{"title":"具有混合信任链路的 5G RAN 中基于物理层加密的安全切片技术","authors":"Boxin Zhang;Yajie Li;Federico Tonini;Lena Wosinska;Paolo Monti;Jie Zhang","doi":"10.1364/JOCN.522340","DOIUrl":null,"url":null,"abstract":"In a 5G radio access network (RAN), network slicing enables dividing a single RAN infrastructure into multiple logical networks, efficiently accommodating services with diverse requirements. Although RAN slicing can help improve resource efficiency and reduce network costs, it is accompanied by various security risks. One of the security threats in RAN slicing is potential eavesdropping, resulting in the leakage of sensitive data within slices. Encryption technologies have been developed to address the eavesdropping problem at different layers in optical networks. We focus on physical layer encryption since it has been demonstrated beneficial in line-speed processing, low latency, and small encryption overhead. The problem of utilizing physical layer encryption technologies to achieve secure RAN slices remains unexplored since physical layer encryption introduces additional hardware costs. In this paper, we study how to realize secure RAN slicing based on physical layer encryption in a metro aggregation network that consists of hybrid-trusted links (i.e., links with different risks for eavesdropping). We propose an integer linear programming (ILP) model and an auxiliary graph-based heuristic for small-scale and large-scale networks, respectively. The objective is to maximize the number of deployed slices and minimize the total cost of secure slice deployment, which includes the costs of servers, line cards (LCs), encryption cards (ECs), and bandwidth resources. To evaluate the benefit of encryption, we compare it with a detour solution, which protects slices by routing through trusted links (i.e., where no additional hardware for encryption is deployed). Simulation results show that the encryption-based solution exhibits a lower cost than the benchmark when the same number of slices are deployed, and it can reduce the blocking ratio by up to 8.5% as slice requests increase. In addition, the average latency of slices is also reduced by up to 14.6%.","PeriodicalId":50103,"journal":{"name":"Journal of Optical Communications and Networking","volume":"16 8","pages":"800-813"},"PeriodicalIF":4.0000,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Physical layer encryption-based secure slicing in 5G RAN with hybrid-trusted links\",\"authors\":\"Boxin Zhang;Yajie Li;Federico Tonini;Lena Wosinska;Paolo Monti;Jie Zhang\",\"doi\":\"10.1364/JOCN.522340\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a 5G radio access network (RAN), network slicing enables dividing a single RAN infrastructure into multiple logical networks, efficiently accommodating services with diverse requirements. Although RAN slicing can help improve resource efficiency and reduce network costs, it is accompanied by various security risks. One of the security threats in RAN slicing is potential eavesdropping, resulting in the leakage of sensitive data within slices. Encryption technologies have been developed to address the eavesdropping problem at different layers in optical networks. We focus on physical layer encryption since it has been demonstrated beneficial in line-speed processing, low latency, and small encryption overhead. The problem of utilizing physical layer encryption technologies to achieve secure RAN slices remains unexplored since physical layer encryption introduces additional hardware costs. In this paper, we study how to realize secure RAN slicing based on physical layer encryption in a metro aggregation network that consists of hybrid-trusted links (i.e., links with different risks for eavesdropping). We propose an integer linear programming (ILP) model and an auxiliary graph-based heuristic for small-scale and large-scale networks, respectively. The objective is to maximize the number of deployed slices and minimize the total cost of secure slice deployment, which includes the costs of servers, line cards (LCs), encryption cards (ECs), and bandwidth resources. To evaluate the benefit of encryption, we compare it with a detour solution, which protects slices by routing through trusted links (i.e., where no additional hardware for encryption is deployed). Simulation results show that the encryption-based solution exhibits a lower cost than the benchmark when the same number of slices are deployed, and it can reduce the blocking ratio by up to 8.5% as slice requests increase. In addition, the average latency of slices is also reduced by up to 14.6%.