具有混合信任链路的 5G RAN 中基于物理层加密的安全切片技术

IF 4 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Journal of Optical Communications and Networking Pub Date : 2024-07-10 DOI:10.1364/JOCN.522340
Boxin Zhang;Yajie Li;Federico Tonini;Lena Wosinska;Paolo Monti;Jie Zhang
{"title":"具有混合信任链路的 5G RAN 中基于物理层加密的安全切片技术","authors":"Boxin Zhang;Yajie Li;Federico Tonini;Lena Wosinska;Paolo Monti;Jie Zhang","doi":"10.1364/JOCN.522340","DOIUrl":null,"url":null,"abstract":"In a 5G radio access network (RAN), network slicing enables dividing a single RAN infrastructure into multiple logical networks, efficiently accommodating services with diverse requirements. Although RAN slicing can help improve resource efficiency and reduce network costs, it is accompanied by various security risks. One of the security threats in RAN slicing is potential eavesdropping, resulting in the leakage of sensitive data within slices. Encryption technologies have been developed to address the eavesdropping problem at different layers in optical networks. We focus on physical layer encryption since it has been demonstrated beneficial in line-speed processing, low latency, and small encryption overhead. The problem of utilizing physical layer encryption technologies to achieve secure RAN slices remains unexplored since physical layer encryption introduces additional hardware costs. In this paper, we study how to realize secure RAN slicing based on physical layer encryption in a metro aggregation network that consists of hybrid-trusted links (i.e., links with different risks for eavesdropping). We propose an integer linear programming (ILP) model and an auxiliary graph-based heuristic for small-scale and large-scale networks, respectively. The objective is to maximize the number of deployed slices and minimize the total cost of secure slice deployment, which includes the costs of servers, line cards (LCs), encryption cards (ECs), and bandwidth resources. To evaluate the benefit of encryption, we compare it with a detour solution, which protects slices by routing through trusted links (i.e., where no additional hardware for encryption is deployed). Simulation results show that the encryption-based solution exhibits a lower cost than the benchmark when the same number of slices are deployed, and it can reduce the blocking ratio by up to 8.5% as slice requests increase. In addition, the average latency of slices is also reduced by up to 14.6%.","PeriodicalId":50103,"journal":{"name":"Journal of Optical Communications and Networking","volume":"16 8","pages":"800-813"},"PeriodicalIF":4.0000,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Physical layer encryption-based secure slicing in 5G RAN with hybrid-trusted links\",\"authors\":\"Boxin Zhang;Yajie Li;Federico Tonini;Lena Wosinska;Paolo Monti;Jie Zhang\",\"doi\":\"10.1364/JOCN.522340\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a 5G radio access network (RAN), network slicing enables dividing a single RAN infrastructure into multiple logical networks, efficiently accommodating services with diverse requirements. Although RAN slicing can help improve resource efficiency and reduce network costs, it is accompanied by various security risks. One of the security threats in RAN slicing is potential eavesdropping, resulting in the leakage of sensitive data within slices. Encryption technologies have been developed to address the eavesdropping problem at different layers in optical networks. We focus on physical layer encryption since it has been demonstrated beneficial in line-speed processing, low latency, and small encryption overhead. The problem of utilizing physical layer encryption technologies to achieve secure RAN slices remains unexplored since physical layer encryption introduces additional hardware costs. In this paper, we study how to realize secure RAN slicing based on physical layer encryption in a metro aggregation network that consists of hybrid-trusted links (i.e., links with different risks for eavesdropping). We propose an integer linear programming (ILP) model and an auxiliary graph-based heuristic for small-scale and large-scale networks, respectively. The objective is to maximize the number of deployed slices and minimize the total cost of secure slice deployment, which includes the costs of servers, line cards (LCs), encryption cards (ECs), and bandwidth resources. To evaluate the benefit of encryption, we compare it with a detour solution, which protects slices by routing through trusted links (i.e., where no additional hardware for encryption is deployed). Simulation results show that the encryption-based solution exhibits a lower cost than the benchmark when the same number of slices are deployed, and it can reduce the blocking ratio by up to 8.5% as slice requests increase. In addition, the average latency of slices is also reduced by up to 14.6%.\",\"PeriodicalId\":50103,\"journal\":{\"name\":\"Journal of Optical Communications and Networking\",\"volume\":\"16 8\",\"pages\":\"800-813\"},\"PeriodicalIF\":4.0000,\"publicationDate\":\"2024-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Optical Communications and Networking\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10592765/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Optical Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10592765/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

