Securing the Management Plane in Intent-based Cellular Networks
Kashif Mehmood, Katina Kralevska, Danilo Gligoroski
TL;DR
The paper addresses securing the management plane in intent-based cellular networks to prevent unauthorized access and tampering of network intents. It proposes a WireGuard-based security framework under a centralized IBNSC authority, coupled with a Noise protocol IK handshake to secure key exchange and encrypt intent communication. A four-step Secure Intent Management Protocol supports key generation, authenticated key exchange, handshake establishment, and secure intent transfer, with an OpenStack-based experimental evaluation showing WireGuard outperforms OpenVPN in throughput and latency while consuming fewer resources. The work demonstrates a practical, low-overhead solution for secure closed-loop control in IBN, enabling reliable and confidential management of cellular network intents.
Abstract
IBN is an emerging network management paradigm that allows automated closed-loop control and management of network devices and services. Closed-loop control requires security primitives to avoid intrusive human impact on network policies, posing a serious security challenge. This paper addresses this critical problem by securing the management plane in IBN systems. We propose a novel security framework based on WireGuard that augments the existing standards to secure intent communication between intent stakeholders. The framework guarantees isolation through WireGuard tunnels and provides inherent authentication and access control mechanisms to avoid intrusion in IBN systems. This work contributes to developing secure, efficient, and flexible communication channels within the IBN ecosystem, ensuring the integrity and confidentiality of network intents and operational data. Experimental results show the suitability and superiority of WireGuard compared to OpenVPN.