V. Chamola,Vikas Hassija,G. Praveen,D. Niyato

DOI: https://doi.org/10.1109/MNET.011.2000489

IF: 10.294

2021-05-01

IEEE Network

Abstract:5G communications technologies are the backbone of future communications systems in satisfying different heterogeneous requirements of the industry and consumer applications. These systems rely on standardized protocols and heterogeneous architectures to engineer massive scaling of communication devices. Network Slicing (NS) can be incorporated into 5G to cater to the ever increasing needs of smart communications, ranging from Enhanced Mobile Broadband (eMBB) to Ultra-Reliable Low Latency Communications (URLLC). In this article, we present the performance analysis of such a network using real-world deployment and testing scenarios with state based network slice allocation. To account for transparency and security, a Blockchain-based model is integrated within the network operations. In particular, we carefully account for the latency aware operations of Network Slicing along with its UE state based allocation by telecom providers using Blockchain. Furthermore, provisioning the Blockchain in the Network Slice allocations increases the transparency and efficiency of resource handling operations within the network.

Computer Science,Engineering

Pragya Sharma,Tolga Atalay,Hans-Andrew Gibbs,Dragoslav Stojadinovic,Angelos Stavrou,Haining Wang

2024-04-20

Abstract:5G mobile networks leverage Network Function Virtualization (NFV) to offer services in the form of network slices. Each network slice is a logically isolated fragment constructed by service chaining a set of Virtual Network Functions (VNFs). The Network Repository Function (NRF) acts as a central OpenAuthorization (OAuth) 2.0 server to secure inter-VNF communications resulting in a single point of failure. Thus, we propose 5G-WAVE, a decentralized authorization framework for the 5G core by leveraging the WAVE framework and integrating it into the OpenAirInterface (OAI) 5G core. Our design relies on Side-Car Proxies (SCPs) deployed alongside individual VNFs, allowing point-to-point authorization. Each SCP acts as a WAVE engine to create entities and attestations and verify incoming service requests. We measure the authorization latency overhead for VNF registration, 5G Authentication and Key Agreement (AKA), and data session setup and observe that WAVE verification introduces 155ms overhead to HTTP transactions for decentralizing authorization. Additionally, we evaluate the scalability of 5G-WAVE by instantiating more network slices to observe 1.4x increase in latency with 10x growth in network size. We also discuss how 5G-WAVE can significantly reduce the 5G attack surface without using OAuth 2.0 while addressing several key issues of 5G standardization.

Networking and Internet Architecture

Lanfranco Zanzi,Antonio Albanese,Vincenzo Sciancalepore,Xavier Costa-Perez

DOI: https://doi.org/10.1109/ICC40277.2020.9149414

2020-03-17

Abstract:With the advent of revolutionary technologies, such as virtualization and softwarization, a novel concept for 5G networks and beyond has been unveiled: Network Slicing. Initially driven by the research community, standardization bodies as 3GPP have embraced it as a promising solution to revolutionize the traditional mobile telecommunication market by enabling new business models opportunities. Network Slicing is envisioned to open up the telecom market to new players such as Industry Verticals, e.g. automotive, smart factories, e-health, etc. Given the large number of potential new business players, dubbed as network tenants, novel solutions are required to accommodate their needs in a cost-efficient and secure manner. In this paper, we propose NSBchain, a novel network slicing brokering (NSB) solution, which leverages on the widely adopted Blockchain technology to address the new business models needs beyond traditional network sharing agreements. NSBchain defines a new entity, the Intermediate Broker (IB), which enables Infrastructure Providers (InPs) to allocate network resources to IBs through smart contracts and IBs to assign and re-distribute their resources among tenants in a secure, automated and scalable manner. We conducted an extensive performance evaluation by means of an open-source blockchain platform that proves the feasibility of our proposed framework considering a large number of tenants and two different consensus algorithms.

