The topic of ICT Security and assurance for components and enabling technologies is addressed by investigating specific aspects of 5G systems, SCADA, and Blockchain. For 5G systems, updates have been made to the 2019 and 2020 results in various directions, considering relevant updates in the 3GPP (3rd Generation Partnership Project) and GSMA (Global System for Mobile Communications Association) regarding security and assurance specifications for 5G system components. The security analysis of 5G systems has also been updated and expanded in relation to Network Function Virtualisation (NFV) and Network Slicing concepts. Additionally, the analysis of vulnerabilities in the security specifications produced by 3GPP has been extended to include SMS (Short Message Service) functionality.
For SCADA systems, the final version of the risk analysis methodology related to the acquisition of SCADA system components within the National Cyber Security Perimeter has been produced, according to the rules of the Evaluation and Certification Center (CVCN). The preliminary version of the methodology was thoroughly reviewed, taking into account the relevant regulations for CVCN and Perimeter contexts and their evolution, as well as a case study focused on a Programmable Logic Controller (PLC) component. The application of the methodology to this case study, aimed at producing security requirements for acquiring a PLC in the form specified by the CVCN (expressed in terms of protecting the availability, integrity, and confidentiality of relevant information and services), led to the refinement and final definition of the methodology.
For Blockchain systems, an experiment was conducted on a public key authentication system based on Blockchain, oriented towards the IoT (Internet of Things) context. The work began with an analysis of various pre-selected proposals from 2020 to choose the most suitable one for the development of the desired system. The selected proposal underwent further analysis to define the preliminary requirements for a prototype system and its essential components. These requirements were identified following alignments with RSE to better define the testing environment and usage context. The final definition of the requirements was based on an application scenario, which was subsequently implemented and tested in demo form at the RSE IoT Laboratory.