Towards 5G Embedded Trust: Integrating Attestation Extensions in Vertical Industries

Recent efforts have made substantial progress towards realizing next-generation smart-connectivity “Systems-of-Systems” (SoS). These systems have evolved from local, standalone systems into safe and secure solutions distributed over the continuum from cyber-physical end devices, to edge servers and cloud facilities. The core pillar in such ecosystems is the establishment of a 5G infrastructure capable of managing service graph chains with embedded trust [1] comprising both resource-constrained devices, running at the edge, but also microservice technologies (e.g., Docker, LXC) [2]. Under the perspective of cloud application providers and developers, there is an increased interest in emerging mixedcriticality use cases that are apparent in a number of key sectors, from telecommunications to energy, from transport to healthcare and from robotics to military (as stated in the 5G empowering vertical industries report provided by the 5G-PPP association [3]). Such services are characterized by strict performance requirements, fast service deployment times (including also secure remote asset management), scalability and flexibility in the composition of the service graph chains as well as operational assurance but exhibit different levels of security, privacy, and trust requirements and priorities. This generates a clear trend towards decentralized architectures and business models implemented through the Mobile Edge Computing (MEC) concept (Figure 1): The available (trusted) computing resources are positioned at close proximity to the edge devices focusing on protecting the security and integrity of the generated data. Edge and fog computing nodes, mini-data centers (DCs) coexist in a 5G-enabled environment supporting the deployment of mixed-crticality services [4] positioned to execute either closer to the edge or the backend cloud infrastructure, depending on the underlying connectivity requirements and available resources. The goal is to enable high scalability by decomposing a mixed-criticality application into a set of “cloud-native” and “edge-running” microservices, with different trust considerations, and managing secure accelerated offloading capabilities for distributing the resource intensive processes to the backend, thus, limiting the workload that needs to be managed at the edge. This will