5G MEC安全评估体系与方法研究

doi:10.11959/j.issn.1000-0801.2023152

Abstract

Abstract:

Multi-access edge computing (MEC) is deployed at the edge of the network, enabling efficient and fast data processing in mobile networks, while also undertaking important security functions, making MEC a prime target for attackers.Therefore, MEC nodes will face huge security risks.How to accurately evaluate and quantify MEC security capabilities is an urgent issue to be solved.For accurately evaluating and quantifying MEC security capabilities, the MEC safety assessment system was proposed in combination with MEC safety risks.The assessment indicators selected in the assessment system comprehensively reflect the basic characteristics of MEC and its complete safety capability.Based on this evaluation system, the MEC security evaluation method was designed by using the analytic hierarchy process (AHP) and fuzzy evaluation, the MEC vulnerability scoring system was creatively proposed, and the evaluation indicators were provided based on the results of MEC vulnerability scoring system, the MEC security capability quantification value was finally calculated.The experimental result proves the effectiveness of the method.

Key words: 5G MEC, security assessment system, vulnerability scoring system, AHP, fuzzy evaluation

CLC Number:

TP309

Qiucheng LU, Jinhui TANG, Congying BAO, Hao WU, Yusun FU. Research on 5G MEC security assessment system and method[J]. Telecommunications Science, 2023, 39(8): 43-57.

Figures/Tables 12

对比项	$W_{i}$	CI	RI	CR
C₁(I₁, I₂)	$W_{1}$ =(0.64,0.36)	0	0	—
C₂(I₃)	$W_{2}$ =(1)	0	0	—
C₃(I₄, I₅)	$W_{3}$ =(0.71,0.29)	0	0	—
C ₄(I₆, I₇)	$W_{4}$ =(0.50,0.50)	0	0	—
C₅(I₈,I₉,I₁₀)	$W_{5}$ =(0.55,0.21,0.24)	0.021	0.52	0.04
C₆(I₁₁)	$W_{6}$ =(1)	0	0	—
C₇(I₁₂)	$W_{7}$ =(1)	0	0	—

