Improving the Security of Network Slicing in 5G and Beyond Networks

Advancements in the Internet technologies have pioneered the evolution of diverse applications such as autonomous vehicles, industry 5.0, and smart healthcare. As the number of connected devices grows exponentially and the network requirements of these applications become increasingly heterogeneous, there's a pressing need to revolutionize and re-engineer existing telecommunication architectures. Network slicing emerges as a revolutionary technology in this context, dividing the physical network into multiple logical networks, or network slices, to cater to the varying network needs of different applications. However, security poses a fundamental challenge in these network-slicing ecosystems. In addition to the conventional security challenges in traditional telecom networks, the complex and advanced nature of network slicing introduces a novel threat space. The rapid growth of the number of connected devices through network slicing intensifies the need for investigations to resolve security challenges due to the sensitivity of the data shared through the networks. Therefore, this PhD thesis focuses on identifying security challenges in network slicing and proposing potential solutions to the identified challenges. A novel security orchestration framework is specifically designed for the slicing ecosystem, considering the lack of security-specific elements in current slicing architectures. This framework is explored in-depth, including its design, expected benefits, and implementation, which are investigated through testbed implementations and simulations. The thesis also tackles authentication and authorization security challenges of network functions in 5G network slicing. These challenges include dynamic certificate management in multi-operator environments and authorization security challenges originating from network function sharing among network slices, such as unauthorized service utilization, deceptive Denial of Service (DoS) attacks, and data leakages from network slices. To address these issues, a blockchain-based multi-party distributed certificate management framework is developed, employing elliptic curve cryptography for secure communication. Also, a blockchain-based NF authorization framework is proposed to mitigate vulnerabilities in NF sharing between network slices. This framework is implemented using Hyperledger Fabric blockchain, and its effectiveness is demonstrated through extensive experiments and security verifications. Information related to the attacks that happened to individual operators in multi-operator environments needs to be shared among operators while preserving privacy to increase the performance of security solutions. Federated learning can play a salient role in multi-domain network slicing environments to share information while providing slice isolation. However, plain model sharing in traditional federated learning cannot be directly employed in slicing-enabled multi-domain environments due to inference attacks and deep-leakage gradient attacks. Therefore, a novel blockchain-based framework has been developed to perform federated learning in a secure and privacy-preserving manner. The traditional masking method for model parameter sharing is improved with features such as individual operator validation, distributed aggregator selection, and the final model validation. The proposed framework is implemented on top of a Hyperledger Fabric blockchain to evaluate the proposal's effectiveness. Also, an extensive security analysis is conducted to show the secure and privacy-preserving nature of the proposed approach. This thesis focuses on improving the security of a network-slicing ecosystem in three domains, i.e., security orchestration, authentication and authorization, and secure federated learning. The proposed and validated solutions guarantee that this research significantly contributes to improving the overall network slicing security.