MULTI-ACCESS EDGE COMPUTING ANALYSIS OF RISKS AND SECURITY MEASURES
DOI:
https://doi.org/10.59277/RRST-EE.2023.68.2.15Keywords:
Multi-access edge computing (MEC), 5G, ISO, SecurityAbstract
5G efficiently uses technologies like network slicing (NS), network function virtualization (NFV), software-defined network (SDN), and multi-access edge computing (MEC). At the same time, embracing these technologies and creating new services opens the network to a new set of security challenges. This paper presents a threat analysis of MEC features. The paper's novelty resides in viewing MEC as common ground for the telco and IT sectors. This paper studies the measures according to ISO/IEC 27001:2022 controls. ISO/IEC 27001 is the most popular standard for information security management systems, with a new version published in 2022.
References
(1) T. Taleb, K. Samdanis, B. Mada, H. Flinck, S. Dutta. D. Sabella, On multi-access edge computing: a survey of the emerging 5g network edge cloud architecture and orchestration, IEEE Communications Surveys and Tutorials, 19, 3, pp. 1657–1681 (2017).
(2) B.M. Gago, How network slicing works and why it is key to 5G - Telefónica, telefonica.com, (2022). Accessed: Mar. 19, 2023. [Online]. Available: https://www.telefonica.com/en/
communication-room/blog/how-network-slicing-works-and-why-it-is-key-to-5g/
(3) G. Carrozzo, R. Szabo, K. Pentikousis, Network function virtualization: resource orchestration challenges draft-caszpe-nfvrg-orchestration-challenges-00 (2015). Accessed: Mar. 19, 2023. [Online]. Available: https://datatracker.ietf.org/doc/ html/draft-caszpe-nfvrg-orchestration-challenges-00
(4) M. Liyanage, P. Porambage, A. Y. Ding, A. Kalla, Driving forces for multi-access edge computing (MEC) IoT integration in 5G, ICT Express, 7, 2, pp. 127–137 (Jun. 2021).
(5) ***5GPPP Architecture Working Group, View on 5G architecture, (2021).
(6) ***EPRS Scientific Foresight Unit (STOA), Privacy and security aspects of the 5G technology (2022). Accessed: Mar. 20, 2023. [Online]. Available: https://www.europarl.europa.eu/RegData/etudes/STUD
/2022/697205/EPRS_STU(2022)697205(ANN1)_EN.pdf
(7) ***SecurityGen, Risks in telecom supply chain security. Accessed: Mar. 20, 2023. [Online]. Available: https://secgen.com/articles/RISKS_ IN_TELECOM_SUPPLY_CHAIN_SECURITY.
(8) ***ETSI White Paper #36, Harmonizing standards for edge computing - A synergized architecture leveraging ETSI ISG MEC and 3GPP specifications (2020). Accessed: Apr. 02, 2023. [Online]. Available: www.etsi.org
(9) ***European Union Agency for Cybersecurity, ENISA Threat Landscape for 5G Networks Report, ENISA (2020). Accessed: Feb. 15, 2023. [Online]. Available: https://www.enisa.europa.eu/publications /enisa-threat-landscape-report-for-5g-networks.
(10) D. Sabella et al., Edge computing: from standard to actual infrastructure deployment and software development (2021). Accessed: Sep. 24, 2021. [Online]. Available: https://networkbuilders.intel.com/
solutionslibrary/edge-computing-from-standard-to-actual-infrastructure-deployment-and-software-development
(11) A.F. Glavan et al., Cognitive edge computing through artificial intelligence, 13th International Conference on Communications, COMM 2020 – Proceedings, pp. 285–290 (2020).
(12) **Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) | shaping Europe’s digital future. Accessed: Apr. 24, 2023. [Online]. Available: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
(13) ***European Union Agency for Cybersecurity, EUCS – cloud services scheme, ENISA (2020). Accessed: Apr. 24, 2023. [Online]. Available: https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme.
(14) D. Sabella et al., MEC security: Status of standards support and future evolutions, ETSI White Paper, 46, pp.1-26 (2021). Accessed: Apr. 02, 2023. [Online]. Available: www.etsi.org
(15) ***International Organization for Standardization, ISO/IEC 27001 standard – information security management systems (2022).
(16) ***ISO/IEC 27011 ISMS for telecoms (2016), Accessed: Apr. 18, 2023. [Online]. Available: https://www.iso27001security.com/html/
html
(17) ***International Telecommunication Union, X.1051: Information technology - security techniques - code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations (2016)
(18) Q. Pham, F. Fang, A Survey of multi-access edge computing in 5G and beyond: fundamentals, technology integration, and state-of-the-art, IEEE Access, 8, pp. 116974-117017 (2020).
(19) G. Nencioni, R.G. Garroppo, R.F. Olimid, 5G multi-access edge computing: security, dependability, and performance, arXiv preprint arXiv:2107.13374 (2021).
(20) M. Liyanage, P. Porambage, A. Y. Ding, Five Driving Forces of Multi-Access Edge Computing, arXiv preprint arXiv:1810.00827 (2018).
(21) A. Reznik et al., Cloud RAN and MEC: A perfect pairing, ETSI MEC 23 25 (2018).
(22) I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtov, M. Ylianttila, Security for 5G and beyond, IEEE Communications Surveys & Tutorials, 2, 4, pp.3682-3722 (2019).
(23) F. Salahdine, T. Han, and N. Zhang, Security in 5G and beyond recent advances and future challenges, Security and Privacy, 6, 1, p.e271 (2023).
(24) P. Ranaweera, A. D. Jurcut, M. Liyanage, Survey on multi-access edge computing security and privacy, IEEE Communications Surveys and Tutorials, 23, 2, pp. 1078–1124 (2021).
(25) N. Abbas, Y. Zhang, A. Taherkordi, T. Skeie, Mobile Edge Computing: A Survey, IEEE Internet Things J, 5, 1, pp. 450–465 (2018).
(26) S.M. Vidhani, A.V. Vidhate, Security Challenges in 5G Network: A technical features survey and analysis, 5th IEEE International Conference on Advances in Science and Technology, ICAST 2022, pp. 592–597 (2022).
(27) R. Khan, P. Kumar, D. N. K. Jayakody, M. Liyanage, A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions, IEEE Communications Surveys and Tutorials, 22, 1, pp. 196–248 (2020).
(28) P. Porambage, J. Okwuibe, M. Liyanage, M. Ylianttila, and T. Taleb, Survey on Multi-Access Edge Computing for Internet of Things Realization, IEEE Communications Surveys and Tutorials, 20, 4, pp. 2961–2991 (2018), doi: 10.1109/COMST.2018.2849509.
(29) A. Lakshmi, A disease prediction model using spotted hyena search optimization and bi-lstm, Rev. Roum. Sci. Techn. – Électrotechn. Et Énerg, 68, 1, pp. 113–118 (2023).
(30) H. Gupta et al., Category boosting machine learning algorithm for breast cancer prediction, Rev. Roum. Sci. Techn.– Électrotechn. et Énerg, 66, 3, pp. 201–206 (2021).
(31) N. Sabri, A. Tlemçani, A. Chouder, Real-time diagnosis of battery cells for stand-alone photovoltaic system using machine learning techniques, Rev. Roum. Sci. Techn.– Électrotechn. et Énerg, 66, 2, pp. 105–110 (2021).
(32) J. Zhu, Y. Song, D. Jiang, H. Song, A new deep-q-learning-based transmission scheduling mechanism for the cognitive internet of things, IEEE Internet Things J, 5, 4, pp. 2375–2385 (2018).
(33) A.F. Glavan, V. Croitoru, Cloud environment assessment using clustering techniques on microservices dataset, 14th International Conference on Communications, COMM 2022 – Proceedings, pp. 1-6 (2022).
(34) F. Hussain et al., A two-fold machine learning approach to prevent and detect IoT botnet attacks, IEEE Access, 9, pp. 163412–163430 (2021).
(35) S.R. Sankepally, N. Kosaraju, V. Reddy, U. Venkanna, Edge intelligence based mitigation of false data injection attack in IoMT framework, OITS International Conference on Information Technology (OCIT), pp. 422–427 (2022).
(36) ***Finding AI in 3GPP (2022), Accessed: Mar. 16, 2023. [Online]. Available: https://www.3gpp.org/technologies/finding-ai-in-3gpp.
(37) ***3GPP, TR Specification # 33.898, 3GPP Portal (2022), Accessed: Mar. 16, 2023. [Online]. Available: https://portal.3gpp.org/
desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=4088
