|
Summary:
|
This Recommendation establishes security requirements and architecture for network slice management and orchestration, as well as automatic creation of end-to-end (E2E) network slices with customized security capabilities, to deploy full-scale E2E network slicing for consumer, business and government segments.
Mobile communication is fast developing and reaching to industries such as automotive, manufacturing, logistics and energy, as well as sectors such as finance and healthcare that do not currently fully exploit the potential of mobile services. However, various applications have different requirements. Some applications may require ultra-reliable communication, whereas others may require ultra-high-bandwidth communication or extremely low latency. So, network slicing has been introduced to offer a differentiated mix of capabilities to meet all these diverse requirements at the same time.
With network slicing, various types of users or customers can enjoy connectivity and data processing tailored to their specific requirements (e.g., data speed, quality, latency, reliability, security and pricing model) that adhere to a service level agreement (SLA) agreed with consumers, enterprises and vertical industries. However, there are also challenges for implementing full-scale E2E network slicing deployments for consumer, business and government segments, e.g., E2E precision slicing, network slice reliability, network slice scalability and network slice lifecycle management. Among these challenges, the most important one is network slice security, which is receiving more and more attentions from academia and industry.
[b-3GPP TR 33.811] studied security for the interface exposed to network slice management and integrity protection of the network slice subnet template, and [3GPP TS 33.501] specified security management of network slices (e.g., authentication, authorization, integrity protection, and confidentiality protection for the interface between the producer and the consumer of management service) based on the study. [b-3GPP TR 33.813] studied further network slice specific authentication and authorization, data confidentiality and integrity, user identification privacy and inter-slice security isolation.
|
