Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

5G-WAVE: A Core Network Framework with Decentralized Authorization for Network Slices (2404.13242v1)

Published 20 Apr 2024 in cs.NI

Abstract: 5G mobile networks leverage Network Function Virtualization (NFV) to offer services in the form of network slices. Each network slice is a logically isolated fragment constructed by service chaining a set of Virtual Network Functions (VNFs). The Network Repository Function (NRF) acts as a central OpenAuthorization (OAuth) 2.0 server to secure inter-VNF communications resulting in a single point of failure. Thus, we propose 5G-WAVE, a decentralized authorization framework for the 5G core by leveraging the WAVE framework and integrating it into the OpenAirInterface (OAI) 5G core. Our design relies on Side-Car Proxies (SCPs) deployed alongside individual VNFs, allowing point-to-point authorization. Each SCP acts as a WAVE engine to create entities and attestations and verify incoming service requests. We measure the authorization latency overhead for VNF registration, 5G Authentication and Key Agreement (AKA), and data session setup and observe that WAVE verification introduces 155ms overhead to HTTP transactions for decentralizing authorization. Additionally, we evaluate the scalability of 5G-WAVE by instantiating more network slices to observe 1.4x increase in latency with 10x growth in network size. We also discuss how 5G-WAVE can significantly reduce the 5G attack surface without using OAuth 2.0 while addressing several key issues of 5G standardization.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. 3GPP, “System Architecture for the 5G System (5GS),” 3rd Generation Partnership Project (3GPP), TS 23.501 V17.8.0 , Mar. 2023.
  2. ——, “Security Architecture and Procedures for 5G System,” 3rd Generation Partnership Project (3GPP), TS 33.501 V17.9.0 , Mar. 2023.
  3. ——, “5G System; Network Function Repository Services; Stage 3,” 3rd Generation Partnership Project (3GPP), TS 29.510 V17.9.0 , Mar. 2023.
  4. M. P. Andersen, S. Kumar, M. AbdelBaky, G. Fierro, J. Kolb, H. S. Kim, D. E. Culler, and R. A. Popa, “WAVE: A Decentralized Authorization Framework with Transitive Delegation,” in Proceedings of the 28th USENIX Security Symposium.   Santa Clara, CA: USENIX Association, Aug. 2019, pp. 1375–1392.
  5. Microsoft, “Sidecar Pattern - Azure Architecture Center,” Jun. 2023. [Online]. Available: https://docs.microsoft.com/en-us/azure/architecture/patterns/sidecar
  6. 3GPP, “5G System; Technical Realization of Service Based Architecture; Stage 3,” 3rd Generation Partnership Project (3GPP), TS 29.500 V17.10.0 , Mar. 2023.
  7. “OpenAirInterface 5G Software Alliance for Democratising Wireless Innovation,” https://openairinterface.org/.
  8. Rohan, “Gnbsim: Ue and gnb simulator,” https://gitlab.eurecom.fr/kharade/gnbsim, 2023.
  9. M. P. Andersen, J. Kolb, K. Chen, G. Fierro, D. E. Culler, and R. Katz, “Democratizing Authority in the Built Environment,” ACM Transactions on Sensor Networks, vol. 14, no. 3-4, dec 2018.
  10. M. P. Andersen, “Decentralized Authorization with Private Delegation,” Ph.D. dissertation, 2019. [Online]. Available: https://www2.eecs.berkeley.edu/Pubs/TechRpts/2019/EECS-2019-113.pdf
  11. M. P. Andersen, J. Kolb, K. Chen, G. Fierro, D. E. Culler, and R. A. Popa, “WAVE: A Decentralized Authorization System for IoT via Blockchain Smart Contracts,” University of California at Berkeley, Tech. Rep, 2017.
  12. R. Rivest and B. Lampson, “Sdsi – a simple distributed security infrastructure,” See the SDSI web page at http://theory.lcs.mit.edu/ cis/sdsi.html, 08 1996.
  13. A. Birgisson, J. G. Politz, Ú. Erlingsson, A. Taly, M. Vrable, and M. Lentczner, “Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014.   The Internet Society, 2014.
  14. OpenAirInterface, “CN5G - gitlab,” https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-fed, 2023, (Accessed on 05/31/2023).
  15. M. Anderson, “WAVE Go,” Oct. 2022. [Online]. Available: https://github.com/immesys/wave
  16. S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” CSRC |||| NIST, Aug. 2020.
  17. R. 6819, “OAuth 2.0 Threat Model and Security Considerations,” https://datatracker.ietf.org/doc/html/rfc6819, Jan 2013.
  18. IETF, “OAuth-Security-Topics-22,” https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-16#section-2.4.2, Mar 2023.
  19. R. Yang, G. Li, W. C. Lau, K. Zhang, and P. Hu, “Model-based Security Testing: An Empirical Study on OAuth 2.0 Implementations,” in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016, pp. 651–662.
  20. 3GPP, “Study on Security Aspects of Network Slicing Enhancement,” 3rd Generation Partnership Project (3GPP), TR 33.813 V16.0.0, Jul. 2020.
  21. ——, “Study on enhanced security for Network Slicing Phase 3,” 3rd Generation Partnership Project (3GPP), TR 33.886 V0.4.0, Feb. 2023.
  22. ——, “Study on enhanced security for network slicing phase 2,” 3rd Generation Partnership Project (3GPP), TR 33.874 V18.1.0, Sep. 2022.
  23. ——, “5G System; Application Function Event Exposure Service; Stage 3,” 3rd Generation Partnership Project (3GPP), TS 29.517 V18.1.0 , Mar. 2023.
  24. ——, “Network Slice-Specific and SNPN Authentication and Authorization; Stage 3 services;,” 3rd Generation Partnership Project (3GPP), TS 29.526 V18.1.0, Mar. 2023.
  25. T. O. Atalay, D. Stojadinovic, A. Famili, A. Stavrou, and H. Wang, “Network-Slice-as-a-Service Deployment Cost Assessment in an End-to-End 5G Testbed,” in IEEE Global Communications Conference (GLOBECOM), 2022, pp. 2056–2061.
  26. T. O. Atalay, D. Stojadinovic, A. Stavrou, and H. Wang, “Scaling Network Slices with a 5G Testbed: A Resource Consumption Study,” in 2022 IEEE Wireless Communications and Networking Conference (WCNC), 2022, pp. 2649–2654.
  27. E. K. K. Edris, M. Aiash, and J. K.-K. Loo, “Network Service Federated Identity (NS-FId) Protocol for Service Authorization in 5G network,” in 2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC).   IEEE, 2020, pp. 128–135.
  28. S. Wong, N. Sastry, O. Holland, V. Friderikos, M. Dohler, and H. Aghvami, “Virtualized Authentication, Authorization and Accounting (V-AAA) in 5G Networks,” in 2017 IEEE Conference on Standards for Communications and Networking (CSCN).   IEEE, 2017, pp. 175–180.
  29. Y. Zhang, C. Liu, S. Liu, and F. Pan, “SETOKEN: A Secure Protection Mechanism based on Service API for 5G Network Access Token,” in 2021 2nd International Conference on Electronics, Communications and Information Technology (CECIT).   IEEE, 2021, pp. 1139–1143.
  30. S. Behrad, E. Bertin, S. Tuffin, and N. Crespi, “5G-SSAAC: Slice-Specific Authentication and Access Control in 5G,” in 2019 IEEE Conference on Network Softwarization (NetSoft).   IEEE, 2019, pp. 281–285.
  31. M. Akon, T. Yang, Y. Dong, and S. R. Hussain, “Formal Analysis of Access Control Mechanism of 5G Core Network,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’23.   New York, NY, USA: Association for Computing Machinery, 2023, p. 666–680. [Online]. Available: https://doi.org/10.1145/3576915.3623113
  32. D. Guija and M. S. Siddiqui, “Identity and Access Control for Micro-Services Based 5G NFV Platforms,” in Proceedings of the 13th International Conference on Availability, Reliability and Security, ser. ARES ’18.   New York, NY, USA: Association for Computing Machinery, 2018. [Online]. Available: https://doi.org/10.1145/3230833.3233255
  33. T. O. Atalay, S. Maitra, D. Stojadinovic, A. Stavrou, and H. Wang, “Securing 5G OpenRAN with a Scalable Authorization Framework for xApps,” in IEEE Conference on Computer Communications (INFOCOM), 2023, pp. 1–10.
  34. L. Foundation, “O-RAN ALLIANCE e.V,” https://www.o-ran.org/.
  35. “5G-WAVE-Infocom2024,” Jan. 2024. [Online]. Available: https://github.com/pragyasharmaa/5G-WAVE-Infocom2024
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now