| Internet-Draft | An 5G Integrated Security Service System | February 2026 |
| Ahn, et al. | Expires 29 August 2026 | [Page] |
This document presents an integrated framework for automated security management in 5G edge networks using the Interface to Network Security Functions (I2NSF) architecture. The proposed system leverages Intent-Based Networking (IBN) to allow users or administrators to declare high-level security intents, which are translated into enforceable network and application policies. Network-level policies are delivered to 5G core components via the Network Exposure Function (NEF), while application-level policies are enforced directly on a User Equipment (UE) through distributed IBN Controllers. This architecture supports adaptive, context-aware, and distributed policy enforcement, enabling real-time response to dynamic edge conditions and user mobility scenarios such as handovers. By integrating closed-loop monitoring and analytics, the system ensures consistent and autonomous security across heterogeneous 5G environments.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 29 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Network softwarization has become a fundamental approach for delivering network services across various infrastructures, including 5G mobile networks [TS-23.501], cloud computing platforms, and edge computing environments. This paradigm is enabled through key technologies such as Network Functions Virtualization (NFV) [ETSI-NFV] and Software-Defined Networking (SDN) [RFC7149]. In addition, Intent-Based Networking (IBN) [RFC9315] [Survey-IBN-CST-2023] serves as a foundation for implementing intelligent behaviors in both network-level and application-level services. As networks continue to evolve in this software-driven direction, the emergence of 5G introduces new challenges, particularly in the realm of security.¶
As mobile networks evolve toward 5G, the increasing complexity of network functions and the widespread deployment of edge devices such as IoT nodes, user equipment (UE), and application functions (AFs) [TS-23.501] introduce significant challenges to existing security models. These environments are inherently dynamic, heterogeneous, and latency-sensitive, making it difficult for traditional rule-based configurations, which are typically static and manually managed, to respond effectively to changing conditions. In particular, security operations at the edge require more contextual awareness, automation, and adaptability than ever before.¶
Intent-Based Networking (IBN) provides a promising paradigm to meet these requirements. It enables operators or users to declare high-level goals, or intents, which the system can automatically translate into enforceable security and network policies [TS-28.312]. These policies may range from abstract service-level objectives to fine-grained access control rules. By automating this translation and enforcement process, the network gains the ability to respond autonomously to operational demands without requiring manual intervention. This model supports closed-loop control, where real-time feedback mechanisms continuously refine and adapt system behavior based on evolving context and intent.¶
This document defines an intent-based framework for edge security management in the context of 5G systems. The framework builds upon the service-based architecture (SBA) defined in 3GPP 5G and beyond, and introduces a layered approach that includes intent translation, policy generation, enforcement, and monitoring. It integrates seamlessly with existing 3GPP network functions such as the Policy Control Function (PCF) [TS-29.520], Access and Mobility Management Function (AMF), Session Management Function (SMF), and Network Data Analytics Function (NWDAF) [TS-23.288]. The aim is to deliver scalable and adaptive security control across heterogeneous edge domains through policy-driven orchestration.¶
Furthermore, the framework is designed to support mobility scenarios, including handovers between gNBs and session migration across multiple User Plane Functions (UPFs). By dynamically enforcing intents on the edge, the system maintains consistent and context-aware security postures even in the presence of mobility events. This capability improves network resilience and responsiveness and provides a foundation for secure, automated, and intelligent 5G services. The proposed framework also aligns with long-term goals of zero-touch security, AI-driven orchestration, and intent-based policy automation within future mobile network infrastructures.¶
This section provides definitions of the key terms and concepts used throughout this document. The terminology is intended to establish a common understanding of the architectural elements, interfaces, and operational principles discussed in the context of intent-based security management in 5G networks. These terms are used to describe 5G Network automation based on the Intent-Based Networking (IBN) and Interface to Network Security Functions (I2NSF) framework.¶
Intent: It refers to a set of operational objectives and expected outcomes that a network is expected to fulfill, expressed in a declarative manner without specifying the implementation details or the exact procedures to achieve them [RFC9315]. Intents can be represented using XML [RFC6020] [RFC7950] or YAML [YAML] formats, and may be delivered to the target components through protocols such as NETCONF [RFC6241], RESTCONF [RFC8040], or via standard REST APIs [REST].¶
IBN User Function (IUF): The IUF is typically accessed via a web-browser interface, which allows Mobile Object administrators to input network intents for the IBN Control Function (ICF). These intents serve as strategic objectives that guide the generation of security and network policies within the system.¶
IBN Control Function (ICF): The ICF operates as a core component of the I2NSF architecture deployed within the 5G network. It is responsible for managing and orchestrating security enforcement functions by both translating the intents from the IUF into actionable policies, and selecting appropriate 5G Network Functions (NFs) for their execution.¶
Developer's Management Function (DMF): The DMF is a component within the Interface to Network Security Functions (I2NSF) framework that acts as a provider of Network Security Functions (NSFs). It is responsible for registering the capabilities of these NSFs with the Security Controller, essentially making them available for use in enforcing security policies.¶
Security Control Function (SCF): The SCF strengthens network security by generating low-level policies to modify and supplement the network configuration based on the delivered network policy and delivering them to the relevant individual NFs.¶
Security Data Analytics Function (SDAF): THE SDAF collects and analyzes monitoring data to verify whether the policies generated based on intents have been properly enforced by the network security functions, and to evaluate the performance and functionality of the security services.¶
Network Security Function (NSF): The NSF is a network security function that provides actual security services based on policies generated based on the user's intent. It actually executes security tasks such as blocking or allowing traffic based on the policy delivered from ICF.¶
This section defines a comprehensive framework for 5G security management automation by introducing its essential components and explaining how each of them is designed to interconnect with functions in the 5G core networks [TS-23.501]. The framework is grounded in intent-based networking principles, which enable high-level user or application intents to be automatically translated into actionable policies. These policies are then enforced and monitored across both the core and edge domains without requiring manual intervention.¶
As 5G networks become more distributed and support a growing number of latency-sensitive services and heterogeneous devices, traditional static security mechanisms struggle to cope with the dynamic nature of threats and the scale of real-time traffic. Manual configuration is no longer feasible in such environments, making automated security orchestration essential to maintain consistent protection, reduce response time, and minimize human error.¶
To realize this, the framework leverages a set of I2NSF-based functional modules that collectively support policy translation, enforcement, and real-time monitoring. By integrating these components into the 5G architecture, the system enables scalable, adaptive, and context-aware security operations tailored to the needs of dynamic and heterogeneous edge environments.¶