ETSI releases security standards for distributed systems

The distributed, cloud-based technological environment required by 5G and IoT will present a novel set of security challenges.

In anticipation of this the ETSI (European Telecommunications Standards Institute) technical committee on cybersecurity has released two specifications focused on attribute-based encryption (ABE). This seems to be a more flexible, tailored, bespoke form of encryption that can be applied to specific scenarios.

Here’s the ETSI explanation: “ABE is an asymmetric, multi-party cryptographic scheme that bundles access control with data encryption. In such a system, data can only be decrypted if the set of attributes of the user key matches the attributes of the encryption. For instance, access to employee pay data will only be granted to the role of Human Resources Employee working in the payroll department of a company, who has been there for one year or more.”

And here are the two specifications:

  • ETSI TS 103 458, which describes high-level requirements for Attribute-Based Encryption. One objective is to provide user identity protection, preventing disclosure to an unauthorized entity. It defines personal data protection on IoT devices, WLAN, cloud and mobile services, where secure access to data has to be given to multiple parties, according to who that party is.
  • ETSI TS 103 532, which specifies trust models, functions and protocols using Attribute-Based Encryption to control access to data, thus increasing data security and privacy. It provides a cryptographic layer that supports both variants of ABE – Ciphertext Policy and Key Policy – in various levels of security assurance. This flexibility in performance suits various forms of deployments, whether in the cloud, on a mobile network or in an IoT environment. The cryptographic layer is extensible and new schemes can be integrated in the standard to support future industry requirements and address data protection challenges in the post-quantum era.

Another point in favour of these specifications is that they claim to allow secure exchange of personal data among data controllers and data processors, which is a apparently a precondition for GDPR compliance. For emerging distributed core network technology they offer security standards that have the flexibility and scalability they need.

We’re more than networks now – ETSI

Transformation is one of the most common buzzwords in the telecoms world and it seems not even standards bodies can stand against the tides of change.

The world is changing, and changing very quickly. Operators are being pitted against new and unknown competitors, while profits are being sucked out of the telecoms sector. This change means companies have to play in new ballparks, to different rules, and the same can be said for ETSI.

“I don’t think ETSI will be doing the same thing in five years what it was doing five years ago,” said David Boswarthick, Director of Committee Support Center at ETSI.

ETSI’s bread and butter work to date has naturally been focused on the network. And while work here will never be complete, it is becoming less stressful. Projects are completed and new focus areas arise. Like augmented reality for instance.

Eventually operators will start making money out of next generation technologies like AR, but for the moment the foundations are being laid. And what is crucial to these foundations is bringing new stakeholders into the equation. ETSI’s AR working group is one of those which operates further up the value chain. Yes, there are networking questions to be asked, but the technology is much more consumer orientated. The purpose of this group is to assess the landscape, before moving onto standardization projects for the interfaces between devices and an industry accepted framework.

The problem with technologies like AR is that they tend to fall between the cracks. It traverses across so many different sectors, it is difficult for someone to be able to take control. Unfortunately this can lead to some disappointing results. Right now there are three companies (who shall remain nameless) who are dominating the AR space. The technology is proprietary and siloed right now which is a problem.

While some people would consider standards as a limitation for technologists and blue-sky thinkers, Boswarthick highlighted they are crucial for success in the long-run. AR has been walking down the proprietary path for some time unchecked, but to make sure the consumer and the wider ecosystem benefit, there has to be a process of checks and balances. This is what ETSI plans to oversee; the process of creating interoperability and a sustainable ecosystem.

But this is where the complications lie; ETSI has little or no experience in dealing with industry verticals. There are a few industry members in the groups right now, Siemens and Bosch are two examples, but more are needed. “ETSI getting close to the vertical domains is a tough nut to crack,” said Boswarthick, but considering industry players will influence and define applications on the network, they are needed in the conversation from the beginning.

This is one of the first examples of ETSI expanding into new areas, but there will be more. Autonomous vehicles for instance will muddy the waters with new players in the ecosystem, as will smart cities. ETSI certainly isn’t forgetting about its tried and tested playground, but this organization is going to be much more than networking before too long.

ETSI give TLC to MEC – aging buzzword to get a facelift

Multi-access Edge Computing (MEC) might have been given a bit of attention in months gone, but with the 5G dawn about to break a resurgence for MEC could be on the cards.

While it does not sound like the sexiest part of the mobile industry, MEC is crucially important. If we are to live the 5G dream of 8K videos or instant access to insight, the ability to store and cache data on the edge of the network is critical. This is an old story for the industry, but it is a narrative which has been neglected in recent months. ESTI is one organization which seems to be trying to gather some extra steam for the forgotten buzzword.

