1 Introduction

The 5th Generation of Mobile and Wireless Communications (also called as 5G) represents a complete revolution of mobile networks for accommodating the over-growing demands of users, services and applications [1]. Among other features, modern 5G networks represent a “shift” in networking paradigms, purely implicating to a transition from today’s “network of entities” to a sort of “network of functions”. Indeed, this “network of (virtual) functions” resulting in some cases in the decomposition of current monolithic network entities can be a pillar for constituting the unit of networking for next generation systems [2].

The 5G ESSENCE [3] is a Leading Edge Project focused on the innovation of Edge Cloud computing and Small Cell as-a-Service (SCaaS) paradigms by exploiting the drivers and removing the backstops in the Small Cell (SC) market, expected to grow at a significant pace up to 2020 and beyond and to play an essential role in the 5G ecosystem. The progressive 5G ESSENCE context focuses upon structuring an efficient ecosystem, capable of creating new business models and revenue streams by generating a “neutral” host market and also by reducing both CAPEX and OPEX.

The 5G ESSENCE provides a highly flexible and scalable platform, capable of supporting new business models and revenue streams, by providing new opportunities for ownership, deployment, operation and amortisation. The project enhances the processing capabilities for data that have immediate value beyond locality; it also addresses the processing-intensive small cell management functions, such as Radio Resource Management (RRM)/Self Organising Network (SON) and, it culminates with real-life demonstrations. For all the above, the project suggests clear breakthroughs in the research fields of wireless access, network virtualisation and end-to-end (E2E) service delivery. The 5G ESSENCE project targets providing a concrete solution for modern business use cases directly relevant to vertical markets, as well as about introducing innovation in the fields of network softwarisation, virtualisation and cognitive network management, so that to jointly operate different radio nodes and radio access technologies, abstracting the available radio resources in an edge Data Center (DC). Within this Edge Cloud or Edge Data Center concept the corresponding, by the proposed architecture, centralised Software-Defined Radio Access Network Controller (cSD-RAN Controller) is in charge of managing the RAN infrastructure, the required resource abstraction framework and the virtualisation capabilities for introducing network slicing into existing legacy RAN deployments. This turns into providing a multi-connectivity framework to the end-user, seamlessly using the optimal RAT (Radio Access Technology) combination for fulfilling the Quality of Service (QoS) requirements of the service, operator- or terminal-type. Moreover, this entity also enables the support of Control Plane and User Plane Separation in legacy networks, by means of defining a centralised RRM that unifies the Control Plane functions for different RATs. The cSD-RAN Controller also implements a critical concept of the 5G ESSENCE solution architecture, laying the foundation of a cost-efficient and easy-to-deploy 5G system architecture, being as well completely aligned with the ongoing standardisation work developed in 3GPP, in ITU-R and in other standards bodies.

2 Basic Architectural Approach and Use Cases

The proposed and already developed 5G ESSENCE architecture [4] allows multiple network operators (i.e., tenants) to provide services to their users through a set of Cloud-Enabled Small Cells (CESCs) potentially deployed, owned and managed by a “third party” (i.e., the CESC provider) [5]. These are devices that include both the processing power platform and the SC unit. CESCs can be deployed at low and medium scale venues and support multiple network operators (multitenancy) and further, network services and applications at the edge of the network. In this way, operators can significantly extend the capacity of their own 5G RAN in areas where the deployment of their own infrastructure could be expensive and/or inefficient, as it would be the case of, for example, highly dense areas where massive numbers of SCs would be needed to provide expected services [6]. More specifically, the 5G ESSENCE platform is equipped with a two-tier virtualised execution environment, materialised in the form of the Edge DC that allows also the provision of Multi-access Edge Computing (MEC) capabilities to the mobile operators for enhancing the user experience and the agility in the service delivery. One among the 5G ESSENCE major innovations is the efficient deployment of RAN and cloud infrastructure slices over a common physical infrastructure, so that to fulfil the requirements defined by the vertical use cases and the mobile broadband services, both assessed in parallel. In this scope, the 5G ESSENCE architectural approach also provides further innovative features about extending experiences upon (1) advanced and efficient virtualisation platforms, (2) dynamic telemetry and analytics based resource monitoring [7], and (3) development of the orchestration of distributed E2E services [8, 9]. In particular, 5G ESSENCE’s common orchestration of radio, network and cloud resources is expected to contribute significantly to the fulfilment of the requirements defined by the entirety of the respective use cases. The 5G ESSENCE platform brings new mechanisms to share both radio and edge computing capabilities in localised/temporary network deployments between telco operators and market users. The challenge consists of allocating radio, network and cloud resources to the critical actors efficiently and by guaranteeing a certain QoS level. By definition, the project has prioritised high-quality services and demonstrates RAN/Edge DC features in three distinct Use Cases (UCs) listed as follows:

