ETSI Security Week: 5G Network Certification

The benefits of Advanced Cryptography are recognised by ETSI, as its members make developments and standards in Identity-Based Cryptography, Attribute-Based Encryption and other forms of Advanced Cryptography. This session focuses on applications of Advanced Cryptography, including a privacy-preserving electronic ticket scheme using attribute-based credentials to protect users' privacy, and a survey on how Attribute-Based Encryption could be deployed to protect mobile networks.

Homomorphic encryption is one of the technologies allowing the public cloud to operate on secret data without leaking any information about the data. In these two talks, the speakers give a general overview of the capabilities of homomorphic encryption and of the general security model. They will detail some of the tools and technologies that make it usable for concrete use-cases and share the latest advances in practical homomorphic encryption with a strong emphasis on applications to deep learning.

This session discusses security challenges due to new technological advancements, and discussed regulatory aspects related to 5G security

This webinar will provide a status of the policy and industry actions to enable effective security of and trust in 5G networks.

This session includes presentations on the most recent 5G security features, and efforts within the industry for continuous improvement of 5G security.

The ETSI-standardised TETRA communications system is used for instantaneous communication within emergency services and for military personnel. Whilst considering its transition to the PS-LTE network, it was proposed that identity-based encryption (IBE) could be used as a low latency solution. However, the scheme which was considered, MIKEY-SAKKE, is not resistant to quantum computing attacks.

The academic community and the industry thrive with innovative cryptography that enable advanced access control and secure communication use cases. Functional Encryption is one such family of schemes. This session will introduce Attribute-Based Encryption (ABE), Identity-Based Encryption (IBE), and their related standardisation efforts in ETSI, including a quantum-safe hierarchical IBE scheme.
ABE is a cryptographic mechanism that enforces access control solely on the mathematical level with strong security guarantees. A main incentive using ABE is to provide a proper and versatile replacement for software-only access-control mechanisms that need to embed all trust into (often seen to be error-prone) software components by design. Applications of ABE in EU research projects and ETSI TS 103 532 will be presented.
IBE is a form of asymmetric encryption in which the participants’ identities (such as a phone number or an email address) serve as public keys. Participants wishing to securely communicate can do so directly, without having to aggree on keying material beforehand. IBE is well suited for the seamless onboarding of participants in cases where the task of establishing secure communications can be delegated to a trusted third party. The properties of IBE schemes will be summarised and the study conducted in ETSI TR 103 719 will be presented.
As quantum computing poses a threat to the long-term security of most of the currently used encryption mechanisms, this session will also present ongoing efforts in the development of quantum-safe IBE, with a focus on a hierarchical IBE scheme based on structured lattices and described in ETSI TR 103 618.

Product assurance schemes play an important role in consumer IoT security. Typically, they provide a consumer-facing assurance label or kitemark which demonstrates that the product has undergone independent testing or a robust self-assessment process, thus helping consumers make security-conscious purchasing decisions. Assessment feedback can also be communicated privately to manufacturers to help them improve their product. But operating an assurance scheme for consumer IoT can be challenging, not least due to the broad diversity of relevant products and the rapid innovation in this space.
This webinar panel features speakers with experience in this area. It will consider options for managing these challenges and look ahead to a possible IoT security certification scheme under the EU Cybersecurity Act.

A significant proportion of consumer Internet of Things (IoT) or ‘smart’ products currently on the market lack basic cyber security provisions. ETSI TC CYBER has developed European Standard (EN) 303 645 “Cyber Security for Consumer Internet of Things: Baseline Requirements”, which is expected to be published in July, to bring together widely considered good security / privacy practice for consumer IoT devices. The EN has been developed in collaboration with CEN/CENELEC JTC 13 experts. It is expected to inform the development of new legislation on IoT security in Europe and beyond.

TC CYBER is also taking forward TS 103 701, which will set out test scenarios for assessing products against EN 303 645. It is to set out mandatory and recommended assessments, as well as guidance and examples to support their implementation. The document is intended to be used by testing labs and certifying bodies that provide assurance on the security of relevant products, as well as manufacturers that wish to carry out a self-assessment. The document is intended as input to a future EU common cybersecurity certification scheme as proposed in the Cybersecurity Act.

The best-known security features of a 5G network ensure secure operation of a public network: strong subscriber authentication, protection against fraud and eavesdropping, secure billing, robust services etc. Security addresses the typical trust relation between network operators and their customers.
5G applications and deployments in vertical industries have complementary security requirements and different multi-party trust models that need to be addressed in addition, often on top of the 5G network. Moreover, the 5G deployment models may be different from the usual public mobile network, ranging from non-public campus networks in factories, over specific network slices for safety-critical applications like healthcare or railways, up to global V2X networks for transport applications.
The EU Toolbox of risk mitigating measures for 5G explicitly mentions the need to address the risk of exploitation of IoT, handsets or smart devices - i.e. the verticals' domain- in addition to the need to secure the network.

EC& ENISA will provide the progress of work on the first schemes being under preparation: Common Criteria and Cloud Security certification. They will share the lessons learnt from the preparation of those schemes. EC will also provide an update on the latest steps taken within the Cybersecurity Act, such as an overview of the first Rolling Work Programme, potential next schemes…..

This session will cover in detail the published specifications ETSI TS 102 666-1 and -2 as well as the SPI protocol in ETSI TS 103 713 and will give an insight into the current work on the embedded SSP.

This session will give a high-level introduction into the reasons for developing this new security platform, its requirements and impact on the ecosystem as well as the current state of testing and why certification is needed.

5G poses a major architectural and functional change of a network. This move brings along many security questions and many have been tackled for the non-standalone or standalone architecture. We will discuss how to get securely from a 4G or non-standalone architecture to a standalone architecture. Different migration scenarios and architectures are described and what are the specific security aspects of it. This will be put into context with latest GSMA and 3GPP security approaches and features. Additionally, as we gain experience from the initial deployment and collect open issues related to standardization, operation, and implementation, we aim to provide an overview of practical guidelines and recommendations for mobile operators for the implementation of 5G networks.

Wireless technology is becoming an ever-increasing part of our lives. The EMC Directive (2014/30/EU) and the Radio Equipment Directive (2014/53/EU) have now been in place for several years, but the technology and the regulatory environment are still developing rapidly. This webinar will give an overview of recent developments and identify how the more recent ETSI standards and other deliverables can be used to support manufacturers to demonstrate compliance and access the market in Europe.

This is an AI-based, context-aware architecture that uses Intent and other types of Policy Rules to improve the operator experience. This architecture is designed to provide recommendations and/or commands, and does not impose requirements on the systems that it aids that change the function or APIs of those systems. The ENI System Architecture will be described using a functional block approach, emphasising external and internal Reference Points to standardise communication. Its innovative closed control loops and model-driven engineering approaches will also be described.