Logo PTI Logo FedCSIS

Proceedings of the 17th Conference on Computer Science and Intelligence Systems

Annals of Computer Science and Information Systems, Volume 30

Low-complexity access control scheme for MEC-based services

, , ,

DOI: http://dx.doi.org/10.15439/2022F55

Citation: Proceedings of the 17th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 30, pages 673681 ()

Full text

Abstract. The standardized security architecture proposed by ETSI for 5G networks provides for six security domains covering network access and secure implementation of network services. However, this architecture does not specify detailed solutions for access control for web services and user credentials management. This paper proposes a new access control and service authorization protocol for the network services using MEC edge servers. Our solution does not slow down the performance of services in the 5G network. The advantage of this solution is that it allows you to solve some network security problems resulting from virtualization techniques (SDN and NFV) applied in constructing contemporary mobile networks.

References

  1. Minimum requirements related to technical performance for IMT-2020 radio interface(s). Report ITU-R M.2410-0, ITU (2017)
  2. Dynamic end-to-end network slicing for 5G, Nokia White Paper (2016). Global mobile Suppliers Association. https://gsacom.com
  3. Z. Kotulski, T. Nowak, M. Sepczuk, M. Tunia, R. Artych, K. Bocianiak, T. Osko, and J.-P. Wary, "On end-to-end approach for slice isolation in 5G networks. Fundamental challenges," 2017 Federated Conference on Computer Science and Information Systems (FedCSIS), 2017, pp. 783-792, https://doi.org/10.15439/2017F228
  4. T.W. Nowak, M. Sepczuk, Z. Kotulski, W. Niewolski, R. Artych, K. Bocianiak, T. Osko, and J.-P. Wary, "Verticals in 5G MEC-Use Cases and Security Challenges," IEEE Access, vol. 9, pp. 87251-87298, 2021, https://doi.org/10.1109/ACCESS.2021.3088374
  5. A.A. Barakabitze, A. Ahmad, R. Mijumbi, and A. Hines, "5G network slicing using SDN and NFV: A survey of taxonomy, architectures and future challenges," Computer Networks, vol. 167, 11 February 2020, 106984. https://doi.org/10.1016/j.comnet.2019.106984
  6. ETSI GS NFV-IFA 010: Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Functional requirements specification,V3.6.1, ETSI (2022-01).
  7. F.N. Nife and Z. Kotulski, "Application-aware firewall mechanism for Software Defined Networks," J Network and System Management 2020, vol. 28, pp. 605-626. https://doi.org/10.1007/s10922-020-09518-z
  8. Y. Hu, M. Patel, D. Sabella, N. Sprecher, and V. Young, Mobile Edge Computing. A key technology towards 5G. 2015, ETSI White Paper No. 11.
  9. B. Blanco et al., "Technology pillars in the architecture of future 5G mobile networks: NFV, MEC and SDN," Comput. Stand. Interfaces, 2017, vol. 54(4), pp. 216-228, https://doi.org/10.1016/j.csi.2016.12.007
  10. 5G; Security architecture and procedures for 5G System. ETSI TS 133 501 V16.5.0 (2021)
  11. X. Ji, K. Huang, L. Jin, H. Tang, C. Liu, Z. Zhong, W. You, X. Xu, H. Zhao, J. Wu, and M. Yi, "Overview of 5G security technology," SCIENCE CHINA, Information Sciences, 61 081301:1-081301:25 (2018) https://doi.org/10.1007/s11432-017-9426-4
  12. Z. Kotulski, W. Niewolski, T. Nowak, M. Sepczuk, "New Security Architecture of Access Control in 5G MEC," in: Thampi, S.M., Wang, G., Rawat, D.B., Ko, R., Fan, CI. (eds) Security in Computing and Communications. SSCC 2020. Communications in Computer and Information Science, vol. 1364. Springer, Singapore 2021. https://doi.org/10.1007/978-981-16-0422-5_6
