26 research outputs found

    Failure Analysis in Next-Generation Critical Cellular Communication Infrastructures

    Full text link
    The advent of communication technologies marks a transformative phase in critical infrastructure construction, where the meticulous analysis of failures becomes paramount in achieving the fundamental objectives of continuity, security, and availability. This survey enriches the discourse on failures, failure analysis, and countermeasures in the context of the next-generation critical communication infrastructures. Through an exhaustive examination of existing literature, we discern and categorize prominent research orientations with focuses on, namely resource depletion, security vulnerabilities, and system availability concerns. We also analyze constructive countermeasures tailored to address identified failure scenarios and their prevention. Furthermore, the survey emphasizes the imperative for standardization in addressing failures related to Artificial Intelligence (AI) within the ambit of the sixth-generation (6G) networks, accounting for the forward-looking perspective for the envisioned intelligence of 6G network architecture. By identifying new challenges and delineating future research directions, this survey can help guide stakeholders toward unexplored territories, fostering innovation and resilience in critical communication infrastructure development and failure prevention

    Real-Time Sensor Networks and Systems for the Industrial IoT

    Get PDF
    The Industrial Internet of Things (Industrial IoT—IIoT) has emerged as the core construct behind the various cyber-physical systems constituting a principal dimension of the fourth Industrial Revolution. While initially born as the concept behind specific industrial applications of generic IoT technologies, for the optimization of operational efficiency in automation and control, it quickly enabled the achievement of the total convergence of Operational (OT) and Information Technologies (IT). The IIoT has now surpassed the traditional borders of automation and control functions in the process and manufacturing industry, shifting towards a wider domain of functions and industries, embraced under the dominant global initiatives and architectural frameworks of Industry 4.0 (or Industrie 4.0) in Germany, Industrial Internet in the US, Society 5.0 in Japan, and Made-in-China 2025 in China. As real-time embedded systems are quickly achieving ubiquity in everyday life and in industrial environments, and many processes already depend on real-time cyber-physical systems and embedded sensors, the integration of IoT with cognitive computing and real-time data exchange is essential for real-time analytics and realization of digital twins in smart environments and services under the various frameworks’ provisions. In this context, real-time sensor networks and systems for the Industrial IoT encompass multiple technologies and raise significant design, optimization, integration and exploitation challenges. The ten articles in this Special Issue describe advances in real-time sensor networks and systems that are significant enablers of the Industrial IoT paradigm. In the relevant landscape, the domain of wireless networking technologies is centrally positioned, as expected

