Transcription
IEEE Future Networks WebinarSecurity in SDN/NFV and 5G Networks – Opportunities andChallengesAshutosh Dutta, Ph.D.Senior Scientist, Johns Hopkins University Applied Physics Lab (JHU/APL), USACo-Chair, IEEE Future Network InitiativeIEEE Communications Society Distinguished LecturerEmail: ashutosh.dutta@ieee.org; Ashutosh.Dutta@jhuapl.edu1 03/26/2019
Talk Outline Drivers for SDN/NFV and 5G Cellular Technology Evolution Key 5G Characteristics Threat Taxonomy Opportunities and Challenges in Security Virtualization and 5G Security Use Cases Industry Standards Activities and Testbed SummaryPart II: IEEE Future Networks Initiative OverviewParts of this presentation have been discussed in various ETSI/NFV and IEEE Security and SDN/NFV Working Groups2
Emerging Services and ApplicationsA Driver for Network EvolutionSmart WorkplaceSecurityWebTVAsset TrackingVideoSmart MeterInternet of ThingsDigital ContentSmart CityMobilizeEverythingSemantic WebBig Data SmartGrid Augmented Reality M2M Digital LearningSensor Network Wearable ComputingVoice Recognition Digital LifeVirtualizationGesture ComputingEntertainmentSocial InternetMobile AdvertisementGamificationGamingLocation Based ServicesmHealthVirtual Personal Assistant3Connected CarBYODRoboticsMobile PaymentKnowledge ManagementUser Generate ContentSoftware Defined Anything
SLAs associated with Types of ApplicationsSource Nokia
Evolution of wireless access technologies10 Gbps DL Speed2020
Co-existence of IEEE and 3GPP Technologies
Key Characteristics of 5G Massive MIMO D2D Communications RAN Transmission –Centimeter and MillimeterWaves Efficient Small DataTransmission New Waveforms Wireless Backhaul / AccessIntegration Shared Spectrum Access Advanced Inter-NodeCoordination Flexible Networks Simultaneous TransmissionReception Context Aware Networking Multi-RAT Integration &Management7 Densification of Small Cells Flexible Mobility Information CentricNetworking Moving Networks
5G – Emerging Architecture and Enabling Technologies5G Architecture Themes:Flexibility, Scalability5G New Radio‒Fiber-like performance‒However, 5G is Multi-RAT Network Function Virtualization‒ Network realized in software: Core and RAN‒ Cloud resources throughout the network Programmable Network‒ Flexible orchestration of network resourcesand infrastructure: RAN, core, transport, etc. Network Slicing‒ Self-contained, independent network partitionincluding all segments: radio, core, transport,and edge.‒ Multi-domain, multi-tenantSource: 5G-PPP Architecture WGView on 5G Architecture (Version 2.0)8 2017 InterDigital, Inc. All Rights Reserved.
5G Dimensions and Types of 5G ApplicationsEnhanced Mobile Broadband- Mobile Broadband, UHD / Hologram, High-mobility,Virtual PresenceCritical Communications- Interactive Game / Sports, Industrial Control, Drone /Robot / Vehicle, EmergencyMassive Machine Type Communications- Subway / Stadium Service, eHealth, Wearables,Inventory ControlNetwork Operation- Network Slicing, Routing, Migration and Interworking,Energy SavingEnhancement of Vehicle-to-Everything- Autonomous Driving, safety and non-safety features9Courtesy: Gerhard Fettweis
Enhanced Mobile Broadband & UHRLLC Use Cases Enhanced Mobile Broadband (eMBB) Expected throughput of 5 Gbps UHD video (4k, 8k), 3D video (including broadcastservices)Virtual RealityAugmented RealityTactile InternetCloud gamingBroadband kiosksVehicular (cars, buses, trains, aerial stations, etc.) High reliability / low latencyIndustrial controlRemote manipulationMission-critical applications e.g. ehealth, hazardousenvironments, rescue missions, etc. Self-driving vehicles 10Source: ITU-R
What “5G and Advanced Communication Systems” is About11
Key Pillars of SDN/NFV and 5G Security12March 26, 2019
SDN/NFV is the Foundation of 5G Core Network
Overview of NFV (Network Function Virtualization) Sample Use casesVirtualization ofMobile QHWHWMMEHWCSCFHWVirtualization of MobileCORE and IMSVirtualizationof CDNsCDN 1Virtualization ofCDNHWvBS3GHWVirtualization ofBase StationsBSVirtualizationof BaseStations vervBS2GRGWCDN 2LBNATHWHWVirtualizationof Fixed AccessHWHWVirtualization ofHome andEnterprise LC-PlaneITU-T/GHWHWCOVirtualization ofFixed AccessBSVNFHWHardwareresourcesHardwareresource pool
