research-article

Design of a Security and Trust Framework for 5G Multi-domain Scenarios

Authors:

José María Jorquera Valero,

Pedro Miguel Sánchez Sánchez,

Alexios Lekidis,

Javier Fernandez Hidalgo,

Manuel Gil Pérez,

M. Shuaib Siddiqui,

Alberto Huertas Celdrán,

Gregorio Martínez PérezAuthors Info & Claims

Journal of Network and Systems Management, Volume 30, Issue 1

https://doi.org/10.1007/s10922-021-09623-7

Published: 01 January 2022 Publication History

Abstract

With the expansion of 5G networks, new business models are arising where multi-tenancy and active infrastructure sharing will be key enablers for them. With these new opportunities, new security risks are appearing in the form of a complex and evolving threat landscape for 5G networks, being one of the main challenges for the 5G mass rollout. In 5G-enabled scenarios, adversaries can exploit vulnerabilities associated with resource sharing to perform lateral movements targeting other tenant resources, as well as to disturb the 5G services offered or even the infrastructure resources. Moreover, existing security and trust models are not adequate to react to the dynamicity of the 5G infrastructure threats nor to the multi-tenancy security risks. Hence, we propose in this work a new security and trust framework for 5G multi-domain scenarios. To motivate its application, we detail a threat model covering multi-tenant scenarios in an underlying 5G network infrastructure. We also propose different ways to mitigate these threats by increasing the security and trust levels using network security monitoring, threat investigation, and end-to-end trust establishments. The framework is applied in a realistic use case of the H2020 5GZORRO project, which envisions a multi-tenant environment where domain owners share resources at will. The proposed framework forms a secure environment with zero-touch automation capabilities, minimizing human intervention.

References

[1]

Bangerter B, Talwar S, Arefi R, and Stewart K Networks and devices for the 5G era IEEE Commun. Mag. 2014 52 2 90-96

[2]

Foukas X, Patounas G, Elmokashfi A, and Marina MK Network slicing in 5G: Survey and challenges IEEE Commun. Mag. 2017 55 5 94-100

[3]

Gündoğran, C., Kietzmann, P., Lenders, M., Petersen, H., Schmidt, T.C., Wählisch, M.: NDN, CoAP, and MQTT: A comparative measurement study in the IoT. In 5th ACM Conference on Information-Centric Networking. pp. 159–171 (2018)

[4]

Barros, M.: Threat landscape for 5G networks: Updated threat assessment for the fifth generation of mobile telecommunications networks (5G). ENISA. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks (2020). Accessed 14 July 2021

[5]

Reynaud, F., Aguessy, F.X., Bettan, O., Bouet, M., Conan, V.: Attacks against network functions virtualization and software-defined networking: State-of-the-art. In 2016 IEEE NetSoft Conference and Workshops. pp. 471–476 (2016)

[6]

Merget, R., Brinkmann, M., Aviram, N., Somorovsky, J., Mittmann, J., Schwenk, J.: Raccoon attack: Finding and exploiting most-significant-bit-oracles in TLS-DH(E). In 30th USENIX Security Symposium. USENIX Association (2020)

[7]

Mazurczak W, Bisson P, Jover RP, Nakao K, and Cabaj K Challenges and novel Solutions for 5G network security, privacy and trust IEEE Wirel. Commun. 2020 27 4 6-7

[8]

Alemany, P., Vilalta, R., Muñoz, R., Casellas, R., Martínez, R. Peer-to-peer blockchain-based NFV service platform for end-to-end network slice orchestration across multiple NFVI domains. IEEE 3rd 5G World Forum (5GWF). pp. 151–156 (2020)

[9]

Suomalainen J, Ahola K, Majanen M, Mämmelä O, and Ruuska P Security Awareness in Software-Defined Multi-Domain 5G Networks Future Internet. 2018 10 27

[10]

5GZORRO. https://www.5gzorro.eu/. Accessed 14 July 2021

[11]

