DSM Attack Resistant Slice Selection in 5G
01 Jul 2021-IEEE Wireless Communications Letters (Institute of Electrical and Electronics Engineers (IEEE))-Vol. 10, Iss: 7, pp 1469-1473
TL;DR: The proposed protocol implements neutral slice selection and mitigation of traffic analysis attacks by ensuring user anonymity and its computation overhead is compared with that of the traditional protocol and a privacy preserving slice selection protocol.
Abstract: In a previous letter, we proposed the distributed slice mobility (DSM) attack. The DSM attack can cause severe performance and economic damage to 5G networks. Attackers can launch the DSM attack by exploiting a vulnerability in the existing slice selection protocol. In this letter, we propose a DSM attack resistant slice selection protocol for 5G networks. In the proposed protocol, the network selects the best slice for a session between a user and an external data network based on the type of services offered by the external data network and the user’s subscription details. The proposed protocol implements neutral slice selection and mitigation of traffic analysis attacks by ensuring user anonymity. The proposed protocol is implemented, and its computation overhead is compared with that of the traditional protocol and a privacy preserving slice selection protocol.
Citations
More filters
TL;DR: DeepSecure is proposed, a framework based on a Long Short Term Memory deep learning technique that detects user equipment (UE) network traffic as DDoS attack or normal traffic and assigns an appropriate slice to a legitimate UE request and compared with existing machine learning and deep learning techniques used in the literature.
Abstract: Network slicing is one of the main enablers of the fifth-generation (5G) cellular network. However, it is susceptible to security threats such as distributed denial of service (DDoS) attacks. A DDoS attack on a slice could lead to the exhaustion of available common resources and a breach of the availability of resources on the slices. Recent works such as statistical, machine learning and cryptography techniques are limited by the requirement to define thresholds, feature engineering constraints and computation overload, respectively. In this letter, we propose DeepSecure, a framework based on a Long Short Term Memory deep learning technique that detects user equipment (UE) network traffic as DDoS attack or normal traffic and assigns an appropriate slice to a legitimate UE request. We compared our work with existing machine learning and deep learning techniques used in the literature. Experiment results showed that our proposed framework performed better in detecting DDoS attacks with an accuracy of 99.970% and predicting the appropriate slice requested by legitimate UE with an accuracy of 98.798%.
18 citations
08 Jan 2023
TL;DR: In this article , the authors proposed an attack detection and localization algorithm for 5G network slicing from a Distributed Denial of Service (DDoS) attack perspective and compared results for various combinations of average waiting time and average switching rate to detect the attack and localize compromised user equipment.
Abstract: Network slicing plays a crucial role in supporting Fifth Generation (5G) mobile network, which is designed to efficiently accommodate a diverse range of services with varying service level requirements. In this work, our efforts are largely aimed at exposing security flaws in 5G network slicing from a Distributed Denial of Service (DDoS) attack perspective. Time consuming authentication process during the inter-slice handover procedure is exploited to launch a DDoS attack. To address this issue, we offer novel attack detection and localization algorithms. We have compared results for various combinations of average waiting time and average switching rate to detect the attack and localize compromised user equipments. As per experimentation results, our approach resulted in an accuracy of 91% for detecting an attack and 96% for identifying compromised users.
1 citations
DOI•
12 Oct 2021TL;DR: In this paper, a systematic review of the literature that studies Cybersecurity in 5G networkslicing was carried out using the Kitchenham & Carters method, posing three research questions.
Abstract: Fifth-generation (5G) wireless technologies are characterized by high-speed transmission and greater capacity for millions of devices interconnected with low latency. However, having various enabling technologies like Network Slicing introduces new threats. In this work, we propose to carry out a systematic review of the literature that studies Cybersecurity in this environment. The Kitchenham & Carters method is used, posing three research questions. As a result, 41 papers that met the semantic search criteria were analyzed in the Science Direct Elsevier database, IEEE eXplorer digital library, and ACM digital library. The main security issues that affect 5G Network Slicing technology and the possible solutions that mitigate the vulnerabilities found were identified.
24 Feb 2023
TL;DR: In this article , a network slicing system architecture for mobile medical scenarios is designed with reference to the idea of end-to-end network slicing, using the NC separation feature of SDN technology and the network function virtualization of VNF technology.
