Loading...

PhD Security - Cloud RAN/MEC - Join our R&D team!

Posted date: May 1, 2021

Location: Massy Palaiseau, J, FR

Company: Ericsson

As the tech firm that created the mobile world, and with more than 54,000 patents to our name, we’ve made it our business to make a mark. When joining our team at Ericsson you are empowered to learn, lead and perform at your best, shaping the future of technology. This is a place where you're welcomed as your own perfectly unique self, and celebrated for the skills, talent, and perspective you bring to the team. Are you in?

Come, and be where it begins.

We are now looking for a PhD student in the area of Security that will work on a joint Ericsson research project with the R&D Security unit in France with a Conventions Industrielles de Formation par la REcherche (Cifre). 

 

Thesis Objectives

Slicing is a key feature of 5G. Network slicing involves splitting the Radio Access Network (RAN) into several end-to-end virtual networks. Each slice comprises virtualized functions (sometimes referred to as micro-services) to meet a specific user case, and which are provisioned over shared datacenters (i.e. Clouds). From a cybersecurity standpoint, this brings a new set of challenges to the vertical actors who operate the network. In previous generations, these actors used to control the whole infrastructure, both including the physical appliances (i.e. hardware) and the software. With network slicing, a vertical actor may have to (1) provision virtualized functions (either as virtual machines or containers), (2) operate them over the cloud, and (3) interconnect with third-party applications operated by non-trusted actors.

The objective of this thesis is to deliver a framework and a set of tools that enable an operator to secure the deployment of its virtualized radio access network over third-party cloud infrastructures, without having to fully trust the cloud providers over its sensitive assets.

 

Methodology:

The PhD applicant should follow a step-by-step process to model the environment, identify security issues, select some concrete problems to investigate in detail and then provide implementation-based approaches to identify and mitigate these selected problems.

 

1. Model definition: The PhD candidate will first have to study and develop a precisely defined model of virtualized Cloud RAN/MEC infrastructures and networks. Subsequently, the underlying features and capabilities for virtualized RAN functions need to be modelled. Emphasis will be on critical parts of these functions, e.g. processing of user data, encryption/decryption methods, cryptographic material, the APIs exposed towards hypervisor and other RAN/Core functions. The aim is to have a detailed model upon which to perform the security analysis of the next step.

2. Security analysis: The objective of this step study will be to accurately define security vulnerabilities of, threats to and attacks on such infrastructures and networks and to draw a taxonomy of the new attack surface on virtualized Cloud RAN functions, mainly when infrastructure is not trustworthy, and malicious applications are sharing the same pool of resources.

3. Focus on concrete problems: At this point the PhD candidate will introduce a security framework which is sought to secure the provisioning and operation of sensitive Cloud-RAN functions over shared cloud infrastructures. Attack surface from both hypervisor and malicious third-party applications will be taken into consideration.

  • Protection against hypervisor attacks: Demonstrate the use of secure hardware extensions (e.g. Intel SGX) to set roots of trust, as well as software or hardware isolation techniques, in order to secure provisioning of critical microservices over untrusted infrastructures, and limit exposure (e.g. through security enclaves) of sensitive assets towards the operating system.
  • Protection against malicious third-party applications: Use a combination of secure / auditable service chaining, strong authentication (service-to-service, and service-to-infrastructure), and cryptographic protocols, to enable secure interaction between RAN functions and edge applications, while limiting the attack surface for critical operator functions.

4. Attack identification and mitigation: The PhD candidate will then work on finding methods of identifying the selected attacks as well as propose ways to mitigate then given the constraints of the operating environment.

5. Implementation-based evaluation: Finally, the PhD candidate will prototype and test the contributions made in this thesis, to validate results and demonstrate their usage for selected real-world use-cases.

Responsibilities:

  • You will drive research in the area of Security and Cloud computing
  • Perform joint research with internal and external partners
  • Showcase findings in presentations, reports, and through peer-reviewed publications
  • Contribute to Ericsson standardization, IPR and internal publication flow
  • Develop competence in technical domain of RAN/Core Security

 

Key Qualifications:

  • Education: MSc
  • Min years of experience: Recent MSc graduate
  • Domain experience: Computer science, Security, knowledge about cloud/Edge computing is a plus
  • Working with people and networking
  • Innovating, adapting, and responding to change!
  • Innovating, adapting, responding to change, delivering results and meeting customer expectations!
  • Planning and Organizing
  • Is connected to the Conventions Industrielles de Formation par la REcherche (Cifre). 

 


Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.

 


Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.

 


This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.

 


Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.

 


Job Segment: Cloud, Computer Science, Cyber Security, Testing, Security, Technology