Figure 3 - uploaded by Edgardo Montes de Oca
Content may be subject to copyright.
Source publication
![Figure 2: 5GPPP Architecture WG's Overall Architecture [5]](profile/Edgardo-Montes-De-Oca/publication/326999865/figure/fig1/AS:969376886951941@1608128868547/5GPPP-Architecture-WGs-Overall-Architecture-5_Q320.jpg)
5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisati...
Context in source publication
Context 1
... 5G security architecture aims at securing the 5G slice from the service layer to the network layer, including the management of functions and the orchestration of resources. As described in Fig. 3, it is articulated around three planes, namely the service plane, the management and orchestration plane and the infrastructure plane, which is itself a dual plane, involving both logical and physical ...
Similar publications
Several external factors, including COVID-19, have prompted a trend towards converting existing systems and services into non-contact alternatives. Furthermore, beyond non-face-to-face services for individuals and small groups, such as phone calls and small meetings, efforts are underway to transform non-face-to-face services for large groups, such...
Investment in infrastructure, especially network infrastructure, testifies to the basic human need to connect. The connections may be built and managed to alter economic and geopolitical equilibria. The progress of the gigantic Chinese infrastructural project known as the Belt and Road Initiative (BRI) rang an alarm bell in the EU. The BRI may pose...
Higher education institutions including universities finding more challenges due to enhanced competitions worldwide. Innovations in higher education model are finding importance than ever before due to enhanced higher education institutions and the advancement in technology adopted mass education opportunities. After privatization of higher educati...
This article describes the formulation of a mathematical model for optimizing the structure of a distributed information-measuring system based on a multi-level topology. The paradigm of cloud, fog and boundary computing is used, which allows building a modern network infrastructure within the framework of the industrial IoT concept. The most typic...
Device-to-device (D2D) communication, an emerging form of wireless communication, has attracted considerable attention, but an efficient synchronization protocol has not yet been developed. This has crucial implications for public safety applications, which lack sufficient network infrastructure. In the public safety applications, the cellular netw...
Citations
... It can secure the user network traffic by deploying on-demand basis security services at network slices. In [190], authors propose another SDN and NFVbased framework to manage the traffic steering in slicing and deploying security VNFs as a Security Service to satisfy the demands of tenants. Furthermore, a measurable network security metric is defined in [191], where this metric can be used to trigger the deployment of SECaaS at the network slice. ...
... Proposes a NS based application-aware SECaaS framework for 5G networks. ✓ ✓[190] Proposes a SDN and NFV based framework to manage the traffic steering in slicing and deploy security VNFs as a Security as a Service to satisfy the demands of tenants.[191] Investigates the possibility of deploying proactive security mechanisms such as Moving Target Defense (MTD) a slice based SECaaS.This article has been accepted for publication in IEEE Communications Surveys & Tutorials. ...
The dawn of softwarized networks enables Network Slicing (NS) as an important technology towards allocating end-to-end logical networks to facilitate diverse requirements of emerging applications in fifth-generation (5G) mobile networks. However, the emergence of NS also exposes novel security and privacy challenges, primarily related to aspects such as NS life-cycle security, inter-slice security, intra-slice security, slice broker security, zero-touch network and management security, and blockchain security. Hence, enhancing NS security, privacy, and trust has become a key research area toward realizing the true capabilities of 5G. This paper presents a comprehensive and up-to-date survey on NS security. The paper articulates a taxonomy for NS security and privacy, laying the structure for the survey. Accordingly, the paper presents key attack scenarios specific to NS-enabled networks. Furthermore, the paper explores NS security threats, challenges, and issues while elaborating on NS security solutions available in the literature. In addition, NS trust and privacy aspects, along with possible solutions, are explained. The paper also highlights future research directions in NS security and privacy. It is envisaged that this survey will concentrate on existing research work, highlight research gaps and shed light on future research, development, and standardization work to realize secure NS in 5G and beyond mobile communication networks.
