Security & Privacy Track
Abstract for the 5G WF’2020: Security & Privacy Vertical Track:
5G introduces a paradigm shift and fundamental transformation of digital wireless connectivity, by converging pillars of softwarization, virtualization, and wireless networks. This convergence highlights the increased threat surface of 5G networks, and the potential sever impacts of sophisticated cyber incidents. 5G is positioned to enable much of our critical infrastructures, emergency networks, industrial and automation networks in addition to supporting the ever increasing mIoT footprint. It is critical that all stakeholders join efforts to embed security and privacy requirements in the evolving 5G architecture. To ensure the digital trustworthiness of E2E 5G networks we need to carefully investigate and mitigate cyber risks on the different layers and components including. The sessions included in this topical session will aim to present a state-of-the-art perspective on some of the following topics:
- Software Defined Networks (SDN) Security
- Network Functions Virtualization (NFV) Security
- Security NFV
- Optimization and Orchestration Security, including AI/ML Security
- Network Slicing Security
- Cloud Security
- API Security
- Supply Chain Security (hardware and software)
- Data Security & Privacy
- Open Source Security
Anand R. Prasad, Founder & CEO, Wenovator LLC
Title: 5G Security: Practical Considerations
Bio: Dr. Anand R. Prasad is a global executive for information- and cyber-security who has delivered security solutions for 5G, 4G, network function virtualization, SOC, WiFi, mobile devices, enterprise, and GRC processes from scratch for secure connectivity towards a safer society. Anand has globally propagated the concept of security as the business driver with security being holistic as well as inherent to a system while considering business and architectural implications.
Anand is Founder and CEO of wenovator LLC, a global provider of cybersecurity services and consulting with top-tier clients right across the telecommunications industry. He is also a Senior Security Advisor of NTT DOCOMO, providing advise on all aspects of cybersecurity for the company, Advisor to CTIF, and Advisor to GuardRails. Prior to which Anand was Chief Information Security Officer of Rakuten Mobile, the world’s leading MNO with the very first cloud-native 4G / 5G network implementation. As CISO of Rakuten Mobile Anand led all aspects of enterprise and mobile network security from design, deployment to operations. With over 20 years of experience, Anand has also held key roles in NEC, Genista, Lucent Technologies and Uniden. He is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books and over 50 peer-reviewed publications.
Anand was the Chairman of 3GPP SA3 where, among others, he led the standardisation of 5G security. He was a governing council member of TSDSI, is governing body member of GISFI, Fellow of IET, Fellow of IETE and Certified Information Systems Security Professional (CISSP). Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder as well as Co-Editor of the Cybersecurity Magazine. He did his ir (MScEE) and Ph.D. from Delft University of Technology, The Netherlands.
Richard Baker, BT
Title: Private networks (TBC)
Bio:Richard is the Security Innovation Architect within BT’s Security CTO Team. He is currently developing security strategies across Cloud Security, Industrial Automation, IoT, Identity and 5G. In his role he works with Research, Vendors, Portfolio, Partners and across multiple Customer Facing teams to facilitate communication and identify the appropriate propositions and technologies. He is currently contributing to groups such as NCSC, NIST, ACT-IAC, TechUK Digital Identity, IoT Security Foundation and the UK Government DCMS initiative for IoT Security by Design. His background includes 5 years as a Global Security Architect to a Multi-National Manufacturing Client.
Abstract: While there has been much discussion as to how characteristics of 5G technologies can benefit industrial automation, discussion is only starting to emerge as how to provide that integration into an existing industrial context. This presentation looks at some of perspectives and potential challenges of integrating 5G with the security, technology, operational service and culture of the enterprise operational environment.
