►
From YouTube: IETF98-ThursdayLunchSpeakerSeries-20170330-1200
Description
THURSDAYLUNCHSPEAKERSERIES meeting session at IETF98
2017/03/30 1200
A
In
the
plenary
we
were
thinking
of
something
useful,
a
topic
that
would
be
of
the
interest
of
the
IPF
crowd
and
I
mean
regarding
5g
that
we
are
basically,
you
know,
as
I
mentioned,
getting
a
lot
of
requirements,
there's
going
to
be
a
lot
of
work
actually
in
the
IPF
going
on
in
the
next
12
months,
and
we
thought
that
you
know
I'm.
Cellular
security
would
be
good,
but
not
only
basically
talking
about
what
we're
doing
regarding
5g,
but
also
a
bit
of
historical
background.
A
B
So
this
will
be
about
sellers
security.
It
will
be
about
network
security
only
not
about
the
application
layer.
If
you
think
your
Wi-Fi
network,
then
you
know
what
this
is
about
and
it
will
be
about
3gpp.
Cellular
systems
only
used
to
be
a
lot
of
competing
standards,
but
now
with
LTE
and
5g
its
GDP.
B
So,
starting
from
the
beginning
and
there's
basically
been
one
generation
cellular
system
each
ten
years,
so
first
one
key
systems
they
were
launched
in
around
nineteen.
Eighty
will
complete
analog
and
the
basically
new
security
conservation.
When
they
weren't
made
the
analog
she
could
very
easily
it's
dropped
on
them
just
using
a
ordinary
radio
that
could
turn
in
the
right
frequency
and
basically
the
cha-ching
was
that
patron
sent
its
ID
in
clear
text
in
an
effort
short
out
to
the
right
field.
B
B
And
development
of
the
next
to
G
system
started
quite
soon
after
in
82
and
as
a
comparison.
I
have
some
Mountain
EPP
things
here,
for
example,
here
you
have
deaths,
was
publicity
77,
so
2g
completely
digital,
but
still
circuit-switched,
not
packet
switched
patootie.
There
was
a
large
security
focus,
but
still
the
main
goals
was
to
fix
the
problems
with
bungee
and
make
it
as
secure
as
a
fixed
home.
B
This
is
how
authentication
in
GG
gsm
looks
like
the
phone.
Has
the
phone
on
a
network
has
a
shared
secret
they're
called
k,
a
symmetric
key,
the
phone
sense,
its
identity
called
MC
to
network,
and
this
is
something
clear:
this
is
a
problem
you
can
track
this
identity
dsm
used
on
temporary
identity,
but
you
can
force
the
phone
to
reveal
its
long-term
identity.
B
The
whole
networks
on
some
random
number
and
the
authentication
check
any
key
to
run
the
numbers
down
to
the
phone.
The
phone
calculate
this
authentication
string
and
his
MSC
new
compares
the
values
caught
from
the
film
and
valued
code
from
the
home
network,
see
if
the
film
is
authenticated,
then
the
phone
derives
this
key
casey
and
you
have
encryption
between
the
film
and
the
base
station.
I
will
point
out
this
was
a
very
long
time
ago.
Nobody
really
knew
how
to
make
secure,
authentication
and
negotiation
protocols.
B
So
one
thing
is
that
the
MC
something
clear
text
another
is
that
the
negotiation
is
not
integrated
protected.
They
are
with
negotiation.
A
third
thing
is
that
the
basically
the
key
derivation
does
not
include
the
cycler
albert
and,
and
maybe
the
largest
weakness
is
that
it's
only
the
client
phone
that
is
authenticated.
The
network
is
not
authenticated
and
we
will
talk
about
how
what
was
most
of
these
things
have
been
fixed
to
the
gsm
was
designed
in
a
completely
different
hi.
B
Photography
was
seeing
us
for
a
long
time,
seeing
us
classified
as
wet
tons
for
export
control.
Now,
they're
just
bite
us
do
you
use.
