SecureG, Fujitsu and others partner to Develop Supply Chain Traceability for Open Radio Units (O-RU); Device Identity and Centralized Registry
VIENNA, VA, UNITED STATES, January 10, 2025 /EINPresswire.com/ — SecureG, the world’s most secure root of trust provider, today announced it has been selected by the National Telecommunications and Information Administration (NTIA) to receive a $6M grant from the Public Wireless Supply Chain Innovation Fund’s second Notice of Funding Opportunity. SecureG is partnering with Fujitsu, Rhythmic Technologies, and other industry leaders to research and develop a novel architecture that promises to reduce implementation costs and integration hurdles for O-RU suppliers and enhance the overall security posture of the entire O-RAN ecosystem.
“Open Radio Access Networks offer greater efficiency and innovation; however, the individual implementations of the O-RAN systems can lead to interoperability issues and security risks when vendors take contrasting approaches,” said Todd Warble, CTO of SecureG. “Together, SecureG and its partners will unlock interoperability and expedite onboarding of new vendors to benefit the larger O-RAN ecosystem.”
3GPP, the Open RAN Alliance, and government entities such as the National Institute of Standards and Technology (NIST) have published extensive guidelines, standards and frameworks, but rely on each O-RAN ecosystem participant to interpret and implement them individually. Individual interpretations can become a source of security risks, as well as hindering scalability and interoperability.
SecureG and its partners are researching and analyzing existing standards, protocols, and best practices to document how digital identities can be assigned, documented, and made available to partners to produce a trustworthy network built upon a validated supply chain.
SecureG is developing a Supply Chain Traceability (SCT) Registry platform that provides these key components:
• Reliance on “Zero Touch Provisioning.”
• Ability to integrate device identities with credentials.
• A high-trust key management infrastructure to provide an objective “authority” for secure credentialing and validation.
• The necessary security operations to create a commercially viable and practical solution for chipset manufacturers, vendors, and MNOs.
“This registry will provide O-RU component providers and manufacturers with a simple approach to build credentials directly into their chipsets without requiring extensive and costly security implementations each time,” said Mr. Warble. “At the same time, network operators can be assured that their providers are providing trusted components compliant with security standards that can be easily integrated into their networks.”
About SecureG
SecureG was conceived by MITRE Engenuity™ and CTIA™ to establish and maintain trust for 5G networks, machine-to-machine communication, and Zero Trust Architecture. SecureG’s Public Key Infrastructure (PKI) services can be customized to meet the security posture and scaling requirements of any network, device manufacturer, or software service.
Ensuring Critical Infrastructure Security with Quantum-Resistant Cryptography
Summary of the Whitehouse Report on Post-Quantum Cryptography
Introduction
Federal agencies and critical infrastructure must urgently prepare for the next frontier in cybersecurity: quantum-resistant cryptographic systems (PQC). The growing capabilities of quantum computing pose a significant threat to traditional public-key cryptography, which is foundational to most digital security protocols. To safeguard sensitive information, agencies must first establish a thorough cryptographic inventory. This inventory is the baseline for deploying quantum-resistant measures effectively, as mandated by Executive Order 14028 on cybersecurity improvements. Adopting a Cryptographic Bill of Materials (CBOM) is a key step in identifying vulnerabilities in existing cryptographic assets and bolstering federal defenses against quantum-driven threats.
Why Quantum-Resistant Cryptography is Essential for Federal Agencies and Critical Infrastructure
The Emerging Quantum Threat to Public-Key Cryptography
Advancements in quantum computing signal a fundamental shift in cybersecurity. While quantum computers promise breakthroughs in fields like healthcare and artificial intelligence, they also bring unprecedented risks. A cryptanalytically relevant quantum computer (CRQC) will have the capability to break today’s cryptographic systems, putting the confidentiality, integrity, and authenticity of sensitive data at risk. Public-key cryptography, critical to secure communication across government, the private sector, and critical infrastructure, could be made obsolete by a CRQC. This highlights the importance of implementing quantum-resistant public-key cryptographic systems.