NFV Use Case: Virtualization of Mobile Core Network (EPC) and IMSNetwork OperationVNF Relocation15
An Example - Security Transformation – Virtual Firewall/Virtual DDOS/Virtual IPSVirtualized Security FunctionNon-Virtualized SecurityOperational Management llervFW2ApplicationControllerIDS1Common Cloud Infrastructure Wide variety of vendor specific security hardwareRequires vendor specific FW management platformsRequires hands-on customized physical work to installMultiple support organizationsNo single operations model or database of record16 Security functions will be cloud-basedSecurity dynamically orchestrated in the cloud as neededStreamlined supplier integrationCentralized common management platformCreates a standard operations/support modelIDS2
Security Challenges in a Virtual Environment – ETSI Problem Statement Draft Hypervisor Vulnerability API security Orchestration Vulnerability Virtual monitoring Limited visibility to Mobility/EPC interfaces (e.g. S6a,S11, S8) Virtualized firewalls Secure boot Secure crash User/tenant authentication, authentication and accounting Topology validation and enforcement Performance isolation Authenticated Time Service Private Keys within Cloud Images Detection of attacks on resources in virtualization infrastructure Security monitoring across multiple administrative domains (i.e., LawfulInterception)Hypervisormitigated eatsgenericnetworkingthreats
General Threat Taxonomy (EPC) – Ref. ETSI/NFV Monitoring and Management (Draft 13)LTE/EPC Security Threats Categories18
Mobile Network Security - EPCThreat CategoriesT1CategoryThreatDescriptionLoss of AvailabilityFlooding an interfaceAttackers flood an interface resulting in DoS condition (e.g. multipleauthentication failure on s6a, DNS lookup)Crashing a network elementAttackers crash a network element by sending malformed packetsEavesdroppingAttackers eavesdrop on sensitive data on control and bearer planeData leakageUnauthorized access to sensitive data on the server (HSS profile, etc.)Traffic modificationAttackers modify information during transit (DNS redirection, etc.)Data modificationAttackers modify data on network element (change the NEconfigurations)Control the networkAttackers control the network via protocol or implementation flawCompromise of network elementAttackers compromise of network element via management interfaceT2T3Loss of ConfidentialityT4T5Loss of IntegrityT6T7Loss of ControlT8T9Malicious InsiderInsider attacksInsiders make data modification on network elements, makeunauthorized changes to NE configuration, etc.T10Theft of ServiceService free of chargeAttackers exploits a flaw to use services without being charged19
Attacks Taxonomy – VoLTE/IMS/USPAttacks byMobile endpoints(DDoS/ TDoS byflooding)Insider attacks(compromise of network element)Attacks via SIP messagingimpersonation (Theft RfSBCPCSCFMwRANS1-US1-MMEMMEHSSSGi (Gm)EPCPCRFCx/DxRxCALEA CDRAENUME-CSCF EATFMiCPMMiSBCAT&T CVoIPMgBGCFMjAttacks with physical access tothe transport network(Man-in-the-middle attack,eavesdropping)20Attacks via rogue mediastreams and malformedpackets (DoS/TDoS)Attacks viaSPIT(Spam over Internet Telephony)/unsolicited voice calls(Voice SPAM/TDoS)Circuit SwitchedDomain(eMSC, MGCF, 3G-MSC,MGW )Attacks from external IPNetworks(compromise of networkelement)Other VoIP& PSTN
IMS Threat CategoriesT1CategoryThreatDescriptionLoss of AvailabilityFlooding an interfaceDDoS/TDoS via Mobile end-pointsCrashing a network elementDoS/TDoS via rogue media streams and malformedpacketsLoss ofConfidentialityEavesdroppingEavesdropping via sniffing the SGi(Gm) interfaceData leakageUnauthorized access to sensitive data on theIMS-HSSLoss of IntegrityTraffic modificationMan-in-the-middle attack on SGi(Gm) interfaceData modificationSIP messaging impersonation via spoofed SIP messagesControl the networkSPIT(Spam over Internet Telephony) / unsolicited voicecalls resulting in Voice-SPAM/TDoSCompromise of network elementCompromise of network element via attacks fromexternal IP networksT2T3T4T5T6T7Loss of ControlT8T9Malicious InsiderInsider attacksMalicious Insider makes unauthorized changes to IMSHSS, SBC, P/I/S-CSCF configurationsT10Theft of ServiceService free of chargeTheft of Service via SIP messaging impersonation21
