5G

Mika Lauhde

Global Vice-President, Cybersecurity & Privacy

Huawei Technologies

...and Cybersecurity demystified

Architecture

SlicingAbility Required

Connections

1,000,000 Connections

Per Km2

Mobility

500 km/hHigh-speedRailway

Throughput

10G bpsPer

Connection

Latency

1 msE2E

Latency

5G

30~50ms 600Mbps 10K 350Km/h InflexibleLTE

GA

P 30~50x 16x 100x 1.5x NFV/SDN

What is 5G?

Where 5G is coming??...

TOP5 2018 EU Industrial R&D Investment Scoreboard

No.15G Core standard proposals (3045)，ranked first in

security contributions

R&D Investment from 2009 to 2018, >10%

of annual revenues$74

billion+

Source: Iplytics

Gmbh

0 2000 4000 6000 8000 10000 12000

Inter Digital

China Mobile

Alcatel-Lucent

NEC

MediaTek

NTT Docomo

CATT

LG

Intel

ZTE

Samsung

Qualcomm

Nokia

HiSilicon

Ericsson

Huawei

TOP Contributors to the 5G Standard

No.160 commercial 5G contracts, 32+ in Europe, 140 000

base stations shipped

Operation Security

Ap

plicatio

n

Security

Equipment Security

Deployment Security

Base Band UnitRadio Resource Unit

Core Network

UR

LLCm

MTC

eMM

B

5GC

Op

erator

Standard Security

Encryption algorithm

Authentication mechanism

User privacy protection

Sup

plier

Servicep

rovid

erClie

nt

Central Processing UnitActive Antenna Unit

Why standard-wise 5G is the most secure mobile network

“I Love You”

￥#*& ￥#*& ￥#*& ￥#*&

5GC

gNB gNB

“I Love You”

E2E Encryption,Keeping Your Privacy

Security, We Do Together Security, We Do More

4G 5G

128

256bit encryption,

CAN NOT decrypted

Governmentlegislation and regulations

Vertical Industryservice security

ICT Supplierssafe, compliant technology

Standard Organizationsrequirements & standard

Operatorssecure and resilient network

IndependentCybersecurity Lab

Customer/3rd-Party

Evaluation

TransparencyCenter

Industry Certification

35 Certificates NESAS

We are the most inspected, reviewed, audited company in the world

$2 Billions software engineering transformation

“Many Hands”and “Many Eyes”

Verification

0

5

10

15

20

25

30

35

2018 2019 2020 2021 2022 2023 2024 2025

Network Traffic Consumption(GB/Month/User)

Limit of 4G Network(Capacity on Current Grid)

Traffic Growth(40% CAGR)160% Network Densification

Required to serve Traffic requirements

Source: BCG

Making 5G Cybersecurity commercially feasible

0

1

2

3

4

5

2018 2019 2020 2021 2022 2023 2024 2025

4G Only

5G

Average Cost per User (Indexed)

Source: BCG

Reference2013-2019

1.0x

4G Only

1.0x

5G (100MHz with 64T64R)

1.0x

+202% +47%

1.0x

1.0x5.2x

1.7x

2.2x

1.2x1.0x

3.0x

1.6x

60%

Average Yearly Network Spend 2020-2025 (Indexed)

Source: BCG

Average Network Spend 2020-2025 (Indexed to 2013-2018)

Source: BCG

1.6x

3.0x

1.8x

5.0x

1.4x 1.4x 1.5x1.7x

25%4.8x

30%6.3x

40%10.5x

50%17.1x

Traffic CAGRTraffic Multiple

7

Energy saving solution

However, the we understand also thread lanscape

Safety/Privacy Critical Scenarios

Cloudification

Distributed Architecture

Multi-Tenancy (B2B Network Sharing e.g. MVNO)

5G & Legacy Technologies

Machine 2 Machine & IoT

Introduces new threats and increases the attack surface (e.g. CSA/ENISA/NIST Top Threats)

MEC, SBA increase complexity due to the decompiling of network services/functions.

eHealth, Autonomous Driving, Smart Factory, … , compromised networks may result in loss of life.

Slicing end to end chunks of the networks for MVNO and large enterprises, increases the risk for unauthorized access, abuse and data leaks.

2G/3G/4G technologies will co-exist with 5G networks ~5-10 years, exposing downgrade, bypass attack vectors.

IoT devices offer only weak identity/security capabilities, Hard to govern/ control and often include vulnerabilities which allow them to be used as DDoS / Bot networks.

...and we understand our role in this ecosystemProtect Detect Respond/RecoverIdentify

Transmission

BBU

RRU

NEF NRF UDM PCF

SEPP

AMF SMF AUSF

UPF UPF/MEC

3-plane Isolation

Built-in firewall

Authentication

RAN Domain：

• User Data leakage

• DDoS attack Transport Security Malicious Signaling Detection

DDoS Detection (Overload)

Common ICT NE Threats

• Illegal access

• Malicious software

implanting

• Data tamper /leakage

• DDoS attack

• O&M Security Threat

Standard

definition

Huawei

enhancement

Core Network Domain：

• SBA security threats

• Roaming security threats

• Lawful interception threats

• Slice security threats

• MEC security threats

• Illegal device accessSlice resource isolation

KPIs monitoring (throughput and delay).

Slice authentication

5G Access Authentication

Service security auditService access authorization

Slice key

Topology hiding

Signaling audit

Application layer security

Cloud Infra. Threats：

• Cloud OS/Storage/Network

• Application

Air Interface Encryption & Integrity Protection

Digital Signature, Secure Boot and DIM

Hardware RoT and HSM

Anonymization

IPsec TLS//SSH

E2E Data lifecycle Security Protection

VNF/Application hardening

Automatic security policy

Vulnerabilities Management

Intrusion detection

Big data security and correlation analysis

Slice resource reserve

Communication encryption

Target encryption

Software security

ACL blocking

VM migration

VM rebuilding

Periodic VM restoration

Blacklist and whitelist

Access control

Flow control

Network isolation

Remote attestation

Configuration correction

Account disabling

Patch/upgrade

Port disable

Configuration rollback

Data recovery

Multi-layer Isolation Mechanisms

System hardening

10

Building national trust for 5G

11

Transparency and education

• 30 years journey with operators• 10 years journey with goverments and cybersecurity experts• Local competence and transparency centers with competence transfer• Building new ”de facto” for European cyber security

12

Huawei in CR and EU – security and compliance

• Huawei Technologies (Czech) s.r.o. is Czech company • Huawei follows Czech and European laws (ISO 27 001 and GDPR)• Huawei has no serious security incident for 30 years (15 years in CR)• Huawei supports EC framework of standardization and certification• Huawei and operators roles: Huawei does not own any network and does not

operate any subscriber data

13

Recommendation for CR – economy and cooperation

• 5G = acceleration of digital economy• The Czech Republic should closely cooperate with all vendors – Germany, etc.

(vendor agnostic approach)• NUKIB, NRAs and state bodies should communicate with all vendor very closely and

on the regular basis (example: Brussels security center)• The Czech Republic should establish and develop platform to execute 5G

advantages opportunities: Ministry of Industry and Trade, NRAs (CTO, NUKIB), universities, industry (ICT Union, Czech Chamber of Commerce), operators, vendors

14

THANK YOU