NFV UPDATE

Vienna, February 2018

GMCQ – Vodafone National Security Obligations and Chair ETSI TCLI

© ETSI 2017 All rights reserved
 NFV

ETSI ISG NFV established in 2012

http://www.etsi.org/technologies-clusters/technologies/nfv

White Papers
Goals
• Reduced operator CAPEX and OPEX through reduced equipment costs and
• reduced power consumption
• Ensure interworking with existing architectures and physical implementations
• Reduced time-to-market to deploy new network services
• Improved return on investment from new services
• Greater flexibility to scale up, scale down or evolve services
• Openness to the virtual appliance market and pure software entrants
• Opportunities to trial and deploy new innovative services at lower risk

2 © ETSI 2011. All rights reserved

 LI Cross-Standards Body Landscape
NFV Stack Holistic (Standards) View 3GPP/TC LI
View

LI LI LI

3GPP/TC LI IMS (X-CSCF,

VNFs Realm MGCF, MGW, etc.)

Sec Ctrl Sec Ctrl Sec Ctrl

NFV ISG (Virtual) RoT
NFVI MANO
Infrastructure
HW RoT
HW RoT

Across all views, a complete and correct LI solution

contains a full vertical coupling across red boxes
 Key Reading

NFV SEC 011 Report on NFV LI Architecture

• Details the LI changes and potential solutions
NFV SEC 012 Security Management and Monitoring for NFV
• Details requirements needed for support of LI and other critical
components.
• Many of these cannot fully be met by current technology.
NFV SEC 013
• Security monitoring service, architecture and functionality
• Share many common requirements will LI.
• Difficult to make LI invisible to security monitoring.
•NFV SEC 016
• Secure time sources in a virtual environment

4 © ETSI 2011. All rights reserved

The Basic Issue: Why Aren’t Compute
Devices Trustworthy?

Protected Mode (rings) protects OS from apps …

App Malicious
X
X X
X App
App
X
X
Info Bad
OK Bad Code
OK
Code
Privileged Code attack

… and apps from each other … flaws may be

These
… UNTIL a malicious app OR admin exploits a flaw to gain full
operational,
privileges and then tampers with the OS or other apps
not technical!
Apps not protected from privileged code attacks
5
Protection from what?
VM attacks
NFV Management
and Orchestration

MANO
Sometimes Called
Cloud
Management
System (CMS)

Telco Service
Layer
Eg vCPE, vEPC, SIP
NFVI
Network
Function
Virtualisation VIM
Infrastructure Eg Open Stack
Cloud Stack

6
Protection from what?

Host attacks NFV Management

and Orchestration

MANO
Sometimes Called
Cloud
Management
System (CMS)

Telco Service
Layer
Eg vCPE, vEPC, SIP
NFVI
Network
Function
Virtualisation VIM
Infrastructure Eg Open Stack
Cloud Stack

7
 Back to Basics Summary

Entire core network implemented in a common cloud data centre

blade architecture.
• May be operator owned hardware
• Could use Amazon or Google Cloud resources.
Virtualised Network Elements share common resources which can be
reallocated dynamically depending on network load.
• Multi Vendor
• With or Without SDN
Virtualised Network Elements can move between data centre blade
computing resources dynamically.
Additional virtualised network elements can be created, paused or
terminated depending on network load conditions.

8 © ETSI 2011All rights reserved

 What does this mean for LI ?

More difficult to locate or identify target traffic

On-Switch / Function “easiest approach”
Off-platform DPI extremely difficult
• Can’t attach physical crocodile clips to virtual connections.
• Inter VM encryption as standard.
On-platform DPI
• Security problems and limited compute resources
• May require proprietary implementation.
Hybrid DPI (On & Off mix)
Traditional LI security wrap doesn’t work in virtualised network
Hypervisor has access to all
New LI attack and detectability threats
• All of network is in one virtual location
Dark fibre VPN egress not viable

9 © ETSI 2011. All rights reserved

 NFV Security Considerations

Input
The transition of traditional hardware based services to software based
NFV “virtualised functions”. Increased flexibility, less expensive.

Security is baked Not yet. No vendor is currently mature in their NFV offer, and ETSI standards
are still being finalised.
in ?
Potentially, NFV greatly increases the impact of any event. Older equipment may
Impact not be more secure – but harder to exploit. IT and Telco security are not the same
thing.

• Location. Where is the NFV instance ? Can we maintain LI capability at that location (legally) ? Are we sure it is in the UK
and not in China ?
• Confidentiality / Integrity. They hypervisor manager can compromise the system. Can you stand over the record generated in
Specifics an NFV instance one year ago (that existed for 15 seconds) ?
• Availability. Increased susceptibility to a common mode failure.

• Ask the right questions of your vendors (see guidance notes)

What can be done ? • Delay the use of NFV where sensitive functions are required (e.g. LI)
• Regulators should ensure they really understand the issues, now.

10 Insert Confidentiality Level in slide footer

 NFV

11
 Telling the time…

Virtual Functions can’t tell the time.

LI relies on accurate time for correlation and
evidential integrity.
Time of What? and Where?
Large VNFs may be spread over multiple hosts and
locations.
New solutions required
NFV 016 Report on location, timestamping of VNFs

12 © ETSI 2011. All rights reserved

 Regulation, or lack of…

Can your national law handle a service provided by multiple vertical and
horizontal operators?
• E.G. Hardware, Hosting, Platform, Infrastructure, Access Service,
Communications Service?
Can national law force a “service” to be nationally localised?
Cross border LI/CD?.
• Who is responsible for correlation?
Who is responsible for data retention?
• Retention of what?
• Do LI / CD security rules cover virtualisation of services and combination
with untrusted service functions?

13 © ETSI 2011. All rights reserved

 Do ask questions!

Contact Details:
gerald.mcquaid@Vodafone.com

Thank you

14 © ETSI 2017. All rights reserved