Low-complexity access control scheme for MEC-based services
Mariusz Sepczuk, Zbigniew Kotulski, Wojciech Niewolski, Tomasz Nowak
DOI: http://dx.doi.org/10.15439/2022F55
Citation: Proceedings of the 17th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 30, pages 673–681 (2022)
Abstract. The standardized security architecture proposed by ETSI for 5G networks provides for six security domains covering network access and secure implementation of network services. However, this architecture does not specify detailed solutions for access control for web services and user credentials management. This paper proposes a new access control and service authorization protocol for the network services using MEC edge servers. Our solution does not slow down the performance of services in the 5G network. The advantage of this solution is that it allows you to solve some network security problems resulting from virtualization techniques (SDN and NFV) applied in constructing contemporary mobile networks.
References
- Minimum requirements related to technical performance for IMT-2020 radio interface(s). Report ITU-R M.2410-0, ITU (2017)
- Dynamic end-to-end network slicing for 5G, Nokia White Paper (2016). Global mobile Suppliers Association. https://gsacom.com
- Z. Kotulski, T. Nowak, M. Sepczuk, M. Tunia, R. Artych, K. Bocianiak, T. Osko, and J.-P. Wary, "On end-to-end approach for slice isolation in 5G networks. Fundamental challenges," 2017 Federated Conference on Computer Science and Information Systems (FedCSIS), 2017, pp. 783-792, https://doi.org/10.15439/2017F228
- T.W. Nowak, M. Sepczuk, Z. Kotulski, W. Niewolski, R. Artych, K. Bocianiak, T. Osko, and J.-P. Wary, "Verticals in 5G MEC-Use Cases and Security Challenges," IEEE Access, vol. 9, pp. 87251-87298, 2021, https://doi.org/10.1109/ACCESS.2021.3088374
- A.A. Barakabitze, A. Ahmad, R. Mijumbi, and A. Hines, "5G network slicing using SDN and NFV: A survey of taxonomy, architectures and future challenges," Computer Networks, vol. 167, 11 February 2020, 106984. https://doi.org/10.1016/j.comnet.2019.106984
- ETSI GS NFV-IFA 010: Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Functional requirements specification,V3.6.1, ETSI (2022-01).
- F.N. Nife and Z. Kotulski, "Application-aware firewall mechanism for Software Defined Networks," J Network and System Management 2020, vol. 28, pp. 605-626. https://doi.org/10.1007/s10922-020-09518-z
- Y. Hu, M. Patel, D. Sabella, N. Sprecher, and V. Young, Mobile Edge Computing. A key technology towards 5G. 2015, ETSI White Paper No. 11.
- B. Blanco et al., "Technology pillars in the architecture of future 5G mobile networks: NFV, MEC and SDN," Comput. Stand. Interfaces, 2017, vol. 54(4), pp. 216-228, https://doi.org/10.1016/j.csi.2016.12.007
- 5G; Security architecture and procedures for 5G System. ETSI TS 133 501 V16.5.0 (2021)
- X. Ji, K. Huang, L. Jin, H. Tang, C. Liu, Z. Zhong, W. You, X. Xu, H. Zhao, J. Wu, and M. Yi, "Overview of 5G security technology," SCIENCE CHINA, Information Sciences, 61 081301:1-081301:25 (2018) https://doi.org/10.1007/s11432-017-9426-4
- Z. Kotulski, W. Niewolski, T. Nowak, M. Sepczuk, "New Security Architecture of Access Control in 5G MEC," in: Thampi, S.M., Wang, G., Rawat, D.B., Ko, R., Fan, CI. (eds) Security in Computing and Communications. SSCC 2020. Communications in Computer and Information Science, vol. 1364. Springer, Singapore 2021. https://doi.org/10.1007/978-981-16-0422-5_6