Attacks on LTE-RANAttacks with physical access to the transport network(includes: S1-MME, S1-U, OAM, X2)Attacks on the RadioInterfaceAttacks by Mobileend pointsUueNodeBeNodeBX2RAN22Cell Site BackhaulS1-MMEX2Attacks with physicalaccess to eNodeBMMEOAMEMS(RAN)S1-US-GWEPC
RAN Threat CategoriesT1CategoryThreatDescriptionLoss of AvailabilityFlooding an interfaceDOS on eNodeB via RF JammingCrashing a network elementDDOS on eNodeB via UE BotnetsEavesdroppingEavesdropping on S1-MME/S1-U interfacesData leakageUnauthorized access to sensitive data on the eNodeBTraffic modificationMan-in-the-Middle attack on UE via false eNodeBData modificationMalicious modification of eNodeB configuration dataControl the networkAttackers control the eNodeB via protocol or implementationflawCompromise of network elementAttackers compromise the eNodeB via management interfaceT2T3T4T5Loss ofConfidentialityLoss of IntegrityT6T7Loss of ControlT8T9Malicious InsiderInsider attacksMalicious Insider makes unauthorized changes to eNodeBconfigurationT10Theft of ServiceService free of chargeTheft of Service via Spoofing/Cloning a UE23
SDN/NFV-based Evolved Packet CoreData AnalyticsManagement & OrchestrationSLA MgmtAnalyticsUsage visorCommon Hardware (COTS)eNodeBeNodeBeNodeBMobile Devices(Smartphones,M2M, IoT)24LTERANSDNInternet,Cloud Services,PartnersSGiSDNControllerVirtualizedIMS
Security Advantages of SDN/NFVPerformance Improvements:A Comprehensive View of SDN/NFV Security AdvantagesStreamline and Reduce IncidentResponse Cycle TimeStreamline and Reduce PatchingCycle TimeOrchestrationDesign Enhancements:Centralize Control andManagement FunctionsSecurity Embedded atDesign TimeVM1’’VM1’VM1VMSecurity FunctionVendor 1VM2’’VM2’VM2VMSecurity FunctionVendor 2VM3’’VM3’VM3VMSecurity FunctionVendor 3Security that Exceeds ExistingPerimeterHypervisorCommon Hardware (COTS)Multivendor Security ServiceSDNData AnalyticsSLA MgmtAnalyticsUsage MgtMonitoringSDNControllerReal-Time capabilities:Real-Time Scaling to Absorb DDOSAttacksReal-Time Integration of “Add-on”Security Functions25
Security Opportunities from VirtualizationDDoS Attack Resiliency – Control PlaneAttacker creates a Botnetarmy by infecting manyMobile devices with a‘remote-reboot’ malware,attacker then instructs themalware to reboot all thedevices at the same time,this will cause excessivemalicious AttachRequests, creating aMalicious Signaling Storm.1vMME is under DDoS attackOrchestrator instantiates new VM to scale-out vMMEfunction to sustain the higher traffic load while vP-GWvPCEFHypervisorCommon Hardware (COTS)eNodeBeNodeBeNodeBMobile Devices(Smartphones,M2M, IoT)26LTERANSDNInternet,Cloud Services,PartnersSGiVirtualizedIMS3
Security Opportunities from VirtualizationSDN Controller Dynamic Security Control – Data PlaneMalware on Mobile Devicessends malformed IP packetsdirected to a Customer CloudServices1Internet,Cloud Services,PartnersNetwork Intelligence LayerSGiSDN ControllereNodeBeNodeBeNodeBMobile Devices(Smartphones,M2M, DNSDN Controller dynamicallymodifies the firewall rules forthe related firewalls to thwartthe attack27VirtualizedIMS2Non-malicious traffic3
Security Challenges from VirtualizationHypervisor VulnerabilitiesTo prevent this type of attack, we must: Conduct security scans and applysecurity patches Ensure the Hypervisor is hardenedand minimized (close vulnerableports) Ensure the access to the Hypervisoris controlled via User est OSGuest OSMalware compromises VMs: VM/Guest OS manipulation Data exfiltration/destruction2Guest OSHypervisor (Host OS)Common Hardware (COTS)Hacker exploits a vulnerability in the OpenSource code and infects the Hypervisor witha Malware281
