On end-to-end approach for slice isolation in 5G networks. Fundamental challenges (original) (raw)
Related papers
Network, 2022
This article reveals an adequate comprehension of basic defense, security challenges, and attack vectors in deploying multi-network slicing. Network slicing is a revolutionary concept of providing mobile network on-demand and expanding mobile networking business and services to a new era. The new business paradigm and service opportunities are encouraging vertical industries to join and develop their own mobile network capabilities for enhanced performances that are coherent with their applications. However, a number of security concerns are also raised in this new era. In this article, we focus on the deployment of multi-network slicing with multi-tenancy. We identify the security concerns and discuss the defense approaches such as network slice isolation and insulation in a multi-layer network slicing security model. Furthermore, we identify the importance to appropriately select the network slice isolation points and propose a generic framework to optimize the isolation policy re...
Limits of Isolation: Perspectives on Device Security in (5G) Network Slicing
5G evangelists promote dynamic network slicing to support multi-tenancy proliferation of new services: a key requirement for these slices is isolation. However, coexistence of slices on common hardware poses practical limits to the levels of isolation which can be achieved. This talk shall quickly give some perspectives on security challenges onto the development of new devices in this novel evolving ecosystem.
The Isolation Concept in the 5G Network Slicing
2020 European Conference on Networks and Communications (EuCNC)
The fifth generation (5G) of cellular networks shall host a number of tenants and provide services tailored to meet a wide range of requirements in terms of performance, dependability and security. Network slicing will be a key enabler, by assigning dedicated resources and functionalities to meet such requirements, where the isolation between slices, i.e., that a slice may operate without interference from other slices, becomes a core issue. The objective of this paper is to give a thorough insight into the isolation concept, discuss the challenges involved in providing it, and outline the means available to provide various levels of isolation. Fundamental concepts that can be used in further work to build an isolation solution tailored to specific needs. This paper defines important concepts such as the Provider Management, the Tenant Management, and the Means of Isolation in the context of the Isolation Dimensions. The conclusion of the study is that dealing with isolation between slices needs extensions in state of the art on the mentioned concepts, and in how to tailor the isolation to meet the needs in a cost-efficiency manner.
2022
This thesis is devoted to 5G network security, in particular, the security of network slices. It consists of a theoretical background regarding the security algorithms required to secure a network slice of the 5G network. An overview of 5G security architecture is explained in the thesis. Few examples of security algorithms have been presented. They cover hashing, AES symmetric, and RSA asymmetric encryption algorithms. The Super Secure Slice (SSS) is explained together with the security box to mitigate various types of attacks such as Man-in-the-Middle attacks. The security box consists of the main security algorithms required to maintain the security level of a network slice. The security box encapsulates the network node. The security box including the main security algorithms for mutual authentication, encryption, and integrity protection has been simulated in Python to measure the performance as well as the impact on the communication between two network nodes within a network slice for various scenarios. The Wireshark tool has been used to show the importance of applying such a security algorithm to a network slice as well as the difference between data being exchanged in cleartext and ciphertext, with and without mutual authentication, and integrity protection through the usage of digital signatures.
A Survey on Network Slicing Security: Attacks, Challenges, Solutions and Research Directions
IEEE Communications Surveys & Tutorials
The dawn of softwarized networks enables Network Slicing (NS) as an important technology towards allocating endto-end logical networks to facilitate diverse requirements of emerging applications in fifth-generation (5G) mobile networks. However, the emergence of NS also exposes novel security and privacy challenges, primarily related to aspects such as NS life-cycle security, inter-slice security, intra-slice security, slice broker security, zero-touch network and management security, and blockchain security. Hence, enhancing NS security, privacy, and trust has become a key research area toward realizing the true capabilities of 5G. This paper presents a comprehensive and up-to-date survey on NS security. The paper articulates a taxonomy for NS security and privacy, laying the structure for the survey. Accordingly, the paper presents key attack scenarios specific to NS-enabled networks. Furthermore, the paper explores NS security threats, challenges, and issues while elaborating on NS security solutions available in the literature. In addition, NS trust and privacy aspects, along with possible solutions, are explained. The paper also highlights future research directions in NS security and privacy. It is envisaged that this survey will concentrate on existing research work, highlight research gaps and shed light on future research, development, and standardization work to realize secure NS in 5G and beyond mobile communication networks.
