We demonstrate how the 5G network slicing model can be extended to address data security requirements. In this work we demonstrate two different slice configurations, with different encryption requirements, representing two diverse use-cases for 5G networking: namely, an enterprise application hosted at a metro network site, and a content delivery network. We create a modified software-defined networking (SDN) orchestrator which calculates and provisions network slices according to the requirements, including encryption backed by quantum key distribution (QKD), or other methods. Slices are automatically provisioned by SDN orchestration of network resources, allowing selection of encrypted links as appropriate, including those which use standard Diffie-Hellman key exchange, QKD and quantum-resistant algorithms (QRAs), as well as no encryption at all. We show that the set-up and tear-down times of the network slices takes of the order of 1-2 minutes, which is an order of magnitude improvement over manually provisioning a link today.
翻译:我们演示了5G网络切片模型如何扩大以满足数据安全要求。 在这项工作中,我们展示了两种不同的切片配置,有不同的加密要求,代表了5G网络的两种不同的使用案例:即一个在地铁网络网站托管的企业应用程序,和一个内容传输网络。我们创建了一个经过修改的软件定义的网络(SDN)管弦乐团(SDN),根据要求计算和提供网络切片,包括由量子钥匙分布支持的加密(QKD)或其他方法。 Slips由SDN网络资源调制自动提供,允许酌情选择加密链接,包括使用标准的Diffie-Hellman键交换、QKD和量子抗算法(QRAs)的链接,以及根本没有加密。我们显示,网络切片的设置和拆卸时间需要1-2分钟的顺序,这是对今天手动提供链接进行规模改进的顺序。