... Points of presence (PoPs) of security scanners and their integration can reduce the operating expenditure (Opex) and provide better QoS in a 5G virtual infrastructure. Virtual security as a service (Vsaas) is an upcoming challenge, and its integration and placement in virtual slices can facilitate VNF operators and provide a reliable solution to the dynamic security deployment of 5G and B5G networks [14,15]. ...
In fifth Generation (5G) networks, protection from internal attacks, external breaches, violation of confidentiality, and misuse of network vulnerabilities is a challenging task. Various approaches, especially deep-learning (DL) prototypes, have been adopted in order to counter such challenges. For 5G network defense, DL module are recommended here in order to symptomize suspicious NetFlow data. This module behaves as a virtual network function (VNF) and is placed along a 5G network. The DL module as a cyber threat-symptomizing (CTS) unit acts as a virtual security scanner along the 5G network data analytic function (NWDAF) to monitor the network data. When the data were found to be suspicious, causing network bottlenecks and let-downs of end-user services, they were labeled as “Anomalous”. For the best proactive and adaptive cyber defense system (PACDS), a logically organized modular approach has been followed to design the DL security module. In the application context, improvements have been made to input features dimension and computational complexity reduction with better response times and accuracy in outlier detection. Moreover, key performance indicators (KPIs) have been proposed for security module placement to secure interslice and intraslice communication channels from any internal or external attacks, also suggesting an adaptive defense mechanism and indicating its placement on a 5G network. Among the chosen DL models, the CNN model behaves as a stable model during behavior analysis in the results. The model classifies botnet-labeled data with 99.74% accuracy and higher precision.
... Particular methods have been developed to manage computing resources and jobs autonomously and interactively based on the state of security systems, such as the Monitor-Analyze-Plan-Execute (MAPE) loop [21,[47][48][49][50][51][52]. Although monitoring the execution of security capabilities in software-defined network infrastructure is possible [48], it has limited functionality [49]. ...
... Particular methods have been developed to manage computing resources and jobs autonomously and interactively based on the state of security systems, such as the Monitor-Analyze-Plan-Execute (MAPE) loop [21,[47][48][49][50][51][52]. Although monitoring the execution of security capabilities in software-defined network infrastructure is possible [48], it has limited functionality [49]. SDSec enhances the information security of vehicular ad hoc networks in large-scale wireless environments with high dynamic topology, but its applicability is limited. ...
In today’s business environment, reducing costs is crucial due to the variety of Internet of Things (IoT) devices and security infrastructure. However, applying security measures to complex business scenarios can lead to performance degradation, making it a challenging task. To overcome this problem, we propose a novel algorithm based on deep reinforcement learning (DRL) for optimizing cost in multi-party computation software-defined security middle platforms (MPC-SDSmp) in real-time. To accomplish this, we first integrate fragmented security requirements and infrastructure into the MPC-SDSmp cloud model with privacy protection capabilities to reduce deployment costs. By leveraging the power of DRL and cloud computing technology, we enhance the real-time matching and dynamic adaptation capabilities of the security middle platform (Smp). This enables us to generate a real-time scheduling strategy for Smp resources that meet low-cost goals to reduce operating costs. Our experimental results demonstrate that the proposed method not only reduces the costs by 13.6% but also ensures load balancing, improves the quality-of-service (QoS) satisfaction by 18.7%, and reduces the average response time by 34.2%. Moreover, our solution is highly robust and better suited for real-time environments compared to the existing methods.
... MACsec protocol suite can be followed for the fronthaul, while SDS based approach can be deployed for the network and application layer network automation [139,135]. Follow data poisoning prevention methods [140]. Compromise of integrity and availability DoS attacks. ...