Stafford VA Zero trust architecture NIST Spec. Publ. 2020 800 207

[12]

ETSI: Zero-touch network and service management (ZSM); Requirements based on documented scenarios. https://www.etsi.org/deliver/etsi_gs/ZSM/001_099/001/01.01.01_60/gs_ZSM001v010101p.pdf (2020). Accessed 14 July 2021

[13]

Carrozzo, G., Siddiqui, M.S., Betzler, A., Bonnet, J., Martínez Pérez, G., Ramos, A., Subramanya, T.: AI-driven zero-touch operations, security and trust in multi-operator 5G networks: A conceptual architecture. In 2020 European Conference on Networks and Communications. pp. 254–258 (2020)

[14]

Surridge, M., Correndo, G., Meacham, K., Papay, J., Phillips, S.C., Wiegand, S., Wilkinson, T.: Trust modelling in 5G mobile networks. In Workshop on Security in Softwarized Networks: Prospects and Challenges. pp. 14–19 (2018)

[15]

Ortiz, J., Sanchez-Iborra, R., Bernal Bernabe, J., Skarmeta, A., Benzaid, C., Taleb, T., Alemany, P., Muñoz, R., Vilalta, R., Gaber, C., Wary, J.P., Ayed, D., Bisson, P., Christopoulou, M., Xilouris, G., Montes de Oca, E., Gür, G., Santinelli, G., Lefebvre, V., Pastor, A., Lopez, D. INSPIRE-5Gplus: Intelligent security and pervasive trust for 5G and beyond networks. In 15th International Conference on Availability, Reliability and Security. 105, 1–10 (2020)

[16]

Esteves, J.J.A., Boubendir, A., Guillemin, F., Sens, P.: Edge-enabled optimized network slicing in large scale networks. In 11th International Conference on Network of the Future. pp. 129–131 (2020)

[17]

National Science Foundation: Secure and Trustworthy Cyberspace (SaTC). https://www.nsf.gov/pubs/2021/nsf21500/nsf21500.htm (2020). Accessed 14 July 2021

[18]

Jayasinghe, U., Otebolaku, A., Um, T.-W., Lee, G.M.: Data centric trust evaluation and prediction framework for IOT. In 2017 ITU Kaleidoscope: Challenges for a Data-Driven Society (ITU K). IEEE (2017)

[19]

Fernández-Gago C, Moyano F, and Lopez J Modelling trust dynamics in the Internet of Things Inf. Sci. 2017 396 72-78

[20]

Liu, L., Loper, M.: Trust as a Service: Building and managing trust in the Internet of Things. In 2018 IEEE International Symposium on Technologies for Homeland Security. pp. 1–6 (2018)

[21]

Awan KA, Din IU, Zareei M, Talha M, Guizani M, and Jadoon SU Holitrust-A holistic cross-domain trust management mechanism for service-centric Internet of Things IEEE Access. 2019 7 52191-52201

[22]

Uikey, C., Bhilare, D.S.: TrustRBAC: Trust role based access control model in multi-domain cloud environments. In International Conference on Information, Communication, Instrumentation and Control. pp. 1–7 (2017)

[23]

Ravidas S, Lekidis A, Paci F, and Zannone N Access control in Internet-of-Things: A survey J. Netw. Comput. Appl. 2019 144 79-101

[24]

Varalakshmi, P., Judgi, T., Balaji, D.: Trust management model based on malicious filtered feedback in cloud. In International Conference on Data Science Analytics and Applications. pp. 178–187 (2018)

[25]

Burikova, S., Lee, J., Hussain, R., Sharafitdinova, l., Dzheriev, R., Hussain, F., Sharieh, S., Ferworn, A.: A trust management framework for Software Defined Networks-based Internet of Things. In 10th Annual Information Technology, Electronics and Mobile Communication Conference. 0325–0331 (2019)

[26]

Yao Z and Yan Z A trust management framework for software-defined network applications Concurr. Comput. 2020 32 16 e4518

[27]

