Biblio

5G network slicing plays a key role in the smart grid business. The existing authentication schemes for 5G slicing in smart grids require high computing costs, so they are time-consuming and do not fully consider the security of authentication. Aiming at the application scenario of 5G smart grid, this paper proposes an identity-based lightweight secondary authentication scheme. Compared with other well-known methods, in the protocol interaction of this paper, both the user Ui and the grid server can authenticate each other's identities, thereby preventing illegal users from pretending to be identities. The grid user Ui and the grid server can complete the authentication process without resorting to complex bilinear mapping calculations, so the computational overhead is small. The grid user and grid server can complete the authentication process without transmitting the original identification. Therefore, this scheme has the feature of anonymous authentication. In this solution, the authentication process does not require infrastructure such as PKI, so the deployment is simple. Experimental results show that the protocol is feasible in practical applications

5G has significantly facilitated the development of attractive applications such as autonomous driving and telemedicine due to its lower latency, higher data rates, and enormous connectivity. However, there are still some security and privacy issues in 5G, such as network slicing privacy and flexibility and efficiency of network slicing selection. In the smart grid scenario, this paper proposes a 5G slice selection security scheme based on the Pohlig-Hellman algorithm, which realizes the protection of slice selection privacy data between User i(Ui) and Access and Mobility Management function (AMF), so that the data will not be exposed to third-party attackers. Compared with other schemes, the scheme proposed in this paper is simple in deployment, low in computational overhead, and simple in process, and does not require the help of PKI system. The security analysis also verifies that the scheme can accurately protect the slice selection privacy data between Ui and AMF.

To fulfill different requirements from various services, the smart grid typically uses 5G network slicing technique for splitting the physical network into multiple virtual logical networks. By doing so, end users in smart grid can select appropriate slice that is suitable for their services. Privacy has vital significance in network slicing selection, since both the end user and the network entities are afraid that their sensitive slicing features are leaked to an adversary. At the same time, in the smart grid, there are many low-power users who are not suitable for complex security schemes. Therefore, both security and efficiency are basic requirements for 5G slicing selection schemes. Considering both security and efficiency, we propose a 5G slicing selection security scheme based on matching degree estimation, called SS-MDE. In SS-MDE, a set of random numbers is used to hide the feature information of the end user and the AMF which can provide privacy protection for exchanged slicing features. Moreover, the best matching slice is selected by calculating the Euclid distance between two slices. Since the algorithms used in SS-MDE include only several simple mathematical operations, which are quite lightweight, SS-MDE can achieve high efficiency. At the same time, since third-party attackers cannot extract the slicing information, SS-MDE can fulfill security requirements. Experimental results show that the proposed scheme is feasible in real world applications.

Network slicing qualitatively transforms network infrastructures such that they have maximum flexibility in the context of ever-changing service requirements. While the agility of cloud native network functions (CNFs) demonstrates significant promise, virtualization and softwarization severely degrade the performance of such network functions. Considerable efforts were expended to improve the performance of virtualized systems, and at this stage 10 Gbps throughput is a real target even for container/VM-based applications. Nonetheless, the current performance of CNFs with state-of-the-art enhancements does not meet the performance requirements of next-generation 6G networks that aim for terabit-class throughput. The present pace of performance enhancements in hardware indicates that straightforward optimization of existing system components has limited possibility of filling the performance gap. As it would be reasonable to expect a single silver-bullet technology to dramatically enhance the ability of CNFs, an organic integration of various data-plane technologies with a comprehensive vision is a potential approach. In this paper, we show a future vision of system architecture for terabit-class CNFs based on effective harmonization of the technologies within the wide-range of network systems consisting of commodity hardware devices. We focus not only on the performance aspect of CNFs but also other pragmatic aspects such as interoperability with the current environment (not clean slate). We also highlight the remaining missing-link technologies revealed by the goal-oriented approach.

The construction of a strong and smart grid is inseparable from the advancement of the power system, and the effective application of modern communication technologies allows the traditional grid to better transform into the energy Internet. With the advent of 5G, people pay close attention to the application of network slicing, not only as an emerging technology, but also as a new business model. In this article, we consider the delay requirements of certain services in the power grid. First, we analyze the security issues in network slicing and model the 5G core network slicing supply as a mixed integer linear programming problem. On this basis, a heuristic algorithm is proposed. According to the topological properties, resource utilization and delay of the slice nodes, the importance of them is sorted using the VIKOR method. In the slice link configuration stage, the shortest path algorithm is used to obtain the slice link physical path. Considering the delay of the slice link, a strategy for selecting the physical path is proposed. Simulations show that the scheme and algorithm proposed in this paper can achieve a high slice configuration success rate while ensuring the end-to-end delay requirements of the business, and meet the 5G core network slice security requirements.