References 28

[1]	AHMAD I , KUMAR T , LIYANAGE M ,et al. Overview of 5G security challenges and solutions[J]. IEEE Communications Standards Magazine, 2018,2(1): 36-43.
[2]	项弘禹, 肖扬文, 张贤 ,等. 5G边缘计算和网络切片技术[J]. 电信科学, 2017,33(6): 54-63.
	XIANG H Y , XIAO Y W , ZHANG X ,et al. Edge computing and network slicing technology in 5G[J]. Telecommunications Science, 2017,33(6): 54-63.
[3]	BEBORTTA S , SENAPATI D , PANIGRAHI C R ,et al. Adaptive performance modeling framework for QoS-aware offloading in MEC-based IIoT systems[J]. IEEE Internet of Things Journal, 2022,9(12): 10162-10171.
[4]	HOU Y Z , WANG C R , ZHU M ,et al. Joint allocation of wireless resource and computing capability in MEC-enabled vehicular network[J]. China Communications, 2021,18(6): 64-76.
[5]	QADIR J , SAINZ-DE-ABAJO B , KHAN A ,et al. Towards mobile edge computing:taxonomy,challenges,applications and future realms[J]. IEEE Access, 2020(8): 189129-189162.
[6]	ETSI. Mobile edge computing (MEC); framework and reference architecture:ETSI GS MEC003 V2.2.1[S]. 2020.
[7]	3GPP. Security architecture and procedures for 5G system:TS 33.501 V15.4.0[S]. 2020.
[8]	AHMAD I , SHAHABUDDIN S , KUMAR T ,et al. Security for 5G and beyond[J]. IEEE Communications Surveys ＆ Tutorials, 2019,21(4): 3682-3722.
[9]	TALEB T , SAMDANIS K , MADA B ,et al. On multi-access edge computing:a survey of the emerging 5G network edge cloud architecture and orchestration[J]. IEEE Communications Surveys ＆ Tutorials, 2017,19(3): 1657-1681.
[10]	RANAWEERA P , JURCUT A D , LIYANAGE M . Survey on multi-access edge computing security and privacy[J]. IEEE Communications Surveys ＆ Tutorials, 2021,23(2): 1078-1124.
[11]	刘云毅, 张建敏, 冯晓丽 ,等. 5G MEC系统安全能力部署方案[J]. 电信科学, 2022,38(11): 143-152.
	LIU Y Y , ZHANG J M , FENG X L ,et al. 5G MEC system security capability deployment scheme[J]. Telecommunications Science, 2022,38(11): 143-152.
[12]	张琳, 魏新艳, 刘茜萍 ,等. 基于协作信誉和设备反馈的物联网边缘服务器信任评估算法[J]. 通信学报, 2022,43(2): 118-130.
	ZHANG L , WEI X Y , LIU X P ,et al. Trust evaluation algorithm of IoT edge server based on cooperation reputation and device feedback[J]. Journal on Communications, 2022,43(2): 118-130.
[13]	贺海, 刘海峰, 成金爱 . 云计算平台安全能力评估体系和评估指标研究[J]. 信息安全研究, 2020,6(11): 990-995.
	HE H , LIU H F , CHENG J A . Research on evaluation system and index of cloud computing platform security capability[J]. Journal of Information Security Research, 2020,6(11): 990-995.
[14]	FIGUEROA-LORENZO S , A?ORGA J , ARRIZABALAGA S . A survey of IIoT protocols:a measure of vulnerability risk analysis based on CVSS[J]. ACM Computing Surveys, 2020,53(2): 1-53.
[15]	陶耀东, 贾新桐, 吴云坤 . 一种工业控制系统漏洞风险评估方法[J]. 小型微型计算机系统, 2020,41(3): 603-609.
	TAO Y D , JIA X T , WU Y K . Industry control system vulnerability risk assessment method[J]. Journal of Chinese Computer Systems, 2020,41(3): 603-609.
[16]	李舟, 唐聪, 胡建斌 ,等. 面向 SaaS 云平台的安全漏洞评分方法研究[J]. 通信学报, 2016,37(8): 157-166.
	LI Z , TANG C , HU J B ,et al. Vulnerabilities scoring approach for cloud SaaS[J]. Journal on Communications, 2016,37(8): 157-166.
[17]	ALI B , GREGORY M A , LI S . Multi-access edge computing architecture,data security and privacy:a review[J]. IEEE Access, 2021(9): 18706-18721.
[18]	杨志强, 粟栗, 杨波 ,等. 5G 安全技术与标准[M]. 北京: 人民邮电出版社, 2020.
	YANG Z Q , SU L , YANG B ,et al. 5G security technology and standards[M]. Beijing: Posts ＆ Telecom Press, 2020.
[19]	周艳, 何承东 . 5G 安全的全球统一认证体系和标准演进[J]. 移动通信, 2021,45(1): 21-29.
	ZHOU Y , HE C D . Global unified security certification system and standard evolution for 5G security[J]. Mobile Communications, 2021,45(1): 21-29.
[20]	武志学 . 云计算虚拟化技术的发展与趋势[J]. 计算机应用, 2017,37(4): 915-923.
	WU Z X . Advances on virtualization technology of cloud computing[J]. Journal of Computer Applications, 2017,37(4): 915-923.
[21]	杨爱民, 高放, 边敏华 ,等. 基于层次分析—模糊评价的云计算安全评估与对策[J]. 通信学报, 2016,37(S1): 104-110.
	YANG A M , GAO F , BIAN M H ,et al. Cloud computing security evaluation and countermeasure based on AHP-fuzzy comprehensive evaluation[J]. Journal on Communications, 2016,37(S1): 104-110.
[22]	FENG N , FU B C , WU H J ,et al. Modeling of fuzzy comprehensive evaluation based on cloud model[C]// Proceedings of 2016 14th International Conference on Control,Automation,Robotics and Vision (ICARCV). Piscataway:IEEE Press, 2017: 1-5.
[23]	于亚, 伏玉笋 . 工业互联网边缘终端初始接入可信度量方法研究[J]. 物联网学报, 2022,6(4): 149-157.
	YU Y , FU Y S . Research on trust measurement method for initial access of industrial Internet edge terminals[J]. Chinese Journal on Internet of Things, 2022,6(4): 149-157.
[24]	PRATHYUSHA Y , SHEU T L . Coordinated resource allocations for eMBB and URLLC in 5G communication networks[J]. IEEE Transactions on Vehicular Technology, 2022,71(8): 8717-8728.
[25]	KAI S F , ZHENG J H , SHI F ,et al. A CVSS-based vulnerability assessment method for reducing scoring error[C]// Proceedings of 2021 2nd International Conference on Electronics,Communications and Information Technology (CECIT). Piscataway:IEEE Press, 2022: 25-32.
[26]	SPINELLI F , MANCUSO V . Toward enabled industrial verticals in 5G:a survey on MEC-based approaches to provisioning and flexibility[J]. IEEE Communications Surveys ＆ Tutorials, 2021,23(1): 596-630.
[27]	NOWAK T W , SEPCZUK M , KOTULSKI Z ,et al. Verticals in 5G MEC-use cases and security challenges[J]. IEEE Access, 2021(9): 87251-87298.
[28]	马洪源, 肖子玉, 卜忠贵 ,等. 5G边缘计算技术及应用展望[J]. 电信科学, 2019,35(6): 114-123.
	MA H Y , XIAO Z Y , BU Z G ,et al. 5G edge computing technology and application prospects[J]. Telecommunications Science, 2019,35(6): 114-123.

Metrics

Recommended 0

No Suggested Reading articles found!