It
was
also
no
clear
definitions
of
what
consisted
strong
cryptography.
Yes,
that
strong,
cryptic
cryptography
was
not
allowed
to
export,
there's
very
different
rules,
for
example
in
the
US
and
the
European
Union.
B
This
became
much
clearly
in
97
96
with
the
decimal
agreement,
but
even
here
around
this
time
it
was
basically
56
Orion
proved
to
be
teeth
within
orb,
and
this
applies
for
two,
for
example,
deaths
and
also
for
gsm.
He
some
uses
late
dyeables
are
designed
for
64
bits,
but
they
are
short-term
256.
This
was
in
the
Western
world
for
exporting
to
third
countries.
B
Development,
concrete
industry
was
forced
to
introduce
a
weak
version
of
the
cyber
called
a
pipe
tube
with
limited
security,
and
these
are
words
were
not
publicly
reviewed.
This
was
not
possible
to
use
way
too
slow
mobile
phones
of
this
time
needed
something
much
much
faster
and,
to
my
knowledge,
the
reason
to
have
been
secret
was
that
basically
they
were
deployed.
So
anybody
founding
weaknesses
on
them
do
not
have
them
positive.
B
Next
me
I'm
10
years
into
and
3d
and
base
here.
A
lot
of
the
weaknesses
in
GSM
was
known
to
the
main
goal
in
Trinity,
security
was
to
fix
weaknesses
in
GSM.
One
thing
is
mutual
authentication.
With
some
replay
protection,
the
signaling
is
integrated
protected
so
that
you,
you
cannot
do
a
bidding
download
hack
on
the
ciphers,
the
algorithm's
public,
and
what
we
give
a
s
is
used
for.
Federation
authentication,
kasumi
em
snow
was
used
for
encryption
in
integrity.
B
This
was
previously
published,
Cyprus,
yes,
security
level
is
108
hit
everywhere,
and
the
wager
encryption
was
extended
further
into
the
network
and
given
guess
loans
in
2001
and
on
the
same
time
as
TLS
10
and
the
same
here
as
AAS
and
sharp
she
was
then
five
years
later,
would
we
got
hsdpa,
which
was
really
the
sort
of
mobile
broadband
racing?
The
speeds
enormously
and
3d
is
actually
two
law
checks
them
still
very
secure.
B
He
also
called
LTE,
and
the
goal
here
was
to
make
it
at
least
as
the
u.s.
jeje
improving
the
security
here
and
there
for
non
security
reasons.
The
encryption
was
moved
about
in
the
access
network
again
to
the
base
station,
but
that
was
but
also
ipsec
was
added
from
the
base
station
deep
into
the
core
network,
and
yes,
hepes
now
is
used
to
large
degree
on
the
then
I
/
sect
is
now
really
getting
deployed
into
the
pp
networks
and
I've
seen
figures
expecting
eighty
percent
used
in
a
couple
of
years.
B
Thirty
use
a
s
for
encryption,
integrity,
asn,
shuffling,
5640
derivation,
and
it's
come
prepared
for
256-bit
keys,
even
if
that
is
not
used,
and
this
launched
2009
wrong
same
time
as
keyless
131
row
22
and
the
Cyprus
years
are
perfectly
fine.
Then
we
had,
let's
see
lte-advanced
was
a
most
higher
speed
version
launched
in
2013
and
2014.
B
B
B
B
B
B
Here's
an
overview
of
all
the
different
cyprus
and
integrity
and
key
derivation
out
which,
in
the
gpp
system,
I
think
this
might
be
their
only
overview.
I
have
ever
seen
and
I
made
it
myself.
The
Pacific,
where
the
hair
means
that
they
are
not
secure,
basically
because
of
key
length
earlier
al
with
this
appeal
or
key
derivation
Alex.
B
So
these
are
good
stir
in
implemented
on
the
sim
card
in
the
phone
and
also
in
the
home
network
in
the
HSS
earlier
version,
Darwin
restrict
export
control,
used,
56
or
64-bit
keys.
