Transparent AAA Security Design for Low-Latency MEC-Integrated Cellular Networks

Multi-access edge computing (MEC) is a key enabler for low-latency services in the cellular network. It enables service requests to be served at the edge without reaching the Internet. However, this service model allows data traffic to bypass conventional security functions deployed at the core netw...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on vehicular technology 2020-03, Vol.69 (3), p.3231-3243
Main Authors: Li, Chi-Yu, Lin, Ying-Dar, Lai, Yuan-Cheng, Chien, Hsu-Tung, Huang, Yu-Sheng, Huang, Po-Hao, Liu, Hsueh-Yang
Format: Article
Language:English
Subjects:
4G LTE network
Access control
Authentication
Cellular communication
cellular network
Cellular networks
Edge computing
Identification methods
Impact analysis
Internet
Long Term Evolution
MEC security
Mobile communication systems
Mobile computing
network security
Security
Security management
Servers
Traffic models
Wireless communications
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Multi-access edge computing (MEC) is a key enabler for low-latency services in the cellular network. It enables service requests to be served at the edge without reaching the Internet. However, this service model allows data traffic to bypass conventional security functions deployed at the core network, and may pose security threats. To examine its security impact, we analyze current security functions that span authentication, authorization, accounting (AAA), and access control, and then identify two major issues. First, conventional user authentication methods prevent MEC applications from achieving low-latency service offering. Second, current cellular authorization, accounting, and access control mechanisms hardly secure MEC traffic. We thus propose a transparent security design called MECsec to secure the MEC with low latency in the cellular network. It contains three main components: cellular-based OpenID Connect (OIDC) authentication, bitmap-based authorization/accounting, and two-tier hash-based access control. Especially, its transparent design does not need any changes on current cellular operations, and is standard-compliant. We implement and evaluate the MECsec prototype on an MEC-integrated LTE network architecture developed based on the OpenAirInterface (OAI) cellular platform. Our results show that the cellular-based OIDC can reduce delays of current authentication methods by up to 88.3%, and the other components can successfully defend against possible threats with negligible overhead.
ISSN:0018-9545
1939-9359
DOI:10.1109/TVT.2020.2964596