The envisioned massive deployment of network slices in 5G and beyond mobile systems makes the shift towards zero-touch, scalable and secure slice lifecycle management a necessity. This is to harvest the benefits of network slicing in enabling profitable services. These benefits will not be attained without ensuring a high level security of the created network slices and the underlying infrastructure, above all in a zero-touch automated fashion. In this vein, this paper presents the architecture of an innovative network slicing security orchestration framework, being developed within the EU H2020 MonB5G project. The framework leverages the potential of Security as a Service (SECaaS) and Artificial Intelligence (AI) to foster fully-distributed, autonomic and fine-grained management of network slicing security from the node level to the end-to-end and inter-slice levels.

This paper presents an initial architecture to manage End-to-End Network Slices which, once deployed, are associated with Security Service Level Agreement(s) to increase the security on the virtual deployed resources and create End-to-End Secure Network Slices. Moreover, the workflows regarding the Network Slicing provisioning and the whole SSLA Lifecycle management is detailed.

Majority of the daily and business activities nowadays are integrated and interconnected to the world across national, geographic and boundaries. Securing the Internet of Things (IoT) system is a challenge as these low powered devices in IoT system are very vulnerable to cyber-attacks and this will reduce the reliability of the system. Software Defined Network (SDN) intends to greatly facilitate the policy enforcement and dynamic network reconfiguration. This paper presents several architectures in the integration of IoT via SDN to improve security in the network and system.

Network slicing is considered a key enabler to 5th Generation (5G) communication networks. Mobile network operators may deploy network slices-complete logical networks customized for specific services expecting a certain Quality of Service (QoS). New business models like Network Slice-as-a-Service offerings to customers from vertical industries require negotiated Service Level Agreements (SLA), and network providers need automated enforcement mechanisms to assure QoS during instantiation and operation of slices. In this paper, we focus on ultra-reliable low-latency communication (URLLC). We propose a software architecture for security functions based on off-the-shelf hardware and open-source software and demonstrate, through a series of measurements, that the strict requirements of URLLC services can be achieved. As a real-world example, we perform our experiments using the intrusion prevention system (IPS) Snort to demonstrate the impact of security functions on latency. Our findings lead to the creation of a model predicting the system load that still meets the URLLC latency requirement. We fully disclose the artifacts presented in this paper including pcap traces, measurement tools, and plotting scripts at https://gallenmu.github.io/low-latency.

Multi-party and multi-layer nature of 5G networks implies the inherent distribution of management and orchestration decisions across multiple entities. Therefore, responsibility for management decisions concerning end-to-end services become blurred if no efficient liability and accountability mechanism is used. In this paper, we present the design, building blocks and challenges of a Liability-Aware Security Management (LASM) system for 5G. We describe how existing security concepts such as manifests and Security-by-Contract, root cause analysis, remote attestation, proof of transit, and trust and reputation models can be composed and enhanced to take risk and responsibilities into account for security and liability management.

The paper presents a reinforcement learning solution to dynamic resource allocation for 5G radio access network slicing. Available communication resources (frequency-time blocks and transmit powers) and computational resources (processor usage) are allocated to stochastic arrivals of network slice requests. Each request arrives with priority (weight), throughput, computational resource, and latency (deadline) requirements, and if feasible, it is served with available communication and computational resources allocated over its requested duration. As each decision of resource allocation makes some of the resources temporarily unavailable for future, the myopic solution that can optimize only the current resource allocation becomes ineffective for network slicing. Therefore, a Q-learning solution is presented to maximize the network utility in terms of the total weight of granted network slicing requests over a time horizon subject to communication and computational constraints. Results show that reinforcement learning provides major improvements in the 5G network utility relative to myopic, random, and first come first served solutions. While reinforcement learning sustains scalable performance as the number of served users increases, it can also be effectively used to assign resources to network slices when 5G needs to share the spectrum with incumbent users that may dynamically occupy some of the frequency-time blocks.