Abstract: The application scenarios of 5G will broaden from mobile Internet to the Internet of Things (IoT), industrial Internet and many other fields. Its high speed, low latency, high reliability and wide coverage will greatly promote the flourishing of smart city systems, telemedicine systems, artificial intelligence technologies and IoT technologies. The objective of this paper is to investigate the advantages of 5G slicing technology for IoT applications. In order to meet the demand for high speed for 4K HD video transmission and the demand for low latency and high reliability for remote surgery, a network slicing system architecture for mobile medical scenarios is designed with reference to the idea of end-to-end network slicing, using the NC separation feature of SDN technology and the network function virtualization of VNF technology, and then the overall system architecture and the specific implementation process of end-to-end network slicing are elaborated. The overall system architecture and the specific implementation flow of end-to-end network slicing are then elaborated, and finally, through simulation, the proposed end-to-end network slicing system solution is concluded to be efficient and feasible.
08 Jan 2023
TL;DR: In this article , the authors proposed an attack detection and localization algorithm for 5G network slicing from a Distributed Denial of Service (DDoS) attack perspective and compared results for various combinations of average waiting time and average switching rate to detect the attack and localize compromised user equipment.
Abstract: Network slicing plays a crucial role in supporting Fifth Generation (5G) mobile network, which is designed to efficiently accommodate a diverse range of services with varying service level requirements. In this work, our efforts are largely aimed at exposing security flaws in 5G network slicing from a Distributed Denial of Service (DDoS) attack perspective. Time consuming authentication process during the inter-slice handover procedure is exploited to launch a DDoS attack. To address this issue, we offer novel attack detection and localization algorithms. We have compared results for various combinations of average waiting time and average switching rate to detect the attack and localize compromised user equipments. As per experimentation results, our approach resulted in an accuracy of 91% for detecting an attack and 96% for identifying compromised users.
References
More filters
TL;DR: An efficient and secure service-oriented authentication framework supporting network slicing and fog computing for 5G-enabled IoT services is proposed and session keys are negotiated among users, local fogs and IoT servers to guarantee secure access of service data in fog cache and remote servers with low latency.
Abstract: 5G network is considered as a key enabler in meeting continuously increasing demands for the future Internet of Things (IoT) services, including high data rate, numerous devices connection, and low service latency. To satisfy these demands, network slicing and fog computing have been envisioned as the promising solutions in service-oriented 5G architecture. However, security paradigms enabling authentication and confidentiality of 5G communications for IoT services remain elusive, but indispensable. In this paper, we propose an efficient and secure service-oriented authentication framework supporting network slicing and fog computing for 5G-enabled IoT services. Specifically, users can efficiently establish connections with 5G core network and anonymously access IoT services under their delegation through proper network slices of 5G infrastructure selected by fog nodes based on the slice/service types of accessing services. The privacy-preserving slice selection mechanism is introduced to preserve both configured slice types and accessing service types of users. In addition, session keys are negotiated among users, local fogs and IoT servers to guarantee secure access of service data in fog cache and remote servers with low latency. We evaluate the performance of the proposed framework through simulations to demonstrate its efficiency and feasibility under 5G infrastructure.
228 citations
TL;DR: A comprehensive survey of 5G network slicing, including network function virtualization and modularization, dynamic service chaining, management and orchestration, and the latest progress in 3GPP standardization and industry implementation is presented.
Abstract: Besides conventional mobile broadband communication service, 5G is envisioned to support various new use cases from vertical industries. These new scenarios bring diverse and challenging requirements, such as a broader range of performance, cost, security protection, and mobility management. The one-size-fits-all design philosophy applied in existing networks is not viable any more. Slicing a single physical network into several logical networks customized to different unique requirements has emerged as a promising approach to fulfill such divergent requirements in a sustainable way. In this article, we provide a comprehensive survey of 5G network slicing. We first present the driving forces and the concept of network slicing. Then related key enabling technologies, including network function virtualization and modularization, dynamic service chaining, management and orchestration are discussed. The latest progress in 3GPP standardization and industry implementation on 5G network slicing is presented. Finally, the article identifies several important open issues and challenges to inspire further study toward a practical network slicing enabled 5G system.
