global vice-president, cybersecurity & privacy huawei technologies · 2019-11-20 · $2...
TRANSCRIPT
5G
Mika Lauhde
Global Vice-President, Cybersecurity & Privacy
Huawei Technologies
...and Cybersecurity demystified
Architecture
SlicingAbility Required
Connections
1,000,000 Connections
Per Km2
Mobility
500 km/hHigh-speedRailway
Throughput
10G bpsPer
Connection
Latency
1 msE2E
Latency
5G
30~50ms 600Mbps 10K 350Km/h InflexibleLTE
GA
P 30~50x 16x 100x 1.5x NFV/SDN
What is 5G?
Where 5G is coming??...
TOP5 2018 EU Industrial R&D Investment Scoreboard
No.15G Core standard proposals (3045),ranked first in
security contributions
R&D Investment from 2009 to 2018, >10%
of annual revenues$74
billion+
Source: Iplytics
Gmbh
0 2000 4000 6000 8000 10000 12000
Inter Digital
China Mobile
Alcatel-Lucent
NEC
MediaTek
NTT Docomo
CATT
LG
Intel
ZTE
Samsung
Qualcomm
Nokia
HiSilicon
Ericsson
Huawei
TOP Contributors to the 5G Standard
No.160 commercial 5G contracts, 32+ in Europe, 140 000
base stations shipped
Operation Security
Ap
plicatio
n
Security
Equipment Security
Deployment Security
Base Band UnitRadio Resource Unit
Core Network
UR
LLCm
MTC
eMM
B
5GC
Op
erator
Standard Security
Encryption algorithm
Authentication mechanism
User privacy protection
Sup
plier
Servicep
rovid
erClie
nt
Central Processing UnitActive Antenna Unit
Why standard-wise 5G is the most secure mobile network
“I Love You”
¥#*& ¥#*& ¥#*& ¥#*&
5GC
gNB gNB
“I Love You”
E2E Encryption,Keeping Your Privacy
Security, We Do Together Security, We Do More
4G 5G
128
256bit encryption,
CAN NOT decrypted
Governmentlegislation and regulations
Vertical Industryservice security
ICT Supplierssafe, compliant technology
Standard Organizationsrequirements & standard
Operatorssecure and resilient network
IndependentCybersecurity Lab
Customer/3rd-Party
Evaluation
TransparencyCenter
Industry Certification
35 Certificates NESAS
We are the most inspected, reviewed, audited company in the world
$2 Billions software engineering transformation
“Many Hands”and “Many Eyes”
Verification
0
5
10
15
20
25
30
35
2018 2019 2020 2021 2022 2023 2024 2025
Network Traffic Consumption(GB/Month/User)
Limit of 4G Network(Capacity on Current Grid)
Traffic Growth(40% CAGR)160% Network Densification
Required to serve Traffic requirements
Source: BCG
Making 5G Cybersecurity commercially feasible
0
1
2
3
4
5
2018 2019 2020 2021 2022 2023 2024 2025
4G Only
5G
Average Cost per User (Indexed)
Source: BCG
Reference2013-2019
1.0x
4G Only
1.0x
5G (100MHz with 64T64R)
1.0x
+202% +47%
1.0x
1.0x5.2x
1.7x
2.2x
1.2x1.0x
3.0x
1.6x
60%
Average Yearly Network Spend 2020-2025 (Indexed)
Source: BCG
Average Network Spend 2020-2025 (Indexed to 2013-2018)
Source: BCG
1.6x
3.0x
1.8x
5.0x
1.4x 1.4x 1.5x1.7x
25%4.8x
30%6.3x
40%10.5x
50%17.1x
Traffic CAGRTraffic Multiple
7
Energy saving solution
However, the we understand also thread lanscape
Safety/Privacy Critical Scenarios
Cloudification
Distributed Architecture
Multi-Tenancy (B2B Network Sharing e.g. MVNO)
5G & Legacy Technologies
Machine 2 Machine & IoT
Introduces new threats and increases the attack surface (e.g. CSA/ENISA/NIST Top Threats)
MEC, SBA increase complexity due to the decompiling of network services/functions.
eHealth, Autonomous Driving, Smart Factory, … , compromised networks may result in loss of life.
Slicing end to end chunks of the networks for MVNO and large enterprises, increases the risk for unauthorized access, abuse and data leaks.
2G/3G/4G technologies will co-exist with 5G networks ~5-10 years, exposing downgrade, bypass attack vectors.
IoT devices offer only weak identity/security capabilities, Hard to govern/ control and often include vulnerabilities which allow them to be used as DDoS / Bot networks.
...and we understand our role in this ecosystemProtect Detect Respond/RecoverIdentify
Transmission
BBU
RRU
NEF NRF UDM PCF
SEPP
AMF SMF AUSF
UPF UPF/MEC
3-plane Isolation
Built-in firewall
Authentication
RAN Domain:
• User Data leakage
• DDoS attack Transport Security Malicious Signaling Detection
DDoS Detection (Overload)
Common ICT NE Threats
• Illegal access
• Malicious software
implanting
• Data tamper /leakage
• DDoS attack
• O&M Security Threat
Standard
definition
Huawei
enhancement
Core Network Domain:
• SBA security threats
• Roaming security threats
• Lawful interception threats
• Slice security threats
• MEC security threats
• Illegal device accessSlice resource isolation
KPIs monitoring (throughput and delay).
Slice authentication
5G Access Authentication
Service security auditService access authorization
Slice key
Topology hiding
Signaling audit
Application layer security
Cloud Infra. Threats:
• Cloud OS/Storage/Network
• Application
Air Interface Encryption & Integrity Protection
Digital Signature, Secure Boot and DIM
Hardware RoT and HSM
Anonymization
IPsec TLS//SSH
E2E Data lifecycle Security Protection
VNF/Application hardening
Automatic security policy
Vulnerabilities Management
Intrusion detection
Big data security and correlation analysis
Slice resource reserve
Communication encryption
Target encryption
Software security
ACL blocking
VM migration
VM rebuilding
Periodic VM restoration
Blacklist and whitelist
Access control
Flow control
Network isolation
Remote attestation
Configuration correction
Account disabling
Patch/upgrade
Port disable
Configuration rollback
Data recovery
Multi-layer Isolation Mechanisms
System hardening
10
Building national trust for 5G
11
Transparency and education
• 30 years journey with operators• 10 years journey with goverments and cybersecurity experts• Local competence and transparency centers with competence transfer• Building new ”de facto” for European cyber security
12
Huawei in CR and EU – security and compliance
• Huawei Technologies (Czech) s.r.o. is Czech company • Huawei follows Czech and European laws (ISO 27 001 and GDPR)• Huawei has no serious security incident for 30 years (15 years in CR)• Huawei supports EC framework of standardization and certification• Huawei and operators roles: Huawei does not own any network and does not
operate any subscriber data
13
Recommendation for CR – economy and cooperation
• 5G = acceleration of digital economy• The Czech Republic should closely cooperate with all vendors – Germany, etc.
(vendor agnostic approach)• NUKIB, NRAs and state bodies should communicate with all vendor very closely and
on the regular basis (example: Brussels security center)• The Czech Republic should establish and develop platform to execute 5G
advantages opportunities: Ministry of Industry and Trade, NRAs (CTO, NUKIB), universities, industry (ICT Union, Czech Chamber of Commerce), operators, vendors
14
THANK YOU