Open RAN (ORAN, O-RAN) represents a novel industry-level standard for RAN (Radio Access Network), which defines interfaces that support inter-operation between vendors' equipment and offer network flexibility at a lower cost. Open RAN integrates the benefits and advancements of network softwarization and Artificial Intelligence to enhance the operation of RAN devices and operations. Open RAN offers new possibilities so that different stakeholders can develop the RAN solution in this open ecosystem. However, the benefits of Open RAN bring new security and privacy challenges. As Open RAN offers an entirely different RAN configuration than what exists today, it could lead to severe security and privacy issues if mismanaged, and stakeholders are understandably taking a cautious approach towards the security of Open RAN deployment. In particular, this paper provides a deep analysis of the security and privacy risks and challenges associated with Open RAN architecture. Then, it discusses possible security and privacy solutions to secure Open RAN architecture and presents relevant security standardization efforts relevant to Open RAN security. Finally, we discuss how Open RAN can be used to deploy more advanced security and privacy solutions in 5G and beyond RAN.
... Recse et al. [167] and Kaloxylos [168] advocate network slicing to be the key enabler to realize 5G in IoT. The use of the network slicing method can effectively guarantee the QoS requirements of different services by splitting the existing physical network to form multiple independent logical networks with customized services [169]. Even though the integration of TSN and 5G is not considered by the authors, the investigated technologies can provide a good foundation for converged wired and wireless architecture considering 5G. ...
... Thanks to the dissemination of 5G networks, edge computing, and massive Internet of Things (IoT), these networks are becoming popular. One such work is presented in [15], where the authors designed a set of services that a slice of virtual network could offer to their tenants. In 5G networks, there are virtual divisions created within networks, called slices. ...
This paper presents an adaptable password guessability service suited for different password generators according to what a user might need when using such a service. In particular, we introduce a flexible cloud-based software architecture engineered to provide an efficient and robust password guessability service that benefits from all the features and goals expected from cloud applications. This architecture comprises several components, featuring the combination of a synthetic dataset generator realized via a generative adversarial network (GAN), which may learn the distribution of passwords from a given dictionary and generate high-quality password guesses, along with a password guessability estimator realized via a password strength estimation algorithm. In addition to detailing the architecture’s components, we run a performance evaluation on the architecture’s key components, obtaining promising results. Finally, the complete application is delivered and may be used by a user to estimate the strength of a password and the time taken by an average computer to enumerate it.
... Such an aspect applies a considerable burden on the computing resources of an IoT device and contributes to a significant degeneration in secured communications and services [110]. To provide fast and adequate resources and services, present research and business initiatives encourage hardware-accelerated cryptography [48], SECurity as a Service (SE-CaaS) [141], [17], Application Delivery Controllers (ADCs) [41], and Secure Sockets Layer/Transport Layer Security (SSL/TLS) acceleration [84]. Most of these approaches have proven successful in enhanced and secure communications in their designated areas. ...
Internet of Things (IoT) is a pervasively-used technology for the last few years. IoT technologies are also responsible for intensifying various everyday smart applications improving the standard of living. However, the inter-crossing of IoT systems and the multi-directional elements responsible for these systems' placement have raised new safety concerns. They generate and share a massive amount of sensitive data. Unfortunately, both the data and the devices are susceptible to many privacy and security challenges. Much research has been done to secure these infrastructures; however, Machine Learning (ML), among others, provides higher accuracy. This survey covers the major security issues and open challenges encountered by IoT infrastructures. It also encompasses an in-depth study and analysis of ML-based state-of-the-art solutions used in securing such domains. The security challenges and requirements in IoT-based systems have been highlighted, along with a discussion on how ML supports security measures in the said domain. Furthermore, the challenges associated with ML-based security solutions have been identified concerning IoT. An analysis of prevailing ML security techniques' constraints is also contemplated.
... To create a tailored cellular IoT scheme with 5G URLLC protocol. [112] Software-Defined Security. ...
