Securing Service Migration in Multi-Access Edge Computing (MEC)

Edge computing paradigms were an expedient innovation for elevating the contemporary standards of mobile and Internet networks. Multi-Access Edge Computing (MEC) is an emerging edge computing paradigm that has the potential to overcome the disparity between the prevailing and envisioned networking architectures suited to realize 5G-based applications. As specified in MEC standardization, edge computing serviceable infrastructures are running on virtualization technologies to provide dynamic and flexible service instances to cater to User Equipment (UEs) of various formations to accomplish diverse use cases. Since the inception and operation of the services are executing at the edge level gNodeBs (gNBs), migration of services between gNBs is an imminent occurrence in edge computing that is contriving challenges to its feasible deployment. Security and Service Level Guarantee (SLG) requirements are vital parameters for such service migration operations conducted through gNB-to-gNB (g2g) connecting channels. With the advent of 5G, local operators are granted the ability to launch services in the mobile network, and such operators are not quite trustable due to the scalability of 5G. There is always a possibility of a fake gNB being launched by an adversary with replicated communication protocols. Further, the g2g Service Migration Channel (SMC) is subjected to Man-in-the-Middle (MitM) type intrusions that could invoke threat vectors ranging from simple eavesdropping threats to injection of malicious agents to the migrating content. In addition, emerging applications and use cases such as autonomous vehicles and unmanned aerial vehicles are setting a very low service level latency requirement. Therefore, attacks conducted to intentionally impede the services are impacting the MEC's performance substantially. On the contrary, a formidable level of security applied to mitigate such threat vectors can overwhelm the bandwidth of the SMC and aggregate processing latency from cryptographic operations. Therefore, in this Ph.D., 1) holistic security concerns and identity verification among active agents featured by the service migration phenomena of MEC deployments, and 2) exploitation of the trade-off between security application and service level latency specified by SLGs, are the prime research problems that are addressed. A MEC Service Migration Security Framework (MEC-SMSF) is proposed and developed for specifying the methodology to securely migrate a service instance within MEC-enabled gNodeBs. This framework incorporates an authentication protocol called MEC Service Migration Authentication Protocol (MEC-SMAP) to ensure identity verification among the parties involved in a service migration through authentication and to secure the migrating content through a robust g2g channel establishment. The proposed protocol was verified employing both formal and informal methods while feasibility was validated using a test-bed prototype environment. In addition, MEC-SMSF embeds a model for optimizing the level of security applied for migrating content based on the instantaneous bandwidth utilization of the channel: called MEC Service Migration Security Management (MEC-SMSM), which guarantees the satisfaction of SLGs. The proposed model and its standardization benchmarks classify the distinct security mechanisms employed for holistic security solutions based on their derived security cost. A Markovian model is proposed to formalize an estimation scheme, which is predicting the most probable security setting through probabilistic means. The proposed models and their concepts are validated with simulations and the prototype implementation of the MEC-SMSF verified the feasibility of this solution.