Security Metrics for Telecom Networks

5G (ENCQOR) Technology Development Challenge

Security Metrics for Telecom Networks

Challenge Launch Date

May 15th, 2019

Challenge Deadline 

July 28, 2019 (This call for projects has expired. Notices of interest are no longer accepted.)

Challenge Statement 

As shown in the statistical estimation, 5G networks will cover over 40% of the world’s population and expectedly to reach 1.5 billion subscriptions by 2024. To achieve promising services in various use cases in 5G era, such as, healthcare, energy and utilities, smart home, methods to evaluate security levels accompanying the 5G architecture should be well studied and standardized. New technologies, such as, NFV and SDN, bring specific challenges in modeling the attacks and calculating security level in the multi-tenancy and multi-vendor virtual infrastructure environment.

However, the current standardization work related to security measurements are mainly based on traditional networks and the virtualized environment aspects are not involved in the current security measurement standardizations. The gap analysis between standardizations and academic quantitative security measurements is also missing.

The challenge of this work includes: 1) Bridge the gap between academic security measurement works and the current standardizations; this gap analysis should convey both works and bring new insight in developing practical security measurements. 2) Model attacks in multi-tenancy and multi-vendor virtual infrastructure environment based on the gap analysis. 3) Propose practical security measurements in 5G environment to evaluate the security levels of different services.

Project Partner

Ericsson Canada Inc.

Timeline

3 years

Available funding

$150,000 CAD (50,000 per year, renewable every year)

Applicant Type

Quebec based College/University

Location

Montreal is the main hub, though the research and development can be completed remotely with scheduled online meetings and face-to-face workshops.

Project Details

The main scope includes:

• Study the current standardizations related to security. measurements in a targeted system, such as NIST, ENISA, etc.
  o Categorize the types of standardizations, such as, framework, data collection, metric calculation and metric interpretation etc.
• Study the current academic work related to quantitative measurements in a targeted system.
  o Review the state of the art of security metrics.
  o Build taxonomies of current related work based on the study of standardization.
  o Propose a possible solution to bridge both works.
• Study multi-tenancy and multi-vendor virtual infrastructure security architecture.
  o Understand the new challenges related to 5G environment in terms of security.
  o Model security in both attackers and defenders’ perspectives.
• Propose practical security metrics.
  o Implement a PoC to demonstrate the usefulness and effectiveness of security metric in 5G environment.
  o Investigate the possible ways to plug the proposed security metric in standardizations.

Deliverables:
Note that in the proposal, the deliverables should be detailed into yearly results to be achieved for the project.

• Workshops
  o Understand and convey the knowledge between researchers and engineers with hands-on experiences in applied security domains.
• Survey paper
  o Submit a survey paper that bridge the gaps between standardizations and the academic works.
  o Bring new vision in security measurement work.
• PoC
  o Propose a practical security measurement to evaluate security levels in 5G environment.
  o Develop a PoC tool to measure security in different 5G domains.

This challenge is strategically important for the development of the industry and the ENCQOR consortium since:

• The workshops bring the opportunity for researchers to learn the practical use cases in 5G domain, in which could provide a practical guild lines for future works.
• Survey paper fills the gap between current standardization work and academic work, which will bring a positive opportunity to implement security metrics in practical use cases
• PoC will provide concrete scenarios to monitor/evaluate services delivery in 5G domain, which brings transparency between services subscribers and the services provider.

Project Goals/Outcomes

• Identify the main differentiators for security metrics in virtualized environments.
• Model attack scenarios that involves the new technologies, such as NFV, SDN, etc.
• Demonstrate the gap between the existing academic works and standardizations.
• Propose practical security metrics to evaluate security level in 5G domain.
• A proof of concept to integrate the proposed security metrics.

Applicant Capabilities

• 2 researchers (M.Sc. or PhD level)
• Background in telecom network and network security
• Good understanding of practical attacks and attack modeling
• Hands-on experiences with programming languages

Additional Information

• It should be noted that Ericsson Canada solutions are proprietary of potential patented and trade secrets. Academic applicants must be willing to work under a Non-Disclosure Agreement (NDA) with Ericsson.
• Ericsson is open to a possible NSERC CRD project based on this funding.