Research On The Security Mechanism Of 5G Core Network In Virtualization Environment

To satisify the require of multi-application scenario of mobile communication in the future,the 5G core network introduces network function virtualization technology,and by decoupling hardware and software of network,network deployment is more flexible,resource utilization is higher,network operation cost is reduced,etc.Meanwhile,there are a series of new security issues and challenges.For example,the generalization of hardware facilities may enlarge the threat of vulnerability back door attack,the softening of network functions may increase network attack surface,and the sharing of physical resources will blur the network security boundary.Especially in recent years,side-channel attacks,virtual node escape attacks,covert channel attacks,crossfire attacks,single physical node attack have developed rapidly because of the sharing of physical resources,so it is urgent to strengthen the research of effective network defense means.For this purpose,this paper relies on the major national science and technology project "Research and Verification of 5G XX Protection Technology"(No.2018ZX03002002)and the national natural science foundation of china "Research on Virtual Resource Management Technology for 5G Network Slice"(No.61801515),focuses on the security problems of 5G core network in virtualization environment caused by sharing of physical resources,and researches on three aspects include virtual node security,virtual link security of virtual aspect and the physical nodes security of physical infrastructure aspect in turn for network security in high-threat environment.The main research content is introduced as follows:1.A virtual machine dynamic migration method based on jumping redundancy work is proposed.Firstly,evaluation and calculation method for migration frequency of different virtual machines are established,which can reduce the migration frequency while ensuring the information security of the virtual machine,and then jumping redundancy work is used to deal with the security risk caused because of the frequent migration of the virtual machine.Simulation result shows that the proposed method reduces the average migration convergence time and migration overhead,and avoids the security problems because of frequent migration in case that gets the same security protection as the existing defense methods.2.A method of virtual chain mapping and migration based on the constraint of spatiotemporal coexistence is proposed.Firstly,the concept of coexistence degree of virtual links in time and space is proposed.Then,based on chains coexistence,a method of service function chain mapping and migration is designed to minimize the coexistence between virtual chains.Simulation result shows that,compared with existing defense methods,this method can significantly reduce the coexistence between service function chains and the network attack risk caused by the coexistence of virtual links,while ensure the deployment performance of service function chains.3.A backup and remapping method of network slice based on security classification is proposed.Firstly,based on the existing node backup and remapping solutions,this paper considers the impact of security constraints among nodes on network security performance,and a security parameter evaluation model of virtual nodes and physical nodes are proposed in the network slicing,and the security constraint relationship is established between the virtual nodes and the physical nodes.Then backup virtual nodes are selected based on the security parameters evaluation model,and backup mapping methods are designed.Finally,the node remapping mechanism is designed with satisfying the requirement of network delay.Simulation result shows that this method can significantly improve network anti-attack capability with satisfying the requirements of network slicing service performance.