MTD to set network slice security as a KPI

Abstract: Key Performance Indicators (KPIs) are a higher‐level characterization of the performance of a network slice, meant to be assessable at any time. Bodies such as the GSM Alliance have proposed the use of KPIs, including, but not limited to, latency, throughput, power consumption, and security. However, while latency, throughput, and power consumption are mensurable universally, security is much harder to measure. In this article, we propose using a Moving Target Defense (MTD) approach and measurable network prop… Show more

“…In [190], authors propose another SDN and NFVbased framework to manage the traffic steering in slicing and deploying security VNFs as a Security Service to satisfy the demands of tenants. Furthermore, a measurable network security metric is defined in [191], where this metric can be used to trigger the deployment of SECaaS at the network slice. The paper also investigates the possibility of deploying proactive security mechanisms such as Moving Target Defense (MTD) a slice-based SECaaS.…”

“…Especially, ZSM concepts should be adapted to support full automation. By extending the proposed work in [191], AI techniques can be used to deploy not only reactive but also proactive security services via network slices.…”

A Survey on Network Slicing Security: Attacks, Challenges, Solutions and Research Directions

“…In [190], authors propose another SDN and NFVbased framework to manage the traffic steering in slicing and deploying security VNFs as a Security Service to satisfy the demands of tenants. Furthermore, a measurable network security metric is defined in [191], where this metric can be used to trigger the deployment of SECaaS at the network slice. The paper also investigates the possibility of deploying proactive security mechanisms such as Moving Target Defense (MTD) a slice-based SECaaS.…”

“…Especially, ZSM concepts should be adapted to support full automation. By extending the proposed work in [191], AI techniques can be used to deploy not only reactive but also proactive security services via network slices.…”

A Survey on Network Slicing Security: Attacks, Challenges, Solutions and Research Directions

“…We have previously researched the use of MTD to establish a basic network security Key Performance Indicator (KPI) in the context of mobile Network Slices (e.g., 5G) [21], under the assumption that an existing HMAC-based MTD mechanism could be tweaked to satisfy those constraints. We will further detail our motivating framework in subsection 2.1.…”

“…Thus, we need either predictable link latency or concede to slower mutations. The Edge's proximity and more predictable latency are instrumental for our proposal, allowing it to achieve the quicker mutation periods that translate into more effective probabilistic security [21] (i.e., less chance of hitting the target). In turn, Edge computing has far stringent forwarding plane performance requirements due to the low-latency and higher-throughput goals that are at the root of its inception.…”

TOTP Moving Target Defense for sensitive network services

“…When the attackers already have some inside knowledge of the system and its vulnerabilities, we must disrupt the malicious payload delivery, thus stopping our stack's further exploitation through this vector. We devised an interdomain communications approach inspired by the framework that used MTD to set network slicing security as a KPI [10]. Our MTD mechanism relies on HMAC [11] to produce reliable mutations that can only be reversed by the authorized parties (i.e., those who hold the shared secret).…”

5 Growth: Secure and Reliable Network Slicing for Verticals