Session Management for Security Systems in 5G Standalone Network

Park, Seongmin; Kwon, Sungmoon; Park, Youngkwon; Kim, Dowon; You, Ilsun

doi:10.1109/access.2022.3187053

Cited by 11 publications

(4 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the second phase, attacks can exploit misconfigurations and information gained from system infiltration, such as the maximum number of sessions supported by V-UPF and the activation of security controls to launch the attacks. To this end, our adversary model includes attacks targeting the data plane, such as attacks that aim to break V-UPF, H-UPF, and GTP-U data traffic passing through the N9 reference point (between H-UPF and V-UPF) [23], or GTP-C passing through the N4 reference point (between H-SMF and H-UPF) [24] or even the N6 reference point between 6G-V2X application and H-UPF [25]. These can critically impact 6G-V2X services such as MEC-assisted services and applications.…”

Section: Adversary Modelmentioning

confidence: 99%

Multi-Process Federated Learning With Stacking for Securing 6G-V2X Network Slicing at Cross-Borders

Boualouache,

Jolfaei,

Engel

2024

IEEE Trans. Intell. Transport. Syst.

View full text Add to dashboard Cite

Being part of the 6G ecosystem vision, Connected and Automated Vehicles (CAVs) will enjoy sophisticated tailored services offering road safety and entertainment for users. As one of the 6G cornerstones, Network Slicing (NS) allows the creation of various customized 6G-V2X (Vehicle-to-Everything) use cases on the same physical infrastructure. However, 6G-NS advances can open up breaches to cyber-attacks aiming to break 6G-V2X Network slices to inflict maximum damage on CAVs and their users. Crossing borders, where CAVs leave their V2X-NS (V2X Network Slice) in the Home Mobile Network Operator (H-MNO) toward a similar V2X-NS in the Visited MNO (V-MNO), is an attractive opportunity to exploit by attackers. Detecting and mitigating attacks, in this case, becomes a priority, confronted by NS requirements and MNOs not ready to share their private data. To this end, this paper proposes a 3GPP-compliant privacy preservation collaborative learning scheme for 6G-NS security, focusing on V2X-NS cross-border areas. Our scheme leverages multi-process Federated Learning (FL) architecture to build efficient V2X-NS security-related models while preserving 6G V2X-NS isolation. In addition, it uses differential privacy-enabled stacking to build up attack detection knowledge at the V2X-NSs and MNOs levels while ensuring privacy preservation. We conducted an experimental study on the 5G-NIDD dataset, which is one of the most realistic publicly available 5G datasets. Our results demonstrate that multi-process FL with stacking can deliver high accuracy while ensuring isolation between 6G-V2X-NSs and privacy preservation between H-MNO and V-MNO.

show abstract

Section: Adversary Modelmentioning

confidence: 99%

Multi-Process Federated Learning With Stacking for Securing 6G-V2X Network Slicing at Cross-Borders

Boualouache,

Jolfaei,

Engel

2024

IEEE Trans. Intell. Transport. Syst.

View full text Add to dashboard Cite

show abstract

“…In their study on 5G architecture, Park et al (2022) [12] propose a 5G security system to ensure security within the 5G core network. They evaluate the performance and security features in real time, focusing on interfaces used in NAS, HTTP, PFCP, and GTP protocols.…”

Section: Related Workmentioning

confidence: 99%

A Vulnerability Assessment of Open-Source Implementations of Fifth-Generation Core Network Functions

