research-article

Identity and Access Control for micro-services based 5G NFV platforms

Authors:

Muhammad Shuaib SiddiquiAuthors Info & Claims

ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Article No.: 46, Pages 1 - 10

https://doi.org/10.1145/3230833.3233255

Published: 27 August 2018 Publication History

Abstract

The intrinsic use of SDN/NFV technologies in 5G infrastructures promise to enable the flexibility and programmability of networks to ensure lower cost of network and service provisioning and operation, however it brings new challenges and requirements due to new architectural changes. In terms of security, authentication and authorization functions need to evolve towards the new and emerging 5G virtualization platforms in order to meet the requirements of service providers and infrastructure operators. Over the years, a lot of authentication techniques have been used. Now, a wide range of options arise allowing to extend existing authentication and authorization mechanisms.

This paper focuses on proposing and showcasing a 5G platform oriented solution among different approaches to integrate authentication and authorization functionalities, an adapted secure and stateless mechanism, providing identity and permissions management to handle not only users, but also system micro-services, in a network functions virtualization management and orchestration (NFV MANO) system, oriented to deploy virtualized services. The presented solution uses the NFV-based SONATA Service Platform which offers capabilities for a continuous integration and delivery DevOps methodology that allow high levels of programmability and flexibility to manage the entire life cycle of Virtual Network Functions, and enables the perfect scenario to showcase different approaches for authentication and authorization mechanisms for users and micro-services in a 5G platform.

References

[1]

View on 5G Architecture, 5G PPP Architecture Working Group

[2]

SONATA NFV: http://www.sonata-nfv.eu/, SONATA framework: https://github.com/sonata-nfv

[3]

Token-Based vs. Session-Based Authentication: A survey, Ijvesa Balaj, University of Prishtina, Prishtina, Kosovo

[4]

A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications, Obinna Ethelbert, Faraz Fatemi Moghaddam, Philipp Wieder, Ramin Yahyapour, Institute of Informatics, Georg-August-Universität, Göttingen, Germany

[5]

The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines, Daniel Fett, Ralf Küsters, and Guido Schmitz, University of Stuttgart, Germany

[6]

T-NOVA FP7, http://www.t-nova.eu/

[7]

UNIFY FP7 project, Unifying Cloud and Carrier Networks, http://www.fp7-unify.eu/

[8]

Access control in 5G communication networks using simple PKI certificates, Wided Boubakri, Walid Abdallah, Noureddine Boudriga, Communication Networks and Security Research Lab, University of Carthage, Tunisia

[9]

5G-ENSURE, 5G Enables for Network and System Security and Resilience, project funded by the EU Framework Programme for Research and Innovation H2020 under grant agreement No 671562, https://5gensure.eu/

[10]

The OAuth 2.0 Authorization Framework, Request for Comments: 6749, Internet Engineering Task Force (IETF), D. Hardt, Ed., October 2012, https://tools.ietf.org/html/rfc6749

[11]

OpenID Connect Core 1.0, N Sakimura, J. Bradley, M. Jones, B. de Medeiros, C. Mortimore, http://openid.net/specs/openid-connect-core-1_0.html

[12]

JSON Web Token (JWT), Internet Engineering Task Force (IETF), M. Jones, J. Bradley, N. Sakimura, https://tools.ietf.org/html/rfc7519

[13]

Keycloak, Open Source Identity and Access Management, https://www.keycloak.org/

[14]

SAML, Security Assertion Markup Language, https://www.oasis-open.org/standards#samlv1.0

[15]

Gatling, Load and performance testing for web applications, https://gatling.io/

[16]

https://5g-ppp.eu/wp-content/uploads/2015/02/5G-Vision-Brochure-v1.pdf

Cited By

Rajba POrzechowski NRzepka KSzary PNastaj DCabaj K(2024)Identity and Access Management Architecture in the SILVANUS ProjectProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670935(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670935
Aldea CBocu RSolca R(2023)Real-Time Monitoring and Management of Hardware and Software Resources in Heterogeneous Computer Networks through an Integrated System ArchitectureSymmetry10.3390/sym1506113415:6(1134)Online publication date: 23-May-2023
https://doi.org/10.3390/sym15061134
Dong AWang XYi BHe QHuang M(2023)Enhancing Resource Sharing and Access Control for VNF Instantiation with BlockchainSensors10.3390/s2323934323:23(9343)Online publication date: 23-Nov-2023
https://doi.org/10.3390/s23239343
Show More Cited By

