Securing 5G virtual networks: a critical analysis of SDN, NFV, and network slicing security

Abstract

5G, the current generation of communication networks is based on the standards defined by 3GPP and other organizations (ETSI, ENISA, NGMN). These standards define virtual networks supported by three basic technologies, SDN, NFV, and Network Slicing. Virtual networks are primarily built using software and have clear advantages that appear to be reduced because of the corresponding loss in security due to the larger attack surface of this type of network. On the other hand, virtual networks can be made even more secure than hardware-based networks by leveraging the flexibility and adaptability of virtual functions and numerous articles have studied different aspects of their security. Current work goes from proposals for specific mechanisms to general studies of threats and defenses. Some of these are systematic literature reviews considering everything published on a specific theme. We prefer to analyze carefully selected papers considered significant and produce from them an overview of the status of the security of the network technologies used by 5G. After this analysis, we have found that although there are many studies of threats, they are not systematic and have confusions about concepts that may mislead implementers; we also found that the large variety of defenses can be confusing to designers. We have therefore conducted a critical analysis of threats and defenses to provide a clear perspective of how to secure these networks. Based on this perspective, we propose directions for research to improve or extend current defenses. We note that although virtual networks have special characteristics, they are examples of systems and much of the theory of systems security applies to them.