2.1 UC1: 5G Edge Network Acceleration for a Stadium

This scenario provides the logic for distributing the live video feeds received from the local production room to local spectators in a highly efficient manner. The municipal football stadium “Stavros Mavrothalasitis” (in the Municipality of Egaleo in the city of Athens, Greece) is covered with a cluster of multitenant evolved Multimedia Broadcast Multicast Services- (eMBMS) enabled CESCs and, together with the CESC Manager (CESCM) and the Main DC, they can be connected to the core network(s) of one or more telecom operators. The video content from cameras is sent for processing locally at the Edge DC. Then, the video streams are broadcasted locally by using the CESCs and so the involved spectators are able to dynamically select between different offered streams. The data traffic will not impact the backhaul connection since it is produced, processed and consumed locally.

2.2 UC2: Mission-Critical (MC) Communications for Public Safety (PS)

Use Case 2 focuses on two different public safety services, that is: (1) Mission Critical Push-To-Talk (MCPTT), and; (2) mission-critical messaging and localisation service. The MCPTT and Chat & Localisation services allow the secure communication such as, voice calls, chats and localisation tacking between pairs and/or groups of first responders. It should be specified that for different emergency situations each service is deployed in an isolated network slice and the necessary available resources will be allocated to ensure the functionality, connectivity and even the needed QoS. UC2 involves one or more PS communications providers that can use the resources offered by a deployed 5G ESSENCE platform for the delivery of communication services to PS organisations in a certain region or country. The 5G ESSENCE platform can be owned by a mobile (potentially virtual) network operator, or even by a venue owner, such as in UC1. In the MC use case, the infrastructure owner exploits the corresponding system capabilities by providing the required network/cloud slicing capabilities with dedicated Service Level Agreements (SLAs) to different types of tenants, however by prioritising the PS communications providers.

2.3 UC3: Next Generation integrated In-Flight Entertainment and Connectivity (IFEC)

In UC3, the expected goal is to validate the multitenancy-enabled network solution for passenger connectivity and wireless broadband experience on-board. UC3 leverages integrated access points, being deployed on-board for hosting airborne applications (such as video player and files that can be made available for in-flight streaming) and caches (a version of the in-flight portal gateway with which passengers can connect to). In particular, UC3 enables multitenancy in the aircraft network hosting multiple operators and service providers by embracing the concept of “neutral host”, thus supporting market competitiveness between “actors” aiming to offer advanced services on-board to a wide range of end-users’ terminals of different types and capabilities. The multi-RAT CESCs can be implemented as a set of integrated SCs and Wi-Fi access points, deployed on-board. Afterwards, since IFEC has to consider the explosive growth of multi-screen content consumption, the related 5G ESSENCE CESCs will stream on demand multi-screen video content from on-board 5G Edge DC servers to the wireless devices thus demonstrating, inter-alia, multi-cast, transcoding and caching solutions.

All proposed 5G ESSENCE UCs are strongly relevant to current market needs and implicate for high dynamism and opportunities for growth and development in the related vertical industries. However, their intended deployment as well as their potential impact may be drastically affected by several security concerns. As security is also a critical factor for the ongoing and future 5G advances, the core of the actual work assesses related security threats, identified for each one of the selected UCs.