Recommendations

Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations

Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do ...
Federated access service authorization
ICCOM'06: Proceedings of the 10th WSEAS international conference on Communications

The increasing variety of access technologies provided by network service providers increases the complexity in handover processes. This paper proposes an approach which aims to simplify this scenario by using federated authentication and authorization ...
Shibboleth Access for Resources on the National Grid Service (SARoNGS)
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02

The National Grid Service (NGS) provides access to compute and data resources for UK academics. Currently users are required to have an X.509 certificate from the UK e-Science Certification Authority (CA) or one of its international peers to access the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

August 2018

603 pages

ISBN:9781450364485

DOI:10.1145/3230833

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Universität Hamburg: Universität Hamburg

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 August 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2018

ARES 2018: International Conference on Availability, Reliability and Security

August 27 - 30, 2018

Hamburg, Germany

Acceptance Rates

ARES '18 Paper Acceptance Rate 128 of 260 submissions, 49%;

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
373
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)4

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rajba POrzechowski NRzepka KSzary PNastaj DCabaj K(2024)Identity and Access Management Architecture in the SILVANUS ProjectProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670935(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670935
Aldea CBocu RSolca R(2023)Real-Time Monitoring and Management of Hardware and Software Resources in Heterogeneous Computer Networks through an Integrated System ArchitectureSymmetry10.3390/sym1506113415:6(1134)Online publication date: 23-May-2023
https://doi.org/10.3390/sym15061134
Dong AWang XYi BHe QHuang M(2023)Enhancing Resource Sharing and Access Control for VNF Instantiation with BlockchainSensors10.3390/s2323934323:23(9343)Online publication date: 23-Nov-2023
https://doi.org/10.3390/s23239343
Dong AWang XYi BHe Q(2023)A Blockchain-based Resource Access Control and Sharing Mechanism in NFVProceedings of the 2023 International Conference on Electronics, Computers and Communication Technology10.1145/3637494.3637513(106-111)Online publication date: 17-Nov-2023
https://dl.acm.org/doi/10.1145/3637494.3637513
Akon MYang TDong YHussain SMeng WJensen CCremers CKirda E(2023)Formal Analysis of Access Control Mechanism of 5G Core NetworkProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623113(666-680)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623113
Kormpakis GKapsalis PAlexakis KMylona ZPelekis SMarinakis V(2023)Energy Sector Digitilisation: A Security Framework Application for Role-Based Access Management2023 14th International Conference on Information, Intelligence, Systems & Applications (IISA)10.1109/IISA59645.2023.10345842(1-10)Online publication date: 10-Jul-2023
https://doi.org/10.1109/IISA59645.2023.10345842
Aldea CBocu RVasilescu A(2022)Relevant Cybersecurity Aspects of IoT Microservices Architectures Deployed over Next-Generation Mobile NetworksSensors10.3390/s2301018923:1(189)Online publication date: 24-Dec-2022
https://doi.org/10.3390/s23010189
Rocha-Jácome CGonzález Carvajal RMuñoz Chavero FGuerrero-Morejón KGuevara Cabezas E(2022)Reorganizing Industry 4.0 Paradigms for Successful Execution of Digital Transformation StrategiesRecent Advances in Electrical Engineering, Electronics and Energy10.1007/978-3-031-08280-1_10(133-145)Online publication date: 2-Jul-2022
https://doi.org/10.1007/978-3-031-08280-1_10
Mahdi MAhmad AQassim QNatiq HSubhi MMahmoud M(2021)From 5G to 6G Technology: Meets Energy, Internet-of-Things and Machine Learning: A SurveyApplied Sciences10.3390/app1117811711:17(8117)Online publication date: 31-Aug-2021
https://doi.org/10.3390/app11178117
Varadharajan VTupakula UKarmakar K(2021)Techniques for Securing 5G Network Services from attacks2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom53373.2021.00052(273-280)Online publication date: Oct-2021
https://doi.org/10.1109/TrustCom53373.2021.00052
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents