5G core network slicing : MEC and NEF security concerns while exposing the 5G core for 3rd parties
Lampi, Kai (2021)
Lampi, Kai
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021101118521
https://urn.fi/URN:NBN:fi:amk-2021101118521
Tiivistelmä
The objective of the thesis was to discover 5G core network architecture readiness to provide network slicing service. The 5G core slicing is the base service to support mobile edge computing (MEC) in the 5G network. In order slicing to be dynamically provisioned, network expose function (NEF) is needed. These all are new services and their influence over the 5G core network security is not well known. Information available was theoretical, but not practical.
The theory part relies on a systematic literature review. A qualitative method was chosen because there was nothing to measure. Interviews were carried out with case study methods and a pre-defined theme interview structure. Finally, the interview answers were compared to the literature review and iteration made to complement the literature review part.
The 5G core, called as service-based architecture (SBA) is needed for full end-to-end slicing. Mobile edge computing MEC is needed to provide minimal delays between the mobile device and service, for example for autonomous driving. MEC has several different deployment models, and they provide different balance between delays and security. Network exposure function (NEF) provides the interface to allow 3rd parties to create slices in the mobile network and carry out future services that end users can purchase from other service provider than the mobile operator.
The study showed that SBA core is ready to be implemented. Encryption is available by default and that makes eavesdropping and other traditional hacking methods hard to accomplish. MEC protection requires mechanisms to control what is allowed to run on it and several firewalls create security zones. NEF is placed in the edge of the operator’s network and exposed to public network. It requires access control to limit unwanted authentication requests. The overall security control presumes situational awareness system and AI- and ML-based security solutions to adapt quickly changing traffic patterns.
The theory part relies on a systematic literature review. A qualitative method was chosen because there was nothing to measure. Interviews were carried out with case study methods and a pre-defined theme interview structure. Finally, the interview answers were compared to the literature review and iteration made to complement the literature review part.
The 5G core, called as service-based architecture (SBA) is needed for full end-to-end slicing. Mobile edge computing MEC is needed to provide minimal delays between the mobile device and service, for example for autonomous driving. MEC has several different deployment models, and they provide different balance between delays and security. Network exposure function (NEF) provides the interface to allow 3rd parties to create slices in the mobile network and carry out future services that end users can purchase from other service provider than the mobile operator.
The study showed that SBA core is ready to be implemented. Encryption is available by default and that makes eavesdropping and other traditional hacking methods hard to accomplish. MEC protection requires mechanisms to control what is allowed to run on it and several firewalls create security zones. NEF is placed in the edge of the operator’s network and exposed to public network. It requires access control to limit unwanted authentication requests. The overall security control presumes situational awareness system and AI- and ML-based security solutions to adapt quickly changing traffic patterns.