網路切片是5G網絡為不同行業（服務）提供專用資源的關鍵技術之一，隨著全球通訊進入5G時代，網路切片的安全性也因此成為了一個必須要考量到的問題。切片隔離是5G網路切片的基本安全要求，因為在5G網路切片中，不同行業(服務)的租戶可以在多租戶虛擬化網絡基礎設施中共享相同的物理資源，如果缺少了切片隔離，針對一個切片的攻擊將會影響整個網路切片。

在本文中,我們提出了一種安全系統,該系統透過在切片間產生網路隔離來提高網路切片的安全性，並且可以提供良好的傳輸性能。我們在封包中加入了一個驗證用的封包頭，並透過P4程式語言可以自定義可程式化交換機的行為的這個特性，讓它去判斷接收到的封包的合法性，而我們也利用了可程式化交換機內部可以運行雜湊函式的特性，將驗證用的參數隱藏起來，以避免攻擊者透過竊聽封包的方式侵入切片，這也是傳統的網路切片無法做到的。

Network slicing is one of the key technologies for 5G networks to provide dedicated resources for different industries (services). As global communications enter the 5G era, the security of network slicing has therefore become an issue that must be considered. Isolation is the basic security requirement of 5G network slicing, because, in 5G network slicing, tenants of different industries (services) can share the same physical resources in a multi-tenant virtualized network infrastructure. If the isolation is missing, an attack on one slice will affect the entire network slices.

In this article, we propose a security system that improves the security of network slices by generating better network isolation between slices and can provide good transmission performance. We have added a verification header to the packet, and through the P4 programming language, we can customize the behavior of the programmable switch so that it can determine the legitimacy of the received packet. And we also take advantage of the ability to run hash functions inside the programmable switch to hide the verification parameters to prevent attackers from intruding into the slice by eavesdropping on packets, which is also not possible with traditional network slicing.

[1] L. U. Khan, I. Yaqoob, N. H. Tran, S. A. Kazmi, T. N. Dang, and C. S. Hong, “Edge-computing-enabled smart cities: A comprehensive survey,” IEEE Internet of Things
Journal, vol. 7, no. 10, pp. 10200–10232, 2020.

[2] Y. Wang, C. Xu, Z. Zhou, H. Pervaiz, and S. Mumtaz, “Contract-based resource
allocation for low-latency vehicular fog computing,” in 2018 IEEE 29th Annual
International Symposium on Personal, Indoor and Mobile Radio Communications
(PIMRC), pp. 812–816, IEEE, 2018.

[3] Y. Mehmood, F. Ahmad, I. Yaqoob, A. Adnane, M. Imran, and S. Guizani, “Internet-of-things-based smart cities: Recent advances and challenges,” IEEE Communications Magazine, vol. 55, no. 9, pp. 16–24, 2017.

[4] M. Sookhak, H. Tang, Y. He, and F. R. Yu, “Security and privacy of smart cities: a
survey, research issues and challenges,” IEEE Communications Surveys & Tutorials,
vol. 21, no. 2, pp. 1718–1743, 2018.

[5] F. Qi, X. Zhu, G. Mang, M. Kadoch, and W. Li, “Uav network and iot in the sky for
future smart cities,” IEEE Network, vol. 33, no. 2, pp. 96–101, 2019.

[6] F. Samie, L. Bauer, and J. Henkel, “Edge computing for smart grid: An overview on
architectures and solutions,” IoT for Smart Grids, pp. 21–42, 2019.

[7] A. Ksentini and P. A. Frangoudis, “Toward slicing-enabled multi-access edge computing in 5g,” IEEE Network, vol. 34, no. 2, pp. 99–105, 2020.

[8] X. Foukas, G. Patounas, A. Elmokashfi, and M. K. Marina, “Network slicing in 5g:
Survey and challenges,” IEEE Communications Magazine, vol. 55, no. 5, pp. 94–
100, 2017.

[9] C. Bektas, S. Monhof, F. Kurtz, and C. Wietfeld, “Towards 5g: An empirical evaluation of software-defined end-to-end network slicing,” in 2018 IEEE Globecom
Workshops (GC Wkshps), pp. 1–6, IEEE, 2018.

[10] M. Condoluci, F. Sardis, and T. Mahmoodi, “Softwarization and virtualization in 5g networks for smart cities,” in International Internet of Things Summit, pp. 179–186, Springer, 2015.

