Enabling Multi Party Trust In The Era Of 5G And Multi .
guardtime.comEnabling Multi Party Trust in theEra of 5G and Multi-Access EdgeComputingWhitepaperAugust 2019
IntroductionMulti-access edge computing (MEC) and 5G areconverging to become a revolutionary opportunity fortelecom operators and their enterprise and governmentpartners. A strategic race has begun for operators to befirst movers in 5G and MEC, deploying infrastructure andservice access in order to capture the rise of machine tomachine, IoT connections and AI/ML decision inference.2This paper analyzes the challenges facing operators asthe market moves from a centralized security model toa decentralized and federated model. We then introduceGuardtime MIDA, a security and trust platform optimizedfor 5G MEC convergence.Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
5G and MECConverged 5G networking and MEC promises support formassive scale device connections. MEC server platformsthat are currently being deployed have to be able todeliver real-time provisioning, device/data n/authorization capabilities into and from decentralizedarchitectures and networks.Moving analytics and decisions to the edge also meansthat less data will be sent to the data center or cloud,promising greatly decreased costs for IoT and mobileecosystem participants and addressing the walledgardens of the past that resulted in data silos and servicemonopolization. Elimination of these barriers, as well asthe increased numbers of newly regulated ecosystemparticipants will greatly increase management and3service complexity with ‘many-of-many’ new subscriberscoming online to utilize, govern, orchestrate and secureMEC for value added services and new revenue streams.This evolution challenges telecom operators to movefrom a centralized security and data protection model toa decentralized and federated model.While the convergence of 5G and MEC provides anopportunity to vastly open the ecosystem for new datadriven businesses, moving data faster and to more devicesalso requires a paradigm shift across many domainsthat include device and infrastructure provisioning,identity and subscription services, data protection andgovernance, and Machine Learning/Artificial Intelligencesecurity.Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
Current challenges in 5G and MECWith the almost constant attacks on telecominfrastructure and management systems, every networkhardware OEM using the same commodity securityframeworks is exploring new solutions to harden andsecure their products and customer data at the edge.have infrastructure in their private cloud and utilizepublic cloud resources. By moving processing oftraffic and services from a centralized cloud to theedge, it becomes imperative to address privacy onregulated information such as health and financialrecords and in real-time before dissemination.The adoption of “always-on” architectures, coupled withthe proliferation of edge compute and IoT devices hasrapidly changed the landscape in which businesses andtelecom operate. With almost every sensor, edge deviceand electronic control unit now directly or indirectlyconnected to a network or the Internet, the attacksurface has increased significantly. Traditional tools arenot equipped to detect, defend, and remediate attacks atscale, in an acceptable time frame, and at an appropriatecost. Associated privacy and compliance requirementshave become regionalized with heavy levies formisuse as defined by the data protection standardslike GDPR. Governance, risk and compliance for thisdata will be an enormous challenge considering 50%of organizations have not updated their data securitystrategy in 3 or more years.In order to keep up with the scale, distributed nature,and complex heterogeneous ecosystems of today’sconnected edge landscape, a paradigm shift is needed.The common systemic issue is the lack of a common trustfabric from the edge, to the consumption of the data, andfinally at the management plane to make decisions aboutthis data.Worldwide data creation is estimated to grow to astaggering 163 Zettabytes by 2025. In IoT alone, therewill be a predicted 42Bn IoT devices online.Whileorganizations will seek to monetize and analyze more andmore services on top of this data, protecting it will alsogrow exponentially more complex. Credential Compromise - Current exploits sidering 5G router and edge platform capacities.Consider that 5G MECs push computing capabilitiescloser to the Radio Access Network (RAN) andin turn closer to subscribers achieving devicedensities approximating 1 million devices forevery square kilometer. Credential compromiseof device management and control systems willlead to exploitation at scales that industries havenot previously experienced via man-in-the-middleor lateral access attacks. Current deploymentsare attempting to use traditional credentials in ahighly decentralized architecture, reused and weakcredentials are exposed to compromise, effectinglarge amounts of devices with little awareness orability to revoke credentials.Some of the challenges faced in MEC are: PKI Challenges: In the 5G era, PKI as a provisioning(access, authorization and accounting) scheme willbe challenged at scale with the many counterpartiesand service providers who require device or edgeservice access and may conceivably have no businessrelationship (federation or geographic/regulatoryrestrictions to share credentials or certificates).Given the sheer density of devices, provisioning andrevocation using PKI becomes complex and costly. Privacy concerns - In the past, companies had onpremise centralized networks that only trusted peoplewere allowed to access. Today, many companies4 Lack of multi-party trust - Moving data faster and tomore devices will not be effective without businessand consumer confidence in their devices and data. Ifthis new data driven economy is to flourish and grow,decentralized participants will have to obtain accessto and manage edge resources. Decentralizationalso means federation between participants. For5G to deliver better outcomes, new flexible multiparty Authentication, Authorization, and Accounting(AAA) platforms and trust anchors will be neededthat work at scale, are more secure, while reducingmanagement complexity.Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
