5G Info Day

5G-PPP Success

12 July 2016

Stephen Phillips and Mike Surridge

{scp,ms} @ it-innovation.soton.ac.uk

IT Innovation and 5G-ENSURE

5G Info Day, London

5G-ENSURE

2

Funding (5G-PPP phase 1): €7.6MResources: 780 pm / 32 FTETime: Nov-2015 to Oct-2017 (2 years)

IT INNOVATION IN CONFIDENCE

© University of Southampton IT Innovation Centre 2015

Security challenges5G vs. previous generations

New service & business models require a ubiquitous flexible & extensible 5G infrastructure

Shift towards softwarization and cloudification of everything (SDN, NFV) means higher requirements for system security, integrity, usability and manageability

Changing threat landscapeMore frequent cyber-attacks Need to supporting critical applications

New trust modelsIncrease in numbers and kinds of stakeholdersMore complex stakeholder relationships

Privacy concernsUser, device, location, data, communication, …Lawful interception

4

USIMDomain

MobileEquipment

Domain

Access Network Domain

ServingNetworkDomain

HomeNetworkDomain

TransitNetworkDomain

Implicit Trust Model in 4G

Responsibility for domain

Trust defined by contract

Implicit relationship

Key:Regulators, Police, etc

USIM/UICCManuf.

Mobile EquipManuf.

PlatformProvider

ApplicationProvider

ServiceProvider

RoamingProvider

InterconnectProvider

AccessNetworkOperator

Subscriber

AAA/IDM

IMSI IMEI

Network Equip. Manuf.


Our Contribution

• Develop 5G trust and trustworthiness models using our

semantic security modelling approach

• Develop ‘trust enablers’ = tools that can use the models

to support 5G network stakeholders

– researchers in 5G-ENSURE: to check the security properties of

proposed 5G architectures

– designers and operators of 5G network services

– designers and operators of ‘vertical’ applications

• IT Innovation contribution: 62pm over 2 years €553k out

of total project funding of €7.58M

• Exploitation potential: tools to help stakeholders manage

security risks, especially SMEs who lack the capacity for

conventional ‘manual’ cyber security analysis


IT Innovation Centre

• We carry out applied research and development

with and for industry and commerce

– collaborative research

(supported by EC and UK programmes)

– client-funded research, development and consulting

• Currently ~30 staff, ~20 projects with ~100

commercial clients and partners

• Delivering impact:

– Knowledge transfer to clients and collaborators

new products and services

– Direct spin-offs

– Novel published research


(One of) Our Research Goals

• Goal: create models of trust/trustworthiness that

have utility for IT system design

• Approach: recognise trust/trustworthiness is

actually about acceptance/prevention of risks

– in what do I trust what risks do I accept

• Solution: create models of potential risks and

tools to map them to a given system and

understand which risks are controlled

• Applications: security requirements engineering,

trustworthy system composition and operation


Semantic Modelling Stack

• Approach developed in FP7 SERSCIS and OPTET projects

• Core model: underpins the basic modelling approach and tooling

• Generic model: encodes security expert knowledge

• Design-time model: captures specific system configuration and

supports ISO 27005 analysis of risks and security requirements


Design-time

Trustworthiness

Model

Design-time

Trustworthiness

Model

Deployment

Model

Deployment

Model

Run-time

Trustworthiness

Model

Run-time

Trustworthiness

Model

Core ModelCore Model

Generic ModelGeneric Model

• SERSCIS

– FP7-ICT-SEC-2007

– 2008 – 2011

– Critical Infrastructure

Modelling &

Management

• OPTET

– FP7-ICT-2011-8

– 2012 – 2015

– Internet connected

socio-technical

systems


The Journey

• Participation in collaborative projects since FP3

– Building on previous work and experience

– Building on a large number of existing relationships

• Impact through UK Government contract to

assess Cyber-Essentials scheme.

Services

5G Info Day