O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Distributed NFV Attestation and VNF Supply Chain Trust- worthiness and Integrity

110 visualizações

Publicada em

Presentation from ETSI Security Week 2018 on the topics of NFV attestation and distribution with blockchain, trusted computing and attestation

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Distributed NFV Attestation and VNF Supply Chain Trust- worthiness and Integrity

  1. 1. Distributed NFV Attestation and VNF Supply Chain Trust- worthiness and Integrity Ian Oliver Nokia Bell Labs Cyber Security Team Espoo, Finland 1 © Nokia Public 14 June 2018
  2. 2. The Vision Trustworthy Infrastructure for Critical 5G Applications Key results • Machine Learning based Network Anomaly detection and mitigation • End to End Attestation and Trusted NFV, Edge and IoT • Integrated, Multi-Faceted Security Approach Ian Oliver, Yoan Miche, Aapo Kalliola, Silke Holtmanns, Borger Vigmostad, Gabriela Limonta, Isha Singh, Leo Hippeläinen, Vikramajeet Khatri and Gabriel Waller Espoo Cyber Security Team Remote Surgery: Critical 5G Use Case Robot – 5G – VR: Implementation Trustworthy NFV+Edge+IoT Infrastructure for Critical Applications Trusted Computing Base + Attestation with Run-time Integrity Monitoring Proactive Network Defense: SDN + Machine Learning VNF Supply Chain + Blockchain Integration 2 © Nokia Public 14 June 2018
  3. 3. The Trusted Computing Base • Trusted Platform Module • Secure, Measured and Trusted Boot (UEFI, tboot, TXT, SRTM, DRTM) • Run-Time Integrity Checking (Linux IMA/EMA, SELinux) • CPU Enclaves & Memory Encryption (Intel SGX, Arm TrustZone) • Remote Attestation 3 © Nokia Public 14 June 2018
  4. 4. So, what’s the problem? • Works well in the core NFV, but not Edge, IoT • Attestation is crude, brutal and centralised • . . . VNF/VM/device production/distribution is not centralised • Global [VNF/VM] Identities • ...and more 4 © Nokia Public 14 June 2018
  5. 5. The Vision 5 © Nokia Public 14 June 2018
  6. 6. The Role of Ledger/Blockchain... • Ledger Semantics - fits with the [VNF/IoT/Element] supply chain • Distributed, Auditable, Untamperable, Reliable, Resiliant • Notarisation and History (eg: VNFD & measures, operations) • Global IDs (cf: Ethereum Contract Addresses) • PKI, OpenStack, TCB integration, ie: workload orchestration • Integrity: Signing and Measurement • Revocation is ‘easier’ • Trust Graph • Performance 6 © Nokia Public 14 June 2018
  7. 7. Demonstration 7 © Nokia Public 14 June 2018
  8. 8. 8 © Nokia Public 14 June 2018

×