D2.3 Risk Assessment, Requirements

This first draft of the Risk Assessment, Mitigation and Requirements deliverable mainly addresses the first two aspects, by proposing a risk assessment and mitigation approach for the selected 5G- ENSURE security use cases. This document is not investigating in this first version the intrinsic risks of new 5G infrastructure and network (which is not yet fully defined). Those investigations will be delivered in subsequent iterations of this document, in particular to address such security issues as those related to the 5G network segments and trust boundaries, 5G slicing concept (RAN and core level and interaction between slices) and issues related to the level of isolation and associated proofs needed, along with efficient remediation capabilities. This document takes the first steps towards the definition of a risk assessment and mitigation methodology to be followed for the specific task of evaluating the 5G security uses cases and architecture. Firstly we discuss and define terminology. This is essential, as common speech terminology can be quite inexact but in risk management we must be precise. We then review the state of the art in risk assessment and mitigation, understanding what existing methodology, or combination of, suits the evaluation of 5G-ENSURE proposed use cases. To understand 5G networks we must first understand the proposed architectural framework and its differences when compared to the previous 4G networks. We therefore introduce the conceptual 5G security framework proposed until the present moment within the 5G-ENSURE project (work ongoing). The Risk Management Context is then defined, looking first at the 5G assets and actors, which is followed by the identification of threats. The 5G-ENSURE risk evaluation methodology for use case analysis is also introduced with some possible approaches to risk likelihood estimation. Nevertheless, the methodology will be refined in the final version of this document (M24), after examination of each of the approaches, especially for factors such as risk severity, impact and the level of control of remediation. The core chapter provides an initial threat analysis of representative use cases defined by the 5G ENSURE project, after the threat description formalism (template) is introduced. As agreed by the 5G-ENSURE partners, the focus is made on the ‘internal’ threats in this draft document, i.e. those derived from 5G-ENSURE specific use cases are only analyzed in this first version, as they capture the very essence of security and privacy aspects of 5G networks as seen by the project. The chapter 6 gives some initial design recommendations with respect to the analyzed 5G threats. As this document is a “draft” risk assessment methodology, the next steps to be done are set out alongside the conclusions chapter. In particular, the final version of the deliverable ‘D2.3 Risk Assessment, Mitigation and Requirements’ will comprise the following parts: full threat analysis (including ‘external’ threats coming from other sources than 5G-ENSURE use cases), their categorization, prioritization with regard to severity and impact, complete mitigation and remediation recommendations, functional requirements and architectural options (towards T2.4), definition of relevant metrics for use of security monitoring, as well as penetration tests over the security testbed and gap analysis (related to WP4)

Terrestrial-satellite integration in dynamic 5G backhaul networks

This paper presents a dynamic backhaul network in order to face some of the main 5G challenges such as 100% coverage, improved capacity or reduction in energy consumption. The proposed solution, elaborated within the SANSA H2020 project, is based on the seamless integration of the satellite component in a terrestrial network capable of reconfiguring its topology according to the traffic demands. The paper highlights the benefits of this hybrid network and describes the technology enablers to bring it to the reality. Finally, the SANSA's network simulation framework based on ns3 is presented, jointly with a preliminary analysis of the routing and load balancing needs for a hybrid and dynamic network.Peer ReviewedPostprint (published version

Terrestrial-satellite integration in dynamic 5G backhaul networks

This paper presents a dynamic backhaul network in order to face some of the main 5G challenges such as 100% coverage, improved capacity or reduction in energy consumption. The proposed solution, elaborated within the SANSA H2020 project, is based on the seamless integration of the satellite component in a terrestrial network capable of reconfiguring its topology according to the traffic demands. The paper highlights the benefits of this hybrid network and describes the technology enablers to bring it to the reality. Finally, the SANSA's network simulation framework based on ns3 is presented, jointly with a preliminary analysis of the routing and load balancing needs for a hybrid and dynamic network.Peer Reviewe