Due to the rapid development of the fifth-generation (5G) applications, and increased demand for even faster communication networks, we expected to witness the birth of a new 6G technology within the next ten years. Many references suggested that the 6G wireless network standard may arrive around 2030. Therefore, this paper presents a critical analysis of 5G wireless networks’, significant technological limitations and reviews the anticipated challenges of the 6G communication networks. In this work, we have considered the applications of three of the highly demanding domains, namely: energy, Internet-of-Things (IoT) and machine learning. To this end, we present our vision on how the 6G communication networks should look like to support the applications of these domains. This work presents a thorough review of 370 papers on the application of energy, IoT and machine learning in 5G and 6G from three major libraries: Web of Science, ACM Digital Library, and IEEE Explore. The main contribution of this work is to provide a more comprehensive perspective, challenges, requirements, and context for potential work in the 6G communication standard.
... To address the security challenges and realize a well-founded security vision in 5G and Beyond networks, there are important technological aspects to be considered. The promising AI-driven Software-Defined Security (SD-SEC) is still in its infancy and there is a need to build smart SD-SEC solutions that cover the whole cybersecurity spectrum [7]. The smart, autonomic and closed-loop architecture should be seamlessly integrated into security management [14]. ...
The promise of disparate features envisioned by the 3GPP for 5G, such as offering enhanced Mobile Broadband connectivity while providing massive Machine Type Communications likely with very low data rates and maintaining Ultra Reliable Low Latency Communications requirements, create a very challenging environment for protecting the 5G networks themselves and associated assets. To overcome such complexity, future 5G networks must employ a very high degree of network and service management automation, which is a security challenge by itself as well as an opportunity for smarter and more efficient security functions. In this paper, we present the smart, trustworthy and liable 5G security platform being designed and developed in the INSPIRE-5Gplus1 project. This platform takes advantage of new techniques such as Machine Learning (ML), Artificial Intelligence (AI), Distributed Ledger Technologies (DLT), network softwarization and Trusted Execution Environment (TEE) for closed-loop and end-to-end security management following a zero-touch model in 5G and Beyond 5G networks. To this end, we specifically elaborate on two key aspects of our platform, namely security management with Security Service Level Agreements (SSLAs) and liability management, in addition to the description of the overall architecture.
... As physical and software resources involved in management tasks and belonging to different administrative domains can be compromised by both insider and outsider attackers, security question it is required further exploration to protect those assets and make fully autonomous management in a secured way a reality. Software-defined security (SD-SEC) models enabling securityas-a-service (SECaaS) delivery models are vital to support cost-effective and agile security reinforcement in fully virtualised infrastructure [57]. In that regard, network softwarisation becomes a security facilitator (security via softwarisation) in contrast to security for network softwarisation described in Section 4.1.1.2.1. ...
... The proposed architecture focuses on enforcing security within 5G slices by enabling predictive auto-scaling of Virtual Security Functions (VSFs) according to the predefined policies and the VSFs' performance metrics. Authors in [57] devised a security architecture that supports network slice management with built-in security features leveraging on SD-SEC and SECaaS mechanisms. The architecture enables per-tenant security enforcement in a multi-tenant, multi-provider infrastructure with dynamic placement and chaining of network security functions. ...
This Deliverable presents the current security landscape of 5G networks, as well as the evolution of requirements and trends in 5G security. It includes a summary of the 5G threat landscape, the 5G networks classification criteria and their threat taxonomy; a description of security requirements of 5G systems, divided into domain-specific use cases, and the elicitation of security requirements from relevant stakeholders in 5G; the current status of 5G networks, the solutions state for securing 5G systems, the standardization effort in the domain of 5G security, the relevant 5G projects, and open source initiatives; and a description of future trends and technologies in 5G networks, their limitations, and gaps related to the security of 5G networks. This deliverable aims to provide a basis for the identification of use cases and the development of 5G security enablers in INSPIRE-5Gplus. D2.1: 5G Security: Current Status and Future Trends