Li J, Liang G, and Liu T A novel multi-link integrated factor algorithm considering node trust degree for blockchain-based communication KSII Trans. Internet Inf. Syst. 2017 11 8 1

[28]

Suomalainen J, Ahola K, Majanen M, Mämmelä O, and Ruuska P Security awareness in software-defined multi-domain 5G networks Future Internet. 2018 10 3 27

[29]

Wang, Q., Alcaraz-Calero, J., Weiss, M.B., Gavras, A., Neves, P.M., Cale, R., Bernini, G., Carrozzo, G., Ciulli, N., Celozzi, G., Ciriaco, A., Levin, A., Lorenz, D., Barabash, K., Nikaein, N., Spadaro, S., Morris, D., Chochliouros, J., Agapiou, Y., Patachia, C., Iordache, M., Oproiu, E., Lomba, C., Aleixo, A.C., Ro-Drigues, A., Hallissey, G., Bozakov, Z., Koutsopoulos, K., Walsh, P.: SliceNet: End-to-end cognitive network slicing and slice management framework in virtualised multi-domain, multi-tenant 5G networks. In IEEE international symposium on broadband multimedia systems and broadcasting (BMSB). pp. 1–5 (2018)

[30]

Zupancic E and Juric MB TACO: a novel method for trust rating subjectivity elimination based on Trust Attitudes COmparison Electron. Commer. Res. 2015 15 2 207-241

[31]

Hasan, O., Brunie, L., Pierson, J. M., Bertino, E.: Elimination of subjectivity from trust recommendation. In IFIP International Conference on Trust Management. pp. 65–80 (2009)

[32]

Blasch, E., Laskey, K.B., Jousselme, A.L., Dragos, V., Costa, P.C., Dezert, J.: URREF reliability versus credibility in information fusion (STANAG 2511). In 16th International Conference on Information Fusion. pp. 1600–1607 (2013)

[33]

Cho JH, Chan K, and Adali S A survey on trust modeling ACM Comput. Surv. 2015 48 2 1-40

[34]

Gilbert EPK, Kaliaperumal B, Rajsingh EB, and Lydia M Trust based data prediction, aggregation and reconstruction using compressed sensing for clustered wireless sensor networks Comput. Electr. Eng. 2018 72 894-909

[35]

Mendoza CVL and Kleinschmidt JH A distributed trust management mechanism for the Internet of things using a multi-service approach Wirel. Pers. Commun. 2018 103 3 2501-2513

[36]

Mahmud K and Usman M Trust establishment and estimation in cloud services: a systematic literature review J. Netw. Syst. Manage. 2019 27 2 489-540

[37]

Fung C, Zhang J, Aib I, and Boutaba R Trust management and admission control for host-based collaborative intrusion detection J. Netw. Syst. Manage. 2011 19 257-277

[38]

Cai, L., Rojas-Cessa, R.: Containing sybil attacks on trust management schemes for peer-to-peer networks. In 2014 IEEE International Conference on Communications. pp. 841–846 (2014)

[39]

Ahmad I, Shahabuddin S, Kumar T, Okwuibe J, Gurtov A, and Ylianttila M Security for 5G and beyond IEEE Commun. Surv. Tutor. 2019 21 4 3682-3722

[40]

Zhang, X., Kunz, A., Schröder, S.: Overview of 5G security in 3GPP. In 2017 IEEE conference on standards for communications and networking (CSCN). pp. 181–186 (2017)

[41]

Aggarwal, R. K.: A survey on comparative analysis of tools for the detection of ARP poisoning. In 2017 2nd International Conference on Telecommunication and Networks (TEL-NET). pp. 1–6 (2017)

[42]

Mamolar AS, Salva-Garcia P, Chirivella-Perez E, Pervez Z, Calero JMA, and Wang Q Autonomic protection of multi-tenant 5G mobile networks against UDP flooding DDoS attacks J. Netw. Comput. Appl. 2019 145 102416

[43]

