Page 384 - 5G Basics - Core Network Aspects
P. 384
1 Core network aspects
delete user data on demand by the subscriber himself or the service provider. Sensitive data are required to
be encrypted and secured. Hence, a third party cannot easily read out the data even when the device can be
accessed. The terminal device should also provide the capability of avoiding malicious software and virus
attacks.
10.1.2 Access control
Normal subscribers should be able to set up an access control mechanism (such as using a password) to limit
the access to his/her preferred content or services.
For protection of children, some kinds of mechanisms for parent control are recommended to be deployed
in order to restrict the streaming contents from being accessed. Specifically, the service provider can set
ratings for content to limit access by children, and also can make an authorization in the terminal device for
children viewing a particular channel or content, for example, by using a PIN challenge.
10.2 Service security
Service security in MC-Streaming also suffers from all the related problems in legacy networks. For example,
authentication, authorization and access control are required to be supported. Before a service is
provisioned, terminal device and subscriber are typically required to be authenticated in a secure way. After
that, the subscriber is authorized for the access of specific service and content. Service access control also
includes encryption mechanisms for service signalling and content flow, to mutually prevent unwanted or
unauthorized access for both service provider and subscriber.
Specific to the multi-connection environment some specific security problems are discussed below.
10.2.1 Attacks
The diverse nature of the access networks involved in MC-Streaming requires a number of security
procedures to prevent malicious attacks. These attacks may include:
• Denial of service (DoS), in which the attacks consists of flooding with service requests, creating
network and server(s) congestion.
• Intrusion, which can destroy the network infrastructure and lead to threats to the MC-Streaming
services.
• Trojans, which can steal the subscribers' private information or privacy stored in terminal devices,
such as subscriber information, service usage and network related information.
The result of these attacks may violate subscribers' privacy, illegally modify policy information and ultimately
cause abnormal behaviour of the MC-Streaming service.
10.2.2 Authentication
Subscribers are commonly required to fulfil authentication and authorization before they are able to access
a service. Overpassing these steps lead to malicious threats targeting the service, such as denial of service
(DoS), intrusion and malicious programs like Trojans, which can steal the information of subscribers.
However, authentication and authorization is somehow complicated in MC-Streaming, since different
mechanisms may be deployed in different access networks simultaneously.
From the service's perspective, multiple and repeated authentication procedures for every access network
make authentication information potentially prone to be leaked. From the subscribers' perspective, they
potentially should login repeatedly when accessing the service through several access networks. This is really
inconvenient for subscribers, and may not provide a good user experience. From the perspective of
management, large amounts of account information also makes the management complicated.
It is further recommended that authentication and authorization be bound to a verification of the integrity
of MC-Streaming ensuring that the service, private subscription information, and policies are not
compromised through malicious attacks. See also [ITU-T Y.2251], clause 7.
374