219 citations
TL;DR: An efficient device association scheme for RAN slicing is proposed by exploiting a hybrid FL reinforcement learning (HDRL) framework, with the aim to improve network throughput while reducing handoff cost.
Abstract: Network slicing (NS) has been widely identified as a key architectural technology for 5G-and-beyond systems by supporting divergent requirements in a sustainable way. In radio access network (RAN) slicing, due to the device-base station (BS)-NS three layer association relationship, device association (including access control and handoff management) becomes an essential yet challenging issue. With the increasing concerns on stringent data security and device privacy, exploiting local resources to solve device association problem while enforcing data security and device privacy becomes attractive. Fortunately, recently emerging federated learning (FL), a distributed learning paradigm with data protection, provides an effective tool to address this type of issues in mobile networks. In this paper, we propose an efficient device association scheme for RAN slicing by exploiting a hybrid FL reinforcement learning (HDRL) framework, with the aim to improve network throughput while reducing handoff cost. In our proposed framework, individual smart devices train a local machine learning model based on local data and then send the model features to the serving BS/encrypted party for aggregation, so as to efficiently reduce bandwidth consumption for learning while enforcing data privacy. Specifically, we use deep reinforcement learning to train the local model on smart devices under a hybrid FL framework, where horizontal FL is employed for parameter aggregation on BS, while vertical FL is employed for NS/BS pair selection aggregation on the encrypted party. Numerical results show that the proposed HDRL scheme can achieve significant performance gain in terms of network throughput and communication efficiency in comparison with some state-of-the-art solutions.
72 citations
17 Jun 2019
TL;DR: It is shown that except for the IMSI-catcher attack, all known attacks against 5G-AKA privacy still apply, and it is formally proved that the protocol is sigma-unlinkable.
Abstract: We study the 5G-AKA authentication protocol described in the 5G mobile communication standards. This version of AKA tries to achieve a better privacy than the 3G and 4G versions through the use of asymmetric randomized encryption. Nonetheless, we show that except for the IMSI-catcher attack, all known attacks against 5G-AKA privacy still apply. Next, we modify the 5G-AKA protocol to prevent these attacks, while satisfying 5G-AKA efficiency constraints as much as possible. We then formally prove that our protocol is sigma-unlinkable. This is a new security notion, which allows for a fine-grained quantification of a protocol privacy. Our security proof is carried out in the Bana-Comon indistinguishability logic. We also prove mutual authentication as a secondary result.
63 citations
TL;DR: A multi-agent reinforcement LEarning based Smart handover Scheme, named LESS, is proposed, with the purpose of minimizing handover cost while maintaining user QoS, and simulation results show that LESS can significantly improve network performance.
Abstract: Network slicing is identified as a fundamental architectural technology for future mobile networks since it can logically separate networks into multiple slices and provide tailored quality of service (QoS). However, the introduction of network slicing into radio access networks (RAN) can greatly increase user handover complexity in cellular networks. Specifically, both physical resource constraints on base stations (BSs) and logical connection constraints on network slices (NSs) should be considered when making a handover decision. Moreover, various service types call for an intelligent handover scheme to guarantee the diversified QoS requirements. As such, in this article, a multi-agent reinforcement LEarning based Smart handover Scheme, named LESS, is proposed, with the purpose of minimizing handover cost while maintaining user QoS. Due to the large action space introduced by multiple users and the data sparsity caused by user mobility, conventional reinforcement learning algorithms cannot be applied directly. To solve these difficulties, LESS exploits the unique characteristics of slicing in designing two algorithms: 1) LESS-DL, a distributed ${Q}$ -learning algorithm to make handover decisions with reduced action space but without compromising handover performance; 2) LESS-QVU, a modified ${Q}$ -value update algorithm which exploits slice traffic similarity to improve the accuracy of ${Q}$ -value evaluation with limited data. Thus, LESS uses LESS-DL to choose the target BS and NS when a handover occurs, while ${Q}$ -values are updated by using LESS-QVU. The convergence of LESS is theoretically proved in this article. Simulation results show that LESS can significantly improve network performance. In more detail, the number of handovers, handover cost and outage probability are reduced by around 50%, 65%, and 45%, respectively, when compared with traditional methods.
42 citations