Record-Now-Decrypt-Later Attacks: A Looming Threat
One of the most pressing concerns is the potential for “record-now-decrypt-later” attacks. In this scenario, an adversary intercepts and stores encrypted data, intending to decrypt it once quantum computing advances further. These attacks are not limited to internet data; even internal agency networks could be vulnerable, especially under a zero-trust model where data must be encrypted at every point. Though current encryption practices and rapid key rotation add layers of security, they are only temporary barriers against well-funded adversaries with quantum ambitions.
The Role of Executive Order 14028 in Cybersecurity
Executive Order 14028, “Improving the Nation’s Cybersecurity,” has set new standards for cybersecurity resilience in federal agencies and critical infrastructure. The order emphasizes improving software supply chain integrity through Software and Hardware Bills of Materials (SBOM and HBOM) and has introduced the concept of a Cryptographic Bill of Materials (CBOM). The CBOM offers agencies a clearer picture of their cryptographic assets, facilitating the migration to quantum-resistant measures that are robust enough to withstand CRQC threats.
The Foundation of PQC Migration: A Comprehensive Cryptographic Inventory
What is a Cryptographic Inventory?
A cryptographic inventory is a detailed catalog of cryptographic assets within an organization. This inventory enables agencies to pinpoint where cryptographic protocols are implemented, identify assets vulnerable to quantum threats, and plan the transition to PQC. Given the widespread use of public-key cryptography, agencies must adopt an exhaustive inventory process to assess the readiness of their systems against quantum threats.
Benefits of a Cryptographic Bill of Materials (CBOM)
The Cryptographic Bill of Materials (CBOM) is an essential tool that provides a high-level view of cryptographic assets across federal networks. By identifying vulnerable or outdated cryptographic protocols, CBOM helps agencies to detect weak cryptographic links that could be exploited. CBOM serves as an anchor in the PQC migration process, supporting compliance with mandates like Executive Order 14028 and aligning with best practices in cybersecurity.
Role of Automated and Manual Cryptographic Inventories
Maintaining an accurate cryptographic inventory requires both automated and manual processes. Automated tools simplify inventory tracking by scanning systems for cryptographic implementations, but they may lack the visibility to capture all cryptographic instances. As a result, agencies conduct annual manual inventories to catch any instances that automated tools miss, ensuring a complete and reliable cryptographic assessment.
Steps Toward Quantum-Resistant Infrastructure
Identifying Quantum-Vulnerable Systems and Prioritizing PQC Migration
Agencies must identify and prioritize critical systems for PQC migration to ensure that the most sensitive data and high-impact assets are protected. Key criteria include systems with high-value data, logical access controls using public-key infrastructure, and assets that must remain secure well into the 2030s. Prioritization ensures that resources are allocated to defend the most vulnerable cryptographic components.
Overcoming Interoperability Challenges in PQC Migration
Interoperability is a significant concern in PQC migration. If a system adopts PQC-based encryption but its counterpart does not, an encrypted connection cannot be established, potentially impacting operations. Agencies must collaborate to ensure cross-compatibility, carefully planning transitions to PQC with attention to both interoperability and fail-secure configurations that prevent data from being transmitted if encryption fails.
Early Detection of Non-Upgradeable Systems
To minimize disruption, agencies need to identify systems that cannot support PQC as early as possible. Some legacy systems may lack the capacity for PQC algorithms, making replacement essential. Modernizing these systems can be a time- and resource-intensive process but is necessary to ensure a smooth PQC migration.
SecureG’s Role in Bolstering Federal Cybersecurity with CBOM
SecureG’s Analytics Framework
SecureG has pioneered a certificate analytics framework that enhances cryptographic visibility across federal infrastructure. By scanning, cataloging, and assessing cryptographic assets, SecureG generates a comprehensive CBOM that helps agencies pinpoint vulnerabilities. This framework plays a critical role in strengthening federal cybersecurity and ensuring compliance with the standards outlined in Executive Order 14028.