  13. W. Niewolski, T.W. Nowak, M. Sepczuk, Z. Kotulski, "Token-based authentication framework for 5G MEC mobile networks," Electronics, 2021, vol. 10, 1724. https://doi.org/10.3390/electronics10141724
  14. Welcome to OpenID Connect, https://openid.net/connect/
  15. Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0 - Errata Composite, Working Draft 07, 8 September 2015, https://www.oasis-open.org/committees/download.php/56782/sstc-saml-profiles-errata-2.0-wd-07.pdf
  16. D. Hardt, Ed., The OAuth 2.0 Authorization Framework, RFC 6749, October 2012, Available online: https://datatracker.ietf.org/doc/html/rfc6749
  17. Verifiable Credentials Data Model v1.1, W3C Recommendation 03 March 2022 https://www.w3.org/TR/vc-data-model/
  18. N. Fotiou, V.A. Siris, and G.C. Polyzos, "Capability-based access control for multi-tenant systems using OAuth 2.0 and Verifiable Credentials," https://arxiv.org/abs/2104.11515v2 [cs.CR] 28 Apr 2021 https://arxiv.org/abs/2104.11515
  19. Decentralized Identifiers (DIDs) v1.0. Core architecture, data model, and representations, W3C Proposed Recommendation 03 August 2021 https://www.w3.org/TR/did-core/
  20. A. Preukschat, D. Reed Self-sovereign identity: decentralized digital identity and verifiable credentials, Manning (June 8, 2021), ISBN-13: 978-1617296598.
  21. J. Sedlmeir, R. Smethurst, A. Rieger, and G. Fridgen, "Digital Identities and Verifiable Credentials", Bus Inf Syst Eng, vol. 63(5), pp. 603-613, 2021. https://doi.org/10.1007/s12599-021-00722-y
  22. N. Fotiou, I. Pittaras, V.A. Siris, S. Voulgaris, and G.C. Polyzos, "OAuth 2.0 authorization using blockchain-based tokens," https://arxiv.org/abs/2001.10461v1 [cs.CR] 28 Jan 2020 https://arxiv.org/abs/2001.10461
  23. B. Liang, M.A. Gregory, S. Li, "Multi-access Edge Computing fundamentals, services, enablers and challenges: A complete survey," Journal of Network and Computer Applications vol. 199 (2022) 103308. https://doi.org/10.1016/j.jnca.2021.103308
  24. A. Ali, S.R. Khan, S. Sakib, S. Hossain, and Y.-D. Lin, "Federated 3GPP Mobile Edge Computing systems: a transparent proxy for third party authentication with application mobility support," IEEE Access, vol. 10, pp. 35106-35119, 2022. https://doi.org/0.1109/ACCESS.2022.3162851
  25. Sakthibalan Pandiyan, Devarajan Krishnamoorthy, "NRTAS: Non-redundant traffic authentication scheme for strengthening privacy in 5 G communication networks," Journal of Intelligent and Fuzzy Systems, April 2022. https://doi.org/10.3233/JIFS-212750
  26. G. Akman, P. Ginzboorg, and V. Niemi, "Privacy-Aware Access Protocols for MEC Applications in 5G," Network 2022, 2, pp. 203-224. https://doi.org/10.3390/network2020014
  27. Project description: py-ABAC. Attribute Based Access Control (ABAC) for python. https://pypi.org/project/py-abac/0.2.0/
  28. JSON Web Signature (JWS). RFC 7515 (2015) Available online: https://tools.ietf.org/html/rfc7515
  29. JSON Web Encryption (JWE). RFC 7516 (2015) Available online: https://tools.ietf.org/html/rfc7516
  30. JSON Web Key (JWK). RFC 7517 (2015) Available online: https://tools.ietf.org/html/rfc7517
  31. JSON Web Algorithms (JWA). RFC 7518 (2015) Available online: https://tools.ietf.org/html/rfc7518
  32. JSON Web Token (JWT). RFC 7519 (2015) Available online: https://tools.ietf.org/html/rfc7519
