A framework for evaluating security in 5G network APIs
Puranen, Aleksi (2025)
2025
Tietojohtamisen DI-ohjelma - Master's Programme in Information and Knowledge Management
Johtamisen ja talouden tiedekunta - Faculty of Management and Business
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2025-05-23
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202505236065
https://urn.fi/URN:NBN:fi:tuni-202505236065
Tiivistelmä
The emergence of 5G network Application Programming Interfaces (APIs) offers significant opportunities for service innovation and monetization. However, this expansion concurrently enlarges the attack surface of mobile networks, introducing complex security challenges. A critical deficiency identified is the absence of a systematic framework specifically designed for evaluating the security posture of these 5G network APIs.
This thesis addresses this deficiency. Its primary objective was to investigate methodologies for security evaluation in the context of 5G network APIs and based on this investigation, to develop a comprehensive evaluation framework. The research was guided by the central question of how to systematically identify and evaluate security requirements and compliance measures pertinent to the adoption of network APIs.
A Design Science Research (DSR) methodology was employed, utilizing a qualitative approach centered on an extensive review of literature and technical documentation. This included 3rd Generation Partnership Project (3GPP) specifications, notably the Common API Framework (CAPIF) and its security standard TS 33.122; academic research on API security; and established cross-industry security standards and frameworks such as the Fast Healthcare Interoperability Resources (FHIR), the Revised Payment Services Directive (PSD2), NIST SP 800-53, and the OWASP Application Security Verification Standard (ASVS).
The principal result of this research is a novel security evaluation framework. This framework is structured around four concentric rings: (1) Authentication, focusing on robust identity and access management, (2) Network Obfuscation, aiming to enhance system resilience through measures like topology hiding, (3) Observability, ensuring transparency and accountability via comprehensive logging and monitoring, and (4) Governance & Usability, addressing overarching policies, data protection (e.g., GDPR compliance), and developer-centric security practices. Each ring comprises detailed, actionable security checkpoints, with defined rationales and links to the research questions. The framework is designed for adaptability to specific sector requirements (e.g., telecommunications, finance, healthcare) and proposes objective maturity indicators for as-sessing security posture.
This thesis addresses this deficiency. Its primary objective was to investigate methodologies for security evaluation in the context of 5G network APIs and based on this investigation, to develop a comprehensive evaluation framework. The research was guided by the central question of how to systematically identify and evaluate security requirements and compliance measures pertinent to the adoption of network APIs.
A Design Science Research (DSR) methodology was employed, utilizing a qualitative approach centered on an extensive review of literature and technical documentation. This included 3rd Generation Partnership Project (3GPP) specifications, notably the Common API Framework (CAPIF) and its security standard TS 33.122; academic research on API security; and established cross-industry security standards and frameworks such as the Fast Healthcare Interoperability Resources (FHIR), the Revised Payment Services Directive (PSD2), NIST SP 800-53, and the OWASP Application Security Verification Standard (ASVS).
The principal result of this research is a novel security evaluation framework. This framework is structured around four concentric rings: (1) Authentication, focusing on robust identity and access management, (2) Network Obfuscation, aiming to enhance system resilience through measures like topology hiding, (3) Observability, ensuring transparency and accountability via comprehensive logging and monitoring, and (4) Governance & Usability, addressing overarching policies, data protection (e.g., GDPR compliance), and developer-centric security practices. Each ring comprises detailed, actionable security checkpoints, with defined rationales and links to the research questions. The framework is designed for adaptability to specific sector requirements (e.g., telecommunications, finance, healthcare) and proposes objective maturity indicators for as-sessing security posture.
Kokoelmat
Samankaltainen aineisto
Näytetään aineisto, joilla on samankaltaisia nimekkeitä, tekijöitä tai asiasanoja.
-
From maintaining stability to securing change : Expert perceptions on how the Civilian Security Sector contributes to resilience in Ukraine.
(2020)
Pro gradu -tutkielmaSix years after the Euromaidan, Ukraine has taken significant steps in order to reform its civilian security provision, namely the rule of law and law enforcement, to become more aligned with the standards demanded by the ... -
Security through integration? : the role of security in the enlargements of the European Union
TAPRI Net Series : 7 (Tampere University Press, 2009)
book