\",\"PeriodicalId\":50103,\"journal\":{\"name\":\"Journal of Optical Communications and Networking\",\"volume\":\"16 8\",\"pages\":\"800-813\"},\"PeriodicalIF\":4.0000,\"publicationDate\":\"2024-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Optical Communications and Networking\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10592765/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Optical Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10592765/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
摘要
在 5G 无线接入网(RAN)中,网络切片可将单个 RAN 基础设施划分为多个逻辑网络,从而有效地满足不同需求的服务。虽然 RAN 分片有助于提高资源效率和降低网络成本,但也伴随着各种安全风险。RAN 切片的安全威胁之一是潜在的窃听,导致敏感数据在切片内泄露。为解决光网络不同层的窃听问题,人们开发了加密技术。我们将重点放在物理层加密上,因为它已被证明有利于线速处理、低延迟和小加密开销。由于物理层加密会带来额外的硬件成本,因此利用物理层加密技术实现安全 RAN 切片的问题仍有待探索。本文研究了如何在由混合信任链路(即具有不同窃听风险的链路)组成的城域汇聚网络中实现基于物理层加密的安全 RAN 切片。我们分别针对小规模和大规模网络提出了整数线性规划(ILP)模型和基于图的辅助启发式。我们的目标是最大化部署切片的数量,最小化安全切片部署的总成本,其中包括服务器、线路卡(LC)、加密卡(EC)和带宽资源的成本。为了评估加密技术的优势,我们将其与迂回解决方案进行了比较,后者通过可信链路路由(即不部署额外的加密硬件)来保护切片。仿真结果表明,在部署相同数量切片的情况下,基于加密的解决方案的成本低于基准方案,而且随着切片请求的增加,它还能将阻塞率降低 8.5%。此外,切片的平均延迟也减少了 14.6%。
Physical layer encryption-based secure slicing in 5G RAN with hybrid-trusted links
In a 5G radio access network (RAN), network slicing enables dividing a single RAN infrastructure into multiple logical networks, efficiently accommodating services with diverse requirements. Although RAN slicing can help improve resource efficiency and reduce network costs, it is accompanied by various security risks. One of the security threats in RAN slicing is potential eavesdropping, resulting in the leakage of sensitive data within slices. Encryption technologies have been developed to address the eavesdropping problem at different layers in optical networks. We focus on physical layer encryption since it has been demonstrated beneficial in line-speed processing, low latency, and small encryption overhead. The problem of utilizing physical layer encryption technologies to achieve secure RAN slices remains unexplored since physical layer encryption introduces additional hardware costs. In this paper, we study how to realize secure RAN slicing based on physical layer encryption in a metro aggregation network that consists of hybrid-trusted links (i.e., links with different risks for eavesdropping). We propose an integer linear programming (ILP) model and an auxiliary graph-based heuristic for small-scale and large-scale networks, respectively. The objective is to maximize the number of deployed slices and minimize the total cost of secure slice deployment, which includes the costs of servers, line cards (LCs), encryption cards (ECs), and bandwidth resources. To evaluate the benefit of encryption, we compare it with a detour solution, which protects slices by routing through trusted links (i.e., where no additional hardware for encryption is deployed). Simulation results show that the encryption-based solution exhibits a lower cost than the benchmark when the same number of slices are deployed, and it can reduce the blocking ratio by up to 8.5% as slice requests increase. In addition, the average latency of slices is also reduced by up to 14.6%.
期刊介绍:
The scope of the Journal includes advances in the state-of-the-art of optical networking science, technology, and engineering. Both theoretical contributions (including new techniques, concepts, analyses, and economic studies) and practical contributions (including optical networking experiments, prototypes, and new applications) are encouraged. Subareas of interest include the architecture and design of optical networks, optical network survivability and security, software-defined optical networking, elastic optical networks, data and control plane advances, network management related innovation, and optical access networks. Enabling technologies and their applications are suitable topics only if the results are shown to directly impact optical networking beyond simple point-to-point networks.