TY - GEN
T1 - Implementing a Security Policy Management for 5G Customer Edge Nodes
AU - Kabir, Hammad
AU - Bin Mohsin, Muhammad Hassaan
AU - Kantola, Raimo
PY - 2020/4
Y1 - 2020/4
N2 - The upcoming 5th generation (5G) mobile networks need to support ultra-reliable communication for business and life-critical applications. To do that 5G must offer higher degree of reliability than the current Internet, where networks are often subjected to Internet attacks, such as denial of service (DoS) and unwanted traffic. Besides improving the mitigation of Internet attacks, we propose that ultra-reliable mobile networks should only carry the expected user traffic to achieve a predictable level of reliability under malicious activity. To accomplish this, we introduce device-oriented communication security policies. Mobile networks have classically introduced a policy architecture that includes Policy and Charging Control (PCC) functions in LTE. However, in state of the art, this policy architecture is limited to QoS policies for end devices only. In this paper, we present experimental implementation of a Security Policy Management (SPM) system that accounts communication security interests of end devices. The paper also briefly presents the overall security architecture, where the policies set for devices or services in a network slice providing ultra-reliability, are enforced by a network edge node (via SPM) to only admit the expected traffic, by default treating the rest as unwanted traffic.
AB - The upcoming 5th generation (5G) mobile networks need to support ultra-reliable communication for business and life-critical applications. To do that 5G must offer higher degree of reliability than the current Internet, where networks are often subjected to Internet attacks, such as denial of service (DoS) and unwanted traffic. Besides improving the mitigation of Internet attacks, we propose that ultra-reliable mobile networks should only carry the expected user traffic to achieve a predictable level of reliability under malicious activity. To accomplish this, we introduce device-oriented communication security policies. Mobile networks have classically introduced a policy architecture that includes Policy and Charging Control (PCC) functions in LTE. However, in state of the art, this policy architecture is limited to QoS policies for end devices only. In this paper, we present experimental implementation of a Security Policy Management (SPM) system that accounts communication security interests of end devices. The paper also briefly presents the overall security architecture, where the policies set for devices or services in a network slice providing ultra-reliability, are enforced by a network edge node (via SPM) to only admit the expected traffic, by default treating the rest as unwanted traffic.
KW - 5G
KW - communication security policy
KW - network edge
KW - Policy Management
KW - reliability
KW - unwanted traffic
UR - http://www.scopus.com/inward/record.url?scp=85086307629&partnerID=8YFLogxK
U2 - 10.1109/NOMS47738.2020.9110321
DO - 10.1109/NOMS47738.2020.9110321
M3 - Conference contribution
AN - SCOPUS:85086307629
T3 - IEEE/IFIP Network Operations and Management Symposium
BT - Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020
PB - IEEE
T2 - IEEE/IFIP Network Operations and Management Symposium
Y2 - 20 April 2020 through 24 April 2020
ER -