“As the first Standards Developing Organization to address the challenges of MEC, ETSI brings the world’s leading experts on MEC to the table,” said Alex Reznik, Chair of ETSI MEC Industry Specification Group. “The ETSI ISG MEC can make a significant impact in the effort to make 5G a reality and we invite the industry to take advantage of everything we have to offer.”

MEC is of course only one piece of the 5G puzzle and a step in the complicated journey of virtualization, but one which is very important. Will virtual assistants be able to perform adequately without it, or will latency be low enough for autonomous vehicles or remote surgery? Not only will we not be able to realise some of these glorious usecases, ignoring MEC could potentially undermine the whole premise of the 5G system architecture, which is supposed to be a distributed network. With the 5G light breaking over the horizon ETSI is shifting the focus back to MEC.

As part of the push, ETSI has released two white papers while also creating a Hackathon framework to accelerate multi-access edge computing adoption and interoperability, and encourage all stakeholders to use the group’s specifications to develop edge applications. Collaboration between the various different parties will be critical here, and considering some of the parties involved there is risk of a few disagreements.

“While MEC is central to enabling the world of 5G applications over both 4G and 5G networks, it is only part of a solution to a bigger puzzle,” Reznik had previously said. “Increasingly, the industry is looking for guidance on how to put the overall solution together. By providing end-to-end solution guidance, encouraging and promoting the market through events like Hackathons and other related activities, our group is stepping up to this challenge.”

ETSI is kicking starting the refocus onto MEC, but we expect this to be a much more prominent talking point (once again) over the next couple of months.

ETSI plots the end of mankind with new Working Group

ETSI has unveiled a new Industry Specification Group: Zero Touch Network and Service Management, which will aim to accelerate network automation; humans beware.

The idea here is relatively simple. With the introduction of new technology such as SDN, NFV and MEC, as well as network slicing just around the corner, the network is becoming increasingly complex. As human error is the most common root cause of any disaster in a business, not just telecoms, higher levels of automation are critical to making sure the network meets the high demands of the consumer.

40 organizations have already joined the group, which will be led by Deutsche Telekom’s Klaus Martiny. Nurit Sprecher of Nokia and Christian Toche of Huawei will act as Vice Chairs.

Thankfully robotics is an area of the technology world which is lightyears away from perfection, otherwise what would be the need in humans? Once the physical network is present in the real world, if Klaus and his cronies have their way all execution on the network could be handled by artificial intelligence. Human redundancy is near and it’s because we can’t be trusted with the complicated stuff.

“While 5G and its building blocks are being developed, it’s time to offer an end-to-end view focusing on automated end-to-end network and service management,” said Martiny.

“We want to offer the market open and simple solutions. A continuous feedback from all stakeholders will lead to the first implementations of the specifications which will be tested through Proofs of Concepts, the outcome being fed back to improve existing specifications. A strong collaboration and cooperation with others standards bodies and Open Source projects is important for the ISG.”

The goal of the ISG, which will have the ZSM acronym, is to create a framework where humans are essentially made redundant. From delivery, deployment, configuration, assurance, and optimization, all operational processes and tasks could be handled with 100% automation. Of course there will be a time limit.

The group has the emergence of 5G as a key driver to standardize this area of the industry, as 5G will ‘trigger the need to accelerate radical change in the way networks and services are managed and orchestrated’. This might seem close, but if the delivery of 5G has been anything like the ubiquitous delivery of 4G, we have a while.

ETSI has AR in its standardization sights

ETSI has waded into the murky waters of AR, creating a new Industry Specification Group called Augmented Reality Framework (ISG ARF).

As with most other ETSI working groups, the aim here will be synchronize efforts and identify key use cases and scenarios for developing an AR framework. While working groups at standards bodies are not the most exciting aspect of the industry, it is a crucial one. The group will work to create AR specifications in order to ensure interoperable implementations that will benefit both technology providers and end-users.

“There are huge differences in AR applications but mapping digital information with the real world implies the use of a set of common components offering functionalities such as tracking, registration, pose estimation, localization, 3D reconstruction or data injection,” said b<>com’s Muriel Deschanel, who will act as chair of the group.

“The development of such a framework will allow components from different providers to interoperate through the defined interfaces. This will in turn avoid the creation of vertical siloes and market fragmentation and enable players in the eco-system to offer parts of an overall AR solution.”

Although the first meeting of the group has not taken place yet, Industry 4.0, smart cities and smart homes are three areas which have been prioritized, while an eye will also be cast over applications for mobility, retail, healthcare, education and public safety.

These are all possible ideas, but for any new technology to become a reality, there needs to be a solid business case for the guys at the top of the value chain. And to do that, a transparent and reliable interworking between different AR components is key; in short, interoperability is good. ETSI is the enemy of vendor lock-in situations, and this is just the first step to bringing the technology under its protective wing.