5G-Enabled Defence-in-Depth for Multi-domain Operations.

In many civil and military use cases, 5G can be a segment of a more complex end-to-end solution. In such a configuration, properly using the 5G security mechanisms to achieve defence-in-depth and compliance with zero-trust architecture is challenging. In our paper, we discuss the existing 5G security mechanisms related to the connection of trusted and untrusted non-3GPP access networks (wireless and wired), 5G roaming, and the 3GPP approach to support Uncrewed Aerial Services, which provides authentication between the mobile terminal and an external server. The identified use cases show the need and opportunities for reusing 5G security mechanisms beyond the 5G network domain. We discuss the options for end-to-end defencein-depth security provisioning in multi-domain networks, and we present two approaches to providing end-to-end defence-in-depth mechanisms. The first relies on the alignment of security policies in multiple domains and is based on security proxies. The second is based on the multi-domain network slices.