在 5G 无线接入网(RAN)中,网络切片可将单个 RAN 基础设施划分为多个逻辑网络,从而有效地满足不同需求的服务。虽然 RAN 分片有助于提高资源效率和降低网络成本,但也伴随着各种安全风险。RAN 切片的安全威胁之一是潜在的窃听,导致敏感数据在切片内泄露。为解决光网络不同层的窃听问题,人们开发了加密技术。我们将重点放在物理层加密上,因为它已被证明有利于线速处理、低延迟和小加密开销。由于物理层加密会带来额外的硬件成本,因此利用物理层加密技术实现安全 RAN 切片的问题仍有待探索。本文研究了如何在由混合信任链路(即具有不同窃听风险的链路)组成的城域汇聚网络中实现基于物理层加密的安全 RAN 切片。我们分别针对小规模和大规模网络提出了整数线性规划(ILP)模型和基于图的辅助启发式。我们的目标是最大化部署切片的数量,最小化安全切片部署的总成本,其中包括服务器、线路卡(LC)、加密卡(EC)和带宽资源的成本。为了评估加密技术的优势,我们将其与迂回解决方案进行了比较,后者通过可信链路路由(即不部署额外的加密硬件)来保护切片。仿真结果表明,在部署相同数量切片的情况下,基于加密的解决方案的成本低于基准方案,而且随着切片请求的增加,它还能将阻塞率降低 8.5%。此外,切片的平均延迟也减少了 14.6%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Physical layer encryption-based secure slicing in 5G RAN with hybrid-trusted links
In a 5G radio access network (RAN), network slicing enables dividing a single RAN infrastructure into multiple logical networks, efficiently accommodating services with diverse requirements. Although RAN slicing can help improve resource efficiency and reduce network costs, it is accompanied by various security risks. One of the security threats in RAN slicing is potential eavesdropping, resulting in the leakage of sensitive data within slices. Encryption technologies have been developed to address the eavesdropping problem at different layers in optical networks. We focus on physical layer encryption since it has been demonstrated beneficial in line-speed processing, low latency, and small encryption overhead. The problem of utilizing physical layer encryption technologies to achieve secure RAN slices remains unexplored since physical layer encryption introduces additional hardware costs. In this paper, we study how to realize secure RAN slicing based on physical layer encryption in a metro aggregation network that consists of hybrid-trusted links (i.e., links with different risks for eavesdropping). We propose an integer linear programming (ILP) model and an auxiliary graph-based heuristic for small-scale and large-scale networks, respectively. The objective is to maximize the number of deployed slices and minimize the total cost of secure slice deployment, which includes the costs of servers, line cards (LCs), encryption cards (ECs), and bandwidth resources. To evaluate the benefit of encryption, we compare it with a detour solution, which protects slices by routing through trusted links (i.e., where no additional hardware for encryption is deployed). Simulation results show that the encryption-based solution exhibits a lower cost than the benchmark when the same number of slices are deployed, and it can reduce the blocking ratio by up to 8.5% as slice requests increase. In addition, the average latency of slices is also reduced by up to 14.6%.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
9.40
自引率
16.00%
发文量
104
审稿时长
4 months
期刊介绍: The scope of the Journal includes advances in the state-of-the-art of optical networking science, technology, and engineering. Both theoretical contributions (including new techniques, concepts, analyses, and economic studies) and practical contributions (including optical networking experiments, prototypes, and new applications) are encouraged. Subareas of interest include the architecture and design of optical networks, optical network survivability and security, software-defined optical networking, elastic optical networks, data and control plane advances, network management related innovation, and optical access networks. Enabling technologies and their applications are suitable topics only if the results are shown to directly impact optical networking beyond simple point-to-point networks.
期刊最新文献
Introduction to the Benchmarking in Optical Networks Special Issue Protocol-aware approach for mitigating radiation-induced errors in free-space optical downlinks Security enhancement for NOMA-PON with 2D cellular automata and Turing pattern cascading scramble aided fixed-point extended logistic chaotic encryption In-network stable radix sorter using many FPGAs with high-bandwidth photonics [Invited] Power-consumption analysis for different IPoWDM network architectures with ZR/ZR+ and long-haul muxponders
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1