Networking and Internet Architecture

Man Chun Chow,Maode Ma

DOI: https://doi.org/10.3390/s22124525

2022-06-15

Abstract:The futuristic fifth-generation cellular network (5G) not only supports high-speed internet, but must also connect a multitude of devices simultaneously without compromising network security. To ensure the security of the network, the Third Generation Partnership Project (3GPP) has standardized the 5G Authentication and Key Agreement (AKA) protocol for mutually authenticating user equipment (UE), base stations, and the core network. However, it has been found that 5G-AKA is vulnerable to many attacks, including linkability attacks, denial-of-service (DoS) attacks, and distributed denial-of-service (DDoS) attacks. To address these security issues and improve the robustness of the 5G network, in this paper, we introduce the Secure Blockchain-based Authentication and Key Agreement for 5G Networks (5GSBA). Using blockchain as a distributed database, our 5GSBA decentralizes authentication functions from a centralized server to all base stations. It can prevent single-point-of-failure and increase the difficulty of DDoS attacks. Moreover, to ensure the data in the blockchain cannot be used for device impersonation, our scheme employs the one-time secret hash function as the device secret key. Furthermore, our 5GSBA can protect device anonymity by mandating the encryption of device identities with Subscription Concealed Identifiers (SUCI). Linkability attacks are also prevented by deprecating the sequence number with Elliptic Curve Diffie-Hellman (ECDH). We use Burrows-Abadi-Needham (BAN) logic and the Scyther tool to formally verify our protocol. The security analysis shows that 5GSBA is superior to 5G-AKA in terms of perfect forward secrecy, device anonymity, and mutual Authentication and Key Agreement (AKA). Additionally, it effectively deters linkability attacks, replay attacks, and most importantly, DoS and DDoS attacks. Finally, the performance evaluation shows that 5GSBA is efficient for both UEs and base stations with reasonably low computational costs and energy consumption.

Neeraj Kumar,Rifaqat Ali

DOI: https://doi.org/10.1016/j.comnet.2024.110353

IF: 5.493

2024-03-29

Computer Networks

Abstract:In recent years, Maritime Transportation Systems (MTS) have experienced significant advancements through the adoption of Internet of Things (IoT) technology. The introduction of 6G mobile networks has further expanded possibilities by offering enhanced communication services and additional functionalities such as processing, caching, sensing, and control for a wide array of IoT devices. Despite these technological advancements, the integration of IoT and 6G has introduced new risks and challenges in terms of safety and reliability. The involvement of various maritime stakeholders in scheduling and managing marine transportation exacerbates these challenges. Moreover, the MTS has encountered escalating security and privacy concerns with unauthorized data access and message tampering pose significant vulnerabilities in the 6G-IoT-enabled MTS environment. Therefore, a shared and controlled access mechanism that cannot be manipulated or tampered with by unauthorized parties is also an essential requirement in MTS. To address these issues, this paper presents an authentication framework leveraging blockchain technology, specifically designed for 6G-IoT-enabled MTS. The objective is to handle real-time data using decentralized peer-to-peer cloud servers with minimal latency, all while addressing security and privacy concerns specific to MTS. This integration also serves to mitigate various security threats. The protocol's security and privacy are verified through rigorous evaluations, including the ROR model, Scyther tool, and informal security analysis. A simulation of the proposed protocol using MIRACL is conducted, offering a comprehensive assessment of its computational costs and security features when compared to existing protocols, demonstrating its superior security and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Fatima Salahdine,Qiang Liu,Tao Han

DOI: https://doi.org/10.1109/ojcs.2022.3161933

2022-01-01

IEEE Open Journal of the Computer Society

Abstract:Network slicing is one of the emerging technologies allowing resource sharing among different network entities in 5G networks. It enables delivering smart, critical, and multi-services with distinctive requirements transiting from network as an infrastructure to network as a service setup. Although its advantages, it is facing several challenges raised from isolation and resource sharing among services leading to security issues. Security is a critical problem for network slicing as slices serving customized services with different requirements may also have different security levels and policies. Thus, considering the impact of these security issues on network slices is required when defining and designing security protocols. Addressing these challenges is necessary to protect users security and privacy while maintaining the required performance and QoS. Most of the existing works covered only one or more aspects of the network slicing including, architecture, taxonomy, challenges, security issues, attacks classification, possible solutions, and future scope. In this paper, we extensively investigated all these aspects and others, we analyzed how the security can be ensured inside and outside of the network slices with resource isolation, machine learning, and cryptography with an E2E security. We presented a deep review of the security issues threatening the network slicing and how to mitigate them over a multi-domain infrastructure in 5G networks. we evaluated the performance of some of these solutions in preventing malicious attacks through experiments using Open Air Interface.