  33. Functional architecture and information flows to support Common API Framework for 3GPP Northbound APIs. 3GPP TS 23.222 V17.4.0 (2021-04)
  34. Z. Kotulski, T. Nowak, M. Sepczuk, M. Tunia, R. Artych, K. Bocianiak, T. Osko, and J.-P. Wary, "Towards constructive approach to end-to-end slice isolation in 5G networks," EURASIP J. Information Security 2018, 2 (2018). https://doi.org/10.1186/s13635-018-0072-0
  35. W. Fisher, N. Brickman, P. Burdenet et al., Attribute Based Access Control. NIST SP 1800-3, Second draft (2017)
  36. B. Brik, P.A. Frangoudis, A. Ksentini, "Service-oriented MEC applications placement in a Federated Edge Cloud Architecture," in: IEEE Int. Conf. on Communications (ICC), Dublin, Ireland, 2020, pp. 1-6. https://doi.org/10.1109/ICC40277.2020.9148814
  37. P.A. Grassi, M.E. Garcia, J.L. Fenton, Digital Identity Guidelines. NIST SP 800-63-3 (2017). https://doi.org/10.6028/NIST.SP.800-63-3
  38. Multi-access Edge Computing (MEC); Phase 2: Use Cases and Requirements. ETSI GS MEC 002 V2.1.1 (2018-10)
  39. Multi-access Edge Computing (MEC). MEC 5G Integration. ETSI GR MEC 031 V2.1.1 (2020-10)
  40. S. Behrad, E. Bertin, N. Crespi, "A survey on authentication and access control for mobile networks: from 4G to 5G," Ann. Telecommun. 2019, vol. 74, pp. 593-603. https://doi.org/10.1007/s12243-019-00721-x
  41. R. Deb and S. Roy, "A comprehensive survey of vulnerability and information security in SDN," Computer Networks, Volume 206, 7 April 2022, 108802, https://doi.org/10.1016/j.comnet.2022.108802
  42. NFV Security in 5G - Challenges and Best Practices, ENISA Report, February 24, 2022, https://www.enisa.europa.eu/publications/nfv-security-in-5g-challenges-and-best-practices https://doi.org/10.2824/166009
  43. F. Nife, Z. Kotulski, and O. Reyad, "New SDN-oriented distributed network security system," Appl. Math. Inf. Sci. vol. 12, no. 4, pp. 673-683 (2018) https://doi.org/10.18576/amis/120401
  44. Y. Maleh, Y. Qasmaoui, K. El Gholami, Y. Sadqi, and S. Mounir, "A comprehensive survey on SDN security: threats, mitigations, and future directions," Journal of Reliable Intelligent Environments, 2022. https://doi.org/10.1007/s40860-022-00171-8
  45. K.K. Karmakar, V. Varadharajan, and U. Tupakula, "On the design and implementation of a security architecture for Software Defined Networks," in 2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2016, pp. 671-678, https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0099
  46. Q. Li, Y. Chen, P.P.C. Lee, M. Xu, and K. Ren, "Security Policy Violations in SDN Data Plane," IEEE/ACM Transactions on Networking, vol. 26, no. 4, pp. 1715-1727, Aug. 2018, https://doi.org/10.1109/TNET.2018.2853593
  47. F. Nife, Z. Kotulski, "New SDN-Oriented Authentication and Access Control Mechanism," in: Gaj, P., Sawicki, M., Suchacka, G., Kwiecien, A. (eds) Computer Networks. CN 2018. Communications in Computer and Information Science, vol 860. Springer, Cham 2018. https://doi.org/10.1007/978-3-319-92459-5_7
  48. T. Alharbi, M. Portmann, and F. Pakzad, "The (in)security of topology discovery in OpenFlow-based software defined network," Int. J. Netw. Secur. Appl. 10 (2018) 01-16. https://doi.org/10.1109/LCN.2015.7366363
  49. ETSI Technical Specification, 5G; Procedures for the 5G System (5GS) (3GPP TS 23.502 version 16.5.0 Release 16) 2022, https://www.etsi.org/deliver/etsi_ts/123500_123599/123502/16.05.00_60/ts_123502v160500p.pdf