End-to-End Network Slicing Security Across Standards Organizations

Abstract

This article makes a holistic analysis of the security aspects specified for 5G network slicing across the main standards and industry organizations, namely 3GPP, ETSI, and GSMA. A network slice is a logical end-to-end network that provides specific network capabilities and characteristics to serve a defined business purpose of communications service providers' (CSPs') customers. That purpose can be motivated by CSP internal reasons including network operation optimization, services classification, resources optimization, cost savings, support of network automation, or other specific customer demands. Network slicing can be defined as a paradigm where network slices are created with appropriate isolation, set of resources, and optimized topology, becoming a key feature and business driver for 5G. The overall security architecture of the 5G network is being constantly enhanced with new security features available as well in network slices as logical networks created within the 5G network. In contrast, the threat surface is increased with network slicing as new factors such as business models, tenants, functions, interfaces, and signaling flows are introduced, especially when the isolation among network slices is not well designed and effectively enforced. By analyzing the underlying security threats on network slicing, the article derives the corresponding security requirements and studies the specified mechanisms to protect the network slices. The article concludes pointing out several gaps in current standards with respect to 5G network slicing security and depicts possible next steps for further investigation.