    MP-CFM: MPTCP-Based communication functional module for next generation ERTMS

    Get PDF
    184 p. El contenido de los capítulos 4,5,6,7,8 y 9 está sujeto a confidencialidadEl Sistema Europeo de Gestión del Tráfico Ferroviario (ERTMS, por sus siglasen inglés), fue originalmente diseñado para los ferrocarriles europeos. Sinembargo, a lo largo de las dos últimas décadas, este sistema se ha convertidoen el estándar de-facto para los servicios de Alta Velocidad en la mayoría depaíses desarrollados.El sistema ERTMS se compone de tres subsistemas principales: 1) el Sistemade Control Ferroviario Europeo (ETCS, por sus siglas en inglés), que actúacomo aplicación de señalización; 2) el sistema Euroradio, que a su vez estádividido en dos subsistemas, el Módulo de Seguridad Funcional (SFM, porsus siglas en inglés), y el Módulo de Comunicación Funcional (CFM, porsus siglas en inglés); y 3) el sistema de comunicaciones subyacente, GSM-R,que transporta la información intercambiada entre el sistema embarcado enel tren (OBU, por sus siglas en inglés) y el Centro de Bloqueo por Radio(RBC, por sus siglas en inglés). El sistema de señalización ETCS soporta tresniveles dependiendo del nivel de prestaciones soportadas. En el nivel 3 seintroduce la posibilidad de trabajar con bloques móviles en lugar de bloquesfijos definidos en la vía. Esto implica que la distancia de avance entre dos trenesconsecutivos puede ser reducida a una distancia mínima en la que se garanticela seguridad del servicio, aumentando por tanto la capacidad del corredorferroviario. Esta distancia de seguridad viene determinada por la combinaciónde la distancia de frenado del tren y el retraso de las comunicaciones deseñalización. Por lo tanto, se puede afirmar que existe una relación directaentre los retrasos y la confiabilidad de las transmisiones de las aplicaciones deseñalización y la capacidad operacional de un corredor ferroviario. Así pues,el estudio y mejora de los sistemas de comunicaciones utilizados en ERTMSjuegan un papel clave en la evolución del sistema ERTMS. Asimismo, unaoperatividad segura en ERTMS, desde el punto de vista de las comunicacionesimplicadas en la misma, viene determinada por la confiabilidad de lascomunicaciones, la disponibilidad de sus canales de comunicación, el retrasode las comunicaciones y la seguridad de sus mensajes.Unido este hecho, la industria ferroviaria ha venido trabajando en ladigitalización y la transición al protocolo IP de la mayor parte de los sistemasde señalización. Alineado con esta tendencia, el consorcio industrial UNISIGha publicado recientemente un nuevo modelo de comunicaciones para ERTMSque incluye la posibilidad, no solo de operar con el sistema tradicional,basado en tecnología de conmutación de circuitos, sino también con un nuevosistema basado en IP. Esta tesis está alineada con el contexto de migraciónactual y pretende contribuir a mejorar la disponibilidad, confiabilidad yseguridad de las comunicaciones, tomando como eje fundamental los tiemposde transmisión de los mensajes, con el horizonte puesto en la definición deuna próxima generación de ERTMS, definida en esta tesis como NGERTMS.En este contexto, se han detectado tres retos principales para reforzar laresiliencia de la arquitectura de comunicaciones del NGERTMS: 1) mejorarla supervivencia de las comunicaciones ante disrupciones; 2) superar laslimitaciones actuales de ERTMS para enviar mensajes de alta prioridad sobretecnología de conmutación de paquetes, dotando a estos mensajes de un mayorgrado de resiliencia y menor latencia respecto a los mensajes ordinarios; y3) el aumento de la seguridad de las comunicaciones y el incremento de ladisponibilidad sin que esto conlleve un incremento en la latencia.Considerando los desafíos previamente descritos, en esta tesis se proponeuna arquitectura de comunicaciones basada en el protocolo MPTCP, llamadaMP-CFM, que permite superar dichos desafíos, a la par que mantener laretrocompatibilidad con el sistema de comunicaciones basado en conmutaciónde paquetes recientemente propuesto por UNISIG. Hasta el momento, esta esla primera vez que se propone una arquitectura de comunicaciones completacapaz de abordar los desafíos mencionados anteriormente. Esta arquitecturaimplementa cuatro tipos de clase de servicio, los cuales son utilizados porlos paquetes ordinarios y de alta prioridad para dos escenarios distintos; unescenario en el que ambos extremos, el sistema embarcado o OBU y el RBC,disponen de múltiples interfaces de red; y otro escenario transicional en el cualel RBC sí tiene múltiples interfaces de red pero el OBU solo dispone de unaúnica interfaz. La arquitectura de comunicaciones propuesta para el entornoferroviario ha sido validada mediante un entorno de simulación desarrolladopara tal efecto. Es más, dichas simulaciones demuestran que la arquitecturapropuesta, ante disrupciones de canal, supera con creces en términos derobustez el sistema diseñado por UNISIG. Como conclusión, se puede afirmarque en esta tesis se demuestra que una arquitectura de comunicaciones basadade MPTCP cumple con los exigentes requisitos establecidos para el NGERTMSy por tanto dicha propuesta supone un avance en la evolución del sistema deseñalización ferroviario europeo

    Segment Routing based Traffic Engineering

    Get PDF
    In modern networks, the increasing volume of network traffic and the diverse range of services with varying requirements necessitate the implementation of more advanced routing decisions and traffic engineering. This academic study proposes a QoS adaptive mechanism called ”Sepitto”, which utilizes Segment routing protocols, specifically SRv6, to address network-traffic control and congestion avoidance. Sepitto leverages data-plane traffic to convey Linux Qdisc statistics, such as queue size, packet drops, and buffer occupancy, in each Linux-based virtual router. By incorporating this information, edge routers become aware of the current network status, enabling them to make informed decisions regarding traffic paths based on QoS classes. SRv6 is employed to direct traffic along desired paths, avoiding congested links and minimizing queuing delays and overall latency. Moreover, Sepitto offers network administrators an interface to customize decision-making processes based on their policies, assigning costs to network graph edges by associating the provided statistics to a certain cost. To incorporate these costs, the implementation employs the Dijkstra algorithm to determine the path with the lowest cost. Performance analysis of Sepitto reveals minimal overhead compared to traditional routing methods, while effectively mitigating network congestion. The results demonstrate that Sepitto reduces traffic round-trip time during congestion while maintaining differentiated treatment for various QoS classes

    Real-Time Application of Deep Learning to Intrusion Detection in 5G-Multi-Access Edge Computing

