On the security of software-defined next-generation cellular networks

In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable appropriate levels of security

An architecture for certification-aware service discovery

Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization). Also, some of the key promises of service-orientation - such as the dynamic orchestration of externally provided software services, using runtime service discovery and deployment - are still unachieved. One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. To close this gap, the concept of machine-readable security certificates (called asserts) has been recently introduced, which paves the way to automated processing about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. In this paper, we propose an architecture, which exploits the assert concept to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties (in additional to the usual functional properties), as well as the dynamic synthesis of service compositions, that satisfy the given security properties. The architecture is extensible, thus allowing for a range of domain specific matchmaking components, to cover dimensions related to, e.g., performance, cost and other non-functional characteristics

Regulating secure software development : analysing the potential regulatory solutions for the lack of security in software

The security of our informational infra­structure is still relatively poor. Huge investments have been made and even the regulators have taken information security seriously. Majority of current efforts both at the operational and the regulatory level, however, address only symptoms of an underlying problem: the insecurity of the software products - the salient components of most information and software systems. Secure software development has gained momentum during the past couple of years and improvements have been made. By analysing the incentives for secure software development, it is argued in this study that without appropriate regulatory intervention the level of security will not improve to meet the needs of the network society as a whole. Beside information security in general, secure software development has to be raised as an important public policy if we wish to achieve a more secure network society and to maintain trust for information products and systems in commerce. Efficacious regulatory measures are desperately needed to change the current practices. This study analyses two of the most attractive alternatives, software product liability and disclosure of vulnerability information, and makes suggestions for their improvement

Protecting web services with service oriented traceback architecture

Service oriented architecture (SOA) is a way of reorganizing software infrastructure into a set of service abstracts. In the area of applying SOA to Web service security, there have been some well defined security dimensions. However, current Web security systems, like WS-Security are not efficient enough to handle distributed denial of service (DDoS) attacks. Our new approach, service oriented traceback architecture (SOTA), provides a framework to be able to identify the source of an attack. This is accomplished by deploying our defence system at distributed routers, in order to examine the incoming SOAP messages and place our own SOAP header. By this method, we can then use the new SOAP header information, to traceback through the network the source of the attack. According to our experimental performance evaluations, we find that SOTA is quite scaleable, simple and quite effective at identifying the source.<br /

The Impact on Security due to the Vulnerabilities Existing in the network a Strategic Approach towards Security

Software Defined Networking, the emerging technology is taking the network sector to a new variant. Networking sector completely focused on hardware infrastructure is now moving towards software programming. Due to an exponential growth in the number of user and the amount of information over wires, there arises a great risk with the existing IP Network architecture. Software Defined Networking paves a platform identifying a feasible solution to the problem by virtualization. Software Defined Networking provides a viable path in virtualization and managing the network resources in an “On Demand Manner”. This study is focused on the drawbacks of the existing technology and a fine grained introduction to Software Defined Networking. Further adding to the above topic, this study also passes over the current steps taken in the industrial sector in implementing Software Defined Networking. This study makes a walkthrough about the security features of Software Defined Networking, its advantages, limitations and further scope in identifying the loopholes in the security

Risk of Cyber Attacks in the Network Systems of a State University in Eastern Visayas, Philippines: A Case Study

Computer network security plays a vital role in the information and communication technology (ICT) environment. This study investigates the status of the existing network security, potential risks, and the possible solutions to the existing network problems. The descriptive research design was used using a survey questionnaire as its main instrument in the conduct of the study. Findings reveal that the current status of the network security of the State University needs improvement as it handles complex information and is important in the university's day-to-day transactions. The university needs to undergo intensive evaluation and system analyses to ensure that their operation will not be hampered by Malicious software or cyber hackers

Scenario based security evaluation: Generic OpenFlow network

Demand for network programmability was recognized when development of protocolsslowed down due to network inflexibilities in 1980s. Research speeded up andmany proposals were made to solve architectural issues during 2000s. Academicworld put up an initiative to build up new programmable network architecturelater 2000s. OpenFlow was born.In modern public network infrastructures the security of the network architectureis crucial to archive data confidentiality, integrity and authenticity, yet high availability.Many studies have shown that there are many security vulnerabilities andissues on current OpenFlow implementations and even in OpenFlow specificationitself. Many proposals have been made to enhance these known issues. In thisresearch, the scenario based security evaluation of the generic OpenFlow networkarchitecture was carried out using technology publications and literature. Thesecurity evaluation framework was used in security assessment.Proposed risk mitigation patterns were found to be effective on most of the casesfor all 13 identified and evaluated scenarios. Lack of mandatory encryption andauthentication in OpenFlow control channel were most critical risks on generallevel. OpenFlow specification should provide clear guidance how this should beimplemented to guarantee inter-operability between different vendors. Short termsolution is to use IPSec. Second critical issue was that bugs and vulnerabilitiesin OpenFlow controller and switch software are causing major risks for security.Proper quality assurance process, testing methods and evaluation are needed toenhance security on all phases of the software production.Current OpenFlow implementations are suffering poor security. Tolerable levelcan be reached by utilizing small enhancements. There are still many areas whichneed to be researched to archive solid foundation for software defined networks ofthe future