SESSION ID: TECH-T10 5G Trust model: Recommendations and best practices for CSPs Srinivas Bhattiprolu Senior Director- Nokia Software @srbhatti5 #RSAC #RSAC Introduction Security paradigm of 5G 5G trust model- A few perspectives Best practices, recommendations & select case studies Conclusions & Apply the learnings #RSAC Introduction Security paradigm of 5G 5G trust model- A few perspectives Best practices, recommendations & select case studies Conclusions & Apply the learnings #RSAC The Real Value of 5G Value of 5G 5G target markets eMBB focused on consumers eMBB+ beyond consumers Beyond eMBB and telecom Different QoS to sell services beyond connectivity New value chains and value creation 5G Business approach 5G business enablers ‘One’ network serving different connectivity requirements Business risk Foundational 4 Unique & differentiated #RSAC # of Security Safeguards & Events 5G is a transformation journey – preparations needs to start today From 4G Security to 5G Security through combination of technologies 5G Network slicing, 5G+LTE, Cloud optimized converged networks Radio evolution 2G, 3G, 4G, 5G, Transport network evolution 5G Core & RAN distribution Cloud Infra & Cloud core & Cloud RAN (RU; DU and CU) Creating the Programmable World Technology evolution 5 #RSAC Introduction Security paradigm of 5G 5G trust model- A few perspectives Best practices, recommendations & select case studies Conclusions & Apply the learnings 5G use cases & services have demanding, diverse and dynamic requirements Network Requirements DL UL Network Latency Reliability Cost Sensitivity Security Mobile Broadband 100300M 10-50M 15-25ms Medium Medium Medium Fixed Wireless Access 1-5G 100-200M 1-20ms High High Medium Industries Consumers Use-Case Event experience 1-100M 1-5G 1-5ms Medium Medium Medium In-vehicle Infotainment 5-100M 1k-1M 1-20ms Medium Medium Medium Critical automation 1M 1-10M 1-5ms Very high Low Very High Tele-operation 1M 1-10M 1-25ms Very high Low Very-High 5-100M 1-100M 1-10ms High Medium High 1k-1M 1k-1M 200500ms Low Very High MediumHigh Highly interactive AR Mass sensor arrays 7 Data Volume 1000x 10Gb/s/km210 Tb/s/km2 Network Latency 10x 10ms1ms Reliability +90% 45 9’s 5G Peak Rates 100x 100Mbps10Gbps Mobility 500km/h LTE IoT Density 1000x Service Intro -93% 1K1M/km2 90 days  90 min BTS Energy -80% (idle, no connected users) #RSAC #RSAC Security landscape is changing Today Mostly bare metal networks, with security measures primarily based upon • • • • • 3GPP defined mechanisms Perimeter security, Network zoning and Traffic separation Secure operation and maintenance Reactive Security Measures Network Element security What is Coming in 5G realm? • Complex ecosystem with multiple stakeholders requires trusted and trouble-free interaction between them • Migration to NFV/SDN introduces new security challenges • Need for flexible security measures depending on use case • Growing influence of availability and integrity of network service on human security or even life …and escalating cybersecurity threats and breaches Compliance mandates GDPR fines can cost billions for large global companies 8 ? ? ? Skills shortage Too many tools 1.8 million too many By 2022, there will be unfulfilled cybersecurity positions Organizations are using tools from too many vendors #RSAC Architecture view: 5G security operations requirements for CSPs Security operations Network Slice Security Devices and things Access site Edge site Central site Apps/ content Apps/ content NW slices Device security Cloud/core security Network access/transport security 9 #RSAC Introduction Security paradigm of 5G 5G trust model- A few perspectives Best practices, recommendations & select case studies Conclusions & Apply the learnings From LTE to 5G: Adopting New Networking Paradigms LTE 5G 11 #RSAC #RSAC 3GPP standard Security Architecture 4G vs 5G, a brief comparison 4G (LTE) Security UE is authenticated by 2 methods: a. LTE AKA on LTE access and; b. EAP AKA’ on Wifi access. Roaming: No authentication confirmation to Home network MME is considered a trusted node in the authentication process. 5G Security Access agnostic security- network authenticate UE: Either 5G AKA or EAP AKA’ regardless of access type. An authentication confirmation is sent to the Home AUSF, when UE gets authenticated