|
Layer | Targets | Security and privacy solutions |
|
Terminal layer | Prevent and defend against DDOS attacks | (i) Attack detection and self-protection mechanisms (ii) proactive preventive measures |
Prevent various damage caused by exploited terminals | (i) Access authentication [52, 53] on the operation and maintenance side (ii) encryption protection on the signaling/data plane |
|
Network layer | Base station air interface security | (i) Defense eavesdropping and tampering of user data (ii) defense DDOS attack from air interface (iii) pseudo base station detection [54] |
MEC security | (i) Physical environment security control (ii) enterprise and operator network isolation |
5GC security | (i) Manage operation and maintenance plane security (ii) network north-south border security (iii) east-west security within the network (iv) cloud-based security of the core network |
Bearer network security | (i) Network redundant design (ii) account authority management and access authentication (iii) increase security measures on control protocols (iv) user plane security encryption |
5G slice security [55] | (i) Isolation between slices (ii) secure access and use of slices (iii) privacy protection |
|
Platform layer | The security of communications interfaces. | (i) Routine maintenance of various account passwords (ii) encryption of communication interfaces |
The security of platform data. | (i) Data availability, integrity, and privacy |
|
Service layer | Software security of the application | (i) Vulnerability scanning of the software (ii) software operation logging (iii) highly available disaster recovery of software systems |
O&M security of the application | (i) Security constraints and controls for application system (ii) physical security control (personal access control) of O&M operations office/machine room, etc. |
|