Lack of scalability in identity management - With thebillions of devices coming online, 5G MEC infrastructuresneeds a secure way to subscribe and manage theidentities of each IoT device on network as well as ascalable way to govern the data being transacted off thedevice in accordance with sovereignty regulations like theEU GDPR. Data manipulation - IoT/Sensor data is collected at scaleand can be manipulated during transport or in storage5without detection, during collection to upstream businessintelligence and AI decision toolchains.UnverifiedIoT/sensor data consumed by and/or shared amonguntrusting parties can lead to an additional liability ofproviding services and making decisions on manipulateddata. Lack of proof of provenance - Uncertainty over ameaningful data provenance trail for the data – wheredid it come from, can the quality of the data be trusted,and was the ingest treated with the same governance andcompliance criteria that define liability.Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
MIDA: 5G MEC Data Governance and SecurityIn this section we introduce Guardtime’s MIDA Platfrom, adata governance and security platform based on the KSIBlockchain, a globally available trust anchor capable oftransacting at the scale and speed necessary to addressthe challenges for 5G MEC convergence. Benefits to the5G MEC ecosystem include enhanced security, reduceddevice management complexity, interoperability and realtime measurement/monitoring forensics in and out of MECto third party systems, thereby enhancing participant dataorchestration, governance and compliance activities acrossthe many federated networks utilizing MEC services.6MIDA is a platform that sits on top of the KSI blockchainstack. Developers are able to take the MIDA security APIs andbuild products designed to solve specific security challenges– including OT/IT convergence in energy grid security, multicloud governance, secure reconciliation and 5G MEC datagovernance. Appendix I gives a high-level overview of thestack and in this paper we focus on the MIDA platform and5G MEC data governance.Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
Configurable and Tailored MIDA DashboardsMIDA provides dashboards that provide concise andactionable information to the end users. In order to providethis data in the most meaningful manner, the dashboardscan be tailored and configured based on the specific type ofasset, device or data being monitored, updated or protected.The image below illustrates the MIDA dashboard showingdevice monitoring wherein various data points are captured7in a single pane of glass approach. The dashboard allows endusers to configure which data points are relevant for theirinfrastructure, providing a precise and actionable holisticview of their infrastructure and its current state.For this example, the illustration below provides more detailon the various aspects of the dashboard.Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
MIDA Logical ArchitectureThe image blelow illustrates an example logical architecturefor a MIDA Edge deployment. In the logical architecture:2. Devices are individually enrolled and provisioned withthe ability to participate in the KSI blockchain1. Data can be distributed in the any-to-any model betweenedge devices.3. The MIDA Service Operator can create and distributetrusted updates to specific devices or groups of devices.8Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
MIDA Platform ComponentsMIDA converges device management and monitoring withscalable data protection. The MIDA platform achieves this ina modular manner, the components of which are: Operate - Provides the ability to “Trust Your Data”, orcreate cryptographically verifiable data.These modules are combined to provide the full end-to-endsecurity for edge computing operators. Provision - Provides the ability to “Know Your Devices”, orenroll, provision and revoke devices. Manage - Provides the ability to “Trust Your Devices”,or manage updates and changes as well as continuousstate monitoring.9Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
Provisioning Module – Credential andProvision DevicesThe Provisioning Module provides the ability for flexibleenrollment mechanisms as well as credentialing andrevoking devices. With this module, owners and operatorscan leverage MIDA to index and authenticate devices in orderto mitigate against rogue device attacks in a decentralizedand heterogeneous environment. Devices can then leverage the KSI Blockchain Identityto authenticate with backend systems, or sign data thatis being sent to the backend system, attributing datauniquely to individual devices. At the device end of life or in the event of a compromise,automated workflows or semi-autonomous workflowscan revoke these credentials, disallowing these devicesto participate as trusted devices.Functional Components MIDA Enrollment Services: These services provide thenecessary backend components to configure enrollmentmethods, revocation, and authentication of devices. Device Agents: These agents provide the on-devicecapabilities to provision, communicate with the KSIBlockchain and authenticate with the backend services.Figure 1 - Guardtime MIDA: Provisioning ModuleProvisioning Functionality Operators have the ability to configure the devices with atrusted enrollment token. These can come in the form ofa manufacturer key, a license key, or a form of PKI. Devices will leverage that enrollment token to gainaccess to a unique credential allowing the devices toparticipate in the KSI Blockchain.10Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
