Home | Reports | Technical Documents | Tech-Blog | One-Shot Gallery | Korea ICT News | Korea Communication Market Data | List of Contributors | Become a Contributor |    
 
 
Section 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/Video Streaming IoT SDN/NFV Wi-Fi KT SK Telecom LG U+ Network Protocol Samsung   Korean Vendors
 
CHANNELS     HFR    |  Mobile Fronthaul Solution  |  Carrier Ethernet Solution  | Resources        
CHANNELS     ZARAM    |  TWDM-PON SFP+ ONU  |  XGSPON 10G SFP+ ONT  |  Use cases  | Evolution of FTTH Access Network    

 

5G could start as a Security Overlay on IEEE 802 Access Networks
February 17, 2017 | By Thierry Van de Velde @ Nokia Networks (thierry.van_de_velde@nokia.com)
Online viewer:
Comments (0)
14

We are pleased to share with you all an interesting article contributed by Thierry Van de Velde who is technology specialist in Mobile Internet networks, architecture and solutions.

 
 

Thierry Van de Velde​ 

Consulting Technology Specialist at Nokia, IP & Optical Networking

 

All Articles by Thierry Van de Velde​  

 
     
  How to contribute your article to Netmanias.com !  
     
  List of Contributors  

 

 

     
 

I'm sure most of you remember HD-Ready TV sets?  How about a 5G-Ready connected flowerpot? 

 

Yes, over the next four years 5G will emerge as a superior Radio Access Technology.  Though we are just at the beginning of the standardization process (namely the 3GPP R14 SMARTER study item) consensus is growing that through virtualization and network slicing 5G will enable 1) evolved Mobile Broadband (eMBB), 2) massive Machine Type Communications (mMTC) and 3) mission-critical ultra-reliable MTC (uRTC).

 

According to the NGMN Alliance, a group of major operators, 5G shall also enable more flexible business models than in 4G :

 

"5G should be designed from the beginning

such that the network operator is able to create

a large variety of relationships

between its network infrastructure and

the customer/service provider." 
 

But how do we kick-start 5G? 

 

Machine Type Communications (MTC) are already supported on today's mobile networks.  Since 2G we have had SMS and USSD; GPRS came in 2.5G and was relatively battery-efficient; recently in 4G (3GPP R12) we saw the LTE Cat-0 UE class appearing for the Internet of Things (IoT).  What hampers these technologies is the mandatory use of SIM cards : the vast majority of Objects does not contain any SIM and that won't change anymore.

 

What's missing is thus a framework (a generally accepted method) not relying on the SIM to identify, enrol, authenticate, authorize and secure the Things we'd like to connect the Internet.

 

Wait, to the Internet, really?  Today your Objects are connected to proprietary rendez-vous points on the Internet : Apple, Philips, Tesla, Dropbox...  each manufacturer needs to set up its own logins/password scheme, its own cryptotunnels and its own servers to which its Objects are registering.  Each manufacturer needs to then push its own notifications through only 2 (!) channels to over 90% of all smartphones and tablets : Apple Push Notification Service (APNS) and Google Cloud Messaging (GCM).

 

A more reasonable security framework would

allow us, consumers, to reclaim ownership over

our Objects, by enrolling and connecting them forever

to our secure virtual Home, independent from

Object Manufacturers, Smartphone Vendors or

Radio Access Technologies.
 

Such vHome could take the form of a virtual Layer 2 bridged context (comparable to a LAN) or an IPv6 subnet (/64? /48?).

 

In a speech this week I sketched a possible method to enrol Objects to your vHome.  The method involves an electronic Factory Certificate (in each Object) and a QR code (behind a label) which you would scan with your smartphone.  The Factory Certificate is used to set up a first Security Association (cryptotunnel) to the vHome Provider, and a deterministic relationship between that Cert and the scanned QR Code allows the vHome Provider to verify that the Object is not counterfeit, i.e. that it's genuine and that it will not attack other Objects (or spy) in your vHome.

