面向5G工业MEC应用访问控制的双层零信任架构

2022 IEEE 5th International Conference on Electronic Information and Communication Technology (ICEICT) Pub Date : 2022-08-21 DOI:10.1109/ICEICT55736.2022.9908891

Zebing Feng, Peng Zhou, Qi Wang, Weiqiang Qi

{"title":"面向5G工业MEC应用访问控制的双层零信任架构","authors":"Zebing Feng, Peng Zhou, Qi Wang, Weiqiang Qi","doi":"10.1109/ICEICT55736.2022.9908891","DOIUrl":null,"url":null,"abstract":"This paper introduces a dual-layer zero trust architecture (ZTA) to enhance 5G vertical industry multi-access edge computing (MEC) application (APP) access control security. In the dual-layer ZTA, zero trust policy engine is deployed at the 5G core network, which evaluates the trust value of a UE to access to the MEC APP service. User's 5G network layer behavior and industry application layer behavior are jointly evaluated at the policy engine. Protocol interactive procedures are designed to realize the proposed framework in a real 3GPP-defined 5G network. The 5G network exposure function and open interfaces are leveraged to realize the mobile operator and vertical industry dual-layer cooperation. Moreover, behavior entropy is proposed to quantitatively evaluate user trust value and access control matrix under multiple user behavior attributes. The performance evaluation shows that the proposed scheme can effectively eliminate the MEC illegal access issues for user devices access to different MEC APPs and services belonging to a number of industry customers.","PeriodicalId":179327,"journal":{"name":"2022 IEEE 5th International Conference on Electronic Information and Communication Technology (ICEICT)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Dual-layer Zero Trust Architecture for 5G Industry MEC Applications Access Control\",\"authors\":\"Zebing Feng, Peng Zhou, Qi Wang, Weiqiang Qi\",\"doi\":\"10.1109/ICEICT55736.2022.9908891\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper introduces a dual-layer zero trust architecture (ZTA) to enhance 5G vertical industry multi-access edge computing (MEC) application (APP) access control security. In the dual-layer ZTA, zero trust policy engine is deployed at the 5G core network, which evaluates the trust value of a UE to access to the MEC APP service. User's 5G network layer behavior and industry application layer behavior are jointly evaluated at the policy engine. Protocol interactive procedures are designed to realize the proposed framework in a real 3GPP-defined 5G network. The 5G network exposure function and open interfaces are leveraged to realize the mobile operator and vertical industry dual-layer cooperation. Moreover, behavior entropy is proposed to quantitatively evaluate user trust value and access control matrix under multiple user behavior attributes. The performance evaluation shows that the proposed scheme can effectively eliminate the MEC illegal access issues for user devices access to different MEC APPs and services belonging to a number of industry customers.\",\"PeriodicalId\":179327,\"journal\":{\"name\":\"2022 IEEE 5th International Conference on Electronic Information and Communication Technology (ICEICT)\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-08-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 5th International Conference on Electronic Information and Communication Technology (ICEICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICEICT55736.2022.9908891\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 5th International Conference on Electronic Information and Communication Technology (ICEICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICEICT55736.2022.9908891","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

本文介绍了一种双层零信任架构(ZTA)，以增强5G垂直行业多接入边缘计算(MEC)应用(APP)的访问控制安全性。在双层ZTA中，5G核心网部署零信任策略引擎，评估终端接入MEC APP业务的信任值。在策略引擎上对用户5G网络层行为和行业应用层行为进行联合评估。设计了协议交互程序，以在真实的3gpp定义的5G网络中实现所提出的框架。利用5G网络暴露功能和开放接口，实现移动运营商与垂直行业的双层合作。此外，还提出了行为熵的概念，用于定量评价用户多行为属性下的用户信任值和访问控制矩阵。性能评估表明，该方案可以有效消除用户设备访问多个行业客户的不同MEC app和服务的MEC非法访问问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Dual-layer Zero Trust Architecture for 5G Industry MEC Applications Access Control

This paper introduces a dual-layer zero trust architecture (ZTA) to enhance 5G vertical industry multi-access edge computing (MEC) application (APP) access control security. In the dual-layer ZTA, zero trust policy engine is deployed at the 5G core network, which evaluates the trust value of a UE to access to the MEC APP service. User's 5G network layer behavior and industry application layer behavior are jointly evaluated at the policy engine. Protocol interactive procedures are designed to realize the proposed framework in a real 3GPP-defined 5G network. The 5G network exposure function and open interfaces are leveraged to realize the mobile operator and vertical industry dual-layer cooperation. Moreover, behavior entropy is proposed to quantitatively evaluate user trust value and access control matrix under multiple user behavior attributes. The performance evaluation shows that the proposed scheme can effectively eliminate the MEC illegal access issues for user devices access to different MEC APPs and services belonging to a number of industry customers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 IEEE 5th International Conference on Electronic Information and Communication Technology (ICEICT)

自引率

0.00%

发文量