MULTI-ACCÈS EDGE COMPUTING ANALYSE DES RISQUES ET DES MESURES DE SÉCURITÉ
DOI :
https://doi.org/10.59277/RRST-EE.2023.68.2.15Mots-clés :
Informatique de périphérie multi-accès (MEC), 5G, ISO, SécuritéRésumé
La 5G utilise efficacement des technologies telles que le découpage en tranches de réseau (NS), la virtualisation des fonctions réseau (NFV), le réseau défini par logiciel (SDN) et l'informatique de pointe à accès multiple (MEC). Dans le même temps, l'adoption de ces technologies et la création de nouveaux services ouvrent le réseau à un nouvel ensemble de défis de sécurité. Cet article présente une analyse des menaces des fonctionnalités MEC. La nouveauté de l'article réside dans le fait de considérer MEC comme un terrain d'entente pour les secteurs des télécommunications et de l'informatique. Cet article étudie les mesures selon les contrôles ISO/IEC 27001:2022. ISO/IEC 27001 est la norme la plus populaire pour les systèmes de gestion de la sécurité de l'information, avec une nouvelle version publiée en 2022.
Références
(1) T. Taleb, K. Samdanis, B. Mada, H. Flinck, S. Dutta. D. Sabella, On multi-access edge computing: a survey of the emerging 5g network edge cloud architecture and orchestration, IEEE Communications Surveys and Tutorials, 19, 3, pp. 1657–1681 (2017).
(2) B.M. Gago, How network slicing works and why it is key to 5G - Telefónica, telefonica.com, (2022). Accessed: Mar. 19, 2023. [Online]. Available: https://www.telefonica.com/en/
communication-room/blog/how-network-slicing-works-and-why-it-is-key-to-5g/
(3) G. Carrozzo, R. Szabo, K. Pentikousis, Network function virtualization: resource orchestration challenges draft-caszpe-nfvrg-orchestration-challenges-00 (2015). Accessed: Mar. 19, 2023. [Online]. Available: https://datatracker.ietf.org/doc/ html/draft-caszpe-nfvrg-orchestration-challenges-00
(4) M. Liyanage, P. Porambage, A. Y. Ding, A. Kalla, Driving forces for multi-access edge computing (MEC) IoT integration in 5G, ICT Express, 7, 2, pp. 127–137 (Jun. 2021).
(5) ***5GPPP Architecture Working Group, View on 5G architecture, (2021).
(6) ***EPRS Scientific Foresight Unit (STOA), Privacy and security aspects of the 5G technology (2022). Accessed: Mar. 20, 2023. [Online]. Available: https://www.europarl.europa.eu/RegData/etudes/STUD
/2022/697205/EPRS_STU(2022)697205(ANN1)_EN.pdf
(7) ***SecurityGen, Risks in telecom supply chain security. Accessed: Mar. 20, 2023. [Online]. Available: https://secgen.com/articles/RISKS_ IN_TELECOM_SUPPLY_CHAIN_SECURITY.
(8) ***ETSI White Paper #36, Harmonizing standards for edge computing - A synergized architecture leveraging ETSI ISG MEC and 3GPP specifications (2020). Accessed: Apr. 02, 2023. [Online]. Available: www.etsi.org
(9) ***European Union Agency for Cybersecurity, ENISA Threat Landscape for 5G Networks Report, ENISA (2020). Accessed: Feb. 15, 2023. [Online]. Available: https://www.enisa.europa.eu/publications /enisa-threat-landscape-report-for-5g-networks.
(10) D. Sabella et al., Edge computing: from standard to actual infrastructure deployment and software development (2021). Accessed: Sep. 24, 2021. [Online]. Available: https://networkbuilders.intel.com/
solutionslibrary/edge-computing-from-standard-to-actual-infrastructure-deployment-and-software-development
(11) A.F. Glavan et al., Cognitive edge computing through artificial intelligence, 13th International Conference on Communications, COMM 2020 – Proceedings, pp. 285–290 (2020).
(12) **Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) | shaping Europe’s digital future. Accessed: Apr. 24, 2023. [Online]. Available: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
(13) ***European Union Agency for Cybersecurity, EUCS – cloud services scheme, ENISA (2020). Accessed: Apr. 24, 2023. [Online]. Available: https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme.
(14) D. Sabella et al., MEC security: Status of standards support and future evolutions, ETSI White Paper, 46, pp.1-26 (2021). Accessed: Apr. 02, 2023. [Online]. Available: www.etsi.org
(15) ***International Organization for Standardization, ISO/IEC 27001 standard – information security management systems (2022).
(16) ***ISO/IEC 27011 ISMS for telecoms (2016), Accessed: Apr. 18, 2023. [Online]. Available: https://www.iso27001security.com/html/
html
(17) ***International Telecommunication Union, X.1051: Information technology - security techniques - code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations (2016)
(18) Q. Pham, F. Fang, A Survey of multi-access edge computing in 5G and beyond: fundamentals, technology integration, and state-of-the-art, IEEE Access, 8, pp. 116974-117017 (2020).
(19) G. Nencioni, R.G. Garroppo, R.F. Olimid, 5G multi-access edge computing: security, dependability, and performance, arXiv preprint arXiv:2107.13374 (2021).
(20) M. Liyanage, P. Porambage, A. Y. Ding, Five Driving Forces of Multi-Access Edge Computing, arXiv preprint arXiv:1810.00827 (2018).
(21) A. Reznik et al., Cloud RAN and MEC: A perfect pairing, ETSI MEC 23 25 (2018).
(22) I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtov, M. Ylianttila, Security for 5G and beyond, IEEE Communications Surveys & Tutorials, 2, 4, pp.3682-3722 (2019).
(23) F. Salahdine, T. Han, and N. Zhang, Security in 5G and beyond recent advances and future challenges, Security and Privacy, 6, 1, p.e271 (2023).
(24) P. Ranaweera, A. D. Jurcut, M. Liyanage, Survey on multi-access edge computing security and privacy, IEEE Communications Surveys and Tutorials, 23, 2, pp. 1078–1124 (2021).
(25) N. Abbas, Y. Zhang, A. Taherkordi, T. Skeie, Mobile Edge Computing: A Survey, IEEE Internet Things J, 5, 1, pp. 450–465 (2018).
(26) S.M. Vidhani, A.V. Vidhate, Security Challenges in 5G Network: A technical features survey and analysis, 5th IEEE International Conference on Advances in Science and Technology, ICAST 2022, pp. 592–597 (2022).
(27) R. Khan, P. Kumar, D. N. K. Jayakody, M. Liyanage, A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions, IEEE Communications Surveys and Tutorials, 22, 1, pp. 196–248 (2020).
(28) P. Porambage, J. Okwuibe, M. Liyanage, M. Ylianttila, and T. Taleb, Survey on Multi-Access Edge Computing for Internet of Things Realization, IEEE Communications Surveys and Tutorials, 20, 4, pp. 2961–2991 (2018), doi: 10.1109/COMST.2018.2849509.
(29) A. Lakshmi, A disease prediction model using spotted hyena search optimization and bi-lstm, Rev. Roum. Sci. Techn. – Électrotechn. Et Énerg, 68, 1, pp. 113–118 (2023).
(30) H. Gupta et al., Category boosting machine learning algorithm for breast cancer prediction, Rev. Roum. Sci. Techn.– Électrotechn. et Énerg, 66, 3, pp. 201–206 (2021).
(31) N. Sabri, A. Tlemçani, A. Chouder, Real-time diagnosis of battery cells for stand-alone photovoltaic system using machine learning techniques, Rev. Roum. Sci. Techn.– Électrotechn. et Énerg, 66, 2, pp. 105–110 (2021).
(32) J. Zhu, Y. Song, D. Jiang, H. Song, A new deep-q-learning-based transmission scheduling mechanism for the cognitive internet of things, IEEE Internet Things J, 5, 4, pp. 2375–2385 (2018).
(33) A.F. Glavan, V. Croitoru, Cloud environment assessment using clustering techniques on microservices dataset, 14th International Conference on Communications, COMM 2022 – Proceedings, pp. 1-6 (2022).
(34) F. Hussain et al., A two-fold machine learning approach to prevent and detect IoT botnet attacks, IEEE Access, 9, pp. 163412–163430 (2021).
(35) S.R. Sankepally, N. Kosaraju, V. Reddy, U. Venkanna, Edge intelligence based mitigation of false data injection attack in IoMT framework, OITS International Conference on Information Technology (OCIT), pp. 422–427 (2022).
(36) ***Finding AI in 3GPP (2022), Accessed: Mar. 16, 2023. [Online]. Available: https://www.3gpp.org/technologies/finding-ai-in-3gpp.
(37) ***3GPP, TR Specification # 33.898, 3GPP Portal (2022), Accessed: Mar. 16, 2023. [Online]. Available: https://portal.3gpp.org/
desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=4088