 

Your vHome Provider would then replace the Factory Certificate with a Service Provider Certificate forever linking it to your vHome.  The Object would use it to establish a second Security Association to 5G network elements called Access Gateways (AGW) and Access Gateway Controllers (AGC) - the decomposed flavour of today's evolved Packet Data Gateways (ePDG), for the connoisseurs...  The AGC would support EAP authentication : Extensible Authentication Protocol allowing to authenticate a screenless object via Cert (EAP-TLS), a smartphone via a SIM (EAP-AKA), a Wi-Fi device via username/password (EAP-PEAP), and a person via fingerprinting or eye scans (in future standard EAP methods).  The AGW would support a 5G flavour of IPSec : Protocol Dependent Convergence Protocol Higher Layer (PDCP-HL), allowing to compress and encrypt both L2 traffic (to a UE's virtual MAC address) and L3 traffic (to the UE's IPv6 address).

 

If you changed your Service Provider your vHome would be preserved.  By law your vHome and set of Connected Objects would be represented by your E.164 phone number (mobile or fixed) which you can port it to a new Service Provider at any time.  The recipient Service Provider would regenerate and install new Service Provider Certificates in the Objects, with zero manual intervention. 

 

If we design and deploy such 5G-ready security overlay there's no reason not to kickstart it on top of today's IEEE 802 family of wireless access technologies (802.11 Wi-Fi, 802.15.1 Bluetooth, 802.15.4 LoRaWAN etc) and even on 802.1 Ethernet itself.  EAP and PDCP-HL can be transported over any underlying Layer 2.

 

There's even a solution to introduce 5G-readiness in 2G, 3G and 4G networks, in which the user equipment has no MAC address.  If we introduce IPv6 Access Point Names (APN) or enable both IPv4 and IPv6 on the existing APNs (dual stack), we would be able to route IPv6 traffic through your vHome (/48.../64) to the IPv6 address (/64 prefix) of each Object in it.

 

The technologies to realize virtual Homes at large scale are here today.  NFV, SDN, EVPN, Service Routers, Virtual Machines, Docker Containers, virtual CPE on virtualized Service Routers, virtualized AAA servers, Universal Device Managers and Service Management Platforms are our building blocks. Let's start on Monday!

 

 
     

 

 

Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.
View All (823)
4.5G (1) 5G (89) AI (6) AR (1) ARP (3) AT&T (1) Akamai (1) Authentication (5) Big Data (2) Blockchain (3) C-RAN/Fronthaul (17) CDN (4) CPRI (4) Carrier Ethernet (3) China (1) China Mobile (2) Cisco (1) Cloud (5) CoMP (6) Connected Car (4) DHCP (5) EDGE (1) Edge Computing (1) Ericsson (2) FTTH (6) GSLB (1) GiGAtopia (2) Gigabit Internet (19) Google (7) Google Global Cache (3) HLS (5) HSDPA (2) HTTP Adaptive Streaming (5) Handover (1) Huawei (1) IEEE 802.1 (1) IP Routing (7) IPTV (21) IoST (3) IoT (55) KT (43) Korea (19) Korea ICT Market (1) Korea ICT Service (13) Korea ICT Vendor (1) LG U+ (18) LSC (1) LTE (78) LTE-A (16) LTE-B (1) LTE-H (2) LTE-M (3) LTE-U (4) LoRa (7) MEC (3) MPLS (2) MPTCP (3) MWC 2015 (8) NB-IoT (6) Netflix (2) Network Protocol (21) Network Slicing (4) New Radio (9) Nokia (1) OSPF (2) OTT (3) PCRF (1) Platform (2) QoS (3) RCS (4) Roaming (1) SD-WAN (17) SDN/NFV (71) SIM (1) SK Broadband (2) SK Telecom (35) Samsung (5) Security (16) Self-Driving (1) Small Cell (2) Spectrum Sharing (2) Switching (6) TAU (2) UHD (5) VR (2) Video Streaming (12) VoLTE (8) VoWiFi (2) Wi-Fi (31) YouTube (6) blockchain (1) eICIC (1) eMBMS (1) iBeacon (1) security (1) telecoin (1) uCPE (2)
Password confirmation
Please enter your registered comment password.
Password