[11] Sebastian Anthony, “Github battles largest ddos in sites history.” https://www.zdnet.com/article/github-suffers-largest-ddos-attack-in-sites-history/,
2015.

[12] Lily Hay Newman, “Github survived the biggest ddos attack ever recorded.”
https://www.wired.com/story/github-ddos-memcached/, 2018.

[13] Paul Nicholson, “Aws hit by largest reported ddos attack of 2.3 tbps.” https://www.a10networks.com/blog/aws-hit-by-largest-reported-ddos-attack-of-2-3-tbps/, 2020.

[14] V. A. Cunha, E. da Silva, M. B. de Carvalho, D. Corujo, J. P. Barraca, D. Gomes,
L. Z. Granville, and R. L. Aguiar, “Network slicing security: Challenges and directions,”
Internet Technology Letters, vol. 2, no. 5, p. e125, 2019.

[15] 3GPP, “Study on the security aspects of the next generation system (release
14).” http://www.3gpp.org/ftp/Specs/archive/22_series/22.891/22891-e20.zip, 2016.

[16] D. Sattar and A. Matrawy, “Towards secure slicing: Using slice isolation to mitigate ddos attacks on 5g core network slices,” in 2019 IEEE Conference on Communications and Network Security (CNS), pp. 82–90, IEEE, 2019.

[17] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger,
D. Talayco, A. Vahdat, G. Varghese, et al., “P4: Programming protocol-independent
packet processors,” ACM SIGCOMM Computer Communication Review, vol. 44,
no. 3, pp. 87–95, 2014.

[18] M. Molina, S. Niccolini, and N. Duffield, “A comparative experimental study of hash functions applied to packet sampling,” in Proc. of International Teletraffic Congress (ITC), 2005.

[19] C. Henke, C. Schmoll, and T. Zseby, “Empirical evaluation of hash functions for
multipoint measurements,” ACM SIGCOMM Computer Communication Review,
vol. 38, no. 3, pp. 39–50, 2008.

[20] R.Jenkins, “A hash function for hash table lookup.” http://www.
burtleburtle.net/bob/hash/doobs.html, 1997.

[21] D. Scholz, A. Oeldemann, F. Geyer, S. Gallenm¨uller, H. Stubbe, T. Wild, A. Herkersdorf, and G. Carle, “Cryptographic hashing in p4 data planes,” in 2019
ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 1–6, IEEE, 2019.

[22] V. N. Sathi, M. Srinivasan, P. K. Thiruvasagam, and S. R. M. Chebiyyam, “A novel
protocol for securing network slice component association and slice isolation in 5g networks,” in Proceedings of the 21st ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, pp. 249–253, 2018.

[23] V. Thangam and K. Chandrasekaran, “Elliptic curve based proxy re-encryption,” in Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, pp. 1–6, 2016.

[24] J. Ni, X. Lin, and X. S. Shen, “Efficient and secure service-oriented authentication
supporting network slicing for 5g-enabled iot,” IEEE Journal on Selected Areas in
Communications, vol. 36, no. 3, pp. 644–657, 2018.

[25] J. Liu, L. Zhang, R. Sun, X. Du, and M. Guizani, “Mutual heterogeneous signcryption schemes for 5g network slicings,” IEEE Access, vol. 6, pp. 7854–7863, 2018.

[26] Y. Khettab, M. Bagaa, D. L. C. Dutra, T. Taleb, and N. Toumi, “Virtual security as
a service for 5g verticals,” in 2018 IEEE Wireless Communications and Networking
Conference (WCNC), pp. 1–6, IEEE, 2018.

[27] Z. Kotulski, T. W. Nowak, M. Sepczuk, and M. A. Tunia, “Graph-based quantitative description of networks’ slices isolation,” in 2018 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 369–379, IEEE, 2018.

[28] B. Niu, W. You, H. Tang, and X. Wang, “5g network slice security trust degree
calculation model,” in 2017 3rd IEEE International Conference on Computer and
Communications (ICCC), pp. 1150–1157, IEEE, 2017.

[29] Mininet Project, “The mininet project.” http://mininet.org/, 2021.

[30] Open Networking Foundation, “Open network operating system project.” https:
//wiki.onosproject.org/display/ONOS/ONOS, 2020.

[31] The P4 Language Consortium, “P416 language specification.” https://p4lang.
github.io/p4-spec/docs/P4-16-v1.2.2.pdf, 2021.