5G-ENSURE - D3.2 5G-PPP security enablers open specifications (v1.0)

This document describes the open specifications of 5G Security enablers planned to compose the first software release (i.e. v1.0) of 5G-ENSURE Project due in September 2016 (M11). The enablers’ open specifications are presented per security areas in scope of the project, namely: Authentication, Authorization and Accounting (AAA), Privacy, Trust, Security Monitoring, and Network management & virtualisation isolation. For each of these categories the open specifications of all enablers planned in the project's Technical Roadmap for v1.0 and having features for v1.0 are detailed following the same template. Overall, this deliverable paves the way towards the development and demonstration of the first set of 5G-ENSURE security enablers as planned for v1.0 in the project's Technical Roadmap (i.e. D3.1). It is also a valuable input to both works on the 5G Security architecture and 5G Security testbed, since it provides the details regarding security enablers necessary in order to understand their mapping to 5G security architectural components, as well as their integration, testing, demonstration, and assessment on the 5G security testbe

5G-ENSURE - D3.1 5G-PPP security enablers technical roadmap (early vision)

This document provides an early vision (at M4) of the 5G security and privacy enablers proposed by the 5G-ENSURE project, and that are planned to be developed through two major releases: v1.0 (R1) due at M11/Sep’16 and v2.0 (R2) due at M22/Aug’17. It details the Technical Roadmap for v1.0 (R1) in terms of enablers in scope and their features, while providing insights for v2.0 (R2) enablers that will be fully detailed in an update of this deliverable (D3.5 due at M13/Nov’16) taking account of the progress and achievements made by that time. Enablers envisioned are here presented organized in categories, which represent major security areas recognized as topmost priorities for 5G-PPP & 5G Security: Authentication, Authorization and Accountability (AAA); Privacy; Trust; Security Monitoring and Network management & virtualization isolation. They are also presented following a common template covering each of the following key aspects: product vision, technology area, security aspects, security challenges, technical roadmap for first release vs. next release.In the AAA category the main focus is on 5G users’ authentication, authorization and accounting, but the contribution of the AAA enablers goes beyond the incremental improvements to security that one would expect in a next-generation network. The evolving 5G network will support an unpredictable number of devices due to the boom of Internet of Things (IoT), whose security these enablers will aim to address. Moreover, the enablers target to integrate authentication and authorization functions between satellite and terrestrial systems.The main objective of the 5G-Ensure Privacy enablers is to identify in advance 5G user privacy requirements and to provide security mechanisms able to prevent privacy violations by adopting a proactive, privacy-by-design approach. For each 5G use case, the privacy mitigation technology (e.g., anonymity by using temporary identity, access control mechanisms, new encryption system and procedures, etc.) was also investigated so as to satisfy privacy requirements. The privacy enablers aim to enhance user data protection by proposing solutions at several layers: at the network layer, as well as application layer, i.e., privacy as a service.The Trust category will provide trust models which will address the complex relationships between the many actors in 5G networks including the machine-to-machine interactions characterising the next generation networks. The trust model needs to address the different aspects of trust, between automated systems (M2Mt), between human stakeholders holding responsibilities for different parts of 5G networks, between user and network operators and between users of the network (U2Ut), trust that a human stakeholder has towards a system (U2Mt), that an automated system (machine) has in users that it interacts with.5G-ENSURE project also aims at providing new innovative solutions ensuring the highest level of security and resilience in 5G network. Mobile networks will dramatically evolve with the fifth generation of networks compared to 3/4G, in particular with new concepts and technologies such Internet of Things, infrastructure virtualization (SDN, NFV), network resource sharing, new access interfaces, dynamic network topologies, slicing and so forth. These technologies introduce new security and resilience and provide new opportunities to implement extensive and accurate security solutions. Thus, new innovative approaches to predict and counter these challenges will be considered by the category devoted to Monitoring the 5G security