ONAP Beijing Release Developer Forum

ONAP is central coordinator of end-to-end network service orchestration. Any security issues of ONAP deployment can disrupt operations in a significant way. Micro service based architecture, large number of services, scale-out of these services and possible deployment of some services at the edge could add to security challenges. Trusted infrastructure is needed - to enable secure communications among micro services with auto certificate enrolment - to keep private keys, secrets secure from adversaries and - to eliminate passwords proliferation across micro services, file systems and configuration files. This presentation discusses security challenges and potential solutions related to X.509v3 certificate enrolment, secure private key storage, secure cryptography execution, secure password storage and attestation of underlying platform/OS. It also discusses hardware technologies that help in providing root of trust for both key management and attestation. And then it discusses how ONAP can be augmented with these security solutions without disrupting the ONAP architecture.