Asrar Baktayan,Ibrahim Ahmed Albaltah

DOI: https://doi.org/10.37868/sei.v4i1.id153

2022-02-02

Sustainable Engineering and Innovation

Abstract:The mobility nature of the wireless networks and the time-sensitive tasks make it necessary for the system to transfer the messages with a minimum delay. Cloud Radio Access Network (C-RAN) reduces the latency problem. However, due to the trustlessness of 5G networks resulting from the heterogeneity nature of devices. In this article, for the edge devices, there is a need to maintain a trust level in the C-RAN node by checking the rates of devices that are allowed to share data among other devices. The SDN controller is built into a macro-cell that plays the role of a cluster head. The blockchain-based automatically authenticates the edge devices by assigning a unique identification that is shared by the cluster head with all C-RAN nodes connected to it. Simulation results demonstrate that, compared with the benchmark, the proposed approach significantly improves the processing time of blocks, the detection accuracy of malicious nodes, and transaction transmission delay.

Qian Li,Geng Wu,Apostolos Papathanassiou,Udayan Mukherjee

DOI: https://doi.org/10.48550/arXiv.1608.00572

2016-08-01

Abstract:Wireless industry nowadays is facing two major challenges: 1) how to support the vertical industry applications so that to expand the wireless industry market and 2) how to further enhance device capability and user experience. In this paper, we propose a technology framework to address these challenges. The proposed technology framework is based on end-to-end vertical and horizontal slicing, where vertical slicing enables vertical industry and services and horizontal slicing improves system capacity and user experience. The technology development on vertical slicing has already started in late 4G and early 5G and is mostly focused on slicing the core network. We envision this trend to continue with the development of vertical slicing in the radio access network and the air interface. Moving beyond vertical slicing, we propose to horizontally slice the computation and communication resources to form virtual computation platforms for solving the network capacity scaling problem and enhancing device capability and user experience. In this paper, we explain the concept of vertical and horizontal slicing and illustrate the slicing techniques in the air interface, the radio access network, the core network and the computation platform. This paper aims to initiate the discussion on the long-range technology roadmap and spur development on the solutions for E2E network slicing in 5G and beyond.

Networking and Internet Architecture,Information Theory

Nan Ma,Xiaofeng Zhong,Peng Liu,Shidong Zhou

DOI: https://doi.org/10.1109/vtc2020-spring48590.2020.9128924

2020-01-01

Abstract:With the continuous advancement of 5G, the system architecture of the network needs to be highly adaptable to serve new and legal cases while meeting the requirements of users for higher security of communications. This paper proposes a SDN/NFV-based core network slicing for secure mobile communication. This slicing provides a solution to the problem of unencrypted user data with strong connectivity, security and scalability. On the one hand, it is compatible with the existing network architecture and suitable for 5G networks. In addition, it uses symmetric keys corresponding to the user and the network to encrypt user data, which is different from VPN. Moreover, core network slicing based on SDN/NFV is the key to satisfying the complex and diverse scenarios of 5G, with future-oriented scalability and flexibility.

Virendra Pratap Singh,Mahendra Pratap Singh,Saumya Hegde,Maanak Gupta

DOI: https://doi.org/10.1109/access.2024.3386632

IF: 3.9

2024-04-20

IEEE Access

Abstract:Network slicing has emerged as a cornerstone technology within the 5G ecosystem, enabling efficient resource allocation, service customization, and support for various applications. Its ability to deliver Network-as-a-Service (NaaS) brings a new paradigm of adaptable and efficient network provisioning. However, with the diversification of services and the increasing complexity of network infrastructures, a simultaneous rise in security vulnerabilities becomes evident. These flaws go beyond the limitations of conventional network security and affect various aspects of network slice (NS) implementation and management. The limitations of traditional security, such as static policies, single point of failure, and challenges in effectively securing network slicing deployments, underscore the need to explore security measures tailored to the dynamic nature of 5G networks. To ensure the robust security of 5G networks, it is essential to consider various security concerns such as isolation, authentication, and authorization. Furthermore, dynamic orchestration and inter-slice communication security challenges must be proactively tackled. The security concerns related to 5G networks must be addressed comprehensively to ensure the safe and secure operation of the network. Our survey paper goes into these complex security issues, providing an in-depth and systematic review of the various contexts in which they emerge. We have identified the five most vulnerable areas in Network Slicing: Slice-Lifecycle, Communication type slice uses, Technologies used to provide service, Management threats, and End Devices utilized in service. Apart from threats in these vulnerable areas, we also discussed a few generous attacks that can be launched to disrupt network-slicing services. Furthermore, this study is a valuable resource for evaluating the current state of research efforts in this domain, contributing to the ongoing enhancement of security measures and the overall robustness of network-slicing technology. In doing so, we aim to ensure the secure and sustainable evolution of 5G networks as they become increasingly integral to our digital infrastructure.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abbas Yazdinejad,Reza M. Parizi,Ali Dehghantanha,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/TNSE.2019.2937481

