Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
149 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Establishing Trust in the Beyond-5G Core Network using Trusted Execution Environments (2405.12177v1)

Published 20 May 2024 in cs.CR

Abstract: The fifth generation (5G) of cellular networks starts a paradigm shift from the traditional monolithic system design to a Service Based Architecture, that fits modern performance requirements and scales efficiently to new services. This paradigm will be the foundation of future cellular core networks beyond 5G. The new architecture splits network functionalities into smaller logical entities that can be disaggregated logically, physically, and geographically. This affords interoperability between the mobile network operators and commercial software and hardware vendors or cloud providers. By making use of commodity services and products, this system construct inherits the vulnerabilities in those underlying technologies, thereby increasing its attack surface and requiring a rigorous security analysis. In this work, we review the security implications introduced in B5G networks, and the security mechanisms that are supported by the 5G standard. We emphasize on the support of Zero Trust Architecture in 5G and its relevance in decentralized deployments. We revisit the definition of trust in modern enterprise network operations and identify important Zero Trust properties that are weakened by the nature of cloud deployments. To that end, we propose a vertical extension of Zero Trust, namely, Zero Trust Execution, to model untrusted execution environments, and we provide an analysis on how to establish trust in Beyond-5G network architectures using Trusted Execution Environments. Our analysis shows how our model architecture handles the increased attack surface and reinforces the Zero Trust Architecture principles in the 5G Core, without any changes to the 5G standard. Finally, we provide experimental results over a 5G testbed using Open5GS and UERANSIM that demonstrate minimal performance overhead, and a monetary cost evaluation.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (89)
  1. Ericsson, “Ericsson USA 5G smart factory recognized as ‘global lighthouse’ by the world economic forum 2021,” [Online]. Available: https://www.ericsson.com/en/press-releases/2021/3/ericsson-usa-5g-smart-factory-recognized-as-global-lighthouse-by-the-world-economic-forum.
  2. Nokia, “5G and private wireless, the technology enabling industry 4.0,” [Online]. Available: https://www.nokia.com/about-us/newsroom/articles/5g-and-private-wireless-the-technology-enabling-industry-40/.
  3. D. M. West, “How 5G technology enables the health internet of things,” [Online]. Available: https://www.brookings.edu/wp-content/uploads/2016/07/how-5g-tech-enables-health-iot-west.pdf.
  4. G. Hilson, “5G and self-driving vehicles: The next-generation automotive industry,” [Online]. Available: https://enterprise.verizon.com/resources/articles/s/self-driving-cars-edge-computing-5g/.
  5. RF Wireless World, “5G vs 6G — Difference between 5G and 6G,” [Online]. Available: https://www.rfwireless-world.com/Terminology/Difference-between-5G-and-6G.html.
  6. E. Mihret and G. Haile, “4g, 5g, 6g, 7g and future mobile technologies,” American Journal of Computer Science and Technology.
  7. O. Shoewu and A. J. Oluwafemi, “Insights into the development trends in 7G mobile wireless networks,” Journal of Advancement in Engineering and Technology.
  8. R. Saracco, “What about 7G?” [Online]. Available: https://cmte.ieee.org/futuredirections/2019/03/23/what-about-7g/.
  9. G. Alazie, “Navigate the feature of 7th generation mobile wireless networks,” 04 2020.
  10. A. A. Barakabitze, A. Ahmad, R. Mijumbi, and A. Hines, “5G Network Slicing Using SDN and NFV: A Survey of Taxonomy, Architectures and Future Challenges,” Comput. Netw., vol. 167, no. C, feb 2020. [Online]. Available: https://doi.org/10.1016/j.comnet.2019.106984
  11. 3GPP, “5G; Self-Organizing Networks (SON) for 5G networks (3GPP TS 28.313 version 16.0.0 Release 16).”
  12. X. Li, M. Samaka, H. A. Chan, D. Bhamare, L. Gupta, C. Guo, and R. Jain, “Network Slicing for 5G: Challenges and Opportunities,” IEEE Internet Computing, vol. 21, no. 5, pp. 20–27, 2017. [Online]. Available: http://ieeexplore.ieee.org/document/8039298/
  13. Ericsson, “Ericsson mobility reports,” [Online]. Available: https://www.ericsson.com/en/reports-and-papers/mobility-report/reports.
  14. Ericsson, “Hexa-x-ii: Ericsson and european partners ramp up collaboration on 6g ecosystem and standardization,” [Online]. Available: https://www.ericsson.com/en/news/2022/10/ericssons-major-role-in-ec-hexa-x-ii-6g-initiative.
  15. WhatIs6G, “6 early predictions on what lies beyond 6g technology: 7g and 8g,” [Online]. Available: https://whatis6g.com/6-early-predictions-what-lies-beyond-6g/.