That
is,
of
course,
not
secured
by
today's
standard,
and
the
first
version
also
had
a
weakness
so
that
seemed
coach
could
actually
be
killed.
B
If
you
did
query
them,
if
you
got
on
your
hands
on
them
and
you
could
query
them
quite
many
times,
but
practically
in
the
lab
at
least
Twiggy
introduced
the
mini
nosh
key
duration,
that
builds
on
a
s,
and
here
we
have
128-bit
keys
and
built
as
both
input
and
output.
This
is
still
considered
very
well
well
deployed
and
still
considered
secure
to
have
backup,
out
wit,
3gp
p.m.
es
mi
standardized.
B
The
August
once,
let's
see
if
I
won
a
fight
too,
they
are
built
on
a
lettuce
or
to
be
able
to
run
them
on
phones
in
the
1990s
and
they
use
64-bit
keys
which
make
them
insecure.
By
today's
standard,
a
51
is
actually
there
is
some
theoretical
attacks
on
a
5-1,
but
in
practice
the
best
practical
attack
on
a
5
on
a
steel
brute
force,
either
by
testing
lowly
piece
or
lately
by
generating
a
rainbow
table.
B
B
B
B
B
B
So
why
do
people
still
consider
cellular
networks
to
be
insecure,
I?
Think
if
you
really
media
others,
quite
a
lot
of
negative
attention
and
I.
Think
if
I
and
also
here
in
IETF
fighting
cellar
security
has
a
very
negative
people
in
general,
have
a
negative
feeling.
I
think
that
is,
namely
because
of
2g
GSM.
That
is
a
2d.
Esm
is
not
secure.
It
was
designed
30
years
ago
today
and
it
was.
B
B
B
And
track
where
York
see
that
you
have
been
in
two
places
at
the
same
time,
this
has
been
it
snow.
Let
it
has
been
used
in,
for
example,
trash
cans
in
cities
with
MC
captures
them
selling.
You
personals
nice
advertisement
and
immediate
ease.
Are
these
terms
for
Space
Station
in
the
capture
or
stingrays
of
them?
Mix
together
in
stingray
is
can
do
both
of
these
things?
It's
a
product
from
a
company
in
C,
captured
tracks,
your
identity
and
the
force
base
station.
B
B
So
what
will
happen
in
5g,
and
this
is
ill
heavily
debated
in
and
there's
ongoing
work
quite
early
work
in
TPP,
I
think
the
high
level
20
PP
work
happens
in
three
stages.
First,
as
a
one
is
doing
requirements
that
nuclear
operators,
then
Sh
even
satori,
esta
tu
is
doing
the
architecture
very
high
level.
Vanessa
tree
is
doing
high
level
security
and
I'm
cg1.
The
city
groups
takes
over
and
make
stage
three
low
level
detailed
specifications
of
everything
yeah.
B
So
one
thing
that
party
definitely
needs
to
take
care
of
is
the
enormous
growth
in
mobile
traffic,
and
so
LTE
was
launched,
I
don't
know,
but
around
2010,
then
the
data
traffic
in
the
movement
networks
was
quite
small
and
it
was
voice
was
still
a
large
part
of
the
traffic
back
then
theta
from
mobiles
was
growing
and
data
from
smartphones,
also,
but
all
quite
small
after
that
voice
is
basically
flat.
Data
from
tablets
and
PCs
has
been
increasing
steadily,
but
data
from
smartphone
has
formally
exploded
and
I
respect
to
just
keep
growing.
B
B
B
And
that
is
mainly
iut
is
a
main
driver
for
5g
in
general,
m45
be
security.
We
have
Sam
source,
the
automotive
industry
census.
Basically,
IT
sensors
put
requirements
on
low
energy,
they
may
have
very
small
bait
amounts,
but
it
should
be
very
energy
efficient
and
it
might
sleep
a
large
part
of
the
day
here.
