Virtual security as a service for 5G verticals (original) (raw)
Related papers
Network Slicing-aware NFV Orchestration for 5G Service Platforms
2019 European Conference on Networks and Communications (EuCNC)
The advent of 5G promises to unleash highly pervasive network coverage and density, increased data rate and capacity, optimized instantiation of virtualized resources in a multi-tenant and multi-service network capable of fulfilling the stringent requirements of various heterogeneous applications. Network slicing is a key enabler of 5G to allow multiple customized and isolated virtual networks upon a single shared physical network infrastructure. In this work, we present a survey of how various network virtualization solutions address slicing, we review the management and orchestration tools available to implement it, and we describe the slicing-aware orchestration platform that we designed for our project (5GCity). Our solution embraces creation of slices of various network elements such as compute nodes, physical networks, radio parts and network edge resources by coordinating different underlying controllers. The platform is being evaluated in three live city pilots (Barcelona, Lucca, and Bristol), already achieving slice creation in a few seconds and control plane latency of a few milliseconds.
GreenSlice: An Energy-Efficient Secure Network Slicing Framework
J. Internet Serv. Inf. Secur., 2022
The fifth generation of telecommunication networks comes with various use cases such as Enhanced Mobile Broadband, Ultra-Reliable and Low Latency Communications and Massive Machine Type Communications. These different types of communications have diverse requirements that need to be satisfied while they utilize the same physical infrastructure. By leveraging Software Defined Network (SDN) and Virtual Network Function (VNF) technologies, the 5G network slicing concept can provide end-to-end logical networks on the same physical infrastructure that satisfy the required Quality of Service (QoS) constraints for these communication types. Optimal placement of VNFs on these network slices is still an open problem. Although state-of-the-art research covers the resource allocation of these VNFs, they do not consider optimizing energy consumption under strict security requirements while embedding them into the network. In this paper, we propose a VNF placement strategy using an integer linear programming (ILP) model for 5G network slicing under strict security requirements, which optimizes energy consumption by the core network nodes. Simulation results demonstrate that the proposed model achieves significant power savings over a greedy approach performing VNF placement under the same QoS and security constraints.
5G network slicing using SDN and NFV: A survey of taxonomy, architectures and future challenges
Computer Networks, 2020
The increasing consumption of multimedia services and the demand of high-quality services from customers has triggered a fundamental change in how we administer networks in terms of abstraction, separation, and mapping of forwarding, control and management aspects of services. The industry and academia are embracing 5G as the future network capable to support next generation vertical applications with different service requirements. To realize this vision in 5G network, the physical network has to be sliced into multiple isolated logical networks of varying sizes and structures which are dedicated to different types of services based on their requirements with different characteristics and requirements (e.g., a slice for massive IoT devices, smartphones or autonomous cars, etc.). Softwarization using Software-Defined Networking (SDN) and Network Function Virtualization (NFV)in 5G networks are expected to fill the void of programmable control and management of network resources. In this paper, we provide a comprehensive review and updated solutions related to 5G network slicing using SDN and NFV. Firstly, we present 5G service quality and business requirements followed by a description of 5G network softwarization and slicing paradigms including essential concepts, history and different use cases. Secondly, we provide a tutorial of 5G network slicing technology enablers including SDN, NFV, MEC, cloud/Fog computing, network hypervisors, virtual machines & containers. Thidly, we comprehensively survey different industrial initiatives and projects that are pushing forward the adoption of SDN and NFV in accelerating 5G network slicing. A comparison of various 5G architectural approaches in terms of practical implementations, technology adoptions and deployment strategies is presented. Moreover, we provide a discussion on various open source orchestrators and proof of concepts representing industrial contribution. The work also investigates the standardization efforts in 5G networks regarding network slicing and softwarization. Additionally, the article presents the management and orchestration of network slices in a single domain followed by a comprehensive survey of management and orchestration approaches in 5G network slicing across multiple domains while supporting multiple tenants. Furthermore, we highlight the future challenges and research directions regarding network softwarization and slicing using SDN and NFV in 5G networks.