Dr. Giridhar D. Mandyam, Qualcomm
Title: Secure Onboarding for IoT Devices: Challenges and Emerging Solutions
Bio: Dr. Giridhar D. (Giri) Mandyam is the Chief Security Architect for all IoT products that Qualcomm produces. He has also worked at Rockwell International, Texas Instruments, and Nokia. He is currently the Chair of the IoT Working Group in the Fast Identity Online (FIDO) Alliance. He was Chair of the S34-3 Ad Hoc Group on Presentation Logic and Service Frameworks for the Advanced Television Systems Committee (ATSC) and was a key contributor in the development of the ATSC 3.0 specification. Moreover, he was Qualcomm’s Advisory Committee representative to the Worldwide Web Consortium (W3C), he has served as Chair of the W3C Geolocation Working Group. Dr. Mandyam is the inventor or co-inventor of more than 50 issued US patents and was recognized in 2017 by Qualcomm with the IP Achievement Award. He has also published over 80 conference and journal papers, and 5 book chapters. He is a co-author of the text Third-Generation CDMA Systems for Enhanced Data Services (Academic Press, 2002). He is a Senior Member of the IEEE and has been a member of the editorial board of the IEEE Transactions on Wireless Communications.
Abstract: IoT (Internet of Things) devices are becoming ubiquitous, and are enabling automation in both businesses, homes and city infrastructure. Many such devices are internet-enabled, and increasingly are connected via cellular networks. Onboarding of such devices remains an issue. Onboarding is the process of connecting a new or reconditioned device to a network. Onboarding is a critical aspect of enabling remote device management. IoT devices unfortunately are difficult to onboard, oftentimes due to a lack of intuitive user interface and limited processing capabilities. Therefore many device vendors have tried to streamline the process to allow for device onboarding upon first power-up with little to no user intervention (“zero-touch onboarding”). However, if the onboarding process is not secure then the devices themselves can be vulnerable to compromise. Depending on the application, this in turn can lead to more than just financial loss given the increasing use of IoT devices in critical operations such as smart city infrastructure or medicine. This talk will discuss the technical challenges in enabling secure IoT device onboarding, and will also provide an overview of recent approaches to solve these problems.
Kapil Sood, Intel
Title:Platform Security for 5G and Edge Deployments
Bio: Intel Networking Cloud and 5G Security Architect. Kapil Sood is Networking Platforms Security Architect at Intel’s Data Products Group driving platform security technologies and research, and setting strategic direction for Intel’s NFV Cloud and 5G business group. Kapil is a recipient of the prestigious Intel Achievement Award (IAA). Kapil has 20+ years of technology leadership experience, spanning Telecom, Mobile, Networking and Intel Architecture security. Previously, he was Chief Security Architect for Intel SoC Tablets and Smartphones. Kapil is helping define NFV security at ETSI NFV, and was key contributor at IEEE 802.11. Kapil earned MS (CS), MBA, and BS (CS), with 75+ patents issued, publications, and open source contributions.
D. Richard (Fed) Kuhn, National Institute of Standards & Technology
Title: Rethinking Distributed Ledger Technology
Bio: Rick Kuhn is a computer scientist in the Computer Security Division at NIST, and is a Fellow of the Institute of Electrical and Electronics Engineers (IEEE). He has authored three books and more than 150 conference or journal publications on information security, empirical studies of software failure, and software assurance. He co-developed the role-based access control model (RBAC) used worldwide and led the effort that established RBAC as an ANSI standard. Previously he served as Program Manager for the President’s Information Infrastructure Task Force Committee on Applications and Technology (1994-1995) and as manager of the Software Quality Group (1996-1999) at NIST. Before joining NIST, he worked as a software developer with NCR Corporation and the Johns Hopkins University Applied Physics Laboratory. He received an MS in computer science from the University of Maryland College Park.
Abstract: The blockchain data structure was designed to solve the problem of double-spending in digital currency. Blockchain’s desirable properties have made it attractive for distributed system applications other than cryptocurrency, but many of its features are very difficult to use for conventional applications. As a result, much current research on the blockchain is devoted to getting around its built-in properties. This talk will present a new data structure that provides useful features of blockchain while making distributed ledger a more practical component for a broad range of distributed system applications. The data structure, a data block matrix, has been implemented in the open-source Next Generation Access Control system, which will be used to illustrate some of its advantages for system engineering.