  16. V. Sonwalkar, “7G Communications,” [Online]. Available: https://vsonwalkar3.medium.com/7g-communications-b0a8c6bb6b00.
  17. 3GPP, “5G; System architecture for the 5G System (3GPP TS 23.501 version 17.7.0 Release 17) .”
  18. “Open5GS,” [Online]. Available: https://open5gs.org/.
  19. “UERANSIM,” [Online]. Available: https://github.com/aligungr/UERANSIM.
  20. “Open Air Interface (OAI) 5G Core Network Implementation.” [Online]. Available: https://gitlab.eurecom.fr/oai/cn5g.
  21. “Open Air Interface (OAI) 5G Wireless Implementation.” [Online]. Available: https://gitlab.eurecom.fr/oai/openairinterface5g/.
  22. 3GPP, “Network Slice-Specific Authentication and Authorization (NSSAA) services (3GPP TS 29.526 version 16.0.0 Release 16) .”
  23. ETSI, “Network Functions Virtualisation (NFV); Management and Orchestration; Report on Management and Orchestration Framework.”
  24. 3GPP, “Study on network management of virtualized networks.”
  25. V. Devadatta, “Impacts of NFV on Classical OSS,” 07 2013.
  26. W.-C. Chang and F. J. Lin, “Coordinated Management of 5G Core Slices by MANO and OSS/BSS,” Journal of Computer and Communications, vol. 09, no. 06, pp. 52–72, 2021. [Online]. Available: https://www.scirp.org/journal/doi.aspx?doi=10.4236/jcc.2021.96004
  27. Internet Engineering Task Force (IETF), “Network Slicing Management and Orchestration,” Tech. Rep.
  28. A. Duray, “Network slicing orchestration,” [Online]. Available: https://www.ericsson.com/en/blog/2018/5/network-slicing-orchestration.
  29. L. Meng, S. Seetharaman, and B. G. S. P. Narayanan, M. Zhang, “ONAP E2E Network Slicing Technical Overview.”
  30. A. Rao, “5g network slicing: cross-domain orchestration and management will drive commercialization,” 2020.
  31. T. Tovinger, “Management, orchestration and charging for 5g networks,” [Online]. Available: https://www.3gpp.org/news-events/3gpp-news/sa5-5g.
  32. A. Devlic, A. Hamidian, D. Liang, M. Eriksson, A. Consoli, and J. Lundstedt, “NESMO: Network slicing management and orchestration framework,” in 2017 IEEE International Conference on Communications Workshops (ICC Workshops).   IEEE, May 2017, pp. 1202–1208. [Online]. Available: http://ieeexplore.ieee.org/document/7962822/
  33. ISAR, “What Is the Difference Between 5G and 6G.” [Online]. Available: https://www.linkedin.com/pulse/what-difference-between-5g-6g-heres-everything-you-should-know-isar.
  34. J. Palmer, “What is vRAN?” [Online]. Available: https://www.ibm.com/cloud/blog/what-is-vran.
  35. Samsung, “Virtualized RAN,” [Online]. Available: https://www.samsung.com/global/business/networks/products/radio-access/virtualized-ran/.
  36. A. David, “What is The Difference between 5G and 6G.” [Online]. Available: https://dficlub.org/difference-5g-and-6g/.
  37. 3GPP, “5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 16.9.0 Release 16).”
  38. A. Gkortzis, S. Rizou, and D. Spinellis, “An Empirical Analysis of Vulnerabilities in Virtualization Technologies,” in 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).   IEEE, Dec 2016, pp. 533–538. [Online]. Available: http://ieeexplore.ieee.org/document/7830734/
  39. F. Sierra-Arriaga, R. Branco, and B. Lee, “Security issues and challenges for virtualization technologies,” ACM Comput. Surv., vol. 53, no. 2, may 2020. [Online]. Available: https://doi.org/10.1145/3382190
  40. ATT, “AT&T Moves 5G Mobile Network to Microsoft Cloud,” [Online]. Available: https://about.att.com/story/2021/att_microsoft_azure.html.
  41. M. Kapko, “Verizon, T-Mobile Shun Public Clouds for Network Infrastructure,” [Online]. Available: https://www.sdxcentral.com/articles/news/verizon-t-mobile-shun-public-clouds-for-network-infrastructure/2021/12/.
  42. 3GPP, “Study on security impacts of virtualisation. (3GPP TR 33.848 Version 0.14.0).”
