← Book home
Part 5 · Privacy, Slicing, Edge, and Special Networks
20

Network Slicing Security

Selling many logical networks on one infrastructure — and keeping them apart

"A slice boundary is a business boundary, a regulatory boundary, and — whether you designed it that way or not — a security boundary." — THE SLICING PRINCIPLE

Network slicing lets one physical 5G network present as many logical networks — an eMBB slice for consumers, a URLLC slice for a factory, an isolated slice for a hospital. Each slice may have a different tenant, SLA, and security requirement. This chapter covers the S-NSSAI, the NSSF, slice-specific authentication (NSSAA), and — the heart of it — isolation: keeping one tenant's traffic, data, and failures out of another's.

🎯 Learning objectives
📘 Standards reference box — Chapter 20
SpecificationTitleRelease / version verified
TS 33.5015G security — NSSAA, slice securityRel-18, v18.11.0 (2026-04)
TS 23.501S-NSSAI, NSSF, slice architectureRel-19, v19.6.0
GSMANetwork slicing security guidancecurrent

Checked June 2026 — verify against the latest 3GPP version.

20.1 Slicing in One Page

FIGURE 20.1Slicing — One Infrastructure, Many Logical Networks
shared physical infrastructure (compute, RAN, transport) eMBB sliceconsumer broadbandhigh throughputSST=1 URLLC slicefactory automationUP integrity requiredSST=2 · isolated enterprise slicehospital / utilityNSSAA + isolationSST=3 · tenant different tenants, SLAs, and SECURITY requirements — on the same hardware
Purpose: the slicing value proposition and its risk. One infrastructure, many tenants — so isolation between them becomes a primary security concern.
FIGURE 20.2S-NSSAI Structure — SST + SD
S-NSSAI = Single Network Slice Selection Assistance Information SST8 bits — slice type SD (optional)24 bits — differentiator e.g. 1=eMBB, 2=URLLC, 3=mMTC distinguishes tenants of the same SST the SD often identifies a TENANT → it can be privacy-sensitive (an enterprise's slice ID reveals the enterprise)
Purpose: the slice identifier. SST says what kind of slice; SD distinguishes tenants — and because SD can identify a specific enterprise, it has privacy implications on the air.
FIGURE 20.3NSSAI Variants — Requested, Allowed, Configured, Rejected
Configuredslices the UE isprovisioned for Requestedslices the UE asksfor at registration Allowedslices the networkgrants (after checks) Rejectedslices denied(+reason) the network decides Allowed from Requested — a slice authorization step (NSSF + subscription)
Purpose: slice access is negotiated. The network grants "allowed" slices from the UE's "requested" set — an authorization checkpoint, not an automatic grant.
FIGURE 20.4NSSF in Slice Selection
AMF NSSF UDM (subscription) requested NSSAI check slice subscription subscribed slices allowed NSSAI + slice instances + AMF set
Purpose: who decides which slices a UE gets. The NSSF combines the request, subscription, and policy — integrity of this decision underpins tenant isolation.
FIGURE 20.5NSSAI Privacy — RRC vs NAS Exposure
the leak if slice IDs (S-NSSAI/SD) appear in unprotected signaling, an observer learns which enterprise/tenant a UE belongs to → a privacy + targeting risk the defense ✓ protect NSSAI under NAS/AS security ✓ avoid exposing SD in clear where possible ✓ treat tenant slice IDs as sensitive metadata slice membership is private information
Purpose: slice IDs are metadata that can identify a tenant. Exposing them in clear can reveal that a device belongs to, say, a specific defense contractor — protect them like the privacy data they are.

20.2 Isolation — the Core of Slice Security

FIGURE 20.6Slice Isolation Layers
control-plane isolationseparate/segmented signaling (AMF set, NFs) user-plane isolationdedicated/segmented UPFs, traffic separation management isolationtenant can't see/manage other slices (OAM) resource isolationone slice can't starve another (the SLA defense) "isolation" is FOUR properties — a slice can be CP-isolated yet resource-starvable; check all four
Purpose: isolation is not one thing. A slice can be perfectly signaling-isolated yet still be starved of resources by a noisy neighbor — true isolation means all four layers.

20.3 NSSAA — Slice-Specific Authentication

FIGURE 20.7NSSAA — Architecture
UEEAP peer AMFEAP authenticator(via NSSAAF) NSSAAFrelay to AAA tenant AAA-Senterprise's own NSSAA = a SECOND authentication, to the TENANT's AAA, before the UE may use a specific slice — on top of the network's 5G-AKA
Purpose: slices can demand their own authentication. NSSAA lets an enterprise require its own credential check (to its own AAA) before a subscriber may use its slice — defense in depth at the slice level.
FIGURE 20.8NSSAA Message Flow (EAP to AAA)
UE AMF NSSAAF AAA-S primary 5G-AKA already done; slice needs NSSAA ① EAP Request (slice auth) ② EAP Response → AMF → NSSAAF → AAA-S ③ EAP Success (tenant approves) ④ slice added to Allowed NSSAI
Purpose: the NSSAA exchange. EAP runs to the tenant's AAA after network authentication; only on success is the slice granted — the enterprise controls its own slice membership.
FIGURE 20.9NSSAA Revocation and Re-authentication
tenant AAA revokesemployee left / policy change AMF removes slicefrom Allowed NSSAI UE loses sliceaccess immediately the tenant retains LIVE control over who uses its slice — critical for enterprise lifecycle (joiners/leavers)
Purpose: the enterprise keeps the keys to its own slice. Revocation lets a tenant cut off a device (e.g., a departed employee's phone) without involving the operator's subscription system.