Kekki S, Featherstone W, Fang Y, Kuure P, Li A, Ranjan A, Purkayastha D, Jiangping F, Frydman D, Verin G, and Wen KW MEC in 5G networks ETSI White Paper. 2018 28 1-28

[44]

Xiao K, Zhao J, Jiang M, and Wang F An anti-eavesdropping scheme for hybrid multicast services with massive MIMO in 5G J. Comput. Methods Sci. Eng. 2019 19 1 71-81

[45]

Parrend P, Navarro J, Guigou F, Deruyver A, and Collet P Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection EURASIP J. Inf. Secur. 2018 2018 1 1-21

[46]

Molina Zarca A, Garcia-Carrillo D, Bernal Bernabe J, Ortiz J, Marin-Perez R, and Skarmeta A Enabling virtual AAA management in SDN-based IoT networks Sensors 2019 19 2 295

[47]

Chang V, Kuo YH, and Ramachandran M Cloud computing adoption framework: A security framework for business clouds Futur. Gener. Comput. Syst. 2016 57 24-41

[48]

Noor TH, Sheng QZ, Yao L, Dustdar S, and Ngu AH CloudArmor: Supporting reputation-based trust management for cloud services IEEE Trans. Parallel Distrib. Syst. 2015 27 2 367-380

[49]

Almogren A, Mohiuddin I, Din IU, Al Majed H, and Guizani N Ftm-iomt: Fuzzy-based trust management for preventing sybil attacks in internet of medical things IEEE Internet Things J. 2020 8 6 4485-4497

[50]

Radford, B. J., Apolonio, L. M., Trias, A. J., Simpson, J. A.: Network traffic anomaly detection using recurrent neural networks. (2018)

[51]

Virupakshar KB, Asundi M, Channal K, Shettar P, Patil S, and Narayan DG Distributed denial of service (DDoS) attacks detection system for OpenStack-based private cloud Procedia Comput. Sci. 2020 167 2297-2307

[52]

Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: The design and implementation of a collaborative threat intelligence sharing platform. In ACM on Workshop on Information Sharing and Collaborative Security. pp. 49–56 (2016)

[53]

Common Vulnerabilities and Exposures. https://cve.mitre.org. Accessed 14 July 2021

[54]

Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., Sabadello, M., Holt, J.: Decentralized identifiers (DIDs) v1. 0. Draft Community Group Report. https://www.w3.org/TR/did-core/ (2020). Accessed 14 July 2021

[55]

Olariu, A., Martinez-Julia, P., Nobre, J., Lopez, D.: Draft IRTF NMRG IBN Intent Classification 03. Network Working Group, Internet Draft (2021) https://tools.ietf.org/html/draft-irtf-nmrg-ibn-intent-classification-03. Accessed 14 July 2021

[56]

Ghafir, I., Prenosil, V., Svoboda, J., Hammoudeh, M.: A survey on network security monitoring systems. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops. pp. 77–82 (2016)

[57]

Shah, N., Willick, D., Mago, V.: A framework for social media data analytics using Elasticsearch and Kibana. Wireless Networks. pp. 1–9 (2018)

[58]

Dowling, B., Paterson, K.G. A cryptographic analysis of the WireGuard protocol. In International Conference on Applied Cryptography and Network Security. pp. 3–21 (2018)

[59]

Haga, S., Esmaeily, A., Kralevska, K., Gligoroski, D.: 5G Network Slice Isolation with WireGuard and Open Source MANO: A VPNaaS Proof-of-Concept. IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). pp. 181–187 (2020)

[60]

Samdanis K and Taleb T The road beyond 5G: A vision and insight of the key technologies IEEE Netw. 2020 34 2 135-141

[61]

Deng S, Huang L, Xu G, Wu X, and Wu Z On deep learning for trust-aware recommendations in social networks IEEE Trans. Neural Netw. Learn. Syst. 2016 28 5 1164-1177

[62]

