ETSI Security Week: 5G Network Certification

SOFIE, an EU H2020 project, has developed solutions for decentralized operations across separate organizations leveraging blockchains. Ericsson, as a participant on the SOFIE project, has developed a demonstration platform integrating SOFIE solutions into a Secure Marketplace for Access to Ubiquituous Goods. The platform demonstrates a decentralized marketplace using interledger techniques spanning multiple ledgers as a neutral platform for consumer access to multiparty service providers.

The presentation demonstrates the use of marketplace and its interledger operations from the viewpoint of service provider on the marketplace, and how security of customer access is guaranteed while service providers can rely on the neutral marketplace to guarantee payment upon fully auditable service delivery chain. The presentation will also show how the complexity of the marketplace operations are successfully simplified from the customer's point of view into a simple, multiplatform and secure mobile application.

2020 has been far from business-as-usual for everybody, but the disruption to the 3GPP work has been minimised by a series of actions by the leadership. This webinar will look at ETSI’s central role in the project and at the achievements so far in getting 5G specifications ready on-time. We will look at the prospects for the next six months, as timelines for the 3GPP releases are aligned to the continuation of e-meetings, well into 2021.
Adrian Scrase is the CTO of ETSI and the head of the 3GPP Mobile Competence Centre (MCC) – permanently based in ETSI. Adrian also serves as the Secretary of the Project Coordination Group, which is the governing body of 3GPP.

Achieving security and compliance in cyber space through permissioned distributed ledgers

Presentation 1: Applicability and compliance to data processing requirements for a connected machinery

The presentation will describe the impact that the use of connected machinery has upon health and safety compliance. This will specify security requirements for electronic control units, telematics gateway, computational portion of smart sensors, computational portion of smart actuators, and computational portion of other devices. The PDL will not only specify security for on-machine communications between electronic control units and sensors but also to the cloud infrastructure.

Presentation 2: The exploitable properties of smart contracts to enable future generation applications

This presentation will discuss portability needs for future generation applications and their security requirements. The adoption of PDL and smart contracts can facilitate these challenges and implement secure and coherent data sharing.

The challenge of operating networks with encryption everywhere

The ever pervasive adoption of encryption poses challenges to many of the core stakeholders in society that rely on communications. From the perspective of the developers and operators of networks it makes many routing efficiencies difficult if not possible to achieve. The core phenomena that the ETSI ISG Encrypted Traffic Integration is trying to avoid is that of “going dark”, the phenomenon by which an authorised user lacks the technical or practical ability to access data, applies in particular to access to Encrypted Traffic where a normally authorised user, for example the CSP's management entity, cannot access data due the imposition of encryption by an end-user. The intersection of the two elements, A, representing network capabilities that, when content and headers are encrypted, pose extreme challenges to network operation, and B, representing Network capabilities that are core to development of cyber/digital business, has to be minimised, whilst always seeking to eliminate A. Thus getting to understand and mitigate issues that make A more likely and developing strategies that encourage all the good things that security and confidentiality of traffic using encryption can bring, i.e. maximising B, is at the root of the work of ETSI’s ISG ETI that this webinar will address.

ETSI ISG SAI is the first technology standardisation group focusing on securing AI. This webinar will provide an introduction to ISG SAI, the challenges of securing AI and current state of work within ISG SAI.

TC CYBER, the most security-focused Technical Committee in ETSI, is sharing its recent work, to celebrate Cyber Security Month in October 2020. Highlights for 2020 will include Consumer IoT Security, Middleboxes, Quantum Safe Cryptography, Cyber Security Act (CSA) and Radio Equipment Directive (RED).

The new TTCN-3 extension “Object-oriented features” introduces the concepts “classes”, “objects” and “exception handling” into the TTCN-3 language. Even though some of these concepts have been implemented implicitly in the TTCN-3, the concepts are now integrated explicitly into the language allowing a new style of test specification that provides new ways of designing abstract data types, in the form of user defined classes, and integrating external data by means of external classes. This presentation informs TTCN-3 users, test engineers and test managers about the newest developments of the language.

This Webinar will provide an update on the status of ETSI's Open Source MANO project and its latest achievements, including two live demos showcasing new features in OSM Release EIGHT and the end-to-end deployment of a mobile network service based on Magma EPC.

