Abstract
The fifth generation of mobile networks (5G) will support new business and service models. A particular model of business and technical interest is multi-operator service orchestration, where service chains are created dynamically with coordination across multiple administrative domains. In such a scenario, resource sharing among operators is expected to be enabled by emerging network softwarization technologies such as software-defined networking (SDN) and network functions virtualization (NFV). On top of the inherent security issues of network softwarization, the complex relationships between operators add a unique dimension to the fundamental requirements for 5G networks. It is a key objective for network operators to identify new threats and security issues before deploying novel methods for service orchestration. This chapter elaborates on new security challenges posed by multi-operator service orchestration as defined by the H2020 5G-PPP 5G Exchange project. We revisit current standards and recommendations from ITU-T and ETSI under the scope of SDN and NFV. In addition, we present a method for threat analysis as well as gaps between requirements and current security schemes and standards, opening new research directions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
5GEx EU H2020-ICT-2014-2, http://www.5gex.eu/. Accessed 01 Dec 2016
5G White Paper, NGMN Alliance (2015). https://www.ngmn.org/uploads/media/NGMN_5G_White_Paper_V1_0.pdf. Accessed 5 Apr 2017
5G Systems, Ericsson White Paper (2017). https://www.ericsson.com/res/docs/whitepapers/wp-5g-systems.pdf. Accessed 5 Apr 2017
Akhunzada A et al (2015) Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun Mag 53(4):36–44
Biczók G et al (2016) Private VNFs for collaborative multi-operator service delivery: an architectural case. In: Network operations and management symposium, 2016 IEEE/IFIP. IEEE, pp 1249–1252
Dabbagh M, Hamdaoui B, Guizani M, Rayes A (2015) Software-defined networking security: pros and cons. IEEE Commun Mag 53(6):73–79
Dierks T, Rescorla E (2008) The transport layer security (TLS) protocol version 1.2. RFC 5246
ETSI (2014) NFV Security and Trust Guidance. Technical Report ETSI GS NFV-SEC003
ETSI (2014) NFV Security Problem Statement. Technical Report ETSI GS NFV-SEC001
ETSI (2015) Report on SDN usage in NFV architectural framework. Technical Report ETSI GS NFV-EVE 005
ETSI (2016) NFV MANO Report on Architectural Options. Technical Report ETSI GS NFV-IFA 009
Fung CJ et al (2014) Quality of interaction among path computation elements for trust-aware inter-provider cooperation. In: 2014 IEEE international conference on communications. IEEE, pp 677–682
Gharbaoui M, Paolucci F, Giorgetti A, Martini B, Castoldi P (2013) Effective statistical detection of smart confidentiality attacks in multi-domain networks. IEEE Trans Netw Serv Manag 10(4):383–397
Gharbaoui M et al (2016) An incentive-compatible and trust-aware multi-provider path computation element (PCE). Comput Netw 108:40–54
Grandison T, Sloman M (2000) A survey of trust in internet applications. IEEE Commun Surv Tutorials 3(4):2–16
Guerzoni R et al (2016) Analysis of end-to-end multi-domain management and orchestration frameworks for software defined infrastructures: an architectural survey. Trans Emerg Telecommun Technol 28(4):1–19. http://onlinelibrary.wiley.com/doi/10.1002/ett.3103/full
ITU-T (2003) Security architecture for systems providing end-to-end communications. X.805
Kazemian P et al (2013) Real time network policy checking using header space analysis. In: Presented as part of the 10th USENIX symposium on networked systems design and implementation, pp 99–111
Lim S, Ha J, Kim H, Kim Y, Yang S (2014) A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: 2014 sixth international conference on ubiquitous and future networks. IEEE, pp 63–68
Lopez D, de Dios O, Wu W, Dhody D (2016) Secure transport for pcep. Internet-Draft draft-ietf-pce-pceps-10, IETF Secretariat, July (2016). http://www.ietf.org/internet-drafts/draft-ietf-pce-pceps-10.txt
Paolucci F, Gharbaoui M, Giorgetti A, Cugini F, Martini B, Valcarenghi L, Castoldi P (2011) Preserving confidentiality in PCE-based multi-domain networks. J Opt Commun Netw 3(5):465–474. art. no. 5759822
Paolucci F et al (2013) A survey on the path computation element (PCE) architecture. IEEE Commun Surv Tutorials 15(4):1819–1841
Santos MAS et al (2014) Decentralizing SDN’s control plane. In: 39th annual IEEE conference on local computer networks. IEEE, pp 402–405
Scott-Hayward S, Natarajan S, Sezer S (2015) A survey of security in software defined networks. IEEE Commun Surv Tutorials 18(1):623–654
UNIFY EU FP7. http://www.fp7-unify.eu/. Accessed 01 Dec 2016
Acknowledgements
This work has been performed in the framework of the H2020-ICT-2014 project 5GEx (Grant Agreement no. 671636), which is partially funded by the European Commission. Gergely Biczók has been supported by the János Bolyai Research Scholarship of the Hungarian Academy of Sciences.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Santos, M.A.S., Ranjbar, A., Biczók, G., Martini, B., Paolucci, F. (2017). Security Requirements for Multi-operator Virtualized Network and Service Orchestration for 5G. In: Zhu, S., Scott-Hayward, S., Jacquin, L., Hill, R. (eds) Guide to Security in SDN and NFV. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-64653-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-64653-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64652-7
Online ISBN: 978-3-319-64653-4
eBook Packages: Computer ScienceComputer Science (R0)