Network slicing enables the creation of logically isolated, service-specific virtual networks over a shared infrastructure, supporting differentiated Quality of Service (QoS) and security guarantees. However, the dynamic and encrypted nature of these slices introduces new challenges for Lawful Interception (LI). Current 3GPP and ETSI specifications do not fully support multi-slice interception, particularly in the presence of end-to-end encryption (E2EE). This paper presents a standards-compliant LI framework tailored for B5G slicing environments. The LI Framework is deployed on a containerized testbed built with Open5GS and OpenLI, enabling reproducible experimentation in controlled multi-slice scenarios. The system supports per-slice interception of file transfers and encrypted VoIP traffic. A secure, identity-based key escrow scheme enables lawful decryption while preserving user privacy and slice isolation. Experimental results show a latency overhead below 10 ms in all test scenarios, demonstrating the feasibility of low-impact, compliant interception in modern B5G networks.
A Multi-Slice Lawful Interception Framework for Beyond-5G Networks: Design and Evaluation of a Standard-Compliant Emulation Testbed / Huso, Ingrid; Calia, Angelo; Piro, Giuseppe; Boggia, Gennaro. - (2025).
A Multi-Slice Lawful Interception Framework for Beyond-5G Networks: Design and Evaluation of a Standard-Compliant Emulation Testbed
Ingrid Huso
;Angelo Calia;Giuseppe Piro;Gennaro Boggia
2025
Abstract
Network slicing enables the creation of logically isolated, service-specific virtual networks over a shared infrastructure, supporting differentiated Quality of Service (QoS) and security guarantees. However, the dynamic and encrypted nature of these slices introduces new challenges for Lawful Interception (LI). Current 3GPP and ETSI specifications do not fully support multi-slice interception, particularly in the presence of end-to-end encryption (E2EE). This paper presents a standards-compliant LI framework tailored for B5G slicing environments. The LI Framework is deployed on a containerized testbed built with Open5GS and OpenLI, enabling reproducible experimentation in controlled multi-slice scenarios. The system supports per-slice interception of file transfers and encrypted VoIP traffic. A secure, identity-based key escrow scheme enables lawful decryption while preserving user privacy and slice isolation. Experimental results show a latency overhead below 10 ms in all test scenarios, demonstrating the feasibility of low-impact, compliant interception in modern B5G networks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
