5G-ENSURE - D2.2 Trust model (draft)

Trust is a response to risk. A decision to trust someone (or something) is a decision to accept the risk that they will not perform as expected. To manage risk in a socio-technical system such as a mobile network we need to understand what trust decisions are being made, the consequences of those trust decisions and we need information on the trustworthiness of other parties in order to make better decisions.New business models and new domains of operation in 5G networks facilitated by network function virtualisation and software defined networking bring increased dynamicity compared to 4G and an increase in the number of stakeholders and associated trust relationships. New relationships bring new risks that must be understood and controlled and in a system as complex as 5G this implies the need for a trust model which can model the system, highlight potential risks and demonstrate the effect of adding controls or changing the design.This document takes the first steps towards such a trust model. Firstly we discuss and define terminology. This is essential, as in common speech terminology can be quite muddled but in trust modelling we must be precise. We then review the state of the art in trust modelling, firstly looking at human trust factors (as humans are essential components of 5G network scenarios), understanding how humans make decisions on whether to trust or not when dealing with other humans and when dealing with machines. Secondly we review work on machine trust: machines of course only follow the instructions given to them through their software code by humans, but we review what the options are and the indicators for trustworthiness of other entities, whether they are humans or machines. Finally we look at trust and trustworthiness by design techniques which we recommend for use both during the design of 5G and when changing the design of a 5G deployment by adding or removing elements.To understand 5G networks we must first understand 4G networks, and this is what is covered in the next chapter, looking first at the actors and business models of 4G (including where they touch on satellite services) and then extracting the trust aspects of the 4G network. Following this we review how the actors and business models are expected to change as we move to 5G, bringing in new domains and new opportunities for operators (both terrestrial and satellite). Here we also review the majority of the 5G use cases identified by 5G-ENSURE in an earlier document, identifying the entities involved and the trust issues in each one.The final chapter brings all this information together to firstly discuss privacy aspects, then analyse the relationships between 4G stakeholders (demonstrating surprising complexity even there) and finally lay out a proposed approach for the work in 5G-ENSURE which will culminate in a machine understandable trust model able to assist stakeholders in managing risk.As this document is a “draft” trust model, the next steps to be done are set out alongside the conclusions

5G-ENSURE - D2.1 Use Cases

This document describes a number of use cases illustrating security and privacy aspects of 5G networks. Based on similarities in technical, service and/or business-model related aspects, the use cases are grouped into use case clusters covering a wide variety of deployments including, for example, the Internet of Things, Software Defined Networks and virtualization, ultra-reliable and standalone operations. The use cases address security and privacy enhancements of current networks as well as security and privacy functionality needed by new 5G features. Each use case is described in a common format where actors, assumptions and a sequence of steps characterising the use case are presented together with a short analysis of the security challenges and the properties of a security solution. Each use case cluster description is concluded with a “5G Vision” outlining the associated enhancements in security and privacy anticipated in 5G networks and systems. A summary of the 5G visions and conclusions are provided at the end of the document