White Paper: Intelligent Security Architecture for 5G and Beyond Networks

5G’s capabilities and flexibility hold the promise of further facilitating the society’s digitalization by enabling new services (e.g. remote surgery, advanced industrial applications) and communication modes (e.g. gestures, facial expressions and haptics). Current wireless communication systems do not meet the performance requirements of these new services, such as bandwidth, latency and reliability. Furthermore, the current COVID-19 crisis has fundamentally changed the way the world communicates and operates, accelerating the shift towards a more digital world. Such shift and the new requirements make the need of reliable and high-quality digital services promised by 5G more crucial than ever.
To fulfil 5G promises, a shift towards full automation of network and service management and operation is a necessity. However, a major challenge facing full automation is the protection of the network and system assets – services, data and network infrastructure – against potential cybersecurity risks introduced by the unprecedented evolution of the 5G threat landscape.
INSPIRE-5Gplus, a 5G-PPP phase 3 project, aims to address these cybersecurity risks by introducing innovative concepts for security management of 5G networks and beyond at the level of platforms and vertical applications and services. To meet this goal, INSPIRE-5Gplus will devise and implement a fully automated end-to-end smart network and service security management framework that empowers not only protection but also trustworthiness and liability in managing 5G network infrastructures across multi-domains. INSPIRE-5Gplus will allow the advancement of the security vision for 5G and beyond through the adoption of a set of emerging trends and technologies; namely, Zero-touch network and Service Management (ZSM), Software-Defined Security (D-SEC) models, Artificial Intelligence/Machine Learning (AI/ML) techniques, Distributed Ledger Technologies (DLT), and Trusted Execution Environments (TEE). INSPIRE-5Gplus will ensure that the provided security is compliant with the expected Security Service Level Agreement (SSLA) and regulatory requirements.
This White Paper introduces the overall INSPIRE-5Gplus framework's High-Level Architecture, its main functional blocks and their role in enabling intelligent closed-loop security operations. To illustrate how the INSPIRE-5Gplus framework can be applied as a zero-touch security management solution for 5G systems, the White Paper presents a representative set of advanced security use cases. The presented use cases cover different advanced security problems, including: (i) trustworthy composition of network slices using Blockchains (DLT) and secure deployment of E2E network slices in compliance with agreed SSLAs for automotive verticals; (ii) detection of network attacks over encrypted traffic in Service-Based Architectures; (iii) enforcement of E2E encryption policies while leveraging TEE to enable trustworthy execution of encryption-decryption operations; (iv) reactive and proactive protection of E2E network slices using, respectively, anomaly detection and Moving Target Defense mechanisms.
The INSPIRE-5Gplus project is currently evolving the architecture, defining the specific set of services to be provided by each functional block and devising the corresponding enablers. As the project's work progresses, we will release new White Papers to share our achievements with the community.