3 Security Threat Assessment

Security threat assessment is a necessary enabler towards building an effective security architecture in modern 5G networks. There are various documents from different standardisation bodies addressing the issues of threat and risk assessment and for mitigation in computer or telecommunication networks. Within the 5G ESSENCE framework, the methodology adopted for conducting the threat assessment is in line with the methodology introduced in the ISO/IEC 27005 standard [10]. The proposed risk assessment process has three main parts, namely risk identification, risk analysis and risk evaluation. This means that one has first to identify valuable assets, then consider the threats that could compromise those assets and finally perform a risk assessment in order to effectively estimate the damage that the realisation of any threat could pose to these assets. In any case, threats do play a key role in defining the risk assessment, especially when considering the components of risks. More specifically, ISO/IEC 27005 defines that risks emerge when “threats abuse vulnerabilities of assets to generate harm for the involved legal entity”.

The asset identification process does follow the high level asset categories defined in ENISA Threat Landscape for SDN/5G [11], extended with assets that are specific to the 5G ESSENCE architecture (e.g., the case of the CESCM). On the other hand, the threat identification and categorisation process is based on available threat catalogues such as the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) threat classification model [12] or the threat taxonomy provided by ENISA (as in [11]) or by ITU-T in Recommendation X.805 [13]. Our approach can finally “output” the level of risk as determined by the combination of threat likelihood and impact in the form of a relevant Risk Matrix. However, computing the risk likelihood and impact for 5G assets is quite challenging. Three main approaches can be used for this purpose: (1) qualitative analysis; (2) semi-quantitative analysis where values are assigned to the scales used in the qualitative assessment, based on existing literature and estimations performed for 4G systems as well as by evaluations provided by experts present in the various 5G-PPP projects [14], and; (3) quantitative analysis where numerical values are assigned to both impact and likelihood. As a result of the above, each approach is examined by the 5G ESSENCE and a clear risk assessment methodology can be proposed. It is under consideration for future work to support the detection of relevant risks, by using analytical and Machine Learning (ML) approaches. ML approaches are being adopted to improve detection and remediation of complex cyber-attacks. These methods typically require that an algorithm is trained by using normal traffic data to provide a baseline of normal system operation. Anomalies can then be detected, based on traffic patterns that are unusual or atypical for this system. Apache Spot [15] is an example of an open and scalable ML-based cybersecurity framework that may be used in the context of the 5G ESSENCE. Spot’s goal is to “expedite threat detection, investigation and remediation via ML and consolidate all enterprise security data into a comprehensive IT telemetry hub based on open data models”.

The overall analysis can also be supported by the 5G-SAT tool [16]. This is an open-source software hosted on GitHub under the MIT license, and can be used to facilitate the security analysis of 5G systems. It is based on the Electron [17] JavaScript framework and Cytoscape.js [18] library for front-end visualisation of the models. The components of the 5G ESSENCE system can be represented as graph nodes while their relationships can be represented as edges. At its core, the 5G-SAT tool uses an asset-centric modelling language, meaning that the concept of Threat can only target the concept of Asset. If a component of the system is not an Asset, it cannot be targeted by a Threat. Besides the visualisation of models, the application also offers additional functionalities (such as search capabilities, pattern identification, model validation and threat verification).

3.1 Security Analysis for Use Case 1

Within pilot UC1, the 5G ESSENCE project focuses on the demonstration of a combined 5G-based video production and video distribution scenario towards delivering benefits to both media producers and (mobile) operators involved. The production/distribution of locally generated content through the 5G ESSENCE platform, coupled with value-added services and rich user context, does enable secure, high-quality and resilient transmission, in real-time and with minimal latency.

