Towards 5G Software-Defined Ecosystems: Technical Challenges, Business Sustainability and Policy Issues

Techno-economic drivers are creating the conditions for a radical change of paradigm in the design and operation of future telecommunications infrastructures. In fact, SDN, NFV, Cloud and Edge-Fog Computing are converging together into a single systemic transformation termed “Softwarization” that will find concrete exploitations in 5G systems. The IEEE SDN Initiative1 has elaborated a vision, an evolutionary path and some techno-economic scenarios of this transformation: specifically, the major technical challenges, business sustainability and policy issues have been investigated. This white paper presents: 1) an overview on the main techno-economic drivers steering the “Softwarization” of telecommunications; 2) an introduction to the Open Mobile Edge Cloud vision (covered in a companion white paper); 3) the main technical challenges in terms of operations, security and policy; 4) an analysis of the potential role of open source software; 5) some use case proposals for proof-of-concepts; and 6) a short description of the main socio-economic impacts being produced by “Softwarization”. Along these directions, IEEE SDN is also developing of an open catalogue of software platforms, toolkits, and functionalities aiming at a step-by-step development and aggregation of test-beds/field-trials on SDNNFV- 5G

SECURING USER INTERACTION CHANNELS ON MOBILE PLATFORM USING ARM TRUSTZONE

Smartphones have become an essential part of our lives, and are used daily forimportant tasks like banking, shopping, and making phone calls. Smartphones provide several interaction channels which can be affected by a compromised mobile OS. This dissertation focuses on the user interaction channels of UI input and audio I/O. The security of the software running on smartphones has become more critical because of widespread smartphone usage. A technology called TEE (Trusted Execution Environment) has been introduced to help protect users in the event of OS compromise, with the most commonly deployed TEE on mobile devices being ARM TrustZone. This dissertation utilizes ARM TrustZone to provide secure design for user interactionchannels of UI input (called Truz-UI) and Audio I/O for VoIP calls (called Truz-Call). The primary goal is to ensure that the design is transparent to mobile applications. During research based on TEE, one of the important challenges that is encountered is the ability to prototype a secure design. In TEE research one often needs to interface hardware peripherals with the TEE OS, which can be challenging for non-hardware experts, depending on the available support from the TEE OS vendor. This dissertation discusses a simulation based approach (called Truz-Sim) that reduces setup time and hardware experience required to build a hardware environment for TEE prototyping

It's TEEtime: A New Architecture Bringing Sovereignty to Smartphones

Modern smartphones are complex systems in which control over phone resources is exercised by phone manufacturers, OS vendors, and users. These stakeholders have diverse and often competing interests. Barring some exceptions, users entrust their security and privacy to OS vendors (Android and iOS) and need to accept their constraints. Manufacturers protect their firmware and peripherals from the OS by executing in the highest privilege and leveraging dedicated CPUs and TEEs. OS vendors need to trust the highest privileged code deployed by manufacturers. This division of control over the phone is not ideal for OS vendors and is even more disadvantageous for the users. Users are generally limited in what applications they can install on their devices, in the privacy model and trust assumptions of the existing applications, and in the functionalities that applications can have. We propose TEEtime, a new smartphone architecture based on trusted execution allowing to balance the control different stakeholders exert over phones. More leveled control over the phone means that no stakeholder is more privileged than the others. In particular, TEEtime makes users sovereign over their phones: It enables them to install sensitive applications in isolated domains with protected access to selected peripherals alongside an OS. TEEtime achieves this while maintaining compatibility with the existing smartphone ecosystem and without relying on virtualization; it only assumes trust in a phone's firmware. TEEtime is the first TEE architecture that allows isolated execution domains to gain protected and direct access to peripherals. TEEtime is based on Armv8-A and achieves peripheral isolation using a novel mechanism based on memory and interrupt controller protection. We demonstrate the feasibility of our design by implementing a prototype of TEEtime, and by running exemplary sensitive applications

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

Privacy in the Smart City - Applications, Technologies, Challenges and Solutions

Many modern cities strive to integrate information technology into every aspect of city life to create so-called smart cities. Smart cities rely on a large number of application areas and technologies to realize complex interactions between citizens, third parties, and city departments. This overwhelming complexity is one reason why holistic privacy protection only rarely enters the picture. A lack of privacy can result in discrimination and social sorting, creating a fundamentally unequal society. To prevent this, we believe that a better understanding of smart cities and their privacy implications is needed. We therefore systematize the application areas, enabling technologies, privacy types, attackers and data sources for the attacks, giving structure to the fuzzy term “smart city”. Based on our taxonomies, we describe existing privacy-enhancing technologies, review the state of the art in real cities around the world, and discuss promising future research directions. Our survey can serve as a reference guide, contributing to the development of privacy-friendly smart cities