How CBOM Mitigates Security Risks in Federal Infrastructure
CBOM allows agencies to take proactive measures against cybersecurity risks by identifying weak cryptography and expired certificates. This inventory-driven approach empowers agencies to stay ahead of vulnerabilities, preventing cyber threats that could compromise mission-critical communications or inject malicious code into essential systems.
Preparing for the Future of Quantum-Resistant Cryptography
NIST’s Role in Standardizing PQC Protocols
The National Institute of Standards and Technology (NIST) leads the global charge in PQC standardization. By fostering an open standard development process, NIST ensures that PQC algorithms are both secure and interoperable. Since 2016, NIST has meticulously reviewed candidate algorithms and conducted public assessments. As PQC standards are finalized, agencies will gain the tools they need to implement resilient cryptographic protocols across federal systems.
Continuous Assessment and Updating of Cryptographic Policies
The journey to quantum-resistant infrastructure is continuous, with ongoing assessment and policy updates needed to address emerging threats. Agencies must periodically update their cryptographic policies, even after full PQC migration, to respond to advancements in both quantum and classical computing. Such ongoing vigilance will be essential to maintain secure cryptographic protocols well into the future.
Conclusion
Securing federal systems and critical infrastructure in a quantum era is imperative. With advancing quantum computing capabilities, adversaries may soon possess the tools to bypass current cryptographic protections, endangering sensitive data and national security. Through comprehensive cryptographic inventories, agencies can assess and strengthen their cryptographic foundations to deploy quantum-resistant measures effectively. SecureG’s CBOM solution plays a critical role, offering a proactive approach to safeguarding cryptographic assets across federal networks. By prioritizing cryptographic resilience now, federal agencies can protect vital systems and ensure the integrity of national security for the future.
Learn more about SecureG’s cryptographic solutions and take the next step in quantum-resilient cybersecurity for federal systems.
Communication networks are evolving to support faster, more efficient, interconnected services. Among these advancements, 5G and FutureG networks promise unprecedented levels of wireless performance. However, with increased connectivity comes the need for enhanced security measures. In this blog post, we explore the crucial role of digital certificates in securing these newer networks and discuss five intriguing points about their applications.
Enhanced Security
Security is paramount in 5G and FutureG networks, considering the vast amount of data being exchanged and the multitude of interconnected devices. Digital certificates serve as the linchpin of security by authenticating the identity of devices, networks, and users. By incorporating digital certificates, these networks can effectively thwart unauthorized access, data tampering, and man-in-the-middle attacks, bolstering the overall security posture.
Trust and Privacy
Maintaining trust and preserving user privacy are key considerations in modern networks. Digital certificates establish trust between network entities, ensuring that devices and applications can verify the legitimacy and integrity of the data they receive. This enables secure, encrypted communication between devices, preventing unauthorized interception or tampering of sensitive information and safeguarding user privacy.
Authentication and Authorization
In 5G and FutureG networks, where numerous devices and services are interconnected, robust authentication and authorization mechanisms are vital. Digital certificates provide a reliable means to authenticate devices, users, and services, verifying their identity and permissions. By employing digital certificates, these networks can ensure that only authorized entities can access specific network resources, mitigating the risk of unauthorized access.
Seamless Roaming and Handover
One of the key features of mobile networks is the ability to roam between different network environments. Digital certificates play a crucial role in this process by enabling secure handover. Devices can authenticate themselves to new network access points, ensuring a smooth transition while maintaining the security and integrity of communication. This capability enhances user experience and supports uninterrupted connectivity.
Scalability and Management
With the proliferation of devices and services modern networks, managing security at scale becomes a daunting task. Digital certificates provide a scalable solution by leveraging the existing Public Key Infrastructure (PKI). Certificate authorities (CAs) issue and manage digital certificates, ensuring their validity and revocation when necessary. This streamlined approach enables efficient deployment and management of digital certificates, facilitating secure and reliable communication across a wide range of devices and services.
As 5G and FutureG networks continue to evolve, incorporating robust security measures is crucial. Digital certificates emerge as a fundamental element in fortifying these advanced networks, offering enhanced security, trust, and privacy. Their application ensures authentication, authorization, and seamless roaming while enabling scalability and efficient management. By harnessing the power of digital certificates, we can confidently embrace the boundless opportunities that lie ahead in our increasingly interconnected world.
