Skip to main content
Experiment on security features of multi-provider mobile network infrastructure

Project Coordinator (EU) :

Warsaw University of Technology

Country of the EU Coordinator :

Poland

Organisation Type :

Academia

Project participants :

EU: Warsaw University of Technology

Jordi Mongay Batalla  has Ph.D. degree from Warsaw University of Technology and works as Assistant Professor.  His research interest focuses mainly on Quality of Service (Diffserv, NGN) in both IPv4 and IPv6 infrastructures, Future Internet architectures (Content Aware Networks, Information Centric Networks) as well as applications for Future Internet (Internet of Things, Smart Cities, IPTV).

US: Embry-Riddle Aeronautical University

TBC
 

State of US partner :

Florida

Starting date :

Experiment on security features of multi-provider mobile network infrastructure


Experiment description

There are two main trends for 5G development, one is classical where the hardware provider (e.g., Ericsson, Huawei) sells the full infrastructure with hardware and software (called purpose-built network), and the other one builds the 5G software on 5G-agnostic commercial off-the-shelf (COTS) hardware (called multi-vendor network).

From the point of view of security assessment, purpose-built network deployment is based on the security-by-design concept where a security assurance scheme (called NESAS and built and governed by GSMA) introduces controls of processes of the equipment deployment as well as controls of final product conformity with strict security requirements. Instead, the multi-vendor approach lacks of an end-to-end security baseline that will permit to provide security assurance at all levels. Such a baseline should introduce a comprehensive security level specification between the different parts of the infrastructure in order to make the network as secure as the purpose-built classical 5G networks.

In this experiment, we will analyse both security frameworks and will propose a security baseline for multi-vendor infrastructures. The context of the experiment is the security level provided by the Telco Cloud infrastructure hosting the Virtual Network Functions (VNFs) and/or Cloud Native Functions (CNFs), which build the 5G network for Slice Tenants (which deploy critical and/or broadband applications).

We see a trend in the market, starting in the US, to bring the network functions in whatever format to Cloud virtual infrastructures in a very complex and distributed Data Centres topology (Edge, Regional, Central), deployed not only on private clouds but also on public ones like Amazon Web Services, Google Cloud or Microsoft Azure. Even in on-prem operator sites, there are already offers from the big IaaS actors offering fully equipped racks, including the virtual infrastructure managed by them. In Europe, some countries such as Germany and UK are pushing the idea for critical infrastructure.

Our basic scenario will include requirements of critical Unmanned Aerial Vehicles (UAV) platform(as the Slice Tenant) hosted by the US partner, the requirements for the Cloud Provider (where 5G will be installed), and for the Carrier Service provider (providing the 5G network software) and the outcome will be the specification of clearly separated security levels and security assurance levels (as required by Cyber Security Act - EU No 526/2013), that will have interest to the (US and EU) Regulators for certification purposes. The proposed baseline contributes in part to solve the problem of accountability of the network (i.e., who is responsible for the security maintenance of the network), which is crucial in multi-vendor infrastructures.

 

Impacts :

Our expected impacts are summarized by the following KPIs:
 

KPI #

Measure

Target

KPI-1

Publications on the thematic of the project. Measuring mechanism: hardcopy of the papers submitted.

Submitted publications ≥2

KPI-2

Security parameters (features) to be tested on built-purpose and multi-provider networks. Some of them may be for Response: Yes/No (e.g., given mechanisms exists/does not exist) (among others: management access, data access, services access, backend access, frontend access, tenant access, etc.). Measuring mechanism: list of security features provided in the final deliverable.

Security parameters (features) ≥10

KPI-3

Built-purpose network tested (security features of the network). Measuring mechanism: test results provided in the final deliverable.

Built-purpose network tested =1

KPI-4

Virtualization platforms tested. Measuring mechanism: test results provided in the final deliverable.

Virtualization platforms tested ≥3

KPI-5

Cloud platforms tested. Measuring mechanism: test results provided in the final deliverable.

Cloud platforms tested ≥2

KPI-6

5G Network implementation tested (IS-Wireless). Measuring mechanism: test results provided in the final deliverable.

5G Network implementation tested =1

KPI-7

Course on 5G security best practices implemented in EU and the US. Measuring mechanism: document signed by US University showing the accomplishment of the commitment and course slides.

Course on 5G security =1

    1.  

Results :

This project aims to assess the risks of multi-provider infrastructure based on practical experiments on such infrastructures and comparison with the purpose-built network. This approach may be very fruitful for a common understanding of how to assess security and security assurance in multi-provider networks, and, due to the increasing interest of US and EU markets by multi-provider approach, this comprehensive approach may help to increase security in next-generation mobile networks.

We aim also to share knowledge on security assessment among US and EU universities, so that future engineers may adopt visions of cybersecurity based on risk assessment and cyber threat intelligence.

NGI related Topic :

Open Internet Architecture and Renovation

Call Reference :

4

The 30-months project NGIatlantic.eu will push the Next Generation Internet a step further by providing cascade funding to EU-based researchers and innovators in carrying out Next Generation Internet related experiments in collaboration with US research teams.




contact action add button