2019-05-09

Abstract:5G mobile networks provide additional benefits in terms of lower latency, higher data rates, and more coverage, in comparison to 4G networks, and they are also coming close to standardization. For example, 5G has a new level of data transfer and processing speed that assures users are not disconnected when they move from one cell to another; thus, supporting faster connection. However, it comes with its own technical challenges relating to resource management, authentication handover and user privacy protection. In 5G, the frequent displacement of the users among the cells as a result of repeated authentication handovers often lead to a delay, contradicting the 5G objectives. In this paper, we propose a new authentication approach that utilizes blockchain and software defined networking (SDN) techniques to remove the re-authentication in repeated handover among heterogeneous cells. The proposed approach is designed to assure the low delay, appropriate for the 5G network in which users can be replaced with the least delay among heterogeneous cells using their public and private keys provided by the devised blockchain component while protecting their privacy. In our comparison between Proof-of-Work (POW)-based and network-based models, the delay of our authentication handover was shown to be less than 1ms. Also, our approach demonstrated less signaling overhead and energy consumption compared to peer models.

Networking and Internet Architecture

Serhii Onopa,Zbigniew Kotulski

DOI: https://doi.org/10.3390/electronics13050974

IF: 2.9

2024-03-04

Electronics

Abstract:As mobile communications transform, 5G technology can potentially change many industries and businesses. The change will have a great influence across many fields, such as the automotive, healthcare, and manufacturing sectors. This paper aims to review the existing applications of blockchain technology in providing 5G network security and identify new possibilities for such security solutions. We consider different aspects of blockchain in 5G, particularly data transmission, access control, and applications including vertical industry-oriented applications and specific solutions supporting such sectors of economic activity. The paper briefly describes modern technologies in 5G networks and introduces blockchain's properties and different aspects of using such technology in practical applications. It also presents access control management with blockchain applied in 5G and related problems, reviews other blockchain-enforced network technologies, and shows how blockchain can help in services dedicated to vertical industries. Finally, it presents our vision of new blockchain applications in modern 5G networks and beyond. The new-generation networks use two fundamental technologies, slicing and virtualization, and attackers attempt to execute new types of attacks on them. In the paper, we discuss one of the possible scenarios exhibiting the shortcomings of the slicing technology architecture. We propose using blockchain technology to create new slices and to connect new or existing subscribers to slices in the 5G core network. Blockchain technology should solve these architectural shortcomings.

engineering, electrical & electronic,computer science, information systems,physics, applied

Vipin N. Sathi,Manikantan Srinivasan,Prabhu K. Thiruvasagam,C. Siva Ram Murthy

DOI: https://doi.org/10.1109/tdsc.2020.2968885

2021-11-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In the softwarized fifth generation (5G) networks, authentication protocols are deployed by both the mobile network operators and the third-party service providers to enable secure slice formation at the network side and user validation at the service provider side, respectively. However, the usage of static key-based authentication protocols in 5G networks gives rise to two major problems: (i) network slice topology learning attack during the formation of slice and (ii) exposure of users' service access behavior to the third-party service providers and device-to-device communication peers. In this article, we propose group anonymous (i) privacy preserving mutual authentication (PPMA) and (ii) privacy preserving one-way authentication (PPOA) protocols to address the aforementioned problems, respectively. We also prove the security of the PPMA and PPOA protocols against the chosen ciphertext attack in the random oracle model. The PPMA and PPOA protocols are implemented using the JPBC library and the computation overhead is measured. For 1024 bits discrete logarithm security, the computation overhead of the PPMA and PPOA protocols is respectively 48.54 and 68.65 percent lower than an existing privacy preserving authentication protocol on an Intel processor. The PPMA and PPOA protocols are generic and can be applied in peer-to-peer authentication scenarios where group anonymity and privacy preservation are considered.

