{"title":"ZSM-Based E2E Security Slice Management for DDoS Attack Protection in MEC-Enabled V2X Environments","authors":"Rodrigo Asensio-Garriga;Pol Alemany;Alejandro M. Zarca;Roshan Sedar;Charalampos Kalalas;Jordi Ortiz;Ricard Vilalta;Raul Muñoz;Antonio Skarmeta","doi":"10.1109/OJVT.2024.3375448","DOIUrl":null,"url":null,"abstract":"Research on vehicle-to-everything (V2X) is attracting significant attention nowadays, driven by the recent advances in beyond-5G (B5G) networks and the multi-access edge computing (MEC) paradigm. However, the inherent heterogeneity of B5G combined with the security vulnerabilities of MEC infrastructure in dynamic V2X scenarios introduces unprecedented challenges. Efficient resource and security management in multi-domain V2X environments is vital, especially with the growing threat of distributed denial-of-service (DDoS) attacks against critical V2X services within MEC. Our approach employs the zero-touch network and service management (ZSM) standard, integrating autonomous security into end-to-end (E2E) slicing management. We consider an entire 5G network, including vehicular user equipment, radio access networks, MEC, and core components, in the presence of DDoS targeting V2X services. Our framework complies with security service-level agreements (SSLAs) and policies, autonomously deploying and interconnecting security sub-slices across domains. Security requirements are continuously monitored and, upon DDoS detection, our framework reacts with a coordinated E2E strategy. The strategy mitigates DDoS at the MEC and deploys countermeasures in neighboring domains. Performance assessment reveals effective DDoS detection and mitigation with low latency, aligned with the mission-critical nature of certain V2X services. This work is part of ETSI ZSM PoC “security SLA assurance in 5G network slices”.","PeriodicalId":34270,"journal":{"name":"IEEE Open Journal of Vehicular Technology","volume":"5 ","pages":"485-495"},"PeriodicalIF":5.3000,"publicationDate":"2024-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10465254","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of Vehicular Technology","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10465254/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0
Abstract
Research on vehicle-to-everything (V2X) is attracting significant attention nowadays, driven by the recent advances in beyond-5G (B5G) networks and the multi-access edge computing (MEC) paradigm. However, the inherent heterogeneity of B5G combined with the security vulnerabilities of MEC infrastructure in dynamic V2X scenarios introduces unprecedented challenges. Efficient resource and security management in multi-domain V2X environments is vital, especially with the growing threat of distributed denial-of-service (DDoS) attacks against critical V2X services within MEC. Our approach employs the zero-touch network and service management (ZSM) standard, integrating autonomous security into end-to-end (E2E) slicing management. We consider an entire 5G network, including vehicular user equipment, radio access networks, MEC, and core components, in the presence of DDoS targeting V2X services. Our framework complies with security service-level agreements (SSLAs) and policies, autonomously deploying and interconnecting security sub-slices across domains. Security requirements are continuously monitored and, upon DDoS detection, our framework reacts with a coordinated E2E strategy. The strategy mitigates DDoS at the MEC and deploys countermeasures in neighboring domains. Performance assessment reveals effective DDoS detection and mitigation with low latency, aligned with the mission-critical nature of certain V2X services. This work is part of ETSI ZSM PoC “security SLA assurance in 5G network slices”.