Enhancing security and slicing services: delivering the control back to customers

Reading time: 3 min

However, despite the technical readiness and commercial promise of slicing, a fundamental barrier is increasingly evident: the lack of application-level control mechanisms, driven by the behaviour of mobile operating systems.

The problem is caused by how mobile operating systems, especially Android and iOS, understand and use URSP (User Equipment Route Selection Policy) rules. Instead of letting the user or the network to decide which apps should go through a specific network slice, the system clasifies the apps into families like video, gaming or messaging. These apps are then able to request specific traffic categories when requesting connectivity. Therefore, there is no control at all over which application accesses which network slice within the network because the visibility to the operator is limited to traffic categories and app families.

This approach causes several problems:

  • This makes impossible for the customer to choose which applications are allowed to send traffic over a network slice (i.e. their premium connectivity).
  • Mobile network operators can’t create business models around specific apps.
  • Mobile network operators don’t know which apps are using their slices and therefore resources may be misused, as traffic is sent based on the operating system’s rules rather than the operator rules.

This undermines one of the main promises of 5G network slicing, which is the ability to finely tune settings based on the application and the customer choice.

To tackle this issue, Telefonica has led a taskforce in GSMA to release a whitepaper about the usage of network-based tokens (i.e. App Tokens and Operator Tokens). What is the purpose of this whitepaper? It aims to explain that network-based tokens can  provide a secure and certifiable authentication and authorization solutions when third party applications running on an end-user´s mobile devices consume network services.

An App Token lets a third-party app prove its identity to the network, making its identity verifiable and binding traffic flows to specific policies. Unlike the way OS-imposed classification works, this mechanism lets operators apply accurate policy enforcement based on what application is initiating the traffic.

Operator Token also makes easier to check the user’s identity without disclosing any personal data. It can be used with different access technologies, including Wi-Fi, to make sure services keep working and users have a better experience while verifying their identity without the need of sending One Time Password (OTP) messages or other intrusive methods.

And how can a token improve network slicing? By using tokens, slicing can become truly application-aware, bringing key benefits. On the one hand, it allows users to define which applications can access his/hes premium connectivity services, thus optimising data consumption and prioritisation. It also offers greater operational transparency, as operators can monitor the slice usage to improve resource management and SLA compliancy. In addition, it enhances security and trust by restricting access to sensitive resources to authorised applications and users only. Finally, this token-based control is scalable and applicable across domains, from B2C entertainment services to B2B secure enterprise accesses.

While the benefits are clear, implementation requires alignment across the ecosystem. Device OS vendors need to support APIs to expose network tokens management to applications; developers need to integrate network tokens handling into front and back-end systems; and operators need to deploy Entitlement Configuration Servers to issue and validate network tokens.

The industry is already moving in this direction, with proof of concept projects and MVPs underway. However, widespread adoption will depend on standardisation and advocacy to ensure that no single stakeholder, nor an OS vendor, app developer or network operator, can unilaterally restrict the programmability and openness of 5G.

Share it on your social networks


Communication

Contact our communication department or requests additional material.

Background formBackground form mobile

Subscribe to Telefónica's blog

For example, [email protected]

close-link