Transparent AAA Security Design for Low-Latency MEC-Integrated Cellular Networks

Abstract

Multi-access edge computing (MEC) is a key enabler for low-latency services in the cellular network. It enables service requests to be served at the edge without reaching the Internet. However, this service model allows data traffic to bypass conventional security functions deployed at the core network, and may pose security threats. To examine its security impact, we analyze current security functions that span authentication, authorization, accounting (AAA), and access control, and then identify two major issues. First, conventional user authentication methods prevent MEC applications from achieving low-latency service offering. Second, current cellular authorization, accounting, and access control mechanisms hardly secure MEC traffic. We thus propose a transparent security design called MECsec to secure the MEC with low latency in the cellular network. It contains three main components: cellular-based OpenID Connect (OIDC) authentication, bitmap-based authorization/accounting, and two-tier hash-based access control. Especially, its transparent design does not need any changes on current cellular operations, and is standard-compliant. We implement and evaluate the MECsec prototype on an MEC-integrated LTE network architecture developed based on the OpenAirInterface (OAI) cellular platform. Our results show that the cellular-based OIDC can reduce delays of current authentication methods by up to 88.3%, and the other components can successfully defend against possible threats with negligible overhead.