No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Applying Security Service Level Agreements in V2X Network Slices
... For our work, we define three distinct levels of intent specification, ranging from high-level abstraction to detailed configurations: SSLA, MSPL-OP, and final configuration (as illustrated in Figure 2). The SSLA serves as the entry point to the evolved ZSM architecture as explained in [42] inspired by the work in [43]. The SSLA is a formal agreement between a service requester, such as an over-the-top (OTT) or other operator, and the provider. ...
In the rapidly evolving landscape of telecommunications, the integration of commercial 5G solutions and the rise of edge computing have reshaped service delivery, emphasizing the customization of requirements through network slices. However, the heterogeneity of devices and technologies in 5G and beyond networks poses significant challenges, particularly in terms of security management. Addressing this complexity, our work adopts the Zero-touch network and Service Management (ZSM) reference architecture to enable end-to-end automation of security and service management in Beyond 5G networks. This paper introduces the ZSM-based framework, which harnesses software-defined networking, network function virtualization, end-to-end slicing, and orchestration paradigms to autonomously enforce and preserve security service level agreements (SSLAs) across multiple domains that make up a 5G network. The framework autonomously manages end-to-end security slices through intent-driven closed loops at various logical levels, ensuring compliance with ETSI end-to-end network slice management standards for 5G communication services. The paper elaborates with an SSLA-triggered use case comprising two phases: proactive, wherein the framework deploys and configures an end-to-end security slice tailored to the security service level agreement specifications, and reactive, where machine learning-trained security mechanisms autonomously detect and mitigate novel beyond 5G attacks exploiting open-sourced 5G core threat vectors. Finally, the results of the implementation and validation are presented, demonstrating the practical application of this research. Interestingly, these research results have been integrated into the ETSI ZSM Proof of Concept #6: ’Security SLA Assurance in 5G Network Slices’, highlighting the relevance and impact of the study in the real world.
... In line with policy-based approaches, it is of utmost importance to ensure that the right security level is properly applied based on the user requirements. Security Service-Level Agreements (SSLAs) [7] are thus employed for this aim, serving as a contract between the customer and the operator. ...
Research on vehicle-to-everything (V2X) is attracting significant attention nowadays, driven by the recent advances in beyond-5G (B5G) networks and the multi-access edge computing (MEC) paradigm. However, the inherent heterogeneity of B5G combined with the security vulnerabilities of MEC infrastructure in dynamic V2X scenarios introduces unprecedented challenges. Efficient resource and security management in multi-domain V2X environments is vital, especially with the growing threat of distributed denial-of-service (DDoS) attacks against critical V2X services within MEC. Our approach employs the zero-touch network and service management (ZSM) standard, integrating autonomous security into end-to-end (E2E) slicing management. We consider an entire 5G network, including vehicular user equipment, radio access networks, MEC, and core components, in the presence of DDoS targeting V2X services. Our framework complies with security service-level agreements (SSLAs) and policies, autonomously deploying and interconnecting security sub-slices across domains. Security requirements are continuously monitored and, upon DDoS detection, our framework reacts with a coordinated E2E strategy. The strategy mitigates DDoS at the MEC and deploys countermeasures in neighboring domains. Performance assessment reveals effective DDoS detection and mitigation with low latency, aligned with the mission-critical nature of certain V2X services. This work is part of ETSI ZSM PoC “security SLA assurance in 5G network slices”.
... Continuous monitoring for SSLA violation is required for E2E secure slices. The authors of [166] demonstrate the use of SSLAs to secure virtual resources of vehicular network slice. They continuously assess the SSLAs deployed in vehicleto-everything (V2X) use-case to evaluate the vehicle's trustworthiness. ...
The dawn of softwarized networks enables Network Slicing (NS) as an important technology towards allocating end-to-end logical networks to facilitate diverse requirements of emerging applications in fifth-generation (5G) mobile networks. However, the emergence of NS also exposes novel security and privacy challenges, primarily related to aspects such as NS life-cycle security, inter-slice security, intra-slice security, slice broker security, zero-touch network and management security, and blockchain security. Hence, enhancing NS security, privacy, and trust has become a key research area toward realizing the true capabilities of 5G. This paper presents a comprehensive and up-to-date survey on NS security. The paper articulates a taxonomy for NS security and privacy, laying the structure for the survey. Accordingly, the paper presents key attack scenarios specific to NS-enabled networks. Furthermore, the paper explores NS security threats, challenges, and issues while elaborating on NS security solutions available in the literature. In addition, NS trust and privacy aspects, along with possible solutions, are explained. The paper also highlights future research directions in NS security and privacy. It is envisaged that this survey will concentrate on existing research work, highlight research gaps and shed light on future research, development, and standardization work to realize secure NS in 5G and beyond mobile communication networks.
... It is further suggested to provide secure access to slice APIs using state-of-the-art TLS or O-Auth techniques [85]. An application of dedicated security policies with secure API access is presented in [86] to protect safetycritical V2X data traffic in an end-to-end fashion. A secure and privacy-preserving authentication framework is proposed in [87] to support secure access to service data in slice selection. ...
Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.
... Simulation [77] Efficient placement of VNFs to meet the service demand request using adaptive interference aware approach is evaluated Generalized approach adopted for AD VNF placement evaluation [79] A clustered VNF chaining scheme is proposed to reduce the average service time (AST) time for V2X networks Proposed VNF chaining scheme benefits can be explored for other V2X services, comparison with other alternatives including role of MEC can be explored. Discussion [103] A system comprised of virtualized infrastructure for an end-to-end secure network slice architecture which can detect false vehicular messages is proposed ...
Autonomous driving solutions stretch over different disciplines and technologies e.g., sensors, communication, computation, machine learning, data analytic, etc., that need to be smartly stitched together for achieving end-to-end solutions. In this paper, we discuss the vision of level 5 autonomous vehicles (AV), relevant challenges, and analysis of the research literature. The paper focuses on the role of communication for connected and automated vehicles. Furthermore, the need for implanting intelligence in different architectural components and for various Autonomous Driving relevant operations is discussed. Challenges specific to communication, perception, service orchestration, service mobility, etc. are highlighted, relevant research literature analyzed, and potential solutions sketch is provided. We have also provided an overview of the large-scale proof-of-concepts around the globe that guide the readers towards studying different aspects of the autonomous driving and perspectives of stakeholders therein. The potential of Satellite-Air-Ground-Integrated-Networks (SAGINs) is studied for realizing the objectives of envisioned higher level autonomous driving. Based on the exhaustive analysis of the research work, this work concludes that there is a need for zooming out strategy, where the novel architectural, technological, and AI-based solution approaches are crafted by capturing the end-to-end system with the focus on most (if not all) stakeholders and their objectives.
... In the radio access network, resource scheduling is essential to improve the resource multiplexing gain between slices while meeting the specific service requirements of RAN slices. In this regard, domestic and foreign scholars [15][16][17] have used different algorithms to study the resource management of vehicle network slicing. However, while most of the literature considers the resource allocation mechanism of V2V communication, it does not consider the resource allocation mechanism of V2I communication, and does not consider system-level resource sharing or the time variation and spatial correlation of slice service traffic. ...
The development of 5G network slicing technology, combined with the application scenarios of vehicle–road collaborative positioning, provides end-to-end, large-bandwidth, low-latency, and highly reliable flexible customized services for Internet of Vehicle (IoV) services in different business scenarios. Starting from the needs of the network in the business scenario oriented to co-location, we researched the application of 5G network slicing technology in the vehicle–road cooperative localization system. We considered scheduling 5G slice resources. Creating slices to ensure the safety of the system, provided an optimized solution for the application of the vehicle–road coordinated positioning system. On this basis, this paper proposes a vehicle–road coordinated combined positioning method based on Beidou. On the basis of Beidou positioning and track estimation, using the advantages of the volumetric Kalman model, a combined positioning algorithm based on CKF was established. In order to further improve the positioning accuracy, vehicle characteristics could be extracted based on the traffic monitoring video stream to optimize the service-oriented positioning system. Considering that the vehicles in the urban traffic system can theoretically only travel on the road, the plan can be further optimized based on the road network information. It was preliminarily verified by simulation that this research idea has improved the relative single positioning method.
Due to the fact that the current variability of services is brought by the current networks and the new possibilities that will appear thanks to the near-future networks, Network Slicing has become one of the key elements to allow the co-existence of multiple computing and transportservices with different requirements (i.e., performance, security, isolation) over the same infrastructure in multi-tenant and multi-domain (i.e., edge, transport, core) scenarios. The use of this and other technologies allow to have only one generic infrastructure (e.g., an optical transport domain) despite the services differences, instead of needing specific resources (e.g., on single optical fiber) for each type of service. Multiple works have been published about Network Slicing, Network Function Virtualization and Software Defined Networks using multiple computing and transport domains but, based on our literature research, there is one important aspect with a low amount of attention: the security management around network slices and their enforcement. It is essential to ensure that the expected Quality of Security (QoSec) is accomplished based on the correct deployment and posterior monitoring of the security metrics defined in the agreed Security Service Level Agreement (SSLA) between the service requester and the provider.
This article aims to present an architecture designed to manage and control the life-cycle of secured End-to-End (E2E) network slices involving multiple domains based on the SSLA requirements. The security management architecture is described with its components together with the deployment and monitoring processes and the data objects used. Finally, an experimental validation is described using the use case of a DoS attack scenario and its resolution.
Information exchange among vehicles, and between vehicles and the roadside infrastructure is commonly regarded as a base technology to sustainably reduce road accidents and improve traffic efficiency. After more than a decade of research and development efforts, a technological basis has been established that applies WiFibased, wireless communication in the 5.9 GHz frequency band, ad hoc communication and dedicated message sets, as well as management and security procedures. In Europe, Release 1 of standards for cooperative systems has been completed, indicating deployment of a basic system starting in 2015. This article provides a comprehensive overview of standards and complementary industry specifications for cooperative systems in Europe, covering relevant aspects of access technologies, network and transport protocols, facilities, applications, security, and management.