A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider

Lightweight Middleware for Software Defined Radio (SDR) Inter-Components Communication

The ability to use Software Defined Radio (SDR) in the civilian mobile applications will make it possible for the next generation of mobile devices to handle multi-standard personal wireless devices and ubiquitous wireless devices. The original military standard created many beneficial characteristics for SDR, but resulted in a number of disadvantages as well. Many challenges in commercializing SDR are still the subject of interest in the software radio research community. Four main issues that have been already addressed are performance, size, weight, and power. This investigation presents an in-depth study of SDR inter-components communications in terms of total link delay related to the number of components and packet sizes in systems based on Software Communication Architecture (SCA). The study is based on the investigation of the controlled environment platform. Results suggest that the total link delay does not linearly increase with the number of components and the packet sizes. The closed form expression of the delay was modeled using a logistic function in terms of the number of components and packet sizes. The model performed well when the number of components was large. Based upon the mobility applications, energy consumption has become one of the most crucial limitations. SDR will not only provide flexibility of multi-protocol support, but this desirable feature will also bring a choice of mobile protocols. Having such a variety of choices available creates a problem in the selection of the most appropriate protocol to transmit. An investigation in a real-time algorithm to optimize energy efficiency was also performed. Communication energy models were used including switching estimation to develop a waveform selection algorithm. Simulations were performed to validate the concept

View on 5G Architecture: Version 2.0

The 5G Architecture Working Group as part of the 5GPPP Initiative is looking at capturing novel trends and key technological enablers for the realization of the 5G architecture. It also targets at presenting in a harmonized way the architectural concepts developed in various projects and initiatives (not limited to 5GPPP projects only) so as to provide a consolidated view on the technical directions for the architecture design in the 5G era. The first version of the white paper was released in July 2016, which captured novel trends and key technological enablers for the realization of the 5G architecture vision along with harmonized architectural concepts from 5GPPP Phase 1 projects and initiatives. Capitalizing on the architectural vision and framework set by the first version of the white paper, this Version 2.0 of the white paper presents the latest findings and analyses with a particular focus on the concept evaluations, and accordingly it presents the consolidated overall architecture design

Towards Modular and Flexible Access Control on Smart Mobile Devices

Smart mobile devices, such as smartphones and tablets, have become an integral part of our daily personal and professional lives. These devices are connected to a wide variety of Internet services and host a vast amount of applications, which access, store and process security- and privacy-sensitive data. A rich set of sensors, ranging from microphones and cameras to location and acceleration sensors, allows these applications and their back end services to reason about user behavior. Further, enterprise administrators integrate smart mobile devices into their IT infrastructures to enable comfortable work on the go. Unsurprisingly, this abundance of available high-quality information has made smart mobile devices an interesting target for attackers, and the number of malicious and privacy-intrusive applications has steadily been rising. Detection and mitigation of such malicious behavior are in focus of mobile security research today. In particular, the Android operating system has received special attention by both academia and industry due to its popularity and open-source character. Related work has scrutinized its security architecture, analyzed attack vectors and vulnerabilities and proposed a wide variety of security extensions. While these extensions have diverse goals, many of them constitute modifications of the Android operating system and extend its default permission-based access control model. However, they are not generic and only address specific security and privacy concerns. The goal of this dissertation is to provide generic and extensible system-centric access control architectures, which can serve as a solid foundation for the instantiation of use-case specific security extensions. In doing so, we enable security researchers, enterprise administrators and end users to design, deploy and distribute security extensions without further modification of the underlying operating system. To achieve this goal, we first analyze the mobile device ecosystem and discuss how Android's security architecture aims to address its inherent threats. We proceed to survey related work on Android security, focusing on system-centric security extensions, and derive a set of generic requirements for extensible access control architectures targeting smart mobile devices. We then present two extensible access control architectures, which address these requirements by providing policy-based and programmable interfaces for the instantiation of use-case specific security solutions. By implementing a set of practical use-cases, ranging from context-aware access control, dynamic application behavior analysis to isolation of security domains we demonstrate the advantages of system-centric access control architectures over application-layer approaches. Finally, we conclude this dissertation by discussing an alternative approach, which is based on application-layer deputies and can be deployed whenever practical limitations prohibit the deployment of system-centric solutions