This
is
a
very
strong
contrast
to
broadband
in
media.
We
have
very,
very
high
bit
rates,
and
then
you
have
the
automotive
industry.
B
Where
me
maybe
latency
is
the
most
important
thing
you
want
latency
in
the
very
few
millisecond
latency
from
use
under
request,
you
get
a
response
and
you
also
get
normally
in
cellular
networks.
All
the
messages
are
sent
from
a
user
equipment
to
a
base
station
and
to
another
user
equipment
in
the
automotive
industry.
B
B
B
B
This
is
a
high
level
picture
of
a
party
system.
I
do
not
talk
much
about
this,
but
everything
will
be
virtualized.
You
will
have
sem
and
then
also
big
careful
parties
that
fergie
will
have.
We
have
edge
computing
and
be
a
much
more
open
system
where
other
parties
can
deploy
and
run
applications
inside
the
network,
maybe
in
the
base
station
to
get
extremely
low,
latencies
exam
for
pro
factories
or
automotive
or
rail
yeah.
B
B
C
B
This
is
one
of
the
goal
that
we
would
like
to
solve.
Em
party,
another
thing
that
is
on
a
consideration
and
at
least
the
goal
of
Erickson,
is
to
have
more
flexible
identity
management
in
5g.
The
requirement
group
in
3gpp
as
a
one,
has
already
decided
that
5g
shall
support
alternative
credentials.
That
means
something
else
than
the
you
seem
application
that
today
are
stored
in
the
UICC,
which
is
commonly
known
as
the
sim
card
yeah.
B
Rose
want
a
lot
lower
cost
complexity
for
massive
iut
and
for
factories
and
industries
wanting
to
use
5g.
We
want
a
lot
more
flexibility
so
that
the
Phi
Z
system
can
integrate,
integrate
a
lot
easier
with
existing
triple
a
service
in
industries
and
I
trees
and
the
and
to
mitigate
the
problem
with
MC
captures.
B
Basically,
the
problem
is
that
a
identity
is
something
clear
text
and
when
it's
not,
you
can
force
the
film
to
reveal
its
identity
and,
if
I
obvious
solution
to
that
is
to
encrypt
the
identity
with
a
public
key
in
the
home
network,
and
this
is
possible
today.
It
would
definitely
not
have
been
possible
when
gsm
was
standardized.
The
phones
back
then,
could
not
do
public
key
crypto
in
with
any
good
latency.
It
would
have
taken
to
way
too
much
time,
and
then
you
would
have
maybe
waited
ten
seconds
to
connect
your
call.
B
Bandwidth
but
I'm,
probably
not
a
long
time
term
static.
Some
staticky
that
you
can
exchange
replace
three.
The
home
network
would
have
a
private
key
why
the
user
equipment
would
have
the
public
key
key
of
the
home
network
g
to
the
power
of
Y,
and
then
we
use
the
phone
would
generate
X,
some
ye
to
the
power
of
X
2
little
network
and
then
encrypt
the
identity
in
see
a
with
a
key
divided
from
the.
B
If
you
have
my
secret
and
today,
the
MC
contains
the
phone,
the
identity
of
the
sim
card,
but
it
does
also
contain
the
identity
of
whom
network
for
routing
purposes
that
would
be
needed
to
still
send
in
clear.
But
then
the
only
thing
in
third-party
attack
you
would
see
is
which
home
network
this
film
is
connecting
to
and
not
the
identity
of,
the
film
itself.
B
Another
thing
that
is
under
consideration
and
driven
for
Phi
G
is
which
kind
of
protocol
should
be
used
for
authentication
out
today.
When
the
phone
connects
to
20
PP
access
string,
people,
radio
technology,
then
it
uses
what
is
now
known
as
EPS
AK
is
basically
the
3gpp
authentication
and
key
agreement.
Protocol
Sam
pin
roll
it
roll
form
without
any
packet
layer.
