Security challenges of small cell as a service in virtualized mobile edge computing environments

Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the first to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the first paper that proposes a set of criteria to facilitate a clear and effective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial effect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users

Introducing mobile edge computing capabilities through distributed 5G Cloud Enabled Small Cells

Current trends in broadband mobile networks are addressed towards the placement of different capabilities at the edge of the mobile network in a centralised way. On one hand, the split of the eNB between baseband processing units and remote radio headers makes it possible to process some of the protocols in centralised premises, likely with virtualised resources. On the other hand, mobile edge computing makes use of processing and storage capabilities close to the air interface in order to deploy optimised services with minimum delay. The confluence of both trends is a hot topic in the definition of future 5G networks. The full centralisation of both technologies in cloud data centres imposes stringent requirements to the fronthaul connections in terms of throughput and latency. Therefore, all those cells with limited network access would not be able to offer these types of services. This paper proposes a solution for these cases, based on the placement of processing and storage capabilities close to the remote units, which is especially well suited for the deployment of clusters of small cells. The proposed cloud-enabled small cells include a highly efficient microserver with a limited set of virtualised resources offered to the cluster of small cells. As a result, a light data centre is created and commonly used for deploying centralised eNB and mobile edge computing functionalities. The paper covers the proposed architecture, with special focus on the integration of both aspects, and possible scenarios of application.Peer ReviewedPostprint (author's final draft

SDN based security solutions for multi-tenancy NFV

The Internet continues to expand drastically as a result of explosion of mobile devices, content, server virtualization, and advancement of cloud services. This increase has significantly changed traffic patterns within the enterprise data centres. Therefore, advanced technologies are needed to improve traditional network deployments to enable them to handle the changing network patterns. Software defined networks (SDN) and network function virtualisation (NFV) are innovative technologies that enable network flexibility, increase network and service agility, and support service-driven virtual networks using concepts of virtualisation and softwarisation. Collaboration of these two concepts enable cloud operator to offer network-as-a-service (NaaS) to multiple tenants in a data-centre deployment. Despite the benefits brought by these technologies, they also bring along security challenges that need to be addressed and managed to ensure successful deployment and encourage faster adoption in industry. This dissertation proposes security solution based on tenant isolation, network access control (NAC) and network reconfiguration that can be implemented in NFV multi-tenant deployment to guarantee privacy and security of tenant functions. The evaluation of the proof-of-concept framework proves that SDN based tenant isolation solution provides a high level of isolation in a multi-tenant NFV cloud. It also shows that the proposed network reconfiguration greatly reduces chances of an attacker correctly identifying location and IP addresses of tenant functions within the cloud environment. Because of resource limitation, the proposed NAC solution was not evaluated. The efficiency of this solution for multitenancy NFV has been added as part of future work