Towards a Rigorous Approach for Zero Trust in the 5G Core
ABSTRACT
The fifth generation (5G) of cellular communications brings a paradigm shift from the traditional monolithic system design to a Service Based Architecture that can be disaggregated logically, physically, and geographically. It affords interoperability between the mobile network operators and commercial vendors. The system makes use of commodity hardware and software and open source software. This system construct potentially increases the attack surface of 5G because of the vulnerabilities inherited by these underlying technologies, creating the need for a rigorous security analysis. In this work, we analyze the security implications introduced in the 5G Core, and the existing solutions proposed in the 5G standard. We explore how Zero Trust Architecture (ZTA) could be implemented in the 5G Core, and suggest a vertical extension of ZTA to model untrusted execution environments. We leverage Trusted Execution Environments to ensure confidential computing on untrusted deployments and our analysis shows how our proposed model handles the increased attack surface and reinforces the ZTA principles in the 5G Core, without any changes to the 5G standard. Finally, we provide experimental results and analyze the overhead incurred by our model in terms of performance and migration challenges.
BIOS
Marinos Vomvas received the Diploma in Electrical and Computer Engineering at National Technical University of Athens, in Athens, Greece, in 2017. He is currently a PhD Candidate in Cybersecurity at Northeastern University in Boston. His research interests include wireless security, practical security and privacy, and multiparty computation (MPC).
Norbert Ludant is a Ph.D. candidate in Cybersecurity at Northeastern University. He received MS degrees in Telecommunications Engineering and Multimedia and Communications in 2017 from the University Carlos III de Madrid. His research focuses on wireless security and privacy, principally in cellular systems.
Guevara Noubir is a Professor at Northeastern University. His research interests span a range of problems on the theory and practice of privacy, security, and robustness in networked systems. Dr. Noubir holds a PhD in CS from EPFL and MS in CS (diplome d'ingenieur) from ENSIMAG, France. He held research and visiting positions at CSEM SA, EPFL, Eurecom, MIT, and UNL. Professor Noubir received several research awards including the US National Science Foundation CAREER Award, Google Faculty Research Award on Privacy, multiple best paper awards, and led award winning teams in several competitions. He co-led (with Dr. Vo-Huu) Northeastern University's awards winning team in the DARPA Spectrum Collaboration Challenge (SC2).
- PDF document
- 807.35 KB
- 18 downloads
- Download
- PDF version
- Printer-friendly version