Sign In Register
5G
The Edge
Private Networks
Cloud Native/NFV
Security
AI/Automation
Cable/Video
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
6G
Industry Show News
Mobile World Congress Big 5G Event
Live Events
Taking Streaming Video to the Next LevelCable Next Gen-Technologies & StrategiesBig 5G EventLeading Lights Awards
Live Events Archives
2020 Vision Executive SummitCable Next-Gen Business StrategiesCable Next-Gen Europe
Digital Events
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars Future Vision Webinars
White Papers
Tech Centers
Future Vision Tech Center
Regions
Asia Africa Europe India Middle East
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com TU-Automotive Women In Comms
Light Reading Video
Telecom Innovators Showcase
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Security

The security conundrum of network slicing

News Analysis Sue Marek, Special Contributor 4/13/2020
Comment (0)

One benefit of moving to a standalone 5G network is that it makes it possible for wireless operators to implement network slicing, which means they can run multiple dedicated networks that all share a common, physical infrastructure. Each network slice can have its own characteristics and identity – but that also means it will have its own risks.

For example, one slice might be intended for an artificial reality (AR) use case and therefore be provisioned for high throughput and low latency. Another network slice might be intended for an Internet of Things (IoT) use case and be provisioned for extreme reliability and a lower speed. Using network slicing, operators will be able to partition their networks for these different use cases and run them independently.

This network slicing vision is appealing because it will let operators develop different business cases for each slice. But it is also a challenge because wireless operators will need to make sure that each network slice is protected from interference from the other slices and immune to distributed denial of service (DDoS) attacks and other security breaches. "The security challenge is to provide different dynamic security policies for different slices," said Sree Koratala, vice president of product management for network security at security company Palo Alto Networks. "For example, enterprise-grade security is needed for enterprises served by 5G network slices."

No standard
How operators handle the security of their network slices is up to them. The 3GPP, an industry standards group, has defined specifications for how operators build their 5G networks, but it hasn't developed any protocol for how security should be handled for network slicing.

However, the GSMA, an industry trade group, has created a security document that provides recommendations to operators on how to detect and prevent attacks using GPRS tunneling protocol (GTP-U).

"A lot of this is in an area of implementation that is outside the 3GPP spec," said Jason Boswell, head of security and network products solutions at Ericsson North America, an infrastructure vendor. "[The 3GPP spec] doesn't define security controls per slice or how you define risk profiles or access controls."

Boswell, of course, recommends that operators stick with their existing network equipment suppliers such as Ericsson for their security. However, they could work with other vendors as well. Boswell added that how an operator decides to implement security for network slicing will depend a lot upon how much of their network is virtualized and how they have architected their core network.

Resource isolation
One reason securing network slices is more complicated is that the slices add complexity to the network, making it harder to manage and engineer.

First, operators need to implement security that isolates network components such as the compute, storage and networking layers that are being used by the network slice. This is called "resource isolation" and means that these components are being protected so they can't be hijacked by other slices.

According to Patrick Donegan, founder and principal analyst at security consulting firm HardenStance, telcos will need to figure out how to have strict isolation between network slices across cloud, RAN and transport domains as well as develop strict isolation for each network function within each slice. Donegan adds that he believes network slicing has a long way to go for operators to implement it in a way that meets enterprise expectations.

Security isolation
Keeping information and data that is being used by one network slice from being accessed or modified by another slice that is sharing the same common infrastructure is another challenge for operators. This type of isolation of data is called security isolation, and Boswell said this is often handled at the hypervisor layer of the network. He compared it to an apartment building where tenants are like network slices and are partitioned from other tenants. Security firewalls are like having thick walls so that tenants can't hear each other.

"All these things add a layer of complexity," Boswell said. "You can't just push the button so everything is automatically secure. You also need to have separate risk profiles and separate security controls."

However, that doesn't mean that securing network slices is impossible. Boswell said that with 5G there are already a lot of enhancements that are built into the network core and transport layer that separate different functions. "There are different ways to build it. It will depend upon how centralized or decentralized or how virtualized your network is," he said.

— Sue Marek, special to Light Reading. Follow her @suemarek.

Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
Be the first to post a comment regarding this story.
EDUCATIONAL RESOURCES
FEATURED VIDEO
UPCOMING LIVE EVENTS
Taking Streaming Video to the Next Level
April 20, 2020, NULL
Cable Next Gen-Technologies & Strategies
August 25-27, 2020, NULL
Big 5G Event
September 22-24, 2020, NULL
Leading Lights Awards
September 22, 2020, NULL
All Upcoming Live Events
UPCOMING WEBINARS
April 14, 2020 Future Vision Webinar Series - A Viral Slowdown: The Effect of Health Concerns on the Value Chain
April 14, 2020 Future Vision Webinar Series - 5G Hitting the Mainstream for Devices in 2020
April 15, 2020 Future Vision Webinar Series - Personalizing Customer Experience for 5G
April 15, 2020 5G Is Redefining Transport Networks – Are You on Board?
April 16, 2020 Future Vision Webinar Series - Third Time Right? CSPs Re-Discover the Platform Economy
April 16, 2020 SCTE•ISBE Live Learning Webinar Series: Playing with PON
April 17, 2020 Future Vision Webinar Series - Network Automation: What’s Still Missing?
April 20, 2020 Taking Streaming Video to the Next Level
April 21, 2020 Programmable Infrastructure For Edge Computing: Unleashing Scalable Innovation
April 22, 2020 400G Pluggable Coherent Optics – Accelerating Validation and Deployment
April 28, 2020 Accelerate 5G for Business – What Actions Can CSPs Take?
April 29, 2020 5G & FTTH Network Convergence - Impact on Physical Layer
May 6, 2020 Network-as-a-Service: Transforming the Enterprise Marketplace
May 12, 2020 With 5G here now, what’s next for the Internet of Things?
May 21, 2020 SCTE•ISBE Live Learning Webinar Series: Smart Pipes, Smarter Cities
June 18, 2020 SCTE•ISBE Live Learning Webinar Series: Tapping Into the Cloud
July 16, 2020 SCTE•ISBE Live Learning Webinar Series: 10G vs. 5G
August 20, 2020 SCTE•ISBE Live Learning Webinar Series: Closing the GAP on GAP
September 17, 2020 SCTE•ISBE Live Learning Webinar Series: Getting Ready for DOCSIS 4.0
October 22, 2020 SCTE•ISBE Live Learning Webinar Series: Virtualizing the Cable Access Network
November 19, 2020 SCTE•ISBE Live Learning Webinar Series: Testing the Next-Gen Cable Network
December 10, 2020 SCTE•ISBE Live Learning Webinar Series: Dreaming of Streaming Video
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
Subvert the Tradition Through NFV Network Automated Design and Deployment in the 5GC Era By Hu Bing, Product Manager, Virtualization Integration Service & Lu Xiaoyan, Senior Marketing Engineer, Virtualization Integration Service, ZTE
Addressing Current Connectivity Challenges by Accelerating the Deployment of Fixed Wireless Broadband Solutions By Scott W Minehane, Windsor Place
5G Deterministic Networking, Key to New Business By Huawei
Unleash the Power of Digital Transformation By Kourosh Ghassemi, Principal Consultant, APAC, Omdia
Build Optical Cross-Connect Transport Networks With the Lowest per-Bit Cost By Huawei
All Partner Perspectives
SLIDESHOWS
Scenes from the Satellite Show
Introducing the latest 5G trend: Hiding it
Vienna views: Pics from the 2020 Vision executive summit
More Slideshows
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE