Skip to main content

INtelligent Security and PervasIve tRust for 5G and Beyond

Periodic Reporting for period 1 - INSPIRE-5Gplus (INtelligent Security and PervasIve tRust for 5G and Beyond)

Reporting period: 2019-11-01 to 2021-04-30

The 5G long term vision is to “turn the network into an energy-efficient distributed computer that enables agile and dynamic creation, move and suppression of processes and services in response to changing customer demands and information flows, …”. To make this vision a reality, a shift towards a full automation of network and service management and operation is a necessity. However, a major challenge facing full automation is the protection of the network and system assets against potential cybersecurity risks introduced by the unprecedented evolving 5G threat landscape. Indeed, the risk of full automation is the ability to replicate a small isolated error or attack broadly and rapidly, putting the entire critical ecosystem (multi-party/tenant/technologies) into peril.

The communications infrastructure is essential for the functioning of a society and its economy, even more so since all the other critical infrastructures largely depend on it, including energy and water production and distribution, transports, health, public services, defence and finance. Its importance will grow exponentially with the advent of new 5G services that introduce massive and/or real-time M2M and IoT communications. Today, even short outages of the communications can have important negative impacts on society. These failures can be due to natural causes, malfunctioning but also due to deliberate cyber-attacks.
The objective of INSPIRE-5Gplus is to make a revolutionary shift in the 5G and beyond security vision by progressing 5G Security and by devising a smart, trustworthy and liability-aware 5G security platform for future connected systems, while contributing to its realization. To perform such advancements, two main approaches are followed: 1) leveraging existing assets such as Trusted Execution Environments (TEEs), Remote Attestation, and end-to-end liability management, and 2) introducing novel solutions/paradigms exploiting the potential of new trends including zero-touch management (ZTM), SD-SEC models, AI/ML techniques, and Blockchains. Through its objectives, INSPIRE-5Gplus will deliver unique assets to achieve intelligent and trusted multi-tenancy across infrastructure whilst also improving the control of systems and vulnerabilities.
A first assessment of the current status of 5G security assets and future trends of 5G security has been performed in the following areas: Smart (intelligent / adaptive / flexible) 5G Security and liability aware trusted 5G security. In addition to that, a threat landscape and security requirements for 5G networks have been established with a collection of business requirements on 5G security and an identification of related 21 use cases (UCs). Based on these results, the following advancements have been achieved:
• Identification of a set of architectural functional requirements based on the identified UCs.
• Definition of a High Level Architecture (HLA) of a zero-touch end-to-end smart network and service security management framework that enables not only protection but also addresses trustworthiness and liability in managing 5G network infrastructures across multiple domains.
• Identification of the security enablement technologies having the potential to significantly contribute to 5G security evolution. Example of explored enablements: Trusted Execution Environments, Distributed Ledger Technologies, Liability and Root Cause Analysis, enablements related to network automation & zero touch management, SSLAs, and Multi-Domain security policies management.
• Identification of security enablers and assets from previous projects on which future 5G may leverage for security as well as a set of novel advanced enablers.
• Nine security test cases (TCs) have been selected to demonstrate the INSPIRE-5Gplus enablers.
• INSPIRE-5Gplus KPIs for security, trust and liability, and their relationship with the 5GPPP KPIs have been defined with a baseline of assessment criteria which should be fulfilled by the enablers of the INSPIRE-5Gplus.
• An integration and verification environment, whose objective is to integrate and verify the nine TCs is available.
INSPIRE-5Gplus has investigated 5G security drivers, such as software-defined models and tools to improve automation, dynamism, and optimization of detection, management of security or its enforcement. For example, significant progress has been achieved on the design and building blocks related to end-to-end ZSM security orchestration, SSLA management, and brokering for secure slicing. The consortium has also worked on significant extensions to the prediction, protection, detection, and mitigation closed loop with new paradigms using AI, ML, and data analytics such as DDoS detection using AI, proactive defence using MTD (Moving Target Defence), ML-driven binary vulnerability detection (for VNFs) as well as detection of malicious VM or container, investigation of possible adversarial Attacks against AI/ML techniques and their impact on security of 5G and beyond networks, and the design of the decision engine based on AI that relies on data analytics and an intelligent automated security policy orchestration.
All these advancements are implemented in innovative security enablers and a set of models that are necessary for achieving dynamic and automated security orchestration in virtualised and software defined networking environments.
The analysis of duality between trust and liability concepts has led to the identification of the trust mechanisms and techniques to address threats and risks related to trust with a set of models and mechanisms for enabling liable end-to-end delivery and operation of 5G services. Methods and solutions to manage trust and liability in a multi-domain, multi-party, and multi-tenant context have also been defined leading to innovative trust and liability enablers.
INSPIRE-5Gplus has achieved strong presence at 5G PPP level with participation to nine working groups. Relevant contributions have been proposed to major standardisation bodies in the telecom and communication area, such as ETSI, ITU, IETF, and IEEE. 32 papers have been accepted or published, and many events (workshops, conferences and webinars) have been organized. Individual and joint exploitation plans have been defined detailing innovative features, market potential, and IPR issues. All these advancements contribute to the following strategic impacts: definition of security 5G network architecture and of core technological components, adaptability of security to dynamic and intensive communication infrastructures, solutions for the security, trust and liability management of multi-tenant/ multi-domain virtualised networks, and novel business models enabling security, trust and liability. In addition, INSPIRE5Gplus addresses important societal issues by greatly improving security and trust that are needed to obtain the safety and privacy of citizens; ensure the security of the society and its organisations; and, obtain the acceptance of the new applications that will improve the way of life and the correct functioning of all the EU institutions.