Will SDN be part of 5G?

For many, this is no longer a valid question and the case is considered settled with SDN/NFV (Software Defined Networking/Network Function Virtualization) providing the inevitable innovation enablers solving many outstanding management issues regarding 5G. However, given the monumental task of softwarization of radio access network (RAN) while 5G is just around the corner and some companies have started unveiling their 5G equipment already, the concern is