Abstract

This paper focuses on the security challenges of network slice implementation in 5G networks. We propose that network slice controllers support security by enabling security controls at different network layers. The slice controller orchestrates multilevel domains with resources at a very high level but needs to understand how to define the resources at lower levels. In this context, the main outstanding security challenge is the compromise of several resources in the presence of an attack due to weak resource isolation at different levels. We analysed the current standards and trends directed to mitigate the vulnerabilities mentioned above, and we propose security controls and classify them by efficiency and applicability (easiness to develop). Security controls are a common way to secure networks, but they enforce security policies only in respective areas. Therefore, the security domains allow for structuring the orchestration principles by considering the necessary security controls to be applied. This approach is common for both vendor-neutral and vendor-dependent security solutions. In our classification, we considered the controls in the following fields: (i) fair resource allocation with dynamic security assurance, (ii) isolation in a multilayer architecture and (iii) response to DDoS attacks without service and security degradation.

Highlights

  • Vertical customers are interested in what 5G with network slicing may offer

  • In the proposal shown in this paper, we propose a comprehensive selection with the definition of the classes of the parameters that impact slice security so that those parameters may be included in slice specification and be part of the orchestration procedure for initiating the slice configuration

  • The security requirements for procedures, flow and interfaces are specified in 5G Security Assurance Specifications; these specifications are limited to 5G Network Function (NF), so the 5G Network Resource Model for additional security controls as firewalls is not standardized and needs to be defined by vendors

Read more

Summary

Introduction

Vertical customers are interested in what 5G with network slicing may offer. The new improvements and capabilities that 5G brings include fast data transfer, ultrareliable and low-latency communication, mass device connectivity and better coverage and capacity. Network slice requirements are based on an agreement between mobile operators and verticals These requirements are called Service Level Specifications (SLS) and include data rate, traffic capacity, user density, latency, reliability and availability, among others. These SLS define how the slice controller should orchestrate the network to fulfil these requirements. In the proposal shown in this paper, we propose a comprehensive selection with the definition of the classes of the parameters that impact slice security so that those parameters may be included in slice specification and be part of the orchestration procedure for initiating the slice configuration In this way, the lower-level orchestrators may map the parameters to concrete technologies at the underlayers.

Related Work
The Security Model for Hierarchical Resource Isolation
The Proposed Solution for Attribute Definition and Model
The Proposed Solution for Security Controls
Network Slices with Security Constraints
Conclusions and Future Directions
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call