Page 387 - 5G Basics - Core Network Aspects
P. 387
Core network aspects 1
10.3.5 Communication security
Communication security ensures that information can only be accessed by authorized end-points, and the
information is not diverted or intercepted during transmission between these end-points.
In MC-Streaming, different networks have different security levels. Networks with a lower security level are
more vulnerable to attacks, such as DoS attacks and Distributed DoS (DDoS) attacks. Therefore, some types
of security systems such as security gateway and firewall are recommended to be deployed to ensure the
security boundary of the underlying network. Network scanning can also optionally be used here.
In addition, MC-Streaming needs to ensure availability. Availability means the service is resilient to hardware
or software failure, and intrusion attacks. Hence, the service is recommended to be designed and deployed
in a distributed architecture. Some kinds of redundant technologies, such as cluster and backup for both
hardware and software, are popularly used. An intrusion detection system (IDS) is also an effective
technology for protection from network attacks.
10.4 Terminal device security
In multiple access networks, the terminal device security problem becomes more complicated. Attacks may
come from different access networks; the attackers may access non-encrypted streaming content by
changing terminal devices, or encrypted streaming content by analysing data flows. It may increase the risks
of MUE compared with a single network environment. Terminal devices may be infected with virus, Trojan
horses, worms and other malicious programs. These harmful programs may cause information disclosure,
charging information tampered. They may also make the streaming service work abnormally. In addition,
unauthorized subscribers can try to break device security by downloading and running hacker software if
they can access the device. These may also make terminal devices unsafe, especially for smartphones.
According to the threats above, some mechanisms are proposed to deal with terminal device protection. For
example, pluggable and renewable security processors and components can optionally be deployed to
improve the ability of resisting network attacks. Secure and tamper-resistant secret data storage, control
signal encryption and decryption are recommended to be used to prevent information disclosure and data
tampering, etc. Authorization is recommended to be required to ensure that only legal software can be
downloaded, run and stored on terminal devices.
11 Charging
MC-Streaming contains a variety of service types, such as video broadcasting, video on demand, video
conference and monitoring, etc. Each different service type has different characteristics, and their charging
policies are also different. Charging for MC-Streaming needs to be able to generate usage records, and
provide flexible and customized price strategy, so as to fulfil different charging requirements. A charging
system is recommended to support a variety of charging resources, including timing, total flow, upstream
traffic, downside flow, frequency, etc.
In the multi-connection environment, resources in different networks can be allocated and used by a single
user at the same time. Multiple links can also be charged at the same time. Therefore, it is recommended
not to charge multiple times for a single usage of the service, even when multiple usage records are
generated in different networks.
The charging mechanisms can be divided into different categories. According to the time when to charge,
they can be divided into online charging and offline charging. According to the content to be charged, they
can be divided into duration charging, content charging, monthly rental charging and combined charging, etc.
MC-Streaming is recommended to support more than one charging mechanism to support different service
types.
377