- W. Niewolski, T.W. Nowak, M. Sepczuk, Z. Kotulski, "Token-based authentication framework for 5G MEC mobile networks," Electronics, 2021, vol. 10, 1724. https://doi.org/10.3390/electronics10141724
- Welcome to OpenID Connect, https://openid.net/connect/
- Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0 - Errata Composite, Working Draft 07, 8 September 2015, https://www.oasis-open.org/committees/download.php/56782/sstc-saml-profiles-errata-2.0-wd-07.pdf
- D. Hardt, Ed., The OAuth 2.0 Authorization Framework, RFC 6749, October 2012, Available online: https://datatracker.ietf.org/doc/html/rfc6749
- Verifiable Credentials Data Model v1.1, W3C Recommendation 03 March 2022 https://www.w3.org/TR/vc-data-model/
- N. Fotiou, V.A. Siris, and G.C. Polyzos, "Capability-based access control for multi-tenant systems using OAuth 2.0 and Verifiable Credentials," https://arxiv.org/abs/2104.11515v2 [cs.CR] 28 Apr 2021 https://arxiv.org/abs/2104.11515
- Decentralized Identifiers (DIDs) v1.0. Core architecture, data model, and representations, W3C Proposed Recommendation 03 August 2021 https://www.w3.org/TR/did-core/
- A. Preukschat, D. Reed Self-sovereign identity: decentralized digital identity and verifiable credentials, Manning (June 8, 2021), ISBN-13: 978-1617296598.
- J. Sedlmeir, R. Smethurst, A. Rieger, and G. Fridgen, "Digital Identities and Verifiable Credentials", Bus Inf Syst Eng, vol. 63(5), pp. 603-613, 2021. https://doi.org/10.1007/s12599-021-00722-y
- N. Fotiou, I. Pittaras, V.A. Siris, S. Voulgaris, and G.C. Polyzos, "OAuth 2.0 authorization using blockchain-based tokens," https://arxiv.org/abs/2001.10461v1 [cs.CR] 28 Jan 2020 https://arxiv.org/abs/2001.10461
- B. Liang, M.A. Gregory, S. Li, "Multi-access Edge Computing fundamentals, services, enablers and challenges: A complete survey," Journal of Network and Computer Applications vol. 199 (2022) 103308. https://doi.org/10.1016/j.jnca.2021.103308
- A. Ali, S.R. Khan, S. Sakib, S. Hossain, and Y.-D. Lin, "Federated 3GPP Mobile Edge Computing systems: a transparent proxy for third party authentication with application mobility support," IEEE Access, vol. 10, pp. 35106-35119, 2022. https://doi.org/0.1109/ACCESS.2022.3162851
- Sakthibalan Pandiyan, Devarajan Krishnamoorthy, "NRTAS: Non-redundant traffic authentication scheme for strengthening privacy in 5 G communication networks," Journal of Intelligent and Fuzzy Systems, April 2022. https://doi.org/10.3233/JIFS-212750
- G. Akman, P. Ginzboorg, and V. Niemi, "Privacy-Aware Access Protocols for MEC Applications in 5G," Network 2022, 2, pp. 203-224. https://doi.org/10.3390/network2020014
- Project description: py-ABAC. Attribute Based Access Control (ABAC) for python. https://pypi.org/project/py-abac/0.2.0/
- JSON Web Signature (JWS). RFC 7515 (2015) Available online: https://tools.ietf.org/html/rfc7515
- JSON Web Encryption (JWE). RFC 7516 (2015) Available online: https://tools.ietf.org/html/rfc7516
- JSON Web Key (JWK). RFC 7517 (2015) Available online: https://tools.ietf.org/html/rfc7517
- JSON Web Algorithms (JWA). RFC 7518 (2015) Available online: https://tools.ietf.org/html/rfc7518
- JSON Web Token (JWT). RFC 7519 (2015) Available online: https://tools.ietf.org/html/rfc7519
