Security policies definition and enforcement utilizing policy control function framework in 5G

Abstract

This research analyses new approaches to security enforcement in fifth generation (5G) architecture from end to end perspective. With the aim of finding a suitable and effective unified schema across the different network domains, it shows that policy control framework may become the cornerstone for the definition and enforcement of security policies in new 5G networks. The 5G core network architecture reference model is defined as a Service Based Architecture (SBA). The Policy Control Function (PCF) is a Network Function (NF) that constitutes, within the SBA architecture, a unique framework for defining any type of policies in the network and delivering those to other control plane NFs. In previous generations the policy control approach has been restricted to Quality of Service (QoS) and charging aspects. In contrast, the 5G system is now based on a unified policy control scheme that allows to build consistent policies covering the entire network. By utilizing the unified 5G policy framework we have found an effective security enforcement schema flexible to create new security policies, and agile to react to the constantly changing environment, across the end to end architecture. Within this schema we have defined mechanisms to apply the QoS principles to security use cases. We have also set up the user plane security enforcement within the session management and established security policies. Finally we have made proposals to extend the network analytics to security analytics. Our overall vision is to consider security as a quality element of the network.