Secure Keying Scheme for Network Slicing in 5G Architecture
2019 IEEE Conference on Standards for Communications and Networking (CSCN)
Network slicing is one of the key enabling technologies of evolving fifth generation (5G) mobile communication that fulfills multitudes of service demands of 5G networks. Although the concept of network slicing, its deployment scenarios and some security aspects like slice isolation are discussed in detail, key management for network slicing based applications is still not a well-investigated research area. In this paper, we propose a secure keying scheme that is suitable for network slicing architecture when the slices are accessed by the third party applications. Since the secure keying scheme is designed using a multi-party computation mechanism, it ensures the consent of monitored use cases or devices which the data is acquired. We discuss the performance, scalability and security properties of the keying scheme to demonstrate its appropriateness under evolving 5G paradigm.
Network Slicing Security Controls and Assurance for Verticals
Electronics
This paper focuses on the security challenges of network slice implementation in 5G networks. We propose that network slice controllers support security by enabling security controls at different network layers. The slice controller orchestrates multilevel domains with resources at a very high level but needs to understand how to define the resources at lower levels. In this context, the main outstanding security challenge is the compromise of several resources in the presence of an attack due to weak resource isolation at different levels. We analysed the current standards and trends directed to mitigate the vulnerabilities mentioned above, and we propose security controls and classify them by efficiency and applicability (easiness to develop). Security controls are a common way to secure networks, but they enforce security policies only in respective areas. Therefore, the security domains allow for structuring the orchestration principles by considering the necessary security cont...
2019
Described herein are techniques for handling dynamic slicing requirements of User Equipment (UE) by performing remote activation (e.g., Over-the-Air Provisioning (OTAP)) of the logical profiles captured in the embedded Subscriber Identity Module (eSIM) which are created for the different slicing needs in private 5G networks. Also described are techniques for installing policies based on the Manufacturer Usage Description (MUD) Uniform Resource Locator (URL) in a private 5G network and efficiently retaining it during a 5G outage. DETAILED DESCRIPTION Private 5G networks promise to support major use cases (e.g., enhanced Mobile Broadband (eMBB), Ultra Reliable Low Latency Communications (URLLC), massive Machine Type Communications (mMTC), etc.) for Industry 4.0 and Industrial Internet of Things (IIOT). With private 5G networks, the industrial verticals can own the private spectrum and manage the 5G system in a customized manner. This diverse set of services may be offered through netw...
A Comprehensive View of State-of-Art of 5G Network Slicing
Journal of network and information security, 2020
Network Slicing is a concept that creates multiple virtual networks that serve the purpose of various service requirements. These logical networks created on top of the same physical network infrastructure are called "network slices". Each slice of the network acts as an isolated network that is end-to-end and customized to achieve the requirements as expected by the application. This network slicing is one of the driving aspects in the 5G networks, which promises to provide various services as per the user requirement. A study is made on Network Function Virtualization (NFV) and Software Defined Networks (SDN) which forms the driving aspects for network Slicing in 5G networks. Also, the state of art developments in the field of network slicing has been studied and explained. The paper presents the benefits of 5G network slicing from the technical point of view and later describes different vertical segments that make use of slicing of 5G networks. It can be stated that network slicing in 5G networks offers to improve the efficiency of the 5G networks and also helps to achieve the expected and promised performance of the 5G in the coming future.
End-to-end Network Slicing for 5G Mobile Networks
Journal of Information Processing, 2017
The research and development (R&D) and the standardization of the 5th Generation (5G) mobile networking technologies are proceeding at a rapid pace all around the world. In this paper, we introduce the emerging concept of network slicing that is considered one of the most significant technology challenges for 5G mobile networking infrastructure, summarize our preliminary research efforts to enable end-to-end network slicing for 5G mobile networking, and finally discuss application use cases that should drive the designs of the infrastructure of network slicing.