  43. V. Kumar and R. S. Rathore, “Security Issues with Virtualization in Cloud Computing,” in 2018 International Conference on Advances in Computing, Communication Control and Networking (ICACCCN).   IEEE, Oct 2018, pp. 487–491. [Online]. Available: https://ieeexplore.ieee.org/document/8748405/
  44. M. Gupta, D. K. Srivastava, and D. S. Chauhan, “Security challenges of virtualization in cloud computing,” in Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, ser. ICTCS ’16.   New York, NY, USA: Association for Computing Machinery, 2016. [Online]. Available: https://doi.org/10.1145/2905055.2905315
  45. G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar, “Fine Grain Cross-VM Attacks on Xen and VMware,” in 2014 IEEE Fourth International Conference on Big Data and Cloud Computing.   IEEE, Dec 2014, pp. 737–744. [Online]. Available: https://ieeexplore.ieee.org/document/7034868
  46. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09.   New York, NY, USA: Association for Computing Machinery, 2009, p. 199–212. [Online]. Available: https://doi.org/10.1145/1653662.1653687
  47. K. Suzaki, K. Iijima, T. Yagi, and C. Artho, “Memory deduplication as a threat to the guest os,” in Proceedings of the Fourth European Workshop on System Security, ser. EUROSEC ’11.   New York, NY, USA: Association for Computing Machinery, 2011. [Online]. Available: https://doi.org/10.1145/1972551.1972552
  48. T. Ormandy, “An empirical study into the security exposure to hosts of hostile virtualized environments,” 2007.
  49. S. Vennam, “Hybrid cloud,” [Online]. Available: https://www.ibm.com/cloud/learn/hybrid-cloud.
  50. A. Weinert and P. Mayfield, et al., “Traditional perimeter-based network defense is obsolete - transform to a Zero Trust model,” [Online]. Available: https://www.microsoft.com/security/blog/2019/10/23/perimeter-based-network-defense-transform-zero-trust-model/.
  51. IBM, “What is Zero Trust,” [Online]. Available: https://www.ibm.com/topics/zero-trust.
  52. S. Marsh, “Formalising trust as a computational concept,” Ph.D. dissertation, University of Stirling, 07 1999, [Online]. Available: http://hdl.handle.net/1893/2010.
  53. K. J. Higgins, “Forrester Pushes ‘Zero Trust’ Model For Security,” [Online]. Available: https://web.archive.org/web/20210826012501/https://www.darkreading.com/perimeter/forrester-pushes-zero-trust-model-for-security.
  54. K. Lodewijkx, “IBM CISO Perspective: Zero Trust Changes Security From Something You Do to Something You Have,” [Online]. Available: https://securityintelligence.com/posts/ibm-ciso-perspective-zero-trust-changes-security/.
  55. K. Stelzer, “Bank’s digital strategy surmounts security obstacles,” [Online]. Available: https://www.ibm.com/case-studies/commercial-international-bank/.
  56. L. H. Newman, “What Is Zero Trust? It Depends What You Want to Hear,” [Online]. Available: https://www.wired.com/story/what-is-zero-trust/.
  57. Microsoft, “Zero Trust Maturity Model,” [Online]. Available: https://download.microsoft.com/download/f/9/2/f92129bc-0d6e-4b8e-a47b-288432bae68e/Zero_Trust_Vision_Paper_Final%2010.28.pdf.
  58. National Cyber Security Center (NCSC), “Network ar chitectures,” [Online]. Available: https://www.ncsc.gov.uk/collection/mobile-device-guidance/infrastructure/network-architectures-for-remote-access.
  59. A. Borkar, “When Implementing Zero Trust, Context Is Everything,” [Online]. Available: https://securityintelligence.com/posts/when-implementing-zero-trust-context-is-everything/.
  60. National Institute of Standards and Technology (NIST), “Zero Trust Architecture,” [Online]. Available: https://www.nccoe.nist.gov/projects/building-blocks/zero-trust-architecture.
  61. S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf.
  62. J. Olsson, A. Shorov, L. Abdelrazek, and J. Whitefield, “Ericsson Technology Review: Realizing Zero Trust in 5G Networks,” [Online]. Available: https://www.ericsson.com/49a20a/assets/local/reports-papers/ericsson-technology-review/docs/2021/zero-trust-and-5g.pdf.
  63. K. Balachandran, B. Smeets, M. Liljenstam, J. Ylitalo, and E. Fogelström, “Building trustworthiness into future mobile networks,” [Online]. Available: https://www.ericsson.com/en/reports-and-papers/white-papers/building-trustworthiness-into-future-mobile-networks.
  64. Intel, “Intel Software Guard Extensions SGX,” [Online]. Available: https://software.intel.com/sgx.
  65. Intel, “Intel Trust Domain Extensions (Intel TDX) Specifications,” [Online]. Available: https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html.
  66. AMD, “AMD Secure Encrypted Virtualization (SEV),” [Online]. Available: https://developer.amd.com/sev/.
  67. ARM, “Introduction to the ARM Cortex-M55 Processor,” [Online]. Available: https://www.arm.com/en/resources/white-paper/cortex-m55-introduction.
