Towards Secure Slicing: Using Slice Isolation to Mitigate DDoS Attacks on 5G Core Network Slices

Sattar, Danish; Matrawy, Ashraf

doi:10.1109/cns.2019.8802852

Cited by 95 publications

(63 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The impact of slice-initiated attacks could have been worse if other hosted slices were using some CPU intensive applications. The results for both scenarios are consistent with our previous work [59].…”

Section: Ddos Flooding Attacksupporting

confidence: 93%

“…The sharing of common physical resources between slices could lead to information leakage and side-channel attacks [63,64]. The side-channel attacks can be used to determine co-residency and extract valuable information (e.g., cryptographic keys [65]) from the victim slices or perform Denial-of-Service attacks [59]. Several types of side-channel attacks can be used to determine co-residency by using different shared resources such as CPU cache, main memory, and network traffic [65].…”

Section: Art Wittmannmentioning

confidence: 99%

See 1 more Smart Citation

Mitigating Security Problems in Virtualized Networks Through Resource Management

Sattar¹

Self Cite

View full text Add to dashboard Cite

Section: Ddos Flooding Attacksupporting

confidence: 93%

Section: Art Wittmannmentioning

confidence: 99%

Mitigating Security Problems in Virtualized Networks Through Resource Management

Sattar¹

Self Cite

View full text Add to dashboard Cite

“…We highlight here the need for authenticity and integrity verification for the network slice, to prevent fake or modified instances [16]. Specific mitigation techniques against Distributed DoS (DDoS) by slice isolation have been considered [38]. Dynamic NFV that enables ondemand security mechanisms needs still to be studied but is a good candidate for mitigating security issues at runtime [16].…”

Section: ) Run-time Phasementioning

confidence: 99%

5G Network Slicing: A Security Overview

Olimid

Nencioni

2020

IEEE Access

View full text Add to dashboard Cite

The fifth-generation (5G) of cellular networks is currently under deployment by network operators, and new 5G end-user devices are about to be commercialized by many manufacturers. This is just a first step in the 5G's development, and the true potential of 5G is still far from being reached. Currently, one of the main 5G technologies under the interest of the research community is the network slicing. Network slicing will allow exploiting the 5G infrastructure to flexibly and efficiently provide heterogeneous services (e.g., voice communication, video streaming, e-health, vehicular communication). Like every new technology, one of the critical aspects that need to be considered is the security. In this article, we spotlight the security in 5G network slicing. We highlight threats and recommendations, which are presented in terms of life-cycle security, intra-slice security, and inter-slice security. Furthermore, we identify and discuss open security issues related to network slicing. INDEX TERMS 5G, Network Slicing, Security.

show abstract

“…They formulated an Integer Linear Programming (ILP) model and designed a heuristic algorithm to realize efficient and secure 5G core network slice provisioning. The authors in [25] used slice isolation to mitigate the impact of DDoS attacks on slice authentication and the solution was evaluated by a combination of simulation and an experimental testbed. However, the solutions proposed in [24], [25] are only suitable for core network slicing.…”

Section: B Security In Network Slicingmentioning

confidence: 99%

Side Channel Attack-Aware Resource Allocation for URLLC and eMBB Slices in 5G RAN

Zhao

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Network slicing is a key enabling technology to realize the provisioning of customized services in 5G paradigm. Due to logical isolation instead of physical isolation, network slicing is facing a series of security issues. Side Channel Attack (SCA) is a typical attack for slices that share resources in the same hardware. Considering the risk of SCA among slices, this paper investigates how to effectively allocate heterogeneous resources for the slices under their different security requirements. Then, a SCA-aware Resource Allocation (SCA-RA) algorithm is proposed for Ultra-reliable and Low-latency Communications (URLLC) and Enhanced Mobile Broadband (eMBB) slices in 5G RAN. The objective is to maximize the number of slices accommodated in 5G RAN. With dynamic slice requests, simulation is conducted to evaluate the performance of the proposed algorithm in two different network scenarios. Simulation results indicate that compared with benchmark, SCA-RA algorithm can effectively reduce blocking probability of slice requests. In addition, the usage of IT and transport resources is also optimized. INDEX TERMS Network slicing, resource allocation, side channel attack, 5G RAN.

show abstract

Towards Secure Slicing: Using Slice Isolation to Mitigate DDoS Attacks on 5G Core Network Slices

Cited by 95 publications

References 14 publications

Mitigating Security Problems in Virtualized Networks Through Resource Management

Mitigating Security Problems in Virtualized Networks Through Resource Management

5G Network Slicing: A Security Overview

Side Channel Attack-Aware Resource Allocation for URLLC and eMBB Slices in 5G RAN

Contact Info

Product

Resources

About