B
B
Done
20
people
would
need
to
support
more
than
eat
a
case
tannin,
which
is
specified
for
sinkage
only
and
where
alternatives
up
for
discussion
is
today
is
ctls
and
eat.
T
jealous
or
pap
ET
les
is
basically
use
the
TLS
handshake.
And
then,
when
you
authenticate
you,
you
don't
set
up
a
record
layer,
eat
g
TLS
is
that
you
set
up
TLS
and
then
you
authenticated
authenticate
over
the
encrypted
pls
connection,
and
here
is
one
place
where
IDF
work
is
very
likely.
For
example,
ET
les
is
quite
this
specification
is
quite
outdated.
B
B
Today,
the
keys
for
traffic
protection
for
encryption
integrity,
protection
of
traffic,
the
application
data
entry,
DPP
networks
are
derived
from
the
long
term
keys
symmetric
keys,
stored
on
the
using
and
in
the
HSS,
and,
of
course,
they
also
generate
a
random
number,
and
then
you
derive
keys
from
that,
and
this
is
secure
as
long
as
the
symmetric
keys,
the
secret
keys
are
secret
and
if
the
leak,
of
course,
you
get
problems
and
according
to
rumors.
That
is
exactly
what
happened
couple
years
ago.
B
B
B
None
both
parties
derive
the
keys
using
the
long
term
secret
and
the
diffie-hellman
secret,
and
currently
trip
is
looking
at
using
elliptic
curve.
If
you
help
me,
that's
a
current
best
practice,
but
this
would
need
to
be
replaced
in
maybe
five
ten
years
from
now
when
quantum
computer
starts
to
be
at
rest
and
the
best
there's
basically
except
there's
several
good
candidates
for
post
quantum
security
Hellman
on
this
lattice,
based,
which
might
be
the
first
alternative,
for
example,
GLS
dtls,
but
they're
the
keys
are
quite
large
in
wireless
network.
B
B
Todd
Erikson
white
paper
is
the
seller
networks
for
Mike
massive
UT,
describing
the
new
improvements
that
have
been
made
to
to
LTE
to
handle
IOT.
Basically,
three
peoples
done
three
different
work
items
during
last
year:
two
different
enhancements
to
LT,
specifically
targeting
IOT
and
one
work
item
Tori
targeting
gsm,
where
gsm
has
been
or
GPRS
has
been
updated,
with
new
algorithm,
secure,
long-term,
at
least
10
15
years
for
iu
g
yeah,
and
that's
it
any
questions.
I.
D
B
B
Mixed
up
with
false
base
station
a
force
base
station
would
4pm
would
believe
it's
valid
to
the
base
station
connect
and
you
would
make
you
call
this
force
base
station
and
the
base
station
would
be
able
to
eavesdrop
on
you
if,
of
course,
if
you're
using
data
traffic
and
your
phone
has
some
vulnerabilities,
then
the
base
station
might
hack
you
as
well.
But
that
might
happen
if
you
go
to
some
web
page
and
your
phone
has
a
problem
as
well.
C
Yeah
hi,
you
didn't
talk
about
the
differences
in
from
40
to
50
spective
from
base
station
to
the
escape
epic,
a
bigotry.
Is
there
any
changes
there
like
earlier
and
4G?
We
have
a
seagate
when
all
that
stuff
right.
So
is
there
any?
You
didn't
talk
about
that
part?
Actually
you're
talking
about
all
this
from
you
too.
You
know
yeah.
E
Hi,
so
you
talked
about
the
security
improvements
of
the
mobile
handset
to
the
base
station
covered
in
a
5g,
but
I
understand
it.
The
next
generation
of
attacks
are
already
happening
on
the
ss7
and
interface
station
communication,
and
you
have
anything
to
say
about.
What's
in
the
store
for
projecting
base
station
to
base
station
or
base
station
to
network
yeah.