  68. G. D. H. Hunt, R. Pai, M. V. Le, H. Jamjoom, S. Bhattiprolu, R. Boivie, L. Dufour, B. Frey, M. Kapur, K. A. Goldman, R. Grimm, J. Janakirman, J. M. Ludden, P. Mackerras, C. May, E. R. Palmer, B. B. Rao, L. Roy, W. A. Starke, J. Stuecheli, E. Valdez, and W. Voigt, “Confidential computing for OpenPOWER,” in Proceedings of the Sixteenth European Conference on Computer Systems.   ACM, Apr 2021, pp. 294–310. [Online]. Available: https://dl.acm.org/doi/10.1145/3447786.3456243
  69. D. Harnik, E. Tsfadia, D. Chen, and R. I. Kat, “Securing the Storage Data Path with SGX Enclaves,” ArXiv, vol. abs/1806.10883, 2018.
  70. “Tresor SGX,” [Online]. Available: https://github.com/ayeks/TresorSGX.
  71. AMD, “AMD SEV-SNP: Strengthening VM isolation with integrity protection and more,” [Online]. Available: https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf.
  72. S. P. Johnson, “Intel SGX and side-channels,” [Online]. Available: https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sgx-and-side-channels.html.
  73. Intel, “Intel Trust Domain Extensions (Intel TDX) Whitepaper,” [Online]. Available: https://www.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf.
  74. S. Mofrad, F. Zhang, S. Lu, and W. Shi, “A Comparison Study of Intel SGX and AMD Memory Encryption Technology,” in Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, ser. HASP ’18.   New York, NY, USA: Association for Computing Machinery, 2018. [Online]. Available: https://doi.org/10.1145/3214292.3214301
  75. S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O’Keeffe, M. L. Stillwell, D. Goltzsche, D. Eyers, R. Kapitza, P. Pietzuch, and C. Fetzer, “SCONE: Secure Linux Containers with Intel SGX,” in 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16).   Savannah, GA: USENIX Association, Nov. 2016, pp. 689–703. [Online]. Available: https://www.usenix.org/conference/osdi16/technical-sessions/presentation/arnautov
  76. AMD, “AMD solutions for cloud computing,” [Online]. Available: https://www.amd.com/en/solutions/cloud-computing.
  77. D. Kaplan, J. Powell, and T. Woller, “AMD memory encryption,” [Online]. Available: https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v9-Public.pdf.
  78. D. Kaplan, “Protecting VM Register State with SEV-ES,” [Online]. Available: https://www.amd.com/system/files/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf.
  79. L. Comp, “AMD-SEV benchmarks on Azure CC.” [Online]. Available: https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796.
  80. ARM, “ARM Technologies Trustzone for Cortex-A,” [Online]. Available: https://www.arm.com/technologies/trustzone-for-cortex-a.
  81. ARM, “ARM Technologies Trustzone for Cortex-M,” [Online]. Available: https://www.arm.com/technologies/trustzone-for-cortex-m.
  82. R. Coombs, “Securing the Future of Authentication with ARM TrustZone-based Trusted Execution Environment and Fast Identity Online (FIDO),” [Online]. Available: https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/TrustZone-and-FIDO-white-paper.pdf?revision=62d3c38c-75e2-4a3a-83d5-49e6aea39854.
  83. ARM, “ARM Confidential Compute Architecture (ARM CCA),” [Online]. Available: https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture.
  84. D. Schor, “ARM Introduces Its Confidential Compute Architecture,” [Online]. Available: https://fuse.wikichip.org/news/5699/arm-introduces-its-confidential-compute-architecture/.
  85. CanaryBit, “Confidential Computing on IBM Protected Execution Facility,” [Online]. Available: https://www.canarybit.eu/paper-review-confidential-computing-for-openpower/.
  86. Oracle, “Cloud Native Core Documentation,” [Online]. Available: https://docs.oracle.com/en/industries/communications/cloud-native-core/index.html.
  87. Firecracker, “Secure and fast microVMs for serverless computing,” [Online]. Available: https://firecracker-microvm.github.io/.
  88. “AMD Secure Encrypted Virtualization (AMD-SEV) Guide,” [Online]. Available: https://documentation.suse.com/sles/15-SP1/html/SLES-amd-sev/index.html.
  89. A. O. Ayodele, J. Rao, and T. E. Boult, “Performance measurement and interference profiling in multi-tenant clouds,” in 2015 IEEE 8th International Conference on Cloud Computing.   IEEE, Jun 2015, pp. 941–949. [Online]. Available: http://ieeexplore.ieee.org/document/7214138/

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets