Control in modern communication networks and IoT systems is becoming highly distributed, flexible, and open. This control mode permits more efficient and sustainable networks. It is enabled by recent technologies for their programmability and virtualization, such as SDN (Software-Defined Networking) and NFV (Network Function Virtualization). Moreover, visions for an independent and liberalized web, such as the European NGI (Next Generation Internet, www.ngi.eu) or the Web 3.0 (www.web3.foundation), have gained large popularity within democratic societies, particularly for alternative content providers and processors of personal data. The vision aims at a decentralized and fair internet, where users control their own data, identity, and destiny. These aims led to research of methods for “decentralized security,” i.e., of security mechanisms that do not depend on the trustworthiness of central entities. These security concepts comprise decentralized ledgers (incl. Blockchains and cryptocurrencies), decentralized access control mechanisms for IoT systems (incl. license management), secure multi-party computation, security for federated machine learning, code obfuscation for decentralized software supply chains and edge/IoT deployment, or decentralized market places for electronic goods (incl. social finance).
The cybersecurity technology for 5G and B5G (Beyond5G) mobile networks follows the trend for a higher decentralization but these networks also have specific security needs because of them being very-large infrastructures. A major security challenge is the disaggregation of the RAN (Radio Access Network). The RAN is still the decisive part of mobile networks, defining their transmission speed, and is eventually rapidly changing. Disaggregation splits the RAN protocol stack into individual components which can be implemented independently, for example, to achieve lower energy consumption or to implement new transmission schemes. RAN disaggregation permits the use of fronthaul and midhaul networks that are built on cloud native (CN) principles (www.cncf.io). The re-allocation of RAN functions into the Cloud and use of CN, however, creates new attack surfaces and attack vectors for the RAN domain. Managing these surfaces and defending against these vectors will be crucial. Expected security concepts in CN-based networks comprise technologies such as micro-segmented networks, confidential computing, or customization of network security and network orchestration.
