adopted . Networks take care of network access , and |
security issues . For the services and users , building an E2E |
service providers deal with service access . |
data security chain could be a way to reduce the reliance |
|
Diversified Identity Management
Ÿ Legacy cellular networks rely on ( U ) SIM cards to
|
on individual link security and simplifies security management . |
manage user identities and keys . In 5G , equipments |
Open Up Security Capabilities , and provide security as a |
such as sensors , wearable devices , and smart home |
Service |
devices are possibly either too small or too cheap to |
Security management , for instance , managing identities , |
accommodate ( U ) SIM . Now the time has come to find a |
performing authentication , defending against denial of |
new way of managing device identities , for instance , |
service ( DoS ) attacks , and protecting confidentiality and |
produce , assign , and apply lifecycle management on | |
device identities . | |
Ÿ Combination of device identity and service identity | |
In the new identity management framework , an | |
identity consists of a device identity and a service | |
identity . Each device identity ( also called physical | |
identity ) is globally unique and may be assigned to a | |
device at the manufacturing phase . Service identities | |
are assigned by service providers or networks . A physical identity may correspond to one or more service identities . |
integrity of service traffic , is a general request to vertical industries . However , perhaps not all industry players have the capabilities to build security management on their |
Ÿ From device-based management to user-based |
own , either due to economic burdens or technical |
management |
challenges , etc . Utilizing security service could be a good |
It leaves to users to decide which of their devices is |
choice to these players . |
allowed to access the network and which service is allowed to use . As an example , devices of a same user may share bandwidth quotas with each other in either online or offline manner . |
On the other hand , Telecom networks have relatively nice work in the security capabilities ( i . e . authentication , identity & key management ) and are trusted by users after years of commitment in services . It is a good opportunity |
Service-oriented Security |
for networks to provide their security capabilities as a |
Ÿ Build E2E Security |
service to vertical industries . For instance , networks could |
Differentiated security for different services |
authenticate service access and return the authentication |
5G systems are going to be service-oriented . This implies |
result to vertical industries . |
that there will be a special emphasis on security |
It is the network ' s choice either to deploy the security |
requirements that stem from the angle of services . For |
service on a cloud platform or simply built it into a virtual |
instance , remote health care requires resilient security |
network slice of the vertical industry who has bought the |
while IoT requires lightweight security . It is quite |
security service from networks . Security capabilities can be |
reasonable to offer differentiated security to different |
seamlessly built into business flows of vertical industries . |
services . |
• Isolate Virtual Network Slices |
Flexible security architecture to support security |
For virtual network slices , each of which handles a different |
attributes for different network slices |
type of application service to facilitate flexible resource |
If differentiated security is offered , then flexible security |
orchestration and scheduling , there is a need to isolate |
architecture is needed to support E2E protection for |
slices from each other to prevent their resources from |
different service , based on network slicing architecture . |
being accessed by network nodes in other slices . For |
Network manages different E2E security capabilities , |
instance , patients in a health care slice desire to allow only |
including strength of security algorithms , ways to derive |
doctors access their health data , and they are reluctant to |
and negotiate secret keys , and mechanisms for protecting |
see their data accessed by someone in other slices . |
confidentiality and integrity . Within a virtual network slice , |
The isolation statement is also applicable to virtual network |
security capabilities could further be distributed . |
slices with the same type of application service . For |
A Uniformed security management framework for multifrom |
instance , enterprise A may hope to block other enterprises |
vendor environment |
using its resources , although these enterprises are |
In cloud environment , software and equipments of |
served by a same type of virtual network slices . |
network infrastructure come from more than one |
The isolation effect for service and data in the virtual |
equipment vendors , which relatively complicate the |
network slices could approach to the user experience in |