Page 149 - Kaleidoscope Academic Conference Proceedings 2021
P. 149

Connecting physical and virtual worlds




           3.2   Threats to hardware environment security     3.7   Threats to management security

           Different from core networks that are deployed in the central   Management security threats  mainly include unauthorized
           equipment  room  with  well-established  physical  security   access by malicious insiders and the use of weak passwords.
           measures, MEC nodes  may  be deployed in unattended or   Since MEC is deployed in distributed mode, operators have
           customer equipment rooms, with complex environments and   to manage and maintain several MEC nodes. To make the
           weak protection and security measures. This exposes MEC   process less labor-intensive, operators reply on remote O&M.
           nodes  to  devices  power-off,  network  broken,  and  other   In this case, if upgrades and patching are not done on time,
           security risks caused by natural disasters. It also makes them   attackers may exploit vulnerabilities to launch attacks.
           even more vulnerable to physical contact attacks.
                                                              3.8   Threats to data security
           3.3   Threats to virtualization security
                                                              5G MEP can collect and store data of an interconnected
           Containers  or  VMs  are  the  main  deployment  method.   device, including application  data, user data, and the like.
           Attackers can tamper with container or VM images, exploit   Such data may be destroyed or leaked. Data destruction may
           vulnerabilities  in  host  OSs  or  virtualization  software  to   occur when 5G MEP is destroyed or attacked, important data
           launch DDoS attacks against containers or VMs, and exploit   is not backed up, or no data recovery mechanism is available.
           container  or  VM  escape  to  attack  the  host  or  its  other   The 5G MEP platform can obtain and process the sensitive
           containers or VMs [17].                            privacy data of users during service development. If this data
                                                              is  not  classified  and  managed  by  level,  encryption or
           3.4   Threats to MEP security                      anonymization methods are not deployed, or data is opened
                                                              up and shared in a non-compliant manner, this may cause
           5G MEP is deployed based on virtualization infrastructure.   security risks (such as data leakage) [18].
           It  provides  interfaces  for  application  discovery  and
           notification.  Attackers  or  malicious  applications can have
           access service interfaces on the MEP without authorization.
           They can intercept or tamper  with  communication  data
           between the MEP and applications, and launch DDoS attacks
           on the MEP. Attackers can also use malicious applications to
           access, steal, tamper with, and delete sensitive privacy data
           on the MEP.

           3.5   Threats to application security

           MEC nodes connect with a large number of heterogeneous
           UEs and carry  applications  for multiple industries. These   Figure 4 – MEC security threats
           UEs  and  applications  communicate  through  diverse
           protocols, mostly connection-oriented and reliable, but are
           not  as  secure  as  conventional  communication  protocols.   4.  5G MEC SECURITY PROTECTION
           Therefore,  attackers  can  exploit  vulnerabilities  such  as
           unauthorized access, exploit software vulnerabilities, abuse   4.1   5G MEC security protection architecture
           privileges, forge identities and other risks. At the same time,
           there may be multiple third-party applications deployed on   There  are  different  ways  to  deploy  the  UPF  and  MEP,
           the MEP, leading to potential unauthorized access security   depending on the specific requirements of each industry. For
           risks.  Third-party  applications  may  also  exhaust  MEC   WAN  MEC,  customers  do  not  usually  have  particular
           system resources, making them unavailable.         requirements on deployment  location of MEC. Therefore,
                                                              UPF and MEP can be deployed in operators' aggregation
           3.6   Threats to capability exposure security      equipment rooms with security control to provide services
                                                              for users. For LAN MEC, customers have highly sensitive
           MEC provides a platform to carry applications. To facilitate   data, so they require operators to deploy UPF and MEP on
           application development, MEC needs to provide a series of   campus. This enables the customers to have control over the
           open  APIs  for  users  to  access  MEC-related  data  and   infrastructure, ensuring sensitive data stays within  campus.
           functions. These APIs facilitate application development and
           deployment, which in turn makes them targets for attackers.   For both WAN and LAN MEC, customers may require the
           If  there  are  no  effective  authentication  and  authorization   edge UPF to also forward their service data traffic along with
           methods, or API security is not fully tested or  verified,   the  MEP.  The  level  of  surface  exposure  of  operators'
           attackers  may  access  through  bogus  terminals,  exploit   networks depends on the MEC deployment mode. Therefore,
           vulnerabilities,  or  launch  side-channel  attacks  to  achieve   it is essential to  determine  MEC security requirements in
           unauthorized API invoking, unauthorized access, or user data   relation  to  its  deployment  mode  and  customer  service
           tampering.                                         requirements. Security solutions should be designed





                                                           – 87 –
   144   145   146   147   148   149   150   151   152   153   154