Figure 1a illustrates the hardware architecture of the related stadium’s 5G deployment. The 5G ESSENCE project uses its architecture to provide two different classifications of streams. The first stream is provided to spectators and/or to world viewers (i.e., people that watch the event from their homes or other social gatherings). The second stream is dynamically generated for each spectator in the stadium. Each stream uses a different Light DC as a host. The first stream (world feed) is hosted on the Local Production Light DC, while the second stream is hosted on the Spectator Control Light DC. The Main DC is responsible for the data processing of the data generated from the Light DCs. Moreover, the Main DC provides additional functions. It acts as an interface between the spectator and the dynamic camera selection. The content provider manages the properties of the system using the interface of the CESM. The participating stadium spectators become able to dynamically select, among different offered broadcast streams. Among the supported services are: (1) Multicast Video Delivery in multi/single view; (2) User Equipment (UE) View Switching during the video delivery; (3) Video Delivery with handover, and; (4) Unicast vs. Multicast Video Delivery. Then, Table 1 provides a detailed list of already identified security requirements relevant to the above UC1. We define the security requirements of the system based on the security considerations of the system’s stakeholders. For the context of the present analysis, the identified security requirements apply to the localised Light DC that is operated by the platform owner as well as external components of the system. In order to proactively assess the implicated threats, we propose suitable counter-measures or potential responding actions for each requirement, aiming to assure the proper fulfilling of a certain correlated objective (such as integrity, authentication, authorisation, availability and confidentiality). The proposed desctiption affects and improves the defined architectural approach so that to serve the intended transition towards a practical and feasible 5G implementation. The security requirements are listed in Table 1.

Fig. 1
figure 1

Hardware architecture of: a stadium UC; b PS scenario, and; c in-flight scenario

Full size image
Table 1 Stadium scenario security requirements
Full size table

3.2 Security Analysis for Use Case 2

Within UC2, the 5G ESSENCE framework involves one or more PS communications providers that will use the resources offered by a deployed 5G ESSENCE platform. Use Case 2 focuses upon two different public safety services, that is: (1) Mission Critical Push-To-Talk (MCPTT), and; (2) mission-critical messaging and localisation service. The MCPTT and Chat & Localisation services allow the secure communication (in the form of voice calls, chats and localisation tacking) between pairs and/or groups of first responders. For diverse emergency situations there is prediction for service deployment in an isolated network slice, in parallel with the proper allocation of all available resources so that to guarantee functionality, connectivity and the prescribed QoS. In case of emergency, the Cloud Edge Small Cell (CESC) of the 5G ESSENCE platform will “add” new resources taking into consideration the request, close-to-zero delay and maintaining the connection even if the backhaul is damaged. Moreover, in the respective trials the 5G ESSENCE SD-RAN controller has the essential role of enforcing the priority access of first-responders by extending the slices to the radio part, thus creating the end-to-end slices that isolate those responders from other’s parties’ communications. To realise these aims, Fig. 1b) shows the high-level architecture of public safety’s 5G deployment. The MC application for PS scenario has a number of stakeholders with their own responsibilities and goals. The different stages of the MC application for public safety require security requirements that are adaptive. The security requirements must take into account the fact that certain during some of the system’s stages new hardware and software components will be introduced in a forceful manner. When new components are introduced, security mechanisms must be performed in order to ensure the continuous secure posture of the system. The security analysis revealed the requirements, as listed in Table 2, below.

Table 2 Mission critical scenario security requirements
Full size table

3.3 Security Analysis for Use Case 3

Use Case 3 revolves around the next generation of IFEC system on-board aircrafts, setting up the ambitious goal to include the sector of civil aviation in the 5G ecosystem by means of the 5G ESSENCE system architecture. The 5G ESSENCE IFEC demo tests and validates the multi-tenancy enabled network solution for passenger connectivity and wireless broadband experience. The multi-RAT CESCs can be implemented as a set of integrated access points, deployed on-board. Afterwards, the 5G ESSENCE CESCs will stream on demand multi-screen video content (both from on-board 5G Edge DC servers and via satellite/air-to-ground links) to the wireless devices. In this case, the 5G ESSENCE CESCs will rely on broadcast links in order to optimise the bandwidth usage. In fact, Fig. 1c depicts the high-level architecture of the airplane’s 5G infrastructure deployment. The Main DC is responsible for providing remote connectivity to the system. As mentioned above, the remote connectivity is achieved from a combination of air-to-ground communications and satellite networking. The Main DC is used as the system’s storage for on demand content. The Light DC acts as an interface for content consumption by the passengers and as a gateway to Wi-Fi or 5G network connectivity. The Content Providers can use the interface of the CESCM to manage their content and other aspects of their applications. System’s security requirements become upon related concerns coming by the system stakeholders. Traditional airplanes did not allow network connectivity for the duration of the flight. The main security concern, in this case, is to provide network connectivity to passengers without compromising the integrity of the airplane’s internal controls. Another security issue is the exposure of connected devices to external malicious networks. An example of such an attack is the deployment of in-flight honey-pots by malicious passengers. The honey-pots can route traffic to legitimate networks while stealing data from other users. Similar attacks will aim to escape the sandboxed environment provided by the CESC. For this case, the essential security requirements are listed in Table 3.