André Noll Barreto, Barkhausen Institut
Title: Leveraging the propagation channel for physical-layer security: challenges and an encryption-box approach
Bio: André Noll Barreto received an M.Sc. degree from the Catholic University (PUC-Rio), Rio de Janeiro, Brazil, in 1996, and a Ph.D. from Technische Universität Dresden, Germany, in 2001, both in Electrical Engineering. He held several positions in academia and industry in Switzerland (IBM Research) and Brazil (Claro, Nokia Technology Institute/INDT, Universidade de Brasília, and Ektrum), before joining the Barkhausen Institut, Dresden, Germany, in 2018, where he is currently the leader of the wireless-connectivity research group. He is researching wireless communications for a reliable, resilient, and secure Internet of Things.
Abstract: Physical-layer security (PLS) has been extensively studied in the last few decades, as a way to provide intrinsic security to wireless communications relying on channel properties. We believe that with new scenarios in 5G and beyond, and with their corresponding security challenges, the time has finally come to the realization of PLS in practice. Among the different flavours of PLS, we focus on the channel-reciprocity key generation approach, which leverages random properties of the channel to generate secret encryption keys between pairs of nodes. We will discuss some of the remaining challenges in the implementation of this technique, and present our solution of a filterbank-based PLS encryption box.
Arsenia Chorti, ETIS UMR8051, CY Tech, ENSEA, CNRS
Title: Security in B5G low latency scenarios
Bio: Dr. Arsenia Chorti is an Associate Professor (MCF) at ETIS UMR8051 since Sept. 2017 and Head of the ICI team of ETIS. She obtained her PhD from Imperial College in 2005; from 2010 to 2012 she was a Research Fellow at Princeton University where she is currently a visiting researcher. She served as Senior Lecturer and Lecturer at the Universities of Middlesex and Essex in 2008-2009 and 2013-2017, respectively. Her research interests include PLS and wireless communications and has published more than 70 journals, book chapters and conference papers in these topics. She is a member of the IEEE Teaching Awards Committee, a member of the IEEE P1940 and of the P1951.1 Standardization Workgroups and of the INGR Security Workgroup and an Associate Editor of the IEEE Open Journal in Signal Processing.
Abstract: With the emergence of URLLC and mMTC, corresponding low complexity and low latency security mechanisms are needed. Promising lightweight mechanisms include physical unclonable functions (PUF), secret key generation (SKG) at the physical layer and localization based authentication, as considered in this talk. We will demonstrate how physical layer security (PLS) allows building a new breed of low latency security schemes, such as zero-round-trip-time (0-RTT) resumption authentication protocols combining PUF and SKG processes. Furthermore, hybrid PLS and crypto schemes, such as authenticated encryption (AE) using SKG, will be introduced. We will conclude this talk with a discussion on future directions in 6G security.
Dr. Bharat Rawal, D.Sc, M.Sc, M.B.A, SM-IEEE
Title: Split-computing in era of 5G and Beyond
Bio: Rawal graduated from South Gujarat University in his native country of India with his bachelor’s degree in physics in 1986 and master’s in physics in 1990. He graduated from the University of Baltimore with his MBA in 2008 and from Townson University with his Doctor of Science in Information Technology in 2011.
Rawal began a career in India as a field manager for Biochem Pharmaceutical Industries, Ltd., from 1990 to 1995 and then was chairman of Bashundhara Drug Distributors from 2000 to 2016. He worked as director of Information Technology at CrossOver – a software, website and mobile application development company with locations in the United Sates and Nepal – from 2014 to 2015, and CEO of Coracias Advanced Technologies, Bashundhara Groups from 2016 to 2019.