IdentityManagementandDiscoveryinTransient5GNetworks�

ScottCadzow,C3L

©ETSI2017.Allrightsreserved

The ScenarioTwo parties in a crowded room need to make a secure

connection but they don't know each other in advance, and they also don't actually know if they are in the room together. Thus the

parties have to find each other amongst a pool of adversaries each of whom has the opportunity to intercept the signals within

the discovery protocol and to attempt a masquerade

😃

😇

😃

😇

Bob

😃

😇

Bob

Alice

😃

😇

Bob

Alice

😃

😇

Bob

Alice

Discovery requirements

• No, or near zero, pre-configuration

• Assurance that Bob can actually find Alice irrespective of the presence of Eve

• Let Eve fade away as the Alice-Bob connection becomes more assured

• Build trust by selective revealing of attributes

Solutions nearly exist• PYHLAWS and QKD offer physical isolation of

Alice and Bob from Eve - but for single links and without discovery

• DNS and PKI and PMI and Kerberos and cellular HLR/VLR … they all work but need significant a priori knowledge

• Universal plug and play near in spirit but misses the security link in the main

Challenge in M2M and IoT• Bob has got no distributed a priori knowledge of

Alice

• Bob may only ever need to connect to Alice once

• Bob knows what kind of thing he needs to connect to, the class of things Alice is

• Bob may need to connect to millions of instances of an Alice thing as long as they are really an Alice thing but not a specific instance of Alice

Our developing solution• Identity management and Discovery with

Obligations of Trust all wrapped up in a protocol

• Authority Attribute trees as the underlying data model

• Assertions of attribute backed up by authority

• Cryptographic models extending today’s best practices - need to consider QSC at the start

Identity management - person with technology

Identity management - device with authorities

Application domains• IoT (Residential IoT?)

• M2M (Industrial IoT?)

• RRS

• ITS

• eHealth

• Social connectivity

• … nothing is being excluded for now

The Standards response• ETSI CYBER

• Working on Identity Management, Attribute Based Access Control/Encryption, secure and privacy protecting by default

• ETSI RRS

• Working on secure distribution and updates to radio capability in a highly regulated environment

• ETSI eHEALTH

• Bringing together the human and machine for health - coordinating across the ETSI and SDO worlds

• Others including smartM2M, NGP, ENI where smart discovery is essential

The take-away• Our next generation of communications technology

has to be trustworthy, confidential, of high integrity

• Our next generation of communications will be more transient, less “connected”, but more available.

• Discovery will be increasingly key

• ETSI is at the forefront of the R&D cycle for this coming generation

–Donald Rumsfeld, 2002

“… there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the

ones we don't know we don't know.”

Thank you for listening