Network Slicing Security Controls and Assurance for Verticals
Electronics
This paper focuses on the security challenges of network slice implementation in 5G networks. We propose that network slice controllers support security by enabling security controls at different network layers. The slice controller orchestrates multilevel domains with resources at a very high level but needs to understand how to define the resources at lower levels. In this context, the main outstanding security challenge is the compromise of several resources in the presence of an attack due to weak resource isolation at different levels. We analysed the current standards and trends directed to mitigate the vulnerabilities mentioned above, and we propose security controls and classify them by efficiency and applicability (easiness to develop). Security controls are a common way to secure networks, but they enforce security policies only in respective areas. Therefore, the security domains allow for structuring the orchestration principles by considering the necessary security cont...
Optical Networks Virtualization and Slicing in the 5G era
Zenodo (CERN European Organization for Nuclear Research), 2018
We provide an overview of operationalization and deployment of the different data and control plane technologies used for both Optical Network Virtualization and Network Slicing, which are two key enablers of future 5G networks. OCIS codes: (060.4250) Networks; (060.4510) Optical communications 1. Introduction Future 5G networks will support a wide range of services and use cases arising from different vertical industries (e.g., IoT, eHealth, Industry4.0, etc.). Each of these services / business cases impose their own set of requirements to the network infrastructure, in terms of security, latency, elasticity, resiliency, and bandwidth. To deal with these challenges, the NGMN proposed the concept of network slicing (NS). Briefly, a network slice instance is formed by a set of network functions, and the resources enabling the deployment of these functions, forming a complete instantiated logical network to meet certain network characteristics for a specific service. Optical Network Virtualization is a key enabler for network slicing, as it provides the necessary technologies to provide the specified set of network requirements, while providing the necessary isolation between network slices. In this paper, we will review the suggested technologies from both data and control plane perspectives. Moreover, the authors have proposed and presented candidate architectures aiming at combining NS with transport networks. In this regard, [1] focused on an experimental demonstration of a multi-tenant network slicing architecture that besides dynamically deploying 5G slices (encompassing virtual network and cloud resources, and virtualized network functions), it deploys dedicated SDN/NFV control plane instances for each slice enabling full control of the allocated resources. In [2], cascading of network and cloud resources was proposed as the recursive hierarchical abstraction and virtualization of resources. We have analyzed the current trends for NS [3-4], where a slice manager is introduced in order to interact with a resource orchestrator. This paper presents a novel architecture to both support multi-tenancy and NS on top of interconnected multiple NFVI-PoPs. Each tenant will be able to run a dedicated Service Platform (NFV-O + VNFM), which might be deployed on top of the shared infrastructure Despite the expected benefits provided by adopting SDN/NFV technologies, a number of issues to cope need to be bypassed. In this sense, some of the most significant difficulties are: the need for interoperability between VNFs and orchestrators (which is being reduced through the open source software community), the combination of SDN and NFV technologies (e.g., lack of flexible support for end-to-end multi-site installations), and the consolidation of the initiatives to avoid the "additional development needed" to integrate the application/service on the platform. In order to mitigate these difficulties, we propose a model introducing DevOps for Networking. 2. (Optical) Network Virtualization Optical network virtualization (ONV) refers to the partitioning and aggregation of the physical optical infrastructure to create multiple co-existing and independent virtual networks (VN) on top of it. ONV can be introduced at data plane with enabling technologies which support virtualization (packet or circuit based), or with resource virtualization at the control plane level [5]. The usage of such virtualization technologies in NS might accomplish benefits in terms of security, latency, elasticity, resiliency, and bandwidth. At the data plane, network virtualization can be performed differently according to the considered layer (Fig. 1.a). At the Layer 0, dedicated physical interfaces, wavelengths, cores and modes might be allocated to a VN. At layer 1, OTN tunnels can be considered. At the Layer 2, MPLS and FlexEthernet connections can be adopted. Later, the use of VLANs allows creating up to 4094 virtual networks over the same physical Ethernet interfaces. At the Layer 3, the composition of overlay networks through tunneling mechanisms (e.g., NVGRE, NSH) provides the necessary VN. From the control plane perspective, several initiatives are currently addressing the ONV framework. In OIF, a Virtual Transport Network Service (VTNS) is the creation and offering of a VN by a provider to a user [6]. VNs may be dynamically created, deleted, or modified and users can perform connection management, monitoring and protection within their allocated VNs. Different types of VTNS could be associated to operators offering, for example, Bandwidth on Demand (BoD) services, Network as a Service (NaaS) or Network Slicing for 5G Networking. In IETF, the Abstraction and Control of Traffic Engineered Networks (ACTN) architecture [7] defines the requirements, use cases, and an SDN-based architecture, relying on the concepts of network and service abstraction.