It is expected that the concept of Internet of everything will be realized in 2020 because of the coming of the 5G wireless communication technology. Internet of Things (IoT) services in various fields require different types of network service features, such as mobility, security, bandwidth, latency, reliability and control strategies. In order to solve the complex requirements and provide customized services, a new network architecture is needed. To change the traditional control mode used in the traditional network architecture, the Software Defined Network (SDN) is proposed. First, SDN divides the network into the Control Plane and Data Plane and then delegates the network management authority to the controller of the control layer. This allows centralized control of connections of a large number of devices. Second, SDN can help realizing the network slicing in the aspect of network layer. With the network slicing technology proposed by 5G, it can cut the 5G network out of multiple virtual networks and each virtual network is to support the needs of diverse users. In this work, we design and develop a network slicing framework. The contributions of this article are two folds. First, through SDN technology, we develop to provide the corresponding end-to-end (E2E) network slicing for IoT applications with different requirements. Second, we develop a dynamic network slice resource scheduling and management method based on SDN to meet the services' requirements with time-varying characteristics. This is usually observed in streaming and services with bursty traffic. A prototyping system is completed. The effectiveness of the system is demonstrated by using an electronic fence application as a use case.

The concept of network slicing in 5G mobile networks introduces new challenges for security management: Given the combination of Infrastructure-as-a-Service cloud providers, mobile network operators as Software-as-a-Service providers, and the various verticals as customers, multi-layer and multi-tenancy-capable management architectures are required. This paper addresses the challenges for correlation of security events in such 5G scenarios with a focus on event processing at telecommunication service providers. After an analysis of the specific demand for network-slice-centric security event correlation in 5G networks, ongoing standardization efforts, and related research, we propose a multi-tenancy-capable event correlation architecture along with a scalable information model. The event processing, alerting, and correlation workflow is discussed and has been implemented in a network and security management system prototype, leading to a demonstration of first results acquired in a lab setup.

We demonstrate 5G network slicing as a unique deployment opportunity for information centric networking (ICN), by using a generic service orchestration framework that operates on commodity compute, storage, and bandwidth resource pools to realize ICN service slices. In this demo, we specifically propose a service slice for the IoT Edge network. ICN has often been considered pertinent for IoT use due to its benefits like simpler stacks on resource constrained devices, in-network caching, and in-built data provenance. We use a lightweight ICN stack on IoT devices connected with sensors and actuators to build a network, where clients can set realistic policies using their legacy hand-held devices. We employ name based authentication protocols between the service end-points and IoT devices to allow secure onboarding. The IoT slice co-exists with other service slices that cater to different classes of applications (e.g., bandwidth intensive applications, such as video conferencing) allowing resource management flexibility. Our design creates orchestrated service Edge functions to which the clients connect, and these can in turn utilize in-network stateless functions to perform tasks, such as decision making and analytics using the available compute resources efficiently.

5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisation technologies, and network resources into so-called slices. Although 5G security is being developed in current working groups, slice security is seldom addressed. In this work, we propose to integrate security in the slice life cycle, impacting its management and orchestration that relies on the virtualization/softwarisation infrastructure. The proposed security architecture connects the demands specified by the tenants through as-a-service mechanisms with built-in security functions relying on the ability to combine enforcement and monitoring functions within the software-defined network infrastructure. The architecture exhibits desirable properties such as isolating slices down to the hardware resources or monitoring service-level performance.

The process of digitalisation has an advanced impact on social lives, state affairs, and the industrial automation domain. Ubiquitous networks and the increased requirements in terms of Quality of Service (QoS) create the demand for future-proof network management. Therefore, new technological approaches, such as Software-Defined Networks (SDN) or the 5G Network Slicing concept, are considered. However, the important topic of cyber security has mainly been ignored in the past. Recently, this topic has gained a lot of attention due to frequently reported security related incidents, such as industrial espionage, or production system manipulations. Hence, this work proposes a concept for adding cyber security requirements to future network management paradigms. For this purpose, various security related standards and guidelines are available. However, these approaches are mainly static, require a high amount of manual efforts by experts, and need to be performed in a steady manner. Therefore, the proposed solution contains a dynamic, machine-readable, automatic, continuous, and future-proof approach to model and describe cyber security QoS requirements for the next generation network management.

The process of digitalisation has an advanced impact on social lives, state affairs, and the industrial automation domain. Ubiquitous networks and the increased requirements in terms of Quality of Service (QoS) create the demand for future-proof network management. Therefore, new technological approaches, such as Software-Defined Networks (SDN) or the 5G Network Slicing concept, are considered. However, the important topic of cyber security has mainly been ignored in the past. Recently, this topic has gained a lot of attention due to frequently reported security related incidents, such as industrial espionage, or production system manipulations. Hence, this work proposes a concept for adding cyber security requirements to future network management paradigms. For this purpose, various security related standards and guidelines are available. However, these approaches are mainly static, require a high amount of manual efforts by experts, and need to be performed in a steady manner. Therefore, the proposed solution contains a dynamic, machine-readable, automatic, continuous, and future-proof approach to model and describe cyber security QoS requirements for the next generation network management.