We have a short update from the TelcoSecDay 2018 Agenda. But before that, a short reminder. The CFP for TelcoSecDay 2018 is still open. If you are into telco research, and if you have something interesting to talk, please make a submission here. The deadline is 17th February 2018.
Here are the first two confirmed speakers who are going to talk about the below mentioned topics:
Title: Data Security for 4G Interconnection and 5G Interconnection Risk Areas
Speaker: Dr. Silke Holtmanns
Signalling System No 7 (SS7) based interconnection attacks are well understood and known. With the ongoing deployment of the LTE, the Diameter protocol gained importance also over the interconnection link between mobile networks. Attackers go with technology and therefore we now explore the attack space for Diameter. In this talk, we will go into the known Diameter based attacks and then present the technical details for a data interception attacks using different reference points Sh and S6a under specific configurations. Generic and attack specific countermeasures will be discussed and the talk will close with an outline towards potential security risks introduced by the new 5G Service Based Architecture.
About the Speaker:
Dr Silke Holtmanns is a security specialist and distinguished member of staff in Nokia Bell Labs. She has been researching and designing cellular security for 18 years. She has been standardizing 3GPP security for 10 years and is rapporteur of many 3GPP security standards. She has authored over 50 cellular security publications and authored book chapters and a book. Currently, she investigates new interconnection attacks to cellular networks and find suitable countermeasures.
Title: 5G signalling security and other 5G updates from 3GPP perspective
Speaker: Stefan Schröder
Standardisation of 5G “Phase 1” is almost finished, and it is time to review which security enhancements made it from the study into the standard. The first part of this talk will briefly revisit these aspects from last year’s outlook in TSD17 and report their outcome:
• network slicing
• authentication schemes
• enhanced user identity privacy
• security termination points in the architecture
• resistance against key leakage
A major paradigm shift in 5G is the move away from “signalling” interfaces and protocols (SS7, Diameter) towards a modern “Service Based Architecture” (SBA). Core network functions in SBA will offer REST APIs (with information elements in JSON objects), both internally and externally. Network architects hope to reap benefits like efficiency, scalability, modularity, and flexibility from using modern web techniques – but security experts fear that this also brings new weaknesses, while existing inter-operator issues remain unsolved. The second part of this talk explains SBA security aspects:
• legacy signalling – and how to improve security in 5G
• trust model input (IPX)
• requirements from architecture and protocol design
• design goals for SBA security standardisation
• authentication and authorisation
• non-standard security measures (network design, filtering)
About the speaker:
Stefan Schröder has been the primary delegate of Deutsche Telekom in the 3GPP security group SA3 for fifteen years. During this time, Stefan has been working on security standards for UMTS, LTE, IMS, Femtocells, 5G, and others. Stefan also lead the security design for LTE in Deutsche Telekom networks, with a major feature being an automatically secure plug-and-play IPsec backhaul deployment. In earlier positions within Siemens (and various subsidiaries), Stefan was responsible for Intelligent Networks planning, PC system design, and hardware design and testing of communications controllers.
Stay tuned for more updates. We have many awesome talks lined up.