Authorizing Access to Edge Resources at Wire Speed using 5G Device Authentication

We present a protocol for carrying device authentication information in packets breaking out of the 5G network and entering the computing resources of a Multiaccess Edge Computing (MEC) site. The authentication information is then used in a network function, called Customer Edge Switch (CES), inserted in front of the ingress into the computing resources, which authorizes traffic flows originated in the mobile network to access computing resources on a per-user and per-service basis according to the principles of zero-trust security.We evaluate the performance of our solution in an emulation environment that includes the 5 G domain, a prototype implementation of the CES using the P4 language, and a Function-as-a-Service computing environment. Results show that the processing delay in the CES is small. We also provide a mathematical model for computing the maximum number of devices that can be managed at wire speed.

Recommended citation: L. Giacometti, F. Battagin and G. Verticale, "Authorizing Access to Edge Resources at Wire Speed using 5G Device Authentication," 2024 IEEE 25th International Conference on High Performance Switching and Routing (HPSR), Pisa, Italy, 2024, pp. 67-72, doi: 10.1109/HPSR62440.2024.10635919.
Download Paper | Download Bibtex