B
Ss7
is,
I
am
not
talked
about
application,
they
are
not
about
the
carrier
net
connecting
different
porch
I
think
ss7
is
even
older
protocol
than
these
there's.
A
large
number
of
vulnerabilities
there's
been
a
lot
several
studies,
looking
how
you
can
fix
these
perfect.
The
answer
is
that
you
probably
count
with
backward
comp
abilities
I,
think
you
need
to
replace
them
or
yeah,
and
that
takes
time
I.
B
Think
one
of
the
main
problem
was
that
you
could
access
there's
a
certain
network
online
on
the
internet
from
so
yeah
it's
on
places,
and
that
of
course
made
it
very
insecure.
I
think
these
problems
are
now
mainly
them
fixed,
making
ss7
it
still
has
insecurities,
but
at
least
it's
much
harder
to
access
them
further
body.
F
Endings
for
joining
me,
one
question
in
terms
of
kind
of
a
fake
base
station
problem
that,
as
you
have
roaming
on
international
roaming
in
particular,
how
would
a
handset
know
which
are
good
networks
in
which
a
bad
networks
so
I
Roman
to
country
a
visit
I
have
no
idea
what
my
mind's,
not
none
of
my
home
network
and
a
rogue
Network
happily
will
offer
to
serve
me
and
how
would
I
know
that
that
is?
How
would
the
device
reasonably
know
which
networks
just
pour
it
come
on?
F
F
Connect
to
it
so
Israel,
currently
a
mechanism
addressed,
don't
know.
Is
there
currently
a
mechanism
in
place
that
the
Houma
operate
a
whitelist
sleaze
network
stuff
on
me
now
because
I
don't
know
what
if
I
my
sim
college
doesn't
go?
I,
don't
have
a
channel
to
ask
my
home
operator
at
that
moment
when
I'm
connecting
I
yeah.
B
F
B
Has
to
talk
to
your
home
network,
because
otherwise
it
won't
get
your
king
material.
Otherwise
it
cannot
authenticate
itself
to
your
phone
and
your
poem
would
react
it
so
that
you
could
film
connects
to
trade,
your
gmat
network.
That
means
that
this
network
has
been
authorized
by
your
home
operator.
2G.
There
is
no
operator,
so
then
you
don't
know
anything.
You.
G
H
H
H
B
Transport,
it
yeah
I.
Think
one
of
the
the
main
thing
here
is
one
main
requirement
is
latency,
but
that's
not
security-related
what
the
security
related
come
from,
that
they
be
the
bus
needs
the
course
needs
to
talk
to
other
cars
directly.
So
then
you
need
to
have
a
key
change,
your
kid
duration
in
neck
in
place,
so
that
the
course
can
authenticate
themselves
to
other
cars
and
be
sure
that
they
are
talking
to
who
they
are
talking
to
yeah
and
that
they
get
command
from
the
right.
But
today
all
communication
is
user.
B
I
Huijin
from
your
presentation,
you
introduce
there'll,
be
some
changes
between
security
design
between
the
ue
and
the
core
network,
so
I
wondering
is
also
is
going
to
be
some
changes
between
in
the
backhaul
network
to
indo
p
in
the
core
network.
So
right
now
my
something
that's
for
geog
using
IPSec
to
increase
traffic
is
having
change
to
that
or
I.
B
B
Even
the
base
station
will
be
wrong
hotly
in
Hardware,
often
the
access
network.
Importantly
in
the
cloud,
and
then
you
would
have
maybe
a
GLS
Conlogue
between
these,
so
you
will
probably
have
several
layers
of
security
will
probably
have
maxik
security,
ipsec
NT
lesson,
maybe
application
layer
security
also.
A
Ok,
thank
you
John,
just
like
three
minutes
to
the
next
session,
so
we
have
to
wrap
up.
Thank
you
very
much.
I
hope
you
guys
found
this
interesting.
If
you
have
follow-up
questions,
please
touch
base
directly
with
with
john
thank
you.