- Functional architecture and information flows to support Common API Framework for 3GPP Northbound APIs. 3GPP TS 23.222 V17.4.0 (2021-04)
- Z. Kotulski, T. Nowak, M. Sepczuk, M. Tunia, R. Artych, K. Bocianiak, T. Osko, and J.-P. Wary, "Towards constructive approach to end-to-end slice isolation in 5G networks," EURASIP J. Information Security 2018, 2 (2018). https://doi.org/10.1186/s13635-018-0072-0
- W. Fisher, N. Brickman, P. Burdenet et al., Attribute Based Access Control. NIST SP 1800-3, Second draft (2017)
- B. Brik, P.A. Frangoudis, A. Ksentini, "Service-oriented MEC applications placement in a Federated Edge Cloud Architecture," in: IEEE Int. Conf. on Communications (ICC), Dublin, Ireland, 2020, pp. 1-6. https://doi.org/10.1109/ICC40277.2020.9148814
- P.A. Grassi, M.E. Garcia, J.L. Fenton, Digital Identity Guidelines. NIST SP 800-63-3 (2017). https://doi.org/10.6028/NIST.SP.800-63-3
- Multi-access Edge Computing (MEC); Phase 2: Use Cases and Requirements. ETSI GS MEC 002 V2.1.1 (2018-10)
- Multi-access Edge Computing (MEC). MEC 5G Integration. ETSI GR MEC 031 V2.1.1 (2020-10)
- S. Behrad, E. Bertin, N. Crespi, "A survey on authentication and access control for mobile networks: from 4G to 5G," Ann. Telecommun. 2019, vol. 74, pp. 593-603. https://doi.org/10.1007/s12243-019-00721-x
- R. Deb and S. Roy, "A comprehensive survey of vulnerability and information security in SDN," Computer Networks, Volume 206, 7 April 2022, 108802, https://doi.org/10.1016/j.comnet.2022.108802
- NFV Security in 5G - Challenges and Best Practices, ENISA Report, February 24, 2022, https://www.enisa.europa.eu/publications/nfv-security-in-5g-challenges-and-best-practices https://doi.org/10.2824/166009
- F. Nife, Z. Kotulski, and O. Reyad, "New SDN-oriented distributed network security system," Appl. Math. Inf. Sci. vol. 12, no. 4, pp. 673-683 (2018) https://doi.org/10.18576/amis/120401
- Y. Maleh, Y. Qasmaoui, K. El Gholami, Y. Sadqi, and S. Mounir, "A comprehensive survey on SDN security: threats, mitigations, and future directions," Journal of Reliable Intelligent Environments, 2022. https://doi.org/10.1007/s40860-022-00171-8
- K.K. Karmakar, V. Varadharajan, and U. Tupakula, "On the design and implementation of a security architecture for Software Defined Networks," in 2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2016, pp. 671-678, https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0099
- Q. Li, Y. Chen, P.P.C. Lee, M. Xu, and K. Ren, "Security Policy Violations in SDN Data Plane," IEEE/ACM Transactions on Networking, vol. 26, no. 4, pp. 1715-1727, Aug. 2018, https://doi.org/10.1109/TNET.2018.2853593
- F. Nife, Z. Kotulski, "New SDN-Oriented Authentication and Access Control Mechanism," in: Gaj, P., Sawicki, M., Suchacka, G., Kwiecien, A. (eds) Computer Networks. CN 2018. Communications in Computer and Information Science, vol 860. Springer, Cham 2018. https://doi.org/10.1007/978-3-319-92459-5_7
- T. Alharbi, M. Portmann, and F. Pakzad, "The (in)security of topology discovery in OpenFlow-based software defined network," Int. J. Netw. Secur. Appl. 10 (2018) 01-16. https://doi.org/10.1109/LCN.2015.7366363
- ETSI Technical Specification, 5G; Procedures for the 5G System (5GS) (3GPP TS 23.502 version 16.5.0 Release 16) 2022, https://www.etsi.org/deliver/etsi_ts/123500_123599/123502/16.05.00_60/ts_123502v160500p.pdf