What really is network slicing? How does it figure in 5G and the Internet of Things (IoT)? Why is network slicing security relevant for IoT?
Questions such as these have been addressed by Ericsson’s Senior Researcher, Network Security Niklas Beijar in a post on the company’s official blog.
Ericsson is already working with partners from industry and academia in the “5G!Pagoda project”, a collaboration between EU H2020 and Japan, on network slicing concepts beyond 5G, and in the EU H2020 project Anastacia specifically on IoT security.
Here’s why network slicing security is important
Niklas writes that IoT use cases range from environmental monitoring to industrial automation, and each “comes with its needs in terms of networking, scalability and security.” These challenges range from a need to manage massive number of devices, deliver the coverage and also conserve energy. Other challenges, such as with industrial control and automotive control, require very reliable and low latency communications.
It is difficult to optimize the mobile network to serve these sometimes unique and very different requirements efficiently. Network slicing makes it possible because each slice can be optimized for a specific use case.
Niklas says such network slicing provides isolation between the slices, both in terms of traffic and resources. While traffic isolation also can be provided by Virtual Private Networks (VPN), resource isolation requires support from the network. Isolating resources and control in addition to user traffic plays an important role in protecting critical systems from DoS attacks, he adds.
The beauty about Slices is that they can be customized, depending on the need, and the different security mechanisms and policies. Here’s an example, as given by Ericsson: There may not be any need to offer direct internet connectivity to devices in a slice where the services are provided as virtual network functions (VNFs) within the slice. Each slice can operate with different security functionality, such as firewall configurations, access policies, packet inspection, etc. that has been customized for the given services. Slices can even provide their own charging and authentication schemes.
What’s more, if devices with similar behavior and characteristics are allocated to the same slice, it is easier to observe the typical behavior and detect anomalies and changes in behavior and traffic patterns. For instance, a device in an IoT slice whose traffic no longer matches IoT traffic patterns might trigger a warning.
Key results from the ongoing 5G!Pagoda and Anastacia projects were recently demonstrated at the 2019 IoT week.
To know more, you may click here.
Image Credit: Ericsson