A Novel Protocol for Securing Network Slice Component Association and Slice Isolation in 5G Networks

Abstract

Slicing of a 5G network by creating virtualized instances of network functions facilitates the support of different service types with varying requirements. The management and orchestration layer identifies the components in the virtualization infrastructure to form an end-to-end slice for an intended service type. The key security challenges for the softwarized 5G networks are, (i) ensuring availability of a centralized controller/orchestrator, (ii) association between legitimate network slice components, and (iii) network slice isolation. To address these challenges, in this paper, we propose a novel implicit mutual authentication and key establishment with group anonymity protocol using proxy re-encryption on elliptic curve. The protocol provides (i) controller independent distributed association between components of a network slice, (ii) implicit authentication between network slice components to allow secure association, (iii) secure key establishment between component pairs for secure slice isolation, and (iv) service group anonymity. The proposed protocol's robustness is validated with necessary security analysis. The computation and bandwidth overheads of the proposed protocol are compared with that of the certificate based protocol, and our proposed protocol has 9.52% less computation overhead and 13.64% less bandwidth overhead for Type A1 pairing.