NSF Convergence Accelerator Track G: 5G Hidden Operations through Securing Traffic (GHOST)

: The proliferation of 5G networks around the world presents an attractive opportunity for U.S. government organizations, nongovernmental humanitarian aid organizations, and private sector enterprises to take advantage of indigenous 5G networks to eliminate the costs of installing and maintaining an alternate communications infrastructure. However, in many areas of the world, 5G networks are deployed and operated by organizations that are untrusted and potentially hostile to the U.S.

In these environments, new security technologies are needed to secure operations. The 5G Hidden Operations through Securing Traffic (GHOST) project provides four layers of security. First, GHOST protects against end-user and networking devices from being compromised by a hostile network.

Second, GHOST anonymizes individual identities and obscures user locations. Third, GHOST prevents traffic analysis that could reveal operational plans and activities by anonymizing communication connections and introducing “GHOST” traffic into the network to maintain a constant level of activity. Finally, the GHOST project will further obfuscate traffic analysis by injecting “false flag” traffic that models real operations to confuse and mislead analysis.

The GHOST technology will enable organizations ranging from the U.S. military to private entities to securely operate over indigenous 5G networks, regardless of the politics of the network operators.

The GHOST project addresses the core intellectual challenge of providing secure communications resistant to penetration and traffic analysis over untrusted networks. The GHOST project considers the network as a black box that is assumed to be operated by a hostile agent. Addressing the challenge will yield four intellectual benefits to the research and operational communities.

• First, the GHOST project will deliver technology that will protect end-user devices and non-indigenous networking equipment from penetration and compromise. The technology secures devices at the hardware level through the use of Trusted Execution Environments (TEEs). The idea behind a TEE is that anything coming from outside the chip boundary is untrusted.

TEEs enforce this trusted boundary by implementing integrity verification of data and code and encrypting them once they cross the trusted boundary.

• Second, the GHOST project will deliver technology to anonymize or disguise end-user identities, locations, and communications endpoints. End-user identities will be protected using software defined credentials. Locations are protected using geo-spatial identity management. Communications connections are protected by peer-to-peer anonymization.

• Third, the GHOST project will deliver technology to overlay normal traffic with “GHOST” traffic — essentially network white noise — to obfuscate traffic analysis.

• Fourth, the GHOST project will deliver technology to model and generate “false flag” traffic. Through monitoring and simulation, models of traffic patterns associated with specific operations will be generated. “False flag” traffic injected into the network will reflect the traffic associated with a particular operation and be convincing to any observers.

GHOST technology will benefit end-users of any network, not just untrusted networks. The primary criteria for success of the GHOST project will be: • Device protection from network operator attacks; • The obfuscation of user identities, locations, and communications connections; • The obfuscation of traffic patterns;

• The injection of “false flag” traffic.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.