标度	含义
9⁰	两因素相比，同等重要
9^1/9(1.277)	两因素相比，前者比后者稍重要
9^3/9(2.080)	两因素相比，前者比后者明显重要
9^6/9(4.327)	两因素相比，前者比后者强烈重要
9¹	两因素相比，前者比后者极端重要
9^1/18、9^2/9、9^1/2、9^5/6	上述判断的中间值
倒数	以上标度对应的相反概念

n	1	2	3	4	5	6	7	8	9
RI	0	0	0.52	0.89	1.12	1.26	1.36	1.41	1.46

指标分类	指标名称	指标值	指标描述	数值
漏洞利用指标	攻击向量（attack vector，AV）	网络	远程利用	0.85
		局域	共享网络或本地网络	0.62
		本地	在本地利用漏洞	0.55
		物理	攻击需要物理接触	0.2
	攻击复杂度（attack complexity，AC）	低	攻击复杂度低	0.77
		高	攻击复杂度高	0.44
	所需权限（privileges required，PR）	无	无特权即可实施攻击	0.85
		低	需要普通用户权限	0.62（0.68，若范围指标 S的指标值为改变）
		高	需要管理员权限	0.27（0.50，若范围指标 S的指标值为改变）
	用户交互（user interaction，UI）	无	不需要用户交互	0.85
		需要	需要用户交互	0.68
影响范围指标	范围（scope，S）	不变	存在漏洞主体与受攻击主	—
			体一致
		改变	存在漏洞主体与受攻击主	—
			体不一致
漏洞影响指标	机密性（confidentiality，C）	无	机密性没有丧失	0
		低	机密性部分丧失	0.22
		高	机密性完全丧失	0.56
	完整性（integrity，I）	无	完整性没有丧失	0
		低	完整性部分丧失	0.22
		高	完整性完全丧失	0.56
	可用性（availability，A）	无	可用性没有丧失	0
		低	可用性部分丧失	0.22
		高	可用性完全丧失	0.56
业务需求指标	安全需求（safety requirement，SR）	低	业务安全需求低	0.6
		中	业务安全需求中	0.8
		高	业务安全需求高	1.0
	时延需求（delay requirement，DR）	低	业务时延需求低	0.6
		中	业务时延需求中	0.8
		高	业务时延需求高	1.0

对比项	C₁	C₂	C₃	C₄	C₅	C₆	C₇
C₁	1	1.129	0.614	0.481	0.886	0.783	1.277
C₂	0.886	1	0.481	0.614	0.783	0.481	1.129
C₃	1.629	2.080	1	0.886	1.277	1.129	1.629
C₄	2.080	1.629	1.129	1	1.129	1.129	3
C₅	1.129	1.277	0.783	0.886	1	1	1.629
C₆	1.277	2.080	0.886	0.886	1	1	1.629
C₇	0.783	0.886	0.614	0.333	0.614	0.614	1

标度法	λ_max	CI	CR	W
9级标度法	7.28	0.047	0.035	(0.072, 0.049, 0.248, 0.297, 0.133, 0.162, 0.037)^T
指数标度法	7.06	0.01	0.007	(0.115, 0.101, 0.181, 0.203, 0.147, 0.163, 0.090)^T

Research on 5G MEC security assessment system and method

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 28

Related Articles 9

Metrics

Recommended 0

对比项	差	较差	中等	较好	好
I₁	1	2	2	4	1
I₂	0	1	5	4	0
…	…	…	…	…	…
I₁₁	2	1	5	2	0
I₁₂	0	2	2	4	2

[1]	Daoyuan LIU,Keda SUN,Junliang ZHOU,Haidong FAN. Application of fuzzy comprehensive evaluation method in network information security assessment of electric power enterprises [J]. Telecommunications Science, 2020, 36(3): 34-41.
[2]	Yang LIU. Planning algorithm of small cell deployment scheme [J]. Telecommunications Science, 2017, 33(11): 195-200.
[3]	Huifang WANG. Fuzzy evaluation in the selecting for excellence of telecommunication engineering design [J]. Telecommunications Science, 2016, 32(11): 161-164.
[4]	Shuai ZHANG,Jinlong ZHAN,Man WANG,Minjie LI. Digital and analog hybrid precoding technology combined with V-BLAST in multi-user massive MIMO system [J]. Telecommunications Science, 2016, 32(10): 50-55.
[5]	Chunhua Ju,Fuguang Bao,Chonghuan Xu. Researcb on Social Network Collaborative Filtering Based E-commerce Recommending [J]. Telecommunications Science, 2014, 30(9): 82-86.
[6]	Yingbo Zhu,Jianwei Diao,Bo Kang,Shengqiang Liu. User Experience Optimization Researcb on Personalized Pusb Approacb of IPTV Service Based on Label of Contents [J]. Telecommunications Science, 2014, 30(7): 113-120.
[7]	Lingli Meng,Ningning Chen,Jiang Wang,Peng Yu. A Performance Evaluation Method of Power Distribution and Utilization Communication Network Based on Improved TOPSIS [J]. Telecommunications Science, 2014, 30(4): 167-172.
[8]	Minghui Yu,Xiquan Guo. AHP Extension Comprehensive Evaluation for Network Security [J]. Telecommunications Science, 2010, 26(12): 110-114.
[9]	Lihua Deng,Hongjuan Liang. Research on Evaluation System of Business Intelligence System [J]. Telecommunications Science, 2009, 25(9): 38-42.