20.4 Tenant Isolation and Shared NFs

FIGURE 20.10Shared NF Risk — One AMF, Many Slices
shared AMFserves slices A, B, C slice A slice B (sensitive) slice C a shared NF is a cross-tenant component — a bug/compromise could leak across slices → dedicate NFs for the most sensitive slices
Purpose: the central isolation trade-off. Sharing NFs is efficient but creates cross-tenant exposure; sensitive slices may warrant dedicated NFs.
FIGURE 20.11Tenant Isolation in a Multi-Tenant Core
tenant A's view sees only its slices, data, KPIs cannot enumerate other tenants isolated management/OAM walled garden tenant B's view sees only ITS slices, data, KPIs no visibility into tenant A separate credentials/roles walled garden
Purpose: what tenant isolation means in practice. Each tenant sees only its own world — data, KPIs, and management — and cannot even discover the existence of others.
FIGURE 20.12Slice Resource Starvation Attack
noisy/compromised slicefloods shared resources shared compute/signalingexhausted victim sliceSLA breached resource isolation (quotas, reservations) is the defense — without it, slicing's SLA promise is hollow under load/attack
Purpose: the availability face of slicing security. Without resource isolation, one slice can starve another — turning a noisy neighbor (or attacker) into an SLA-breaking weapon.
FIGURE 20.13Enterprise Slice — Reference Security Architecture
a well-secured enterprise slice NSSAAto enterprise AAAtenant controls access isolationCP/UP/mgmt/resourcededicated where sensitive UP integrityREQUIRED (Ch 9)not "preferred" edge UPFlocal breakout (Ch 22)data stays on-site
Purpose: the blueprint for a serious enterprise slice. Combine tenant-controlled authentication, multi-layer isolation, required UP integrity, and (often) edge breakout — not the eMBB defaults (Chapter 9 example).
FIGURE 20.14Slice Security SLA Parameters
SLA parameter security choice isolation levelshared / segmented / dedicated NFs UP integrityrequired (sensitive) vs preferred slice authenticationNSSAA yes/no, which AAA resource guaranteereservation/quota (anti-starvation) data localityedge breakout / home-routed
Purpose: slice security is contractual. These parameters are what an enterprise and operator negotiate — security becomes a line-item in the slice SLA.
FIGURE 20.15Slice Security Audit Checklist
SLICE SECURITY — AUDIT ESSENTIALS ☑ all four isolation layers verified (CP/UP/mgmt/resource) ☑ NSSAA configured where the slice contract requires it ☑ UP integrity = required (not preferred) for sensitive slices ☑ tenant management isolation (no cross-tenant visibility) ☑ resource quotas/reservations (anti-starvation) ☑ NSSAI/SD not exposed in clear (privacy) ☑ no eMBB defaults inherited by enterprise slices ☑ revocation tested (tenant can cut off a UE)
Purpose: the slice audit on one card. The recurring failure is enterprise slices silently inheriting consumer (eMBB) defaults — this checklist catches it.

20.5 The Practical Operator View

Common misconfiguration risks

20.6 Threats and Mitigations

ThreatVectorDefense
Cross-slice leakageshared NF bug/compromiseisolation, dedicated NFs for sensitive slices
Resource starvationnoisy/attacking sliceresource quotas/reservations
Unauthorized slice accessweak slice authorizationNSSAA, subscription checks
Tenant membership leakS-NSSAI in clearprotect NSSAI under security
Stale accessdeparted users keep sliceNSSAA revocation
Weak enterprise sliceeMBB defaults inheritedper-slice security policy

20.7 Terminology, Example, Checklist

TermMeaning
S-NSSAI (SST+SD)Slice identifier: type + tenant differentiator
NSSAI variantsConfigured / Requested / Allowed / Rejected
NSSFNetwork Slice Selection Function
NSSAA / NSSAAFSlice-specific authentication / its AAA-relay function
isolation (4 layers)Control plane, user plane, management, resource

Real network example. An operator sold a "secure isolated slice" to a hospital. An audit found the slice had dedicated UPFs (UP isolation) but shared signaling NFs with no resource quotas. During a busy event, a consumer eMBB slice's signaling surge exhausted the shared AMF/SMF capacity, and the hospital slice's session setups began failing — its life-safety SLA breached not by an attack on it, but by a noisy neighbor it was supposed to be isolated from. The contract said "isolated"; only one of four isolation layers was real. Fix: resource reservations for the hospital slice and dedicated signaling capacity for critical slices. "Isolated" is a four-part claim — verify all four, or the word is marketing.

Chapter Summary

? Review Questions

  1. What does an S-NSSAI contain, and why can the SD be privacy-sensitive?
  2. Distinguish requested, allowed, configured, and rejected NSSAI.
  3. What is NSSAA, when is it used, and what control does it give a tenant?
  4. Name the four isolation layers and give an attack that defeats a slice isolated on only some of them.
  5. Why is resource isolation essential to slicing's SLA promise?
  6. What is the risk of shared NFs across slices, and the mitigation for sensitive slices?
  7. How should an enterprise slice differ in security config from a consumer eMBB slice?
  8. A "secure isolated" slice fails during a neighbor's traffic surge. Diagnose and fix.
🧪 Mini lab — design a hospital slice

On paper (or in Open5GS with multiple S-NSSAIs configured): (1) Define the S-NSSAI for a hospital slice and decide whether the SD reveals the tenant. (2) Specify all four isolation layers — what's dedicated vs shared, and the resource reservation. (3) Decide whether NSSAA applies and to whose AAA. (4) Set the UP security policy (required, not preferred — Chapter 9). (5) Now red-team it: as a noisy consumer slice or a malicious tenant, how would you degrade or peek into the hospital slice — and which of your four isolation layers stops each attempt? You've now written a slice security SLA that distinguishes "isolated" from "marketing."

← Chapter 19 Chapter 20 Chapter 21 →