Hisham A. Kholidy,Mohammad A. Rahman,Andrew Karam,Zahid Akhtar

DOI: https://doi.org/10.48550/arXiv.2201.00484

2022-01-03

Abstract:The 5G network would fuel next-gen, bandwidth-heavy technologies such as automation, IoT, and AI on the factory floor. It will improve efficiency by powering AR overlays in workflows, as well as ensure safer practices and reduce the number of defects through predictive analytics and real-time detection of damage. The Dynamic Spectrum Sharing (DSS) in 5G networks will permit 5G NR and 4G LTE to coexist and will provide cost-effective and efficient solutions that enable a smooth transition from 4G to 5G. However, this increases the attack surface in the 5G networks. To the best of our knowledge, none of the current works introduces a real-time secure spectrum-sharing mechanism for 5G networks to defend spectrum resources and applications. This paper aims to propose a Blockchain-based Decentralized Trusted Computing Platform (BTCP) to self-protect large-scale 5G spectrum resources against cyberattacks in a timely, dynamic, and accurate way. Furthermore, the platform provides a decentralized, trusted, and non-repudiating platform to enable secure spectrum sharing and data exchange between the 5G spectrum resources

Cryptography and Security

Hamad Alrashede,Fathy Eassa,Abdullah Marish Ali,Faisal Albalwy,Hosam Aljihani

DOI: https://doi.org/10.3390/electronics13193799

IF: 2.9

2024-09-26

Electronics

Abstract:Software-Defined Networking (SDN) has emerged as a revolutionary architecture in computer networks, offering comprehensive network control and monitoring capabilities. However, securing the east–west interface, which is crucial for communication between distributed SDN controllers, remains a significant challenge. This study proposes a novel blockchain-based security framework that integrates Ethereum technology with customized blockchain algorithms for authentication, encryption, and access control. The framework introduces decentralized mechanisms to protect against diverse attacks, including false data injection, man-in-the-middle (MitM), and unauthorized access. Experimental results demonstrate the effectiveness of this framework in securing distributed controllers while maintaining high network performance and low latency, paving the way for more resilient and trustworthy SDN infrastructures.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ramraj Dangi,Akshay Jadhav,Gaurav Choudhary,Nicola Dragoni,Manas Kumar Mishra,Praveen Lalwani

DOI: https://doi.org/10.3390/fi14040116

2022-04-08

Future Internet

Abstract:Fifth-generation networks efficiently support and fulfill the demands of mobile broadband and communication services. There has been a continuing advancement from 4G to 5G networks, with 5G mainly providing the three services of enhanced mobile broadband (eMBB), massive machine type communication (eMTC), and ultra-reliable low-latency services (URLLC). Since it is difficult to provide all of these services on a physical network, the 5G network is partitioned into multiple virtual networks called “slices”. These slices customize these unique services and enable the network to be reliable and fulfill the needs of its users. This phenomenon is called network slicing. Security is a critical concern in network slicing as adversaries have evolved to become more competent and often employ new attack strategies. This study focused on the security issues that arise during the network slice lifecycle. Machine learning and deep learning algorithm solutions were applied in the planning and design, construction and deployment, monitoring, fault detection, and security phases of the slices. This paper outlines the 5G network slicing concept, its layers and architectural framework, and the prevention of attacks, threats, and issues that represent how network slicing influences the 5G network. This paper also provides a comparison of existing surveys and maps out taxonomies to illustrate various machine learning solutions for different application parameters and network functions, along with significant contributions to the field.

Zigang Chen,Jin Ao,Wenjun Luo,Zhiquan Cheng,Yuhong Liu,Kai Sheng,Long Chen

DOI: https://doi.org/10.1016/j.jisa.2022.103247

IF: 4.96

2022-08-01

Journal of Information Security and Applications

Abstract:5G and Internet of Things (IoT) are closely related and promote each other. Network Slice (NS) technology based on Software Defined Network (SDN) and Network Function Virtualization (NFV) have changed the traditional network architecture. Subsequently, the secure access authentication of IoT terminals for 5G networks and the selection of network slice services have become important issues for the deep integration of 5G and IoT. In this paper, we propose a dual-factor access authentication scheme for IoT terminal in 5G environments with network slice selection. To be specific, IoT terminals first use Physical Unclonable Function (PUF) to ensure their own security, then use secure one-way hash function, XOR calculation, and pseudo-identities to achieve anonymous authentication, and finally establish a secure connection with the 5G core network as well as the Management Architecture and Network Orchestration (MANO) to access customized network slices. The proposed protocol can eventually realize session key negotiation between IoT terminals, 5G core network elements and MANO entities to ensure data transmission security. We verify the security of the protocol through simulation and security analysis, and demonstrate the efficiency of the protocol by comparing it with state-of-the-art schemes.

