Efficient and Secure 5G Core Network Slice Provisioning Based on VIKOR Approach

Network slicing in 5G is expected to essentially change the way in which network operators deploy and manage vertical services with different performance requirements. Efficient and secure slice provisioning algorithms are important since network slices share the limited resources of the physical network. In this article, we first analyze the security issues in network slicing and formulate an Integer Linear Programming (ILP) model for secure 5G core network slice provisioning. Then, we propose a heuristic 5G core network slice provisioning algorithm called VIKOR-CNSP based on VIKOR, which is a multi-criteria decision making (MCDM) method. In the slice node provisioning stage, the node importance is ranked with the VIKOR approach by considering the node resource and topology attributes. The slice nodes are then provisioned according to the ranking results. In the slice link provisioning stage, the k shortest path algorithm is implemented to obtain the candidate physical paths for the slice link, and a strategy for selecting a candidate physical path is proposed to increase the slice acceptance ratio. The strategy first calculates the path factor P which is the product of the maximum link bandwidth utilization of the candidate physical path and its hop-count, and then chooses the candidate physical path with the smallest P to host the slice link. Extensive simulations show that the proposed algorithm can achieve the highest slice acceptance ratio and the largest provisioning revenue-to-cost ratio, satisfying the security constraints of 5G core network slice requests. f

Privacy-Preserving Shortest Path Computation

Navigation is one of the most popular cloud computing services. But in virtually all cloud-based navigation systems, the client must reveal her location and destination to the cloud service provider in order to learn the fastest route. In this work, we present a cryptographic protocol for navigation on city streets that provides privacy for both the client's location and the service provider's routing data. Our key ingredient is a novel method for compressing the next-hop routing matrices in networks such as city street maps. Applying our compression method to the map of Los Angeles, for example, we achieve over tenfold reduction in the representation size. In conjunction with other cryptographic techniques, this compressed representation results in an efficient protocol suitable for fully-private real-time navigation on city streets. We demonstrate the practicality of our protocol by benchmarking it on real street map data for major cities such as San Francisco and Washington, D.C.Comment: Extended version of NDSS 2016 pape

Efficient Wireless Security Through Jamming, Coding and Routing

There is a rich recent literature on how to assist secure communication between a single transmitter and receiver at the physical layer of wireless networks through techniques such as cooperative jamming. In this paper, we consider how these single-hop physical layer security techniques can be extended to multi-hop wireless networks and show how to augment physical layer security techniques with higher layer network mechanisms such as coding and routing. Specifically, we consider the secure minimum energy routing problem, in which the objective is to compute a minimum energy path between two network nodes subject to constraints on the end-to-end communication secrecy and goodput over the path. This problem is formulated as a constrained optimization of transmission power and link selection, which is proved to be NP-hard. Nevertheless, we show that efficient algorithms exist to compute both exact and approximate solutions for the problem. In particular, we develop an exact solution of pseudo-polynomial complexity, as well as an epsilon-optimal approximation of polynomial complexity. Simulation results are also provided to show the utility of our algorithms and quantify their energy savings compared to a combination of (standard) security-agnostic minimum energy routing and physical layer security. In the simulated scenarios, we observe that, by jointly optimizing link selection at the network layer and cooperative jamming at the physical layer, our algorithms reduce the network energy consumption by half

Dovetail: Stronger Anonymity in Next-Generation Internet Routing

Current low-latency anonymity systems use complex overlay networks to conceal a user's IP address, introducing significant latency and network efficiency penalties compared to normal Internet usage. Rather than obfuscating network identity through higher level protocols, we propose a more direct solution: a routing protocol that allows communication without exposing network identity, providing a strong foundation for Internet privacy, while allowing identity to be defined in those higher level protocols where it adds value. Given current research initiatives advocating "clean slate" Internet designs, an opportunity exists to design an internetwork layer routing protocol that decouples identity from network location and thereby simplifies the anonymity problem. Recently, Hsiao et al. proposed such a protocol (LAP), but it does not protect the user against a local eavesdropper or an untrusted ISP, which will not be acceptable for many users. Thus, we propose Dovetail, a next-generation Internet routing protocol that provides anonymity against an active attacker located at any single point within the network, including the user's ISP. A major design challenge is to provide this protection without including an application-layer proxy in data transmission. We address this challenge in path construction by using a matchmaker node (an end host) to overlap two path segments at a dovetail node (a router). The dovetail then trims away part of the path so that data transmission bypasses the matchmaker. Additional design features include the choice of many different paths through the network and the joining of path segments without requiring a trusted third party. We develop a systematic mechanism to measure the topological anonymity of our designs, and we demonstrate the privacy and efficiency of our proposal by simulation, using a model of the complete Internet at the AS-level