    Get PDF
    In this thesis, we explore networks for 5G mobile telecommunication, with a real-time detection of malicious traffic using Deep Learning (DL) and 5G mobile telecommunication testbeds. To investigate the performance of the core network, Software Defined Networking (SDN) and Programming Protocol-independent Packet Processors (P4) were selected due to the potential for programming at the both control and data forwarding layer. SDN and P4 have predominately been researched on an individual basis with limited research combining the two to evaluate improvements to the performance of SDN. We have conducted experiments to explore the hypothesis that combining programmability at both the control plane and data plane provides a platform with better performance in comparison to that achieved with SDN+OvS multi-path, grid and transit-stub network models. A real-time 5G mobile telecommunication testbed has been constructed combining both software and hardware components. A P4 switch was integrated into the 5G testbed motivated by the performance gains observed in our initial experiments with P4 and OvS switch. Service providers use Multi-access Edge Computing (MEC) technology to provide services on-the-go with low latency, high availability, and high bandwidth, however, MEC nodes are subject to low processing power, which leaves them susceptible to adversaries that may target the platform for malevolent purposes. As a result, we built a 5G testbed that included an MEC node to generate datasets representing both malicious and non-malicious traffic for use in evaluating algorithms intended to detect malicious network traffic. A new Intrusion Detection System (IDS) has been developed using a 3-layer Convolutional Neural Network (CNN), capable of identifying malicious network traffic. The IDS employs a new injective algorithm capable of encoding network traffic without loss of information as improved RGB images. A separate algorithm capable of decoding RGB images back to network traffic was also developed. The IDS was evaluated in terms of its computational complexity in for example: time, memory and CPU utilisation for the encoding and decoding algorithms, and its accuracy and loss during training and detection. We also applied a Convolutional Neural Network to the dataset created on our testbed and for comparative purposes, to the publicly available datasets UNSW NB-15 and InSDN. The 5G-MEC datasets and detection rate suggest that the employment of current public datasets for research into 5G-MEC security are now inappropriate. Lastly, we proposed, developed, deployed and evaluated a Real-Time Deep Learning Network Intrusion Detection System (RTDL-NIDS) in an MEC node located in the newly developed 5G-MEC mobile telecommunication testbed in real-time. The deployed Network Intrusion Detection System, conducts a soft real-time detection. The time spent on each detection cycle can be defined as a parameter in the RTDL-NIDS. Hence, this system can be categorised as a soft real-time system. The RTDL-NIDS conducts an initial detection based on known signatures, followed by the encoding of network traffic to images, detection of malicious traffic using our CNN algorithm, and finally decoding of the images to identify the sources of malicious users. We implemented the RTDL-NIDS to function in real-time to collect conclusive results over the application of DL to the intrusion detection problem in 5G-MEC

    Towards Massive Machine Type Communications in Ultra-Dense Cellular IoT Networks: Current Issues and Machine Learning-Assisted Solutions

    Get PDF
    The ever-increasing number of resource-constrained Machine-Type Communication (MTC) devices is leading to the critical challenge of fulfilling diverse communication requirements in dynamic and ultra-dense wireless environments. Among different application scenarios that the upcoming 5G and beyond cellular networks are expected to support, such as enhanced Mobile Broadband (eMBB), massive Machine Type Communications (mMTC) and Ultra-Reliable and Low Latency Communications (URLLC), the mMTC brings the unique technical challenge of supporting a huge number of MTC devices in cellular networks, which is the main focus of this paper. The related challenges include Quality of Service (QoS) provisioning, handling highly dynamic and sporadic MTC traffic, huge signalling overhead and Radio Access Network (RAN) congestion. In this regard, this paper aims to identify and analyze the involved technical issues, to review recent advances, to highlight potential solutions and to propose new research directions. First, starting with an overview of mMTC features and QoS provisioning issues, we present the key enablers for mMTC in cellular networks. Along with the highlights on the inefficiency of the legacy Random Access (RA) procedure in the mMTC scenario, we then present the key features and channel access mechanisms in the emerging cellular IoT standards, namely, LTE-M and Narrowband IoT (NB-IoT). Subsequently, we present a framework for the performance analysis of transmission scheduling with the QoS support along with the issues involved in short data packet transmission. Next, we provide a detailed overview of the existing and emerging solutions towards addressing RAN congestion problem, and then identify potential advantages, challenges and use cases for the applications of emerging Machine Learning (ML) techniques in ultra-dense cellular networks. Out of several ML techniques, we focus on the application of low-complexity Q-learning approach in the mMTC scenario along with the recent advances towards enhancing its learning performance and convergence. Finally, we discuss some open research challenges and promising future research directions

    Towards smarter SDN switches:revisiting the balance of intelligence in SDN networks

    Get PDF
    Software Defined Networks (SDNs) represent a new model for building networks, in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts. While SDN has been shown to be highly beneficial, some of its core features (e.g separation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks. We investigate in this thesis, the opportunity for such Denial of Service attacks in more recent versions of SDN and extensively evaluate its effect on a legitimate user’s throughput. In light of the potential for such DoS attacks which specifically target the SDN infrastructure (controller, switch flow table etc), we propose that increasing the intelligence of SDN switches can increase the resilience of the SDN network by preventing attack traffic from entering the network at its source. To demonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks
    corecore