NTT Corporation (Headquarters in Chiyoda-ku, Tokyo: Jun Sawada, President and CEO; “NTTâ€) and NEC Corporation (Headquarters in Minato-ku, Tokyo: Takayuki Morita, President and CEO; “ NEC ‘) have developed the security transparency assurance Technology, which is the core technology to realize the concept of trusted network. Security Transparency Assurance technology, which aims to reduce supply chain security risks, ensures security transparency throughout the supply chain by sharing system configurations and risks network devices and information systems that make up the ICT infrastructure, including the fifth generation (5G) mobile communication system, local 5G and IOWN * 1, an innovative network technology.
NTT and NEC entered into a capital and business alliance in June 2020 with the aim of conducting joint research and development activities and the global deployment of ICT products using innovative optical and wireless technologies. * 2, and develop internationally competitive products and technologies. This initiative is part of the alliance.
The latest results of this technology will be exhibited at the NTT R&D; Forum – Road to IOWN 2021 * 3, which will be held from November 16 to 19, 2021.
1. Origins
As the digital transformation (DX) of society and industry accelerates, supply chain security risks, such as unauthorized software (malware, etc.) intrusions into the supply chain. ” procurement, maintenance and operations related procurement of network devices and information systems constituting the ICT infrastructure and unauthorized intrusions into networks and information systems through organizations with weak cybersecurity facilities have become evident.
As a countermeasure to risk, network device and information system vendors (e.g., network device vendors, system integrators, etc.) in the supply chain attest to security and for customers confirm it. At present, however, it is technically difficult to state and confirm this and we have to rely on trust between suppliers and customers, and both have to take risks on their own.
2. Technology
Security Transparency Assurance Technology, which is at the heart of building trust networks, is a technology that provides transparency regarding the security of ICT infrastructures by sharing information (hereinafter referred to as “device information”) that visualizes the configuration and communications risks. devices and systems that make up the ICT infrastructure.
(1) Visualizes software configurations in network devices continuously throughout the supply chain (e.g. manufacturing, shipping, deployment, and operation) and generates device information, including inspection results from the presence of backdoors and illegal components.
(2) Device information enables high quality risk analysis and monitoring based on completeness and accuracy, and transparency of device information will be maintained at a high level through updates. continuous day of these.
(3) Sharing device information between organizations that make up the supply chain enables countermeasures against security risks, leverages transparency, and improves security at all stages and in all supply chain organizations.
This technology is achieved by the following elementary technologies owned by NTT and NEC.
[NTT] Configuration analysis technology to visualize the software configuration of devices
[NEC] Backdoor inspection technology to detect illegal functions in device software
[NEC] Automated cyber attack risk assessment technology to visualize attack pathways in systems * 4
With this technology, customers can check for suspicious components by referring to device information during purchase and operation. * 5, and suppliers can objectively explain the risk of contamination by unauthorized components. Additionally, customers can act quickly by identifying risks and impacts using device information when a new software vulnerability is detected.
Figure 1: Overview and Benefits of Security Transparency Assurance Technology
3. Future development
We plan to perform a technical validation using this technology on local 5G in fiscal year 2021 to verify the effectiveness of each elementary technology and identify issues.
In addition, we aim to build a consortium of actors involved in building and operating trusted networks, such as communications device vendors, system integrators, and business users. Using this technology, we will establish countermeasures for supply chain security risk which is difficult by a single actor.
Contact
NTT Corporation
Public relations office
Phone: + 81-3-5205-5550
NEC Company
Public Relations Office, Corporate Communications Division
Phone: + 81-3-3798-6511
Reference