5G system security and data protection
A new trust model for the 5G era3
The greatest risks to enterprise data:CONFIDENTIALITY, INTEGRITY,
AVAILABILITY
CENTRALCLOUD
Fixed orMobile/
Backhaul Wide Area Network
METROEDGES
LOCALEDGES UE
Local AccessNetwork
A new trust model for the 5G era6
What virtualization & 5G mean for security
RESOURCESHARING BETWEEN
THE TELECOM OPERATOR AND
THE ENTERPRISE
ZERO-TOUCH AUTOMATION
Softwarizationof the network Integration of existing
and new local access networksMoving the intelligence
towards the edge
A new trust model for the 5G era7
Customer controlled encryption of the VMsor containers runningin the network
Encryption managementfor centralized lifecycle management leveragingthe most reliable root of trust
Stored database encryption
Secure enclaves at the edge
Ultra-low latency encryptionof ‘anyhaul’ transport
Key capabilities to create trustworthy 5G virtualized networks
Softwarizationof the network
CENTRALCLOUD
Moving the intelligencetowards the edge
Integration of existing and new local
access networks
Fixed orMobile/
Backhaul Wide Area Network
METROEDGES
LOCALEDGES UE
Local AccessNetwork
Secure enclaves
A new trust model for the 5G era8
A local trusted execution environment is needed to protect keys thus preventing unauthorized access to, and manipulation of VNFs, apps or sensitive data.
Secure enclave solutions are hardware encrypted zones created at the chip level that give developers the means of leveraging the CPU to create
isolated, trusted, memory regions.
5G / NFV INFRASTRUCTURE
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
A hypervisor provides a first level of isolation between co-located functions,based on logical separation secured by firewalls.
Multi AccessEDGE
5G / NFV INFRASTRUCTURE
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
Malicious code could leak data through the walls as functions are co-located on the same machine. Data-centric protection is required.
Multi AccessEDGE
5G CORE / EDGE COMPUTE INFRASTRUCTURE
5G Network Manager &
Orchestrator (MANO)
ATTESTATION SERVER
Intel® Software Guard Extensions(Intel® SGX)
The NFV and enterprise app security is provided by a Gemalto Protection Agent on each machine,propagated into the Intel® SGX secure enclave and certified by an attestation server.
Gemalto Protection Agent
Simple Provisioningeases OEM integration and
logistics
Dynamic, Seamless & Secure migration of VNFs/apps from
one machine to another
Confidentiality and Integrity protection of VNFs and apps is
assured at runtime
Agnostic VM or Container-level protection
for VNFs and enterprise apps
High performance, securecredential storage and key management assured by a
Hardware Root of Trust
Protects NFVs and apps at the core and at the edge of the
network
Download our whitepaper on 5G Network Security here
gemalto.com/5gA new trust model for the 5G era14