Unwanted robocalls have made consumers reluctant to answer the telephone, and legitimate enterprises have been struggling to reach customers who have become less likely to answer calls from caller IDs they don’t recognize or trust. To mitigate this, the FCC mandated that telecommunications service providers implement the STIR/SHAKEN authentication framework by June 30, 2021.
Rich Call Data (RCD) is a way to show the name of the caller and other optional information, such as a logo image or a photo of the caller. It is particularly useful for businesses that want to maintain a consistent brand image. Unlike traditional caller ID, RCD is managed by the caller or their originating service provider, not a third-party database. This gives the caller more control over how their brand is presented to the people they call.
Rich Call Data (RCD) is a feature of the STIR/SHAKEN framework that enables caller information to be presented more accurately and reliably. RCD is digitally signed using Public Key Infrastructure (PKI) and is included in the SHAKEN Identity token. It is important to note that RCD requires STIR/SHAKEN and is an additional claim in the identity token. If a call is not authenticated, signed, and verified, then RCD cannot be used.
Establishing the validity of the logo image to be displayed is a significant challenge in implementing Rich Call Data (RCD). It is crucial to ensure that the service provider originating the call has received authorization to display the logo on behalf of the brand. There is a real possibility that logos may be spoofed, resulting in a loss of trust that this solution aims to establish.
Digital certificates play a critical role in enabling branded caller ID. By using PKI to authenticate the validity of a brand identity and logo image, service providers can ensure that their brand is presented consistently to their customers. This can help increase trust, prevent fraud and spoofing, and ultimately enable more effective communication between enterprises and their customers.
At SecureG, we understand the unique challenges faced by telecommunications service providers in enabling branded caller ID. Our tailored PKI solutions provide the foundation for building trust, ensuring the security and integrity of branded caller ID. Contact us to learn more about how SecureG can deliver Branded Caller ID certificate services for your company.
For want of a nail the shoe was lost.
For want of a shoe the horse was lost.
For want of a horse the rider was lost.
For want of a rider the message was lost.
For want of a message the battle was lost.
For want of a battle the kingdom was lost.
And all for the want of a horseshoe nail.
The Internet of Things (IoT) has revolutionized industries and transformed the way we interact with technology. From smart homes to industrial automation, IoT devices have become ubiquitous, collecting and transmitting valuable data. However, this connectivity also exposes them to security risks. As IoT device makers, it is crucial to prioritize security and build trust among users.
Recent events have highlighted the importance of digital certificates in securing IoT communication. The Starlink outage caused by an expired digital certificate is a prime example of how a single weakness can severely compromise an entire system. This incident showcased the need for constant vigilance and monitoring of every component’s “key” and related certificate to prevent unauthorized access and data breaches.
Digital certificates, also known as “machine identities,” enable devices to trust each other and recognize their authenticity. They play a pivotal role in establishing and maintaining trust in IoT communication channels. By leveraging asymmetric encryption, digital certificates, and strong authentication mechanisms, Public Key Infrastructure (PKI) provides a robust framework for securing IoT communication channels.
Secure bootstrapping and device provisioning are critical challenges for IoT device makers. With unique device identities and verified credentials, the devices can securely connect to IoT networks, preventing unauthorized access and tampering.
Maintaining the security of IoT devices over their lifespan is a significant concern. PKI allows for secure over-the-air (OTA) updates, ensuring that devices receive necessary patches and firmware upgrades. By utilizing digital signatures and certificate-based authentication, IoT device makers can verify the integrity and authenticity of updates, mitigating the risk of unauthorized modifications or malware injection.
Secure IoT systems need certificates, and they also need a reliable system for managing their lifecycles. Designers need to carefully think through how they design, deploy and enable customers to maintain their certificate systems. By leveraging the power of PKI, IoT device makers can establish trust, enhance security, and protect user privacy.
Contact us at SecureG to learn more about how our innovative PKI solutions can help secure your IoT devices and drive the success of your IoT deployments.