computer science, information systems

Xinyi Luo,Kaiping Xue,Jian Li,Ruidong Li,David S. L. Wei

DOI: https://doi.org/10.1109/mcom.001.2200665

IF: 9.03

2023-01-01

IEEE Communications Magazine

Abstract:To provide customized and high-quality network services under limited network resources, the 5G introduces the network slicing technology that divides physical networks into several logically independent virtual networks, improving the performance of network utilization. The slice management should satisfy the chief concerns of network operators and slice tenants who are the two most important participants, i.e., slice allocation for operators and Service Level Agreement (SLA) guarantee for tenants. However, for slice allocation, traditional centralized schemes cannot well support multi-operator slicing due to the lack of trust. And for SLA guarantee, existing solutions only provide global SLA based on game theory but cannot handle each dispute between operators and tenants. To solve the problems, we propose a blockchain-based network slice management framework consisting of a slice committee and three protocols: slice, audit, and dispute. With the help of the decentralization and reliability of blockchain, the proposed scheme achieves collaborative slice management among multiple operators with SLA guarantee. Through security and performance analysis, we prove that the proposed scheme can defend against possible dishonest behaviors of entities in the system, and is practical in terms of performance.

Ronghao Ma,Jianhong Zhou,Maode Ma

DOI: https://doi.org/10.3390/s24072331

IF: 3.9

2024-04-06

Sensors

Abstract:In the realm of the fifth-generation (5G) wireless cellular networks, renowned for their dense connectivity, there lies a substantial facilitation of a myriad of Internet of Things (IoT) applications, which can be supported by the massive machine-type communication (MTC) technique, a fundamental communication framework. In some scenarios, a large number of machine-type communication devices (MTCD) may simultaneously enter the communication coverage of a target base station. However, the current handover mechanism specified by the 3rd Generation Partnership Project (3GPP) Release 16 incurs high signaling overhead within the access and core networks, which may have negative impacts on network efficiency. Additionally, other existing solutions are vulnerable to malicious attacks such as Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, and the failure of Key Forward Secrecy (KFS). To address this challenge, this paper proposes an efficient and secure handover authentication protocol for a group of MTCDs supported by blockchain technology. This protocol leverages the decentralized nature of blockchain technology and combines it with certificateless aggregate signatures to mutually authenticate the identity of a base station and a group of MTCDs. This approach can reduce signaling overhead and avoid key escrow while significantly lowering the risk associated with single points of failure. Additionally, the protocol protects device anonymity by encrypting device identities with temporary anonymous identity markers with the Elliptic Curve Diffie–Hellman (ECDH) to abandon serial numbers to prevent linkage attacks. The resilience of the proposed protocol against predominant malicious attacks has been rigorously validated through the application of the BAN logic and Scyther tool, underscoring its robust security attributes. Furthermore, compared to the existing solutions, the proposed protocol significantly reduces the authentication cost for a group of MTCDs during handover, while ensuring security, demonstrating commendable efficiency.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ali Esmaeily,Katina Kralevska

DOI: https://doi.org/10.3390/electronics13081548

IF: 2.9

2024-04-19

Electronics

Abstract:Sharing resources through network slicing in a physical infrastructure facilitates service delivery to various sectors and industries. Nevertheless, ensuring security of the slices remains a significant hurdle. In this paper, we investigate the utilization of State-of-the-Art (SoA) Virtual Private Network (VPN) solutions in 5G networks to enhance security and performance when isolating slices. We deploy and orchestrate cloud-native network functions to create multiple scenarios that emulate real-life cellular networks. We evaluate the performance of the WireGuard, IPSec, and OpenVPN solutions while ensuring confidentiality and data protection within 5G network slices. The proposed architecture provides secure communication tunnels and performance isolation. Evaluation results demonstrate that WireGuard provides slice isolation in the control and data planes with higher throughput for enhanced Mobile Broadband (eMBB) and lower latency for Ultra-Reliable Low-Latency Communications (URLLC) slices compared to IPSec and OpenVPN. Our developments show the potential of implementing WireGuard isolation, as a promising solution, for providing secure and efficient network slicing, which fulfills the 5G key performance indicator values.

engineering, electrical & electronic,computer science, information systems,physics, applied