Page 149 - Kaleidoscope Academic Conference Proceedings 2021
P. 149
Connecting physical and virtual worlds
3.2 Threats to hardware environment security 3.7 Threats to management security
Different from core networks that are deployed in the central Management security threats mainly include unauthorized
equipment room with well-established physical security access by malicious insiders and the use of weak passwords.
measures, MEC nodes may be deployed in unattended or Since MEC is deployed in distributed mode, operators have
customer equipment rooms, with complex environments and to manage and maintain several MEC nodes. To make the
weak protection and security measures. This exposes MEC process less labor-intensive, operators reply on remote O&M.
nodes to devices power-off, network broken, and other In this case, if upgrades and patching are not done on time,
security risks caused by natural disasters. It also makes them attackers may exploit vulnerabilities to launch attacks.
even more vulnerable to physical contact attacks.
3.8 Threats to data security
3.3 Threats to virtualization security
5G MEP can collect and store data of an interconnected
Containers or VMs are the main deployment method. device, including application data, user data, and the like.
Attackers can tamper with container or VM images, exploit Such data may be destroyed or leaked. Data destruction may
vulnerabilities in host OSs or virtualization software to occur when 5G MEP is destroyed or attacked, important data
launch DDoS attacks against containers or VMs, and exploit is not backed up, or no data recovery mechanism is available.
container or VM escape to attack the host or its other The 5G MEP platform can obtain and process the sensitive
containers or VMs [17]. privacy data of users during service development. If this data
is not classified and managed by level, encryption or
3.4 Threats to MEP security anonymization methods are not deployed, or data is opened
up and shared in a non-compliant manner, this may cause
5G MEP is deployed based on virtualization infrastructure. security risks (such as data leakage) [18].
It provides interfaces for application discovery and
notification. Attackers or malicious applications can have
access service interfaces on the MEP without authorization.
They can intercept or tamper with communication data
between the MEP and applications, and launch DDoS attacks
on the MEP. Attackers can also use malicious applications to
access, steal, tamper with, and delete sensitive privacy data
on the MEP.
3.5 Threats to application security
MEC nodes connect with a large number of heterogeneous
UEs and carry applications for multiple industries. These Figure 4 – MEC security threats
UEs and applications communicate through diverse
protocols, mostly connection-oriented and reliable, but are
not as secure as conventional communication protocols. 4. 5G MEC SECURITY PROTECTION
Therefore, attackers can exploit vulnerabilities such as
unauthorized access, exploit software vulnerabilities, abuse 4.1 5G MEC security protection architecture
privileges, forge identities and other risks. At the same time,
there may be multiple third-party applications deployed on There are different ways to deploy the UPF and MEP,
the MEP, leading to potential unauthorized access security depending on the specific requirements of each industry. For
risks. Third-party applications may also exhaust MEC WAN MEC, customers do not usually have particular
system resources, making them unavailable. requirements on deployment location of MEC. Therefore,
UPF and MEP can be deployed in operators' aggregation
3.6 Threats to capability exposure security equipment rooms with security control to provide services
for users. For LAN MEC, customers have highly sensitive
MEC provides a platform to carry applications. To facilitate data, so they require operators to deploy UPF and MEP on
application development, MEC needs to provide a series of campus. This enables the customers to have control over the
open APIs for users to access MEC-related data and infrastructure, ensuring sensitive data stays within campus.
functions. These APIs facilitate application development and
deployment, which in turn makes them targets for attackers. For both WAN and LAN MEC, customers may require the
If there are no effective authentication and authorization edge UPF to also forward their service data traffic along with
methods, or API security is not fully tested or verified, the MEP. The level of surface exposure of operators'
attackers may access through bogus terminals, exploit networks depends on the MEC deployment mode. Therefore,
vulnerabilities, or launch side-channel attacks to achieve it is essential to determine MEC security requirements in
unauthorized API invoking, unauthorized access, or user data relation to its deployment mode and customer service
tampering. requirements. Security solutions should be designed
– 87 –