Khettab, Y., Bagaa, M., Dutra, D.L.C., Taleb, T., Toumi, N.: Virtual security as a service for 5G verticals. In 2018 IEEE Wireless Communications and Networking Conference. pp. 1–6 (2018)

[63]

Xiang, M., Liu, W., Bai, Q., Al-Anbuky, A., Wu, J., Sathiaseelan, A.: NTaaS: Network trustworthiness as a service. In 2017 27th International Telecommunication Networks and Applications Conference. pp. 1–6 (2017)

[64]

Yang Z, Yang K, Lei L, Zheng K, and Leung VC Blockchain-based decentralized trust management in vehicular networks IEEE Internet Things J. 2018 6 2 1495-1505

[65]

Jung, E.: A decentralized access control model for IoT with DID. In IT Convergence and Security. pp. 141–148 (2020)

[66]

ITU-T. Y.3053: Framework of trustworthy networking with trust-centric network domains. https://www.itu.int/rec/T-REC-Y.3053 (2018). Accessed 14 July 2021

[67]

Richer, J., Johansson, L.: Vectors of trust. IETF RFC 8485. https://tools.ietf.org/html/rfc8485 (2018). Accessed 14 July 2021

[68]

Nespoli, P., Gómez Mármol, F., Maestre Vidal, J.: Battling against cyberattacks: Towards pre-standardization of countermeasures. Clust. Comput. (2020)

[69]

Ismail UM, Islam S, Ouedraogo M, and Weippl E A framework for security transparency in cloud computing Future Internet 2016 8 1 5

Cited By

Lekidis A(2024)Towards 5G Advanced network slice assurance through isolation mechanismsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669923(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669923
GholipourChoubeh MKermabon-Bobinnec HMajumdar SJarraya YWang LNour BPourzandi MVilela JSchulmann HLi N(2024)CCSM: Building Cross-Cluster Security Models for Edge-Core Environments Involving Multiple Kubernetes ClustersProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653253(79-90)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653253
Lekidis A(2022)Cyber-security measures for protecting EPES systems in the 5G areaProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544476(1-10)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544476

Index Terms

Design of a Security and Trust Framework for 5G Multi-domain Scenarios

Index terms have been assigned to the content through auto-classification.

Recommendations

A security and trust framework for virtualized networks and software-defined networking

With the great success of the second-generation wireless telephone technology and the third-generation mobile telecommunications technology, and the fast development of the fourth-generation mobile telecommunications technology, the phase of fifth-...
Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement
DASC '09: Proceedings of the 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing

Internet clouds work as service factories built around web-scale datacenters. The elastic cloud resources and huge datasets processed are subject to security breaches, privacy abuses, and copyright violations. Provisioned cloud resources on-demand are ...
A limited-trust capacity model for mitigating threats of internal malicious services in cloud computing

Hidden persistent malware in guest virtual machine instances are among the most common internal threats in cloud computing, affecting the security of both cloud customers and providers. With the growing sophistication of modern malware, traditional ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Network and Systems Management

Journal of Network and Systems Management Volume 30, Issue 1

Jan 2022

693 pages

ISSN:1064-7570

Issue’s Table of Contents

© The Author(s) 2021.

Publisher

Plenum Press

United States

Publication History

Published: 01 January 2022

Accepted: 12 August 2021

Revision received: 14 July 2021

Received: 21 December 2020

Author Tags

Qualifiers

Research-article

Funding Sources

Horizon 2020
Universidad de Murcia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lekidis A(2024)Towards 5G Advanced network slice assurance through isolation mechanismsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669923(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669923
GholipourChoubeh MKermabon-Bobinnec HMajumdar SJarraya YWang LNour BPourzandi MVilela JSchulmann HLi N(2024)CCSM: Building Cross-Cluster Security Models for Edge-Core Environments Involving Multiple Kubernetes ClustersProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653253(79-90)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653253
Lekidis A(2022)Cyber-security measures for protecting EPES systems in the 5G areaProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544476(1-10)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544476

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents