Network slicing partitions the physical network into several fit-for-purpose virtual networks with different degrees of isolation and quality of service to meet application requirements. However, it introduces vulnerabilities inherent to softwarization and virtualization technologies that could lead to compromised services. This project aims to secure 5G network slices end-to-end while meeting high levels of performance, flexibility, and reliability. The objectives include: (1) Artificial Intelligence (AI) based threat detection, and automatic deployment of countermeasures; (2) Security-by-design end-to-end network slice orchestration, including ZeroTrust attestation of underlying software supply chain; (3) Softwarized, high-performance and scalable Multi-access Edge Computing (MEC) platform to facilitate network telemetry, AI-based analytics, and on-demand orchestration of security functions, at the network edge. The MEC and AI solutions will be integrated into a large-scale 5G testbed.
Objective 1 is to leverage the application of AI to enhance network performance and security. In this regard, AI solutions deployed in the MEC will detect known and unknown attacks by learning to detect anomalies in the 5G network traffic, and potentially trace the source. The high-performance MEC will facilitate the (near) real time ingestion of network telemetry data and AI analytics for timely response to attacks on the 5G slices. The software-defined capabilities of the 5G infrastructure and its programmability will allow for on-demand orchestration of countermeasures to mitigate attacks.
Objective 2 is to deploy and orchestrate 5G slices that meet requirements in terms of high-performance and security. Slice configuration and security functions (e.g. isolation, non-cryptographic data protection, ZeroTrust software validation) will be enforced end-to-end when applicable. Slice configuration and orchestration decisions will be guided by applications security requirements and threat assessment.
Objective 3 is to integrate developed solutions with partners and collaborator technologies into a Proof of Concept (PoC) MEC-enabled 5G testbed with secure slices. This testbed will be used to demonstrate a prototype architecture for (i) secure applications of machine-to-machine communications and Internet of Things leveraging a 5G network, and (ii) exploiting the features of 5G to improve situational awareness, among others.
Developing AI solutions to detect threats, and automatically deploy countermeasures. Leveraging AI and minimizing human intervention will significantly increase responsiveness to known and unknown attacks.
Inculcating security in the design and orchestration of end-to-end 5G network slices. Integrating the application security requirements into the 5G slice configuration, overlooked by classical 5G service categories, will allow to ensure integrity throughout the lifecycle of slices. On-demand orchestration of security functions will allow to reinforce the integrity of compromised slices in the event of attacks. Developing ZeroTrust-based assessment of software composition, provenance, and behavior, to ensure software security attestation throughout the lifecycle of end-to-end network slices, will limit the attack vector and allow for the integration of software from various vendors, similar to Open Radio Access Network (RAN) principle, using a built-in risk assessment mechanism.
Building a 5G MEC platform to facilitate telemetry, AI-based analytics, on-demand deployment of security functions and their orchestration at the network edge. The MEC will improve the performance and security of the 5G network compared to a more traditional distant cloud-based solution, as well as allow for quick deployments in many scenarios from a mobile Forward Operating Base to a large-scale multi-nation deployment hosting secure applications from many different organizations. The MEC will also facilitate delay and latency sensitive applications, such as haptic, virtual or artificial reality applications for simulation, training and operational use, for many organizations simultaneously and securely.