Dolente,

Garroppo,

Pagano

2023

Future Internet

View full text Add to dashboard Cite

The paper presents an experimental security assessment within two widely used open-source 5G projects, namely Open5GS and OAI (Open-Air Interface). The examination concentrates on two network functions (NFs) that are externally exposed within the core network architecture, i.e., the Access and Mobility Management Function (AMF) and the Network Repository Function/Network Exposure Function (NRF/NEF) of the Service-Based Architecture (SBA). Focusing on the Service-Based Interface (SBI) of these exposed NFs, the analysis not only identifies potential security gaps but also underscores the crucial role of Mobile Network Operators (MNOs) in implementing robust security measures. Furthermore, given the shift towards Network Function Virtualization (NFV), this paper emphasizes the importance of secure development practices to enhance the integrity of 5G network functions. In essence, this paper underscores the significance of scrutinizing security vulnerabilities in open-source 5G projects, particularly within the core network’s SBI and externally exposed NFs. The research outcomes provide valuable insights for MNOs, enabling them to establish effective security measures and promote secure development practices to safeguard the integrity of 5G network functions. Additionally, the empirical investigation aids in identifying potential vulnerabilities in open-source 5G projects, paving the way for future enhancements and standard releases.

show abstract

“…Consequently, V-MNO should promptly allocate for CAVs a 5G-V2X-NS with features similar to that the H-MNO uses. However, this may result in several vulnerabilities, such as non-timely synchronization of security policies and misconfigurations on both the H-MNO and V-MNO sides, which could be exploited to launch attacks on the data plane [5][6][7]. In addition to 5G security solutions, other security services should be deployed to prevent, detect, and mitigate 5G-V2X NS attacks at cross borders.…”

Section: Architecturementioning

confidence: 99%

“…However, 5G-V2X NS at cross-border is facing several security issues, leading to road hazards and threatening users' lives [4]. Specifically, attackers can exploit the lack of synchronization between the security policies of the H-MNO and the V-MNO, misconfigurations, and information obtained from system infiltration to target the data plane related to CAVs [5][6][7]. Several intelligent security services have recently been proposed to detect and mitigate attacks in 5G-V2X network slicing [8,9].…”

Section: Introductionmentioning

confidence: 99%

Reinforcement Learning-Based Security Orchestration for 5G-V2X Network Slicing at Cross-Borders

Boualouache,

Korba,

Senouci

et al. 2023

GLOBECOM 2023 - 2023 IEEE Global Communications Conference

View full text Add to dashboard Cite

As part of the 5G, Connected and Automated Vehicles (CAVs) will benefit from Network Slicing (NS) in several tailored 5G-Vehicle-to-Everything (V2X) services running on the same physical infrastructure. However, the use of 5G-NS may also increase the risk of cyber-attacks that could compromise 5G-V2X network slices (5G-V2X-NSs) and cause significant harm to CAV's passengers. This risk is particularly high at cross-borders, where CAVs move from their Home Mobile Network Operator (H-MNO) to a Visited MNO (V-MNO), with similar 5G-V2X-NSs in place. Therefore, deploying security services to neutralize 5G-V2X NS threats in this scenario is mandatory. However, if H-MNO and V-MNO act independently, deploying these security services could be inefficient and may result in increased memory, processing, and network resource consumption. Thus, MNOs should collaborate to orchestrate their security services to neutralize 5G-V2X NS attacks and optimize their costs efficiently. In this context, this paper proposes a novel approach to enhance the security of 5G-V2X NS at cross-borders using Reinforcement Learning (RL) based security orchestration. Specifically, we trained and deployed an RL agent interacting with both H-MNO and V-MNO. The RL agent efficiently deploys security services to effectively remove threats, optimize resource utilization, and minimize the impact on 5G-V2X-NSs. The performance results show that the RL-based security orchestration neutralizes threats with an average success rate of almost 100%. Additionally, resource consumption is minimal at less than 8%, and the acceptable impact on 5G-V2X-NSs is negligible, averaging less than 12%.

show abstract

Session Management for Security Systems in 5G Standalone Network

Cited by 11 publications

References 23 publications

Multi-Process Federated Learning With Stacking for Securing 6G-V2X Network Slicing at Cross-Borders

Multi-Process Federated Learning With Stacking for Securing 6G-V2X Network Slicing at Cross-Borders

A Vulnerability Assessment of Open-Source Implementations of Fifth-Generation Core Network Functions

Reinforcement Learning-Based Security Orchestration for 5G-V2X Network Slicing at Cross-Borders

Contact Info

Product

Resources

About