ETSI Contribution to 3rd Meeting of EC Expert Group on RRS

Slides:



Advertisements
Similar presentations
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Advertisements

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
TTA Views on Technical Scope of M2M Consolidation 17 August 2011 TTA M2MCons02_16 (Agenda 4.3)
ZIGBEE PROTOCOL FOR WIRLEESS SENSOR NETWORK ZIGBEE PROTOCOL FOR WIRLEESS SENSOR NETWORK Research paper Lina kazem
Overview & Definitions for Downloadable Credentials 1 S GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):
ETSI Home Networking activities Rainer Münch ETSI TISPAN Chairman Presenter: Ian Spiers DOCUMENT #:GSC13-GTSC6-20r1 FOR:Presentation SOURCE:Rainer Münch,
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Tufts Wireless Laboratory School Of Engineering Tufts University “Network QoS Management in Cyber-Physical Systems” Nicole Ng 9/16/20151 by Feng Xia, Longhua.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
IEEE SCC41 PARs Dr. Rashid A. Saeed. 2 SCC41 Standards Project Acceptance Criteria 1. Broad market application  Each SCC41 (P1900 series) standard shall.
Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Update on ETSI Security work Charles Brookson OCG Security Chairman DOCUMENT #:GSC13-PLEN-57 FOR:Information SOURCE:Charles Brookson AGENDA ITEM:6.3
Dr. Ir. Yeffry Handoko Putra
Principles Identified - UK DfT -
Thomas Weilacher WG FM Chairman
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.
Fundamentals of Information Systems, Sixth Edition
Suggestion for Summarizing Process of the Principles
Device Security in Cognitive Radio
ETSI Software Reconfiguration Overview
COMP532 IT INFRASTRUCTURE
Security of In-Vehicle Software
Reconfigurable Radio Systems (RRS)
3GPP interworking in R3 Group Name: ARC
2 ATIS 5G OVERVIEW ATIS launched its 5G Ad Hoc in 2015 to advance regulatory imperatives, deliver an evolutionary path, address co-existence of technologies,
UNIT II –Part 2.
Reconfigurable Radio Systems Activities in ETSI
Bruno Chatras, ETSI TC TISPAN Vice-Chairman
ASSET - Automotive Software cyber SEcuriTy
Distribution and components
OmniRAN Introduction and Way Forward
Update – Reconfigurable Radio Systems
ITS-Related Work Items in ITU-R Study Group 5, Working Party 5A
Status On Current DFS CEPT/ECC Civil/Military Meeting, November 2016, Prague Thomas Weber, ECO, Spectrum Management
Adaptable safety and security in v2x systems
Outcome TFCS-11// February Washington DC
Mobile edge computing Report by Weiqing huang.
Internet of Things Vulnerabilities
ETSI TC RRS (Reconfigurable Radio Systems)
eCall: Creating momentum towards the networked car
Enhancing Web Application Security with Secure Hardware Tokens
Maryna Komarova (ENST)
I-Kang Fu, Paul Cheng, MediaTek
Updates on the 863MHz SRD band and 872MHz Award
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
Intelligent Transport Systems
IEEE SCC41 PARs Date: Authors: August 2009 August 2009
WWRF Liaison Report to ITU-T CITS
Cryptography and Network Security
EU-US-JP ITS Steering Group Annual Meeting 2018
Control Systems Security Working Group Report
Final Conference in Paris WP6 – Protection Profiles Specification
IEEE MEDIA INDEPENDENT HANDOVER DCN:
OmniRAN Introduction and Way Forward
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Jan Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [PAR and CSD document discussion] Date Submitted:
Fundamental Concepts and Models
ETSI Technical Committee TCCE
IEEE RR-TAG Teleconference Plan and Agenda
TG1 and System Design Document
ETSI TC RRS (Reconfigurable Radio Systems)
Requirements Date: Authors: March 2010 Month Year
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Security in SDR & cognitive radio
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Regulatory Update in Europe for Gigabit Application.
Mobile Commerce and Ubiquitous Computing
ECC actions on interference from 5 GHz RLAN into meteorological radars
Jarno Pinola VTT Technical Research Centre of Finland
The new Zhaga-D4i interface standard for smart luminaires
Presentation transcript:

ETSI Contribution to 3rd Meeting of EC Expert Group on RRS Dr. Markus Mueck, Chairman ETSI TC RRS 8 February 2018

Overview ETSI effort to collect Use Cases, Classes and Categories Following the provision of a first set of proposed Use Cases to the 2nd meeting of EG RRS, an updated set of proposed Use Cases is propoved in the present document

ETSI effort to collect Use Cases, Classes and Categories Related to the activity of the EC Expert Group on RRS, ETSI has invited all of its Technical Bodies to provide Use Cases Categories or Classes ETSI is currently collecting further inputs. Additional contributions are expected. Following the provision of an initial set of Use Cases for the 2nd EG RRS meeting, an updated set is provided in this document.

Commercial Equipment The following initial set of commercial Use Cases is proposed: Use Case C1 – Smartphone Reconfiguration … Beyond the provisioning of additional modules, it is also possible to replace entire RATs in case those sufficient computational resources are available. ETSI builds test specifications on 3GPP specifications, and therefore 3GPP use cases and equipment classes and categories should be considered. Reconfiguration can also be a remote software update of a device after it is already deployed e.g. to perform an update to a new 3GPP feature Example: Secure environment such as the UICC or the new Smart Secure Platform (SSP) This requires: i) Verifying the Integrity and Authenticity of the new software; ii) Mutual Authentication between the device and the software provider or the service provider who performs the software update. The next generation technology SSP (Smart Secure Platform), successor of SIM/UICC currently developed in ETSI, will allow to implement security services not only on a removable or embedded Secure Element, but also on an integrated Secure Environment of a System on Chip (SoC) and could be extended to any kind of device/equipment where updates of e.g. the firmware, need to be protected.

Commercial Equipment Use Case C2 – Internet-of-Things product design … a limited number of generic and reconfigurable components will be made available which are suitably tailored to the target market through software components. Use Case C3 – Automotive Applications … Software Reconfiguration will enable Manufacturers to replace specific Software and thus maintain related feature-sets up-to-date without requiring changes to the hardware. NOTE: The upper Use Cases are in accordance with the ETSI White Paper on SW Reconfiguration and Annex 2 of the TCAM SDR Final Report (EG RRS (01)05; TCAM WG (11)25).

Commercial Equipment Additional Details on Automotive Applications Context: In order to understand the need for SW Reconfiguration affecting the compliance of equipment to the RED, it is proposed to consider the requirement of vehicular communication modules to remain relevant over the life-time of a vehicle, which can be 10 years or more for a mass-market car , 25 years or more for commercial vehicles or even more than 25 years for traffic infrastructure. Update of Feature Sets: Mobile communication specifications are expected to evolve substantially over time. To give an example, 3GPP provides new Releases every 2-3 years including a substantial extension of feature sets. In this Use Case, a wireless communication platform which is already deployed in the market is able to receive feature updates through SW Updates affecting the compliance of the wireless equipment to the essential requirements of the RED. In a typical example, critical new safety related features are provided to vehicles which are already in the field. Mitigation of Vulnerabilities and Implementation Issues: Vehicular communication equipment may be the object of malicious attacks. Typically, vulnerabilities or implementation issues may be exploited for this purpose. Once such vulnerabilities or implementation issues are detected, concerned components are replaced through SW Updates affecting the compliance of the wireless equipment to the essential requirements of the RED. Note that the original concerned components may be provided as hardwired and/or SW based solutions.

Commercial Equipment Use Case C4 – Cable Systems A variant that is widely relevant to integrated broadband cable and television networks employs a device with non-radio and radio interfaces, where only the cable network interface is used for loading new software onto the device. The software is monolithic in a sense that all device functions are included in a single software load, such that in order to alter an individual function of the device a complete software load has to be delivered to the device. The mechanism to provide such a software load involves a secured delivery protocol as well as an authorization of the software load from a trusted entity. In this case, is the secured software delivery mechanism sufficient to protect the radio device?

Commercial Equipment Use Case C4 – Cable Systems, Cont’d  The unique attributes of the device class that we are suggesting above are: Radio and non-radio interfaces Software loading over the cable network interface only Secured delivery protocol and signed software For illustration purposes, the following example may be considered. The device is a DOCSIS-compliant cable modem with integrated Wi-Fi. The software can only be delivered via the HFC network using the DOCSIS-specified secure software download mechanism.

Professional Users applying direct link Use Case P1 – link-by-link licensed system Assume a "link-by-link licensed" case, where all parameters subject of the individual license (also other that mere frequency and eirp, such as channel size and reference modulation in "adaptive modulation case") need to be open to the operator/administration according the individual license condition. (HS EN is EN 302 217-2 V3.1.1 (OJ published 6/2017), which comprises all Point-to-point FS equipment operating in FS allocated bands from 1.4 to 86 GHz bands) Equipment needs to remain sufficiently “open” to allow for this usage.

General recommendation General Impact of Device Protection Implementation of device protection should not adversely affect secure devices, having a minimum of capabilities for cryptographic protection and secret storage. Available resources may not be sufficient any more in case that additional capabilities are needed. Right balance for protection is needed. This may have an impact on sensor networks, smart cities, etc. (Firmware) Updates (e.g., for bugfixing) of existing equipment should remain possible.

General comment ETSI is in the process of collecting relevant Use Cases, Categories and Classes from its Technical Bodies NOTE: The final list will rely on input by ETSI members and cannot be guaranteed to be exhaustive.