1)OSM Intro by Francisco-Javier Ramon, OSM Chair, Telefonica
2)OSM System Features in action demo by Guillermo Calvino, Canonical
Featuring: Next Generation User Interface, High Availability, System Quotas and Monitoring
3)Network Service Deployment with OSM demo by Gianpietro Lavado, Whitestack
Featuring: Magma EPC Deployment, High Performance Network Functions, VNF Catalog

The Testing and Test Control Notation TTCN-3 is the only standardized test specification and implementation language used in industry and research to define and execute different types of tests in multiple domains like e.g. telecommunication or automotive. The notation supports an abstract description of test scenarios. Due to multiple tool support, including powerful open source projects, it is successfully worldwide in use e.g. for testing and certification of mobile phones by 3GPP or the oneM2M products. The presentation introduces the goals, technical concepts and various applications of the TTCN-3 technology.

Mobile edge computing is a keystone of the Ultra-Reliable, Low Latency Connectivity (URLLC) and the digital transformation and mobilization of the enterprise industries. It also enables a new class of premium applications that require real-time delivery of live and on-demand content as well as a high degree of interactivity, for example: gaming, 360 video delivery, AR/VR, etc. ETSI ISG MEC and 3GPP have both worked on their own architectures for edge computing within the boundaries of their different scopes. Their common purpose, however, is to create an open and standardized IT service environment for hosting and supporting third-party applications in edge clouds while also leveraging the underlying network infrastructure. In order to accelerate time-to-market and promote industry adoption, it is essential to ensure alignment, leverage synergies and offer common practices and tools for the developers. This will foster innovation and enable the developers to write a single application software module that can run on every edge environment, and support the GSMA requirements for federation.
The speakers will review the emerging mobile edge computing use cases and the recently updated 5-year mobile edge computing market forecast from DellOro. They will also highlight the role of standards, the value proposition of the different standards streams and will show how those standards can complement each other when it comes to operational deployments. Some deployment scenarios will also be introduced.

Education is an important instrument in raising awareness and providing support for standardization. To promote the ICT standardization process, it is important to increase the understanding and attractiveness of standards with lecturers and students alike. Strong teaching materials provide a major tool that can be used to convey the value of standardization.
ETSI has published a detailed textbook and corresponding slide presentation in 2018. Entitled “Understanding ICT Standardization: Principles and Practice”, they have been produced in order to assist academia and students in understanding the value of well written technology standards. The textbook and slides can be downloaded from the ETSI website. The overall objective of this initiative is to get feedback for the material as we move into 2020-2021 as ICT is an ever-changing field.

The Border Gateway Protocol (BGP) glues the Internet, it provides reachability and routing to the building blocks of the Internet, networks referred as Autonomous Systems (ASes). BGP was not designed with security in mind, and as a consequence it contains critical security issues that can affect the Internet infrastructure. There have been several instances of attackers exploiting such security issues that have resulted in important disruption of services provided over the Internet. The most common security threats are: (i) prefix hijacking: where an attacker takes over control over a set of IP addresses (ii) path hijack: where attackers control the path of the flow of information between ASes and (iii) route leaks, where an AS announces a path incorrectly. Give the importance of the security of BGP for the entire Internet infrastructure, research efforts have been devoted to mitigate such attacks. Existing proposals aims to secure BGP by using a standard centralized Public Key Infrastructure approach. In this talk we will show how BGP can be secured using a decentralised approach. By taking advantage of Decentralized Ledger Technologies, we research and design a Decentralized Internet Infrastructure that effectively protects BGP against all three attacks: prefix hijack, path hijack and route leaks. In addition, we have built a prototype and at the end of the talk we will briefly demonstrate how it works.

Today over 1.2 billion Internet netizens are using IPv6 without even knowing it. In the 5G & cloud era, the number of nodes connected to the Internet will exceed 100 billion. IP networks continue to scale rapidly, while network services become more diversified than ever. IPv6 provides a tremendous number of IP addresses and greater options for IP packet forwarding, creating opportunities to offer better network services.
In this webinar, which follows the release of ETSI White Paper No.35, we plan to detail the progress made to date, IPv6 best practices, the benefits, transition challenges, and IPv6 Enhanced Innovation. All of this will also point to the way forward.

TETRA to 2035 and beyond. Marketing overview, InteropTesting, TETRA and standards development, packet date enhancements, TETRA security, interworking with critical communications broadband systems

More Advanced Cryptography - Fully Homomorphic Encryption

The benefits of Advanced Cryptography are recognised by ETSI, as its members make developments and standards in Identity-Based Cryptography, Attribute-Based Encryption and other forms of Advanced Cryptography. This session focuses on applications of Advanced Cryptography, including a privacy-preserving electronic ticket scheme using attribute-based credentials to protect users' privacy, and a survey on how Attribute-Based Encryption could be deployed to protect mobile networks.