Network Slicing Security: Challenges and Directions
Internet Technology Letters
Network slicing emerges as a key technology in next generation networks, boosted by the integration of software-defined networking and network functions virtualization. However, while allowing resource sharing among multiple tenants, such networks must also ensure the security requirements needed for the scenarios they are employed. This letter presents the leading security challenges on the use of network slices at the packet core, the solutions that academy and industry are proposing to address them, pointing out some directions that should be considered.
A Security Architecture for 5G Networks
IEEE Access, 2018
5G networks will provide opportunities for the creation of new services, for new business models, and for new players to enter the mobile market. The networks will support efficient and cost-effective launch of a multitude of services, tailored for different vertical markets having varying service and security requirements, and involving a large number of actors. Key technology concepts are network slicing and network softwarization, including network function virtualization and software-defined networking. The presented security architecture builds upon concepts from the 3G and 4G security architectures but extends and enhances them to cover the new 5G environment. It comprises a toolbox for security relevant modeling of the systems, a set of security design principles, and a set of security functions and mechanisms to implement the security controls needed to achieve stated security objectives. In a smart city use case setting, we illustrate its utility; we examine the high-level security aspects stemming from the deployment of a large number of IoT devices and network softwarization.
Automation of 5G network slicing security using intent-based networking
International Journal of Electrical and Computer Engineering (IJECE), 2025
Network slicing is a fundamental technological advancement that facilitates the provision of novel services and solutions within the realm of 5G and the forthcoming 6G communications. Numerous challenges emerge when implementing network slicing on a large-scale commercial level since it necessitates comprehensive control and automation of the entire network. Cyberattacks, such as distributed denial of service (DDoS) and address resolution protocol (ARP) spoofing, can significantly disrupt the performance and accessibility of slices inside a multi-tenant virtualized networking infrastructure due to the shared utilization of physical resources. This article employs intent-based networking (IBN) to identify and address diverse threats through automated methods. A conceptual framework is presented in which the IBN manager is integrated into the network-slicing architecture to facilitate the implementation of automated security controls. The proposed work is assessed using an experimental test bed. The study's findings indicate that the network slice's performance exhibits improvement when successful detection and mitigation measures are implemented. This improvement is observed in various metrics: availability, packet loss, response time, central processing unit (CPU) and memory utilization.
MDPI Future Internet, 2022
Network slicing has become a fundamental property for next-generation networks, especially because an inherent part of 5G standardisation is the ability for service providers to migrate some or all of their network services to a virtual network infrastructure, thereby reducing both capital and operational costs. With network function virtualisation (NFV), network functions (NFs) such as firewalls, traffic load balancers, content filters, and intrusion detection systems (IDS) are either instantiated on virtual machines (VMs) or lightweight containers, often chained together to create a service function chain (SFC). In this work, we review the state-of-the-art NFV and SFC implementation frameworks and present a taxonomy of the current proposals. Our taxonomy comprises three major categories based on the primary objectives of each of the surveyed frameworks: (1) resource allocation and service orchestration, (2) performance tuning, and (3) resilience and fault recovery. We also identify some key open research challenges that require further exploration by the research community to achieve scalable, resilient, and high-performance NFV/SFC deployments in next-generation networks
2018
Tutorial at IEEE NetSoft2018 - 29th June 2018 Montreal Abstract: A holistic architectural approach, orchestration and management with applicability in mobile and fixed networks and clouds Topics: Key Slicing concepts and history Slicing Key Characteristics & Usage scenarios & Value Chain Multi-Domain Network Function Virtualisation Review of Research projects and results in network and cloud slicing Open Source Orchestrators Standard Organization activities: NGMN, ITU-T, ONF, 3GPP, ETSI, BBF, IETF Industrial perspective on Network Slicing Review of industry Use Cases Network Slicing Challenges Concluding remarks of Network Slicing Acknowledgements & References