As with 5G and IoT, network slicing security offers a range of challenges that the ICT industry must prepare for
By now, we’ve heard plenty about how the complexity inherent in 5G and IoT networks will result in new attack vectors and additional opportunities for intentional and unintentional security breaches. If that is true (spoiler alert: it is), then similar logic can be applied to network slicing security. Here we’ll provide an overview of four crucial security considerations as network slicing is poised to take flight with 5G roll-outs.
Resource sharing – one size does not fit all
Although a fundamental premise of network slicing is that the network is carved into discrete, self-contained units, in many cases each slice must still leverage network-wide resources. As such, while unique security parameters can be defined for network slices individually, there are security parameters that must be applied to shared network resources. As such, the opportunity exists for incongruences to exist between a network-wide security policy and a security policy that must be applied to an individual slice.
Multi-domain security – orchestrating security policies
Under the assumption that network slices will become dynamic resources that can be set up, torn down or altered on an on-demand basis, then the presence of SDN-based orchestration is nearly a given. As such, security orchestration across multiple network domains also becomes important to ensuring the overall security of individual network slices. While security vendors have multi-domain security solutions available, it does provide an appropriate segue into the third item on the list.
Security orchestration – one-to-many attack vectors
In monolithic network architectures, the opportunity for a malicious attack to enter through a common entry point and then gain access to an array of other network resources is somewhat limited. However, in an SDN-based orchestration scheme, a successful attack on a multi-domain network orchestrator could provide entry points into multiple network domains and/or network slices.
Network immune system – the threat posed by limitless potential entry points
While the previous point describes a security breach that originates from an attack on a central network management point, the converse situation is also a key security concern as applied to network slicing. Similar to IoT security, whereby the sheer number of IoT sensors and other end-points provides a near-limitless point through which a security attack can originate. In a similar way, as more network slices are created to support a variety of user equipment, the potential number of attack vectors will increase accordingly. Here the ability to quickly identify, isolate, and mitigate threats becomes arguably more important than the ability to defend each point from the possibility of being breached.