Security Vulnerability in ODL SDN ControllerVulnerability: ODL controllerdid not disable external entityaccess to XML parser due to abug in the ODL SDN controllercode2Exploit: Using Northbound APIhacker does XML ExternalEntity (XXE) attack andexfiltration of configurationdata from ODL SDN controller1NetworkIntelligenceLayerInternet,Cloud Services,PartnersVirtualizedIMSSDN eBMobile Devices(Smartphones,M2M, IoT)LTERANvRoutersvRoutersSDN3Mitigation Strategy: Opensource community reported theproblem, Patch was applied thatdisabled external entity accessand fixed the problem.29
SDN Controller Security Use Cases Denial of Service Attack through South Bound Interface REST API Parameter Exploitation – North Bound API North Bound API Flood Attack MAN-IN-THE MIDDLE ATTACK/Spoofing Protocol Fuzzing – South Bound Controller Impersonation – South Bound30
DNS Amplification Attacks Enhanced by Elasticity FunctionOrchestrator instantiates new VM to scaleout vDNS function to accommodate morequeries becomes multiple recursive DNSsevers responding to victimMalicious DNS queries (spoofed source IPaddress set to the address of the -GWvPCEFInternet,Cloud Services,PartnersSGiVirtualizedIMSHypervisorCommon Hardware (COTS)eNodeBeNodeBeNodeBMobile Devices(Smartphones,M2M, IoT)LTERANSDNvEPCVictim3Victim receives the DNS query response(large/amplified packets)NOTE: we must implement vIDS/vIPS &vFirewalls to mitigate these types of attacks31
Network Function VirtualizationSecurity Challenges and OpportunitiesExisting ThreatsNew alingStorm oS/ Attacksfrom EFSGiHypervisorCommon HardwareeNodeBeNodeBeNodeBMobile Devices(Smartphones,M2M, IoT)32LTERANAttacks fromUser Plane tyAmplificationAttacksEnhanced byElasticityFunction
Threat Scenarios in NFV (Reference - ETSI NFV)2. Attack to host, hypervisor and VMsfrom applications in host machine1. Attack from VMs in thesame domain3. Attacks from hostapplicationscommunicating with VMs5. Attack to external communicationwith 3rdparty applications7. Attacks from VMsfrom external network6. Attacks from externalnetworks via edgenetwork334. Attacks to VMs fromremote managementpath
Attack Types in NFV (Ref- ETSI/NFV)Threat 1: Attack from VMs in the same domain VM would be manipulated by attackers and potentially extend the attack to other VMs Buffer overflow, DOS, ARP, Hypervisor, vswitchThreat 2: Attack to host, hypervisor and VMs from applications in host machine Poor design of hypervisors, improper configuration Attackers inject malicious software to virtual memory and control VM Malformed packet attacks to hypervisorsThreat 3: Attack from host applications communicating with VMs Host applications being attacked can initiate monitoring, tampering or DOS attack tocommunications going through host vSwitch Improper network isolation, Improper configuration to application privileges of hostmachine Lack of restriction to services or application34
Attack Types in NFV (Ref-ETSI/NFV)(Contd.)Threat 4: Attack to VMs from remote management path Outside attackers could initiate communication by eavesdropping, tampering, DOS attack, and Man-in-theMiddle attack Gain illegal access of the system and access OS without authorization, tamper and obtain sensitive andimportant information of a system Poor design and development of the application may lead to many known attacks (e.g., buffer overflowattacks)Threat 5: Attack to external communication with 3rd party applications The API interface accessed by 3rd party applications in the untrusted domains is easily subject to maliciousattack. Such attack includes illegal access to API, DOS attack to API platform Logical bugs in APIs, API authentication/authorization mechanism problems and security policy configurationproblems.Threat 6: Attack from external network via network edge node Virtualized Firewalls, Residential gatewaysThreat 7: Attack from host machines or VMs of external network domain VNF migration, VNF scaling (Scale in- Scale out)35
Hypervisor Vulnerability (Example)Use Case: Hypervisor gets compromised somehow by the attacker. Attacker uses hypervisorprivilege to install kernel root kit in VNF’s OS and thereby controls and modifies the VNF.Mitigation Techniques: Hypervisor Introspection schemes can use the Hypervisor’s higher privilege to secure the guestVMs. A Hypervisor-based introspection scheme can detect guest OS rootkit that got installed bythe attacker. Adoption of Hypervisor hardening mechanisms can protect hypervisor’s code and datafrom unauthorized modification and can guard against bugs and misconfigurations in thehardened hypervisors. Use Software vulnerability management procedure to make sure the hypervisor is securedfrom attack36
Orchestration Vulnerability (Example)Use Case: An attacker uses legitimate access to the orchestrator and manipulates its configuration inorder to run a modified VNF or alter the behavior of the VNF through changing its configurationthrough the orchestrator. This will compromise the VNF separation as the administrator of one VNFcan get admin privilege of another VNF and the separation between the VNFs cannot be maintained.Mitigation Techniques:Deploy some of the inherent best current practices for orchestration security by way of detectionmechanism when the separation is violated, provide secure logging for access, automated systemor configuration auditing. Deploy security monitoring system that will detect the compromised VNF separation, any kind ofanomaly in the system or provide alert mechanism when some critical configuration data in theorchestrator is altered. Access Control, File system protection, system integrity protection Hardening of separation policy through proper configuration management 37
Security Use Cases for 5G RANDDOS attacks against Network Infrastructure Overload of the signaling plane by a huge number of infected M2M/IOT devicesthat attempt to gain access Overload of the signaling plane by a huge number of infected M2M/IOT devicesthat transmit intermittently and simultaneously Resource Starvation at cRAN vFW Leverage IOT for Distributed Denial of Service Resource Sharing by multiple service providers at cRAN Deliberate triggering of network and overload mechanisms Bulk configuration38
Security Use Cases for Mobile Edge Computing 39Storage of Sensitive Security Assets at the EdgeThird party applications on the same platform as network functionsUser Plane attacks in Mobile Edge Computing EnvironmentExchange of Sensitive Security Assets between core and Mobile EdgeTrust establishment between functions at the core and at the edgeSubscriber authentication within the visited networkSecure storage of credentials to access IMS networkAccess to 5G core over non-3GPP network accessUser plane data security over less trusted 3GPP network accessesManagement of credentials to access non-3GPP network access
Security Use Cases for Network Slicing Controlling Inter-Network Communications Instantiation time Impersonation attacks against Network Slice Manager Impersonation attacks against a Network Slice instance within an OperatorNetwork Impersonation attacks against different Network Slice managers within anOperator Network Different Security Protocols or Policies in different slices Denial of Service to other slices Exhaustion of security resources in other slices Side Channel Attacks Across Slices Hybrid Deployment Model Sealing between slices when UE is attached to several slices40
Relevant SDN/NFV/5G StandardsForumFocusIETFNetwork Virtualization Overlay, Dynamic Service Chaining, Network Service Header3GPPMobility and Security Architecture and SpecificationETSI ISG NFVNFV Platform/Deployment Standards – Security, Architecture/Interfaces, Reliability, Evolution,PerformanceIEEEDevelop Technologies for that can be used by other Standards Bodies. There are 42 societies tocontribute to 5G Eco SystemONFOpenFlow SDN Controller StandardsOPNFVNFV Open Platform/eCOMP/OPNFV Community TestLabsOpenstackCloud Orchestrator Open SourceOpenDaylightBrownfield SDN Controller Open SourceONOSOpenFlow SDN Controller Open SourceDPDK/ODPCPU/NIC HW API – Data Plane Development KitKVM ForumHypervisorOVSOpen Source vSwitchLinuxOperating System, Container SecurityATIS/NIST/FCC/CSARegulatory Aspects of SDN/NFV
Virtual IDS Prototype for Mobility CORE1.2.3.Malicious URL Detection and MitigationMalware Detection and MitigationApplication and Overload Control(IMSI, IP address,Port Number,App Type, B/W)syslogvIDS/vIPS detectsthe subscriber andMalicious URLVirtualizedIDSSubscriber accessesBlacklisted URLvMMES11S1-UeNodeBUE, eNodeB Emulator43VirtualizedEPCRx (Diameter)IMSI, URL, IPaddress are passedon to PCRF and PCEFvPCRFS1-MMERealUEApplicationFunction (AF)S6aS5/S8vS-GWeNodeBUE cannot accessthis URL anymorebut other URLsvHSSGx (Diameter)vPGW/vPCEFSGiMalwareWeb ServerSimulatedInternetSGiDynamicSecurityControl PointsInternet, IMS orOther PDNs (e.g.WiFi)3GPP E-RABModification RequestWiFi UsersBlacklistedWEB Server
Blacklist Detection for DSC
Malware Download Detection for GDSC
BeforeThrottlingAfterThrottling
2018 FDC Initiatives & ActivitiesSmall ProjectsEnvironmentalEngineeringRoadmaps Strategy andGovernance (IRSG)Quantum Computing47ieee.org/futuredirectionsGraduated Initiatives
Key StakeholdersIEEE Societies (22 so far)IndustryAcademia, StudentsIEEE OUsIEEE EDUCATIONAL ACTIVITIESInitiative Profile Launched August 2016 Technical Activities Board Funded 20 Participating Societies/OUs
Futurenetworks.IEEE.org49
Led by a steering committee of 30 leaders froma diverse set of Future Networks-related IEEESocietiesThe global team of experts involved in IEEE FutureNetworks are producing programs and activities including The Future Networks RoadmapStandardsConferences & Eventsshort-term ( 3 years), mid-term ( 5 years),and long-term ( 10 years) research,innovation, and technology trendsGlobal, open, andcollaborativeIEEE 5G SummitsIEEE 5G World ForumsFuture Networks-related IEEE conferencesEducationExpert ArticlesPublicationsIEEE Future Networks Learning SeriesIEEE Live Online Courses, Webinar seriesVideos from IEEE 5G SummitsPublished on IEEE FutureNetworks web portal and inindustry mediaIEEE Future Networks Transmissions podcast seriesIEEE Future Networks Tech Focus NewsletterIEEE Future Directions Talks Future Networks Q&Aarticle series
IEEE Future Networks Initiative Organization StructureA. DuttaG. FettweisT. LeeEducation WorkingGroupR. TingR. Annaswamy51PublicationsWorking GroupC-L. IG. YiRoadmap WorkingGroupC-M. ChenR. HuSteering CommitteeCo-ChairsConferences &Events WorkingGroupL. LadidA. DuttaStaffProgram DirectorStandardsWorking GroupM. UlemaA. GelmanH. TepperContent & CommunityDevelopment WorkingGroupJ. IrvineA. WyglinskiTestbed WorkingGroupIndustryEngagementWorking GroupI. SeskarT. Van BrackleM. LuS. DIxit
Roadmap Structure – Leadership and Working Group Co-chairsStandardization Building BlocksPaul NikolichAlex GelmanPurva RajkotiaMehmet UlemammWave and Signal ProcessingTimothy LeeHarish KrishnaswamyEarl McCuneHardwareDylan WilliamsMassive MIMORose Quingyang HuDongming WangChris NgChi Ming ChenHaijian SunApplications and ServicesRavi AnnaswamyNarendra MangraTestbedIvan SeskarTracy Van Brakle52SecurityAshutosh DuttaNEW FOR 2019Systems OptimizationAna NietoAshutosh DuttaAhmad CheemaKaniz MahdiSatelliteOpticsSastri KotaFeras Abou-GalalaPrashant PillaiPaul LittlewoodGiovanni GiambeneEdge Automation PlatformMeryem SimsekCagatay BuyukkocKaniz MahdiPaul LittlewoodDeploymentDavid WitkowskiConnecting the UnconnectedSudhir Dixit, Ashutosh Dutta
SummaryEmerging services are evolving rapidlyNetwork needs to be designed to be adaptable, resilient, and flexibleOperators need to reduce Capex and OpexSDN/NFV is an enabler for 5GOpportunities and Challenges in this new virtualized environment5G-specific application adds new security requirementsComprehensive security architecture is essential to take care of securitychallenges Operators and vendors need to work together to form a security ecosystem Standards, Testbeds and POCs act as catalyst for Virtualization 53
Thank you54
Senior Scientist, Johns Hopkins University Applied Physics Lab (JHU/APL), USA Co-Chair, IEEE Future Network Initiative IEEE Communications Society Distinguished Lecturer Email: ashutosh.dutta@ieee.org; Ashutosh.Dutta@jhuapl.edu. 03/26/2019 IEEE Future Networks Webinar. Security
