TY - GEN
T1 - Network slicing as 6G security mechanism to mitigate cyber-attacks: the RIGOUROUS approach
AU - Matencio Escolar, Antonio
AU - Bernabe, Jorge Bernal
AU - Alcaraz Calero, Jose Maria
AU - Wang, Qi
AU - Skarmeta, Antonio
PY - 2024/7/10
Y1 - 2024/7/10
N2 - With the emergence of 6G, novel approaches are demanded to identify and address cyber-security, trust and privacy risks threatening the softwarised and virtualised networks and computing infrastructure, and next-generation services. One of the main innovations beyond State-of-the-Art envisioned is to deliver End-to-End Multi-domain Multi-tenant 6G Network Slicing capabilities over Zero-touch Security Network Management. This paper introduces a novel security enabler deployed in the data plane where network slicing is explored as a security mitigation mechanism. In this way, legitimate traffic can be isolated from harmful traffic and the attacker will have near zero vulnerability surface to compromise the implemented security measures. The proposed solution is centred on Network SelfProtection (NSP) based on the Open Virtual Switch (OVS) platform, to which significant extensions have been undertaken to support Network Slicing capabilities in multi-tenant multidomain beyond 5G networks. Preliminary experiments show promising results in terms of overhead introduced in the data plane (in the order of microseconds) and high scalability when deploying up to 2048 network slices. The proposed software network slicing enabler is a suitable candidate for coping with network traffic with different levels of nested encapsulation associated with this kind of virtualised infrastructures.
AB - With the emergence of 6G, novel approaches are demanded to identify and address cyber-security, trust and privacy risks threatening the softwarised and virtualised networks and computing infrastructure, and next-generation services. One of the main innovations beyond State-of-the-Art envisioned is to deliver End-to-End Multi-domain Multi-tenant 6G Network Slicing capabilities over Zero-touch Security Network Management. This paper introduces a novel security enabler deployed in the data plane where network slicing is explored as a security mitigation mechanism. In this way, legitimate traffic can be isolated from harmful traffic and the attacker will have near zero vulnerability surface to compromise the implemented security measures. The proposed solution is centred on Network SelfProtection (NSP) based on the Open Virtual Switch (OVS) platform, to which significant extensions have been undertaken to support Network Slicing capabilities in multi-tenant multidomain beyond 5G networks. Preliminary experiments show promising results in terms of overhead introduced in the data plane (in the order of microseconds) and high scalability when deploying up to 2048 network slices. The proposed software network slicing enabler is a suitable candidate for coping with network traffic with different levels of nested encapsulation associated with this kind of virtualised infrastructures.
KW - network slicing
KW - cyber-security
KW - 6G
KW - orchestration
KW - multi-tenant infrastructures
UR - https://ieeexplore.ieee.org/document/10588887
U2 - 10.1109/NetSoft60951.2024.10588887
DO - 10.1109/NetSoft60951.2024.10588887
M3 - Conference publication
SN - 9798350369595
T3 - IEEE Conference Proceedings
SP - 387
EP - 392
BT - Proceedings of the 6th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures (SecSoft 2024)
PB - IEEE
CY - United States
T2 - 6th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures
Y2 - 28 June 2024 through 28 June 2024
ER -