Manage - Securely Manage andMonitor Your DevicesThe Management Module provides the ability to managedevices and continuously monitor theirstate. TheManagement Module provides the ability to enforce only KSIBlockchain secured firmware and software updates to beexecuted on the device. The module also includes continuousmonitoring capabilities, which provide real-time stateattestation of firmware versions, software configurationsand network configurations. The module also providesalerting based on baselines and thresholds. It provides semiautonomous or autonomous revocation. The devices will then create KSI Blockchain Signedstate snapshots from the devices and send them to thebackend services. The backend services will capture and correlate thedevice state to thresholds and baselines. If the devices state varies from the desired compliantstate, alerts and revocation can take place. During an update or change, Operators can createtrusted update packages signed by the KSI Blockchain. The trusted update packages can be sent to specificdevices or groups of devices Devices can leverage the configuration to validate theupdate before applying or executing the changeGuardtime MIDA monitors the entire ecosystem to giveinsight into the total number of resources being protected.With every event being cryptographically signed, there istraceability of entire environments down to granular eventsexposed to the end user.Functional ComponentsFigure 2 - Guardtime MIDA: Management ModuleProvisioning Functionality Operators have the ability to configure agents to monitorspecific files, applications and performance metrics onthe devices. MIDA Management Services: These services providethe necessary backend components to create trustedupdates and software packages to be sent to devices.They also maintain and receive the state of the devicesto provide the input into variations from configuredbaselines and thresholds. Device Agents: These agents provide the on-devicecapabilities to verify incoming updates based on KSIBlockchain signatures and send configurable devicestate attestation to the backend. Operators will have the ability to set specific KSIBlockchain Identities to push updates and changes tothe devices.11Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
Operate – Cryptographically ProveEvent Relationships at ScaleThe Operate Module creates trusted and accountable datafrom devices, protected by the KSI Blockchain signatures.This data is cryptographically “sealed” proving the entity thatcreated it, time of creation, and protects against manipulationof the data. Because KSI signatures are independentlyverifiable across organizations and technologies, thedata becomes highly portable, significantly increasing itsdata monetization and value for AI and Machine Learningprocessing. The backend services will also verify the validity ofthe data, using attributes and context such as time, orlocation before processing The backend services can append useful information tothe data received by the backend such as time of receiptor location of receipt. Data varying from the ruleset can be KSI signed to denotesuspicious or malformed data and can then be alertedand quarantined, or exchanged to another location Data can be organized and processed in the backed forfurther analytics and business decision operationsFunctional Components MIDA Data Management Services - These servicesprovide the necessary backend components to validate,alert and store data from the devices. MIDA Data Capture Agents - These agents provide theon-device capabilities to create trusted data using theKSI Blockchain, based on configurable policies.Along with protecting the actual data sent from edge devices,it expands upon traditional monitoring and command andcontrol solutions to provide Owners, Operators, and Certifierswith enhanced control, cryptographic data verification andprovable, real-time state attestation.Figure 3 - Guardtime MIDA: Operate ModuleThe combination of the three modules described aboveenables:Operate Functionality Operators have the ability to configure the device tonormalize and sign data based on operational needs The devices will capture data and each data payload willbe normalized and signed by the KSI Blockchain The backend services will be able to receive the dataand verify the validity of the data, mitigating any datamanipulation as it is sent from the device using the KSISignature12 Scalable and Cost-Effective Device Management andCredentialing Realtime Discovery of Misconfiguration or DeviceChanges Provable and Real-Time Continuous State IntegrityMonitoring Scalable Data Protection and Cryptographic VerificationEnabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing
How MIDA solves the identifiedMEC challenges PKI Challenges – Using the MIDA Provisioning Module,Agents and Services leverage highly distributedcredentials based on the KSI Blockchain. The KSIBlockchain credentials leverage KSI Signatures,removing the complexity and cost of managing a largeset of keys and certificates. This allows each agentto create cryptographic data based on that uniquecredential. As each agent or service has its own uniquecredential, the origin, authenticity, and time of datacreation can be proven in a scalable and secure mannerusing the KSI Signatures. Privacy concerns – Due to the ability to create trusteddata at scale based on the KSI Signatures in a streamlinedmanner, data is highly attributed and portable. The MIDAOperate Module enables agents and services to createdata that is cryptographically linked to device identities,context, and attributes in a single, verifiable construct.Thus, r consumers can enforce very granular policies foraccess to and distribution of the data. Credential Compromise – MIDA leverages KSI Credentialsthat are unique to each device and agent. By creatingunique cryptographic credentials in a secure manner,attackers at best can only compromise a single agent,rather than having the ability to leverage a commoncredential across a fleet of devices. Lack of multi-party trust – MIDA creates widelyavailable and independently verifiable data using theKSI Blockchain. Because multiple organizations and13operators no longer need to explicitly trust each other,but can cryptographically prove data independently, thedistributed trust model of the KSI Blockchain enablesmultiple parties to trust data across organizations andtechnologies. Lack of scalability in identity management – Becausethe cryptographic data used by MIDA is signed by KSIBlockchain, the key management complexities andcost are removed from the process. This enables ahighly scalable and dynamic identity managementenvironment where enrolling and revoking identities ofdevices does not increase cost and complexities. Data manipulation – MIDA leverages the KSI Blockchainto sign all data moving from or to the edge devices. Data,device snapshots, commands and updates to name afew are all signed with the KSI Signature. This providesdata integrity at scale and detection of tampering downto the bit level. Lack of proof of provenance – The ability to createKSI Blockchain based signatures enables data to be“chained” together in a portable and interoperablemanner. MIDA leverages this aspect of KSI to enableportable data provenance and lineage. For example,data moving from a sensor, to a processing node, andaggregated for the management plane can retain each“hop” along the path it took. Consumers of this data canuse this attributed data to create a full history of where itcame from and how it got to the current validating entity.Enabling Multi Party Trust in the Era
3 Enabling Multi Party Trust in the Era of 5G and Multi-Access Edge Computing 5G and MEC Converged 5G networking and MEC promises support for massive scale device connections. MEC server platforms that are currently being deployed have to be able to deliver real-time provisioning, device/data
Charitable Gi t Annuity LEAD TRUST PAYOUTS A lead trust makes payments to charity in one of two ways: Lead Annuity Trust With a lead annuity trust, the trust pays a fixed amount each year regardless of the current value of the trust. There is a potential for growth in the trust because the annuity is fixed and the trust principal can compound.
A-Best Asbestos Settlement Trust AC&S Asbestos Settlement Trust Amatex Asbestos Disease Trust Fund APG Asbestos Trust APl, luc. Asbestos Seltlement Trust Annstrong World Industries Asbestos Personal Injury Settlen ent Trust AlZTR.4 524(g) Asbestos Trust ASARCO L1.C Asbestos
in the X.509 PKI model. They introduce three category of trust in the X.509 PKI: PKI trust, policy trust, and authentication trust. Each category of trust is evaluated by a calculated trust value. This value is represented by using an ASN.1 structure and included in X.509 model in order to allow user to
10.00% TD Capital Trust IV Notes-Series 2 Due June 30, 2108 (TD CaTS IV - Series 2) _ TD Capital Trust IVTM (the "Trust") is a trust established under the laws of Ontario pursuant to a declaration of trust dated as of January 7, 2009, as amended and restated from time to time (the "Declaration of Trust"). .
Nothing Is as Fast as the Speed of Trust TRUST ISSUES AFFECT EVERYONE GETTING A HANDLE ON TRUST Simply put, trust means confidence. The opposite of trust — distrust — is suspicion. (5) In a high-trust relationship, you can say the wrong thing, and people will still get your meaning. In
comparability of statistics on multi-party employment arrangements. 2 Types of multi-party employment arrangement 6. This section summarizes the different concepts, definitions, terminology and different types of multi-party employment relationship for both legal purposes and for statistical measurement identified in different countries and .
Proprietary information of Universal Data Models, LLC 13 Application vendors beginning to use PARTY model Siebel 7.5 logical data model – Has PARTY and PARTY RELATIONSHIP construct Oracle Financials 11i – Uses PARTY and PARTY RELATIONSHIP construct Peoplesoft’s latest version – Uses PARTY and PARTY RELATIONSHIP constructs JD Edwards
St. JOSEPH'S COLLEGE (Autonomous) Re-accredited with A Grade by NAAC College with Potential for Excellence by UGC TIRUCHIRAPPALLI - 620 002 B.Sc. Botany 2. 3 Syllabus : 2011 B.Sc. BOTANY: COURSE DETAIL – 2011 Sem. Part Code Subject Title Hrs Credit I Language 11UGT110001 General Tamil-I/Hindi-I/French-I 4 3 II English 11UGE120101 General English I 5 3 11UBO130201 Algae and Bryophytes 5 4 .
