INtelligent Security and PervasIve tRust for 5G and Beyond

The 5G long term vision is to “turn the network into an energy-efficient distributed computer that enables agile and dynamic creation, move and suppression of processes and services in response to changing customer demands and information flows, …”. To make this vision a reality, a shift towards a full automation of network and service management and operation is a necessity. However, a major challenge facing full automation is the protection of the network and system assets against potential cybersecurity risks introduced by the unprecedented evolving 5G threat landscape. Indeed, the risk going along with full automation is that a small isolated error or attack could get broadly and rapidly replicated, putting the entire critical ecosystem (multi-party/tenant/technologies) into peril.

The communications infrastructure is essential for the functioning of a society and its economy, even more so since all the other critical infrastructures largely depend on it, including energy and water production and distribution, transports, health, public services, defence and finance. Its importance will grow exponentially with the advent of new 5G services that introduce massive and/or real-time M2M and IoT communications. Today, even short outages of the communications can have important negative impacts on society. These failures are due to natural causes, malfunctioning but also to deliberate cyber-attacks.
The objective of INSPIRE-5Gplus is to make a revolutionary shift in the 5G and beyond security vision by progressing 5G Security and by devising a smart, trustworthy and liability-aware 5G security platform for future connected systems, while contributing to its realization.

After an assessment of the status of 5G security assets and future trends, security requirements for 5G networks and a threat landscape that have been defined and monitored during the project. 23 use cases based on the business and technical requirements on 5G security have been defined. The following advancements have been achieved by INSPIRE-5Gplus:
• Definition of a High Level Architecture (HLA) of a zero-touch end-to-end smart network and service security management framework that empowers not only protection but also addresses trustworthiness and liability in managing 5G network infrastructures across multiple domains.
• Definition of a set of security enablement technologies, having the potential to significantly contribute to 5G security evolution. Examples are Trusted Execution Environments, DLT, Liability and Root Cause Analysis, enablements related to network automation & zero touch management, SSLAs, and Multi-Domain security policies management.
• Specification and development of a set of enablers for the automatic and autonomic end-to-end and multi-domain security management based on security policies, SSLAs, optimisation of orchestration, the provisioning, and the chaining of virtualised security functions, micro-services, and virtualised network functions. AI and ML based methods and techniques have been developed to optimise and autonomies each of the prediction, detection, and mitigation processes in ZSM closed loops.
• Mechanisms to ensure trust in virtual networks, platforms, and functions, such as the use of certification techniques or Proof Of Transit or managing the trust in slices through the use of a blockchain. Liability mechanisms have also been explored and implemented in the same context, such as Root Cause Analysis in virtualized infrastructure or deep attestation which enables attesting the state of a system having multiple levels (HW, VM).
• Specification and development of examples of ZSM security management closed loops supporting proactive and reactive capabilities as well as trust and liability management in a multi-domain context.
• Definition of three demonstrators providing a complete implementation and validation of the High-Level Architecture capabilities based on validated KPIs.
• An integration and verification platform composed of 11 domains for developing and testing purposes.
• KPIs for security, trust and liability, and their relationship with the 5G PPP KPIs have been defined with a baseline of assessment criteria to be fulfilled by the INSPIRE-5Gplus enablers.
• The results of INSPIRE-5Gplus have been published in 45 conference and 20 journal papers, presented in several industrial events, and provided contributions for various standardisation bodies such as IETF/IRTF and ETSI.
• Business models for the project assets and solutions have been defined with an analysis of beneficial impact on SMEs, and transfer actions of the results to the business lines of industrial partners. A majority of the results will be exploited following an open-source model, which improves the adoption of the implemented security architecture by academia, SMEs and industry.

INSPIRE-5Gplus has investigated 5G security drivers, such as software-defined models and tools to improve automation, dynamism, and optimization of detection, management of security or its enforcement. For example, significant progress has been achieved on building blocks related to end-to-end ZSM security orchestration, SSLA management, and brokering for secure slicing. Significant extensions were made to the prediction, protection, detection, and mitigation closed loop with new paradigms using AI, ML, and data analytics such as DDoS detection using AI, proactive defence using MTD (Moving Target Defence), ML-driven binary vulnerability detection (for VNFs) as well as detection of malicious VM or container, investigation of possible adversarial Attacks against AI/ML techniques and their impact on security of 5G and beyond networks, and the design of the decision engine based on AI that relies on data analytics and an intelligent automated security policy orchestration.
All these were implemented in security enablers and a set of models, necessary for achieving dynamic and automated security orchestration in virtualised and software defined networking environments.
The analysis of duality between trust and liability concepts has led to the identification of trust mechanisms and techniques to address threats and risks related to trust with a set of models and mechanisms for enabling liable end-to-end delivery and operation of 5G services. Methods and solutions to manage them in a multi-domain, multi-party, and multi-tenant context have been defined leading to innovative trust and liability enablers.
INSPIRE-5Gplus has actively contributed to joint 5G PPP Programme activities with participation to 9 working groups. INSPIRE-5Gplus introduced new opportunities for security vendors and service models based on Security as a Service and Software Defined Security, and new models ensuring Security and Service Level Agreements. They contribute to the strategic impacts of defining a 5G network security architecture and of core technological components, adaptability of security to dynamic and intensive communication infrastructures, solutions for the security, and trust and liability management of multi-tenant/ multi-domain virtualised networks, and novel business models enabling security, trust and liability. In addition, INSPIRE-5Gplus addresses important societal issues by greatly improving security and trust that is needed to obtain the safety and privacy of citizens; ensure the security of the society and its organisations.