|
| Layer | Targets | Security and privacy solutions |
|
| Terminal layer | Prevent and defend against DDOS attacks | (i) Attack detection and self-protection mechanisms
(ii) proactive preventive measures |
| Prevent various damage caused by exploited terminals | (i) Access authentication [52, 53] on the operation and maintenance side
(ii) encryption protection on the signaling/data plane |
|
| Network layer | Base station air interface security | (i) Defense eavesdropping and tampering of user data
(ii) defense DDOS attack from air interface
(iii) pseudo base station detection [54] |
| MEC security | (i) Physical environment security control
(ii) enterprise and operator network isolation |
| 5GC security | (i) Manage operation and maintenance plane security
(ii) network north-south border security
(iii) east-west security within the network
(iv) cloud-based security of the core network |
| Bearer network security | (i) Network redundant design
(ii) account authority management and access authentication
(iii) increase security measures on control protocols
(iv) user plane security encryption |
| 5G slice security [55] | (i) Isolation between slices
(ii) secure access and use of slices
(iii) privacy protection |
|
| Platform layer | The security of communications interfaces. | (i) Routine maintenance of various account passwords
(ii) encryption of communication interfaces |
| The security of platform data. | (i) Data availability, integrity, and privacy |
|
| Service layer | Software security of the application | (i) Vulnerability scanning of the software
(ii) software operation logging
(iii) highly available disaster recovery of software systems |
| O&M security of the application | (i) Security constraints and controls for application system
(ii) physical security control (personal access control) of O&M operations office/machine room, etc. |
|