Table 3 In-flight scenario security requirements
Full size table

4 Overview of Results and Discussion

Based on the scope of the original 5G ESSENCE effort we have analysed, on a per separate use case basis, related requirements imposed by security concerns, so that to proceed to further development of the corresponding platform for the intended offering of services. For each use case, we have proposed suitable measures to overpass possible constraints and for supporting reliable implementation. However, security in 5G is a multi-faceted issue. As services can be created and torn down in a matter of minutes, there lies the challenge of monitoring risks across the deployed 5G infrastructure as well as securing the tenant workloads. Three tiers of protection are herein considered: (1) The deployment of cybersecurity functionalities on the network level, as Virtual Network Functions (VNF) based services; (2) the deployment of advanced ML learning algorithms, and; (3) the hardening and attestation of existing infrastructure.

Cybersecurity functionalities can be deployed as-a-Service to monitor the traffic for signs of malicious attacks. This approach allows the administrator to perform runtime changes to cybersecurity VNFs (i.e., to apply rules to a Firewall or to an Intrusion Detection System (IDS)). The EM (Elemental Management) component of the ETSI NFV reference architecture can be used to provide runtime configuration of running VNF-based services [19]. Traditional IDSs can then be deployed in order to perform signature-based detection, based on well-known malicious traffic patterns that signify potential attacks. The main drawback of this method is that attack patterns need to be known in advance, and signatures must be preconfigured. Hence, typical systems fail to detect a zero-day attack or an attack with unknown signature. Moreover, it is essential to realise a careful selection of cybersecurity functionalities and in some cases the VNF needs to be placed on the path of traffic (i.e., a firewall). In this case, practical work [20] has shown that the VNF needs to ensure high performance and high availability, otherwise it will negatively affect E2E latency.

Furthermore, as ML becomes a mainstream technology that is present in many consumer products, the cybersecurity industry has been quick to adopt it, to improve on the existing defense capabilities. The 5G ESSENCE project considers the case of Apache Spot [15], a machine learning-based platform for anomaly detection that utilises Latent Dirichlet Allocation [21] to detect a typical traffic pattern. Latent Dirichlet Allocation differs from other common ML classifiers in that it is a Natural Language Processing (NLP) algorithm. The NLP is easy to apply on the variety of different network traffic logs and improves the overall threat intelligence capabilities by including more sources of structured, human-readable, textual data. The ML system can then be trained on typical traffic and identify zero-day or other cyberattacks as anomalous patterns of traffic are observed, without prior knowledge of the attack signature. Other systems offer similar capabilities, such as Sqrrl [22] and Apache Metron [23]. Apache Spot sets itself apart not only by its machine learning capabilities, but also from its Open Data Model (ODM). ODM brings together all security-related data (event, user, network, endpoint, etc.) into a singular view that can be used to detect threats more effectively than before in the past. This consolidated view can be leveraged to create new analytic models that were not previously possible and to provide needed context at the event level to effectively determine whether -or not- there is a threat. Furthermore, it also provides the ability to share and reuse threat detection models, analytics and more. This improves interoperability among anomaly detection platforms and fosters the creation of an open data community. Based on the above, we shall expect effective design of the related services and their operational inclusion in the respective platform, for the promotion of 5G innovative features within the 5G ESSENCE platform.