURE - D3.1 5G-PPP security enablers technical roadmap (early vision)

This document provides an early vision (at M4) of the 5G security and privacy enablers proposed by the 5G-ENSURE project, and that are planned to be developed through two major releases: v1.0 (R1) due at M11/Sep’16 and v2.0 (R2) due at M22/Aug’17. It details the Technical Roadmap for v1.0 (R1) in terms of enablers in scope and their features, while providing insights for v2.0 (R2) enablers that will be fully detailed in an update of this deliverable (D3.5 due at M13/Nov’16) taking account of the progress and achievements made by that time. Enablers envisioned are here presented organized in categories, which represent major security areas recognized as topmost priorities for 5G-PPP & 5G Security: Authentication, Authorization and Accountability (AAA); Privacy; Trust; Security Monitoring and Network management & virtualization isolation. They are also presented following a common template covering each of the following key aspects: product vision, technology area, security aspects, security challenges, technical roadmap for first release vs. next release.In the AAA category the main focus is on 5G users’ authentication, authorization and accounting, but the contribution of the AAA enablers goes beyond the incremental improvements to security that one would expect in a next-generation network. The evolving 5G network will support an unpredictable number of devices due to the boom of Internet of Things (IoT), whose security these enablers will aim to address. Moreover, the enablers target to integrate authentication and authorization functions between satellite and terrestrial systems.The main objective of the 5G-Ensure Privacy enablers is to identify in advance 5G user privacy requirements and to provide security mechanisms able to prevent privacy violations by adopting a proactive, privacy-by-design approach. For each 5G use case, the privacy mitigation technology (e.g., anonymity by using temporary identity, access control mechanisms, new encryption system and procedures, etc.) was also investigated so as to satisfy privacy requirements. The privacy enablers aim to enhance user data protection by proposing solutions at several layers: at the network layer, as well as application layer, i.e., privacy as a service.The Trust category will provide trust models which will address the complex relationships between the many actors in 5G networks including the machine-to-machine interactions characterising the next generation networks. The trust model needs to address the different aspects of trust, between automated systems (M2Mt), between human stakeholders holding responsibilities for different parts of 5G networks, between user and network operators and between users of the network (U2Ut), trust that a human stakeholder has towards a system (U2Mt), that an automated system (machine) has in users that it interacts with.5G-ENSURE project also aims at providing new innovative solutions ensuring the highest level of security and resilience in 5G network. Mobile networks will dramatically evolve with the fifth generation of networks compared to 3/4G, in particular with new concepts and technologies such Internet of Things, infrastructure virtualization (SDN, NFV), network resource sharing, new access interfaces, dynamic network topologies, slicing and so forth. These technologies introduce new security and resilience and provide new opportunities to implement extensive and accurate security solutions. Thus, new innovative approaches to predict and counter these challenges will be considered by the category devoted to Monitoring the 5G security

5G-ENSURE - 5G enablers for network and system security and resilience

Deliverable D3.5 is the update of the 5G-ENSURE security enablers Technical Roadmap previously delivered (i.e. D3.1). Compared to previous deliverable which was only detailing the features of 5G security enablers in scope of the first release (i.e. v1.0 (R1) released on M11/Sep’16), D3.5 is more complete in the sense it provides all the details regarding enablers (either in continuation or fully new) in scope of the second (also last) release (v2.0 (R2) due at M22/Aug’17) detailing for each of them the targeted features, while showing excellent coverage they have, individually but most importantly conjointly, with respect use cases identified.Overall D3.5 paves the way towards the second wave of 5G security enablers to be specified and then for most of them be software released by end of the project as part of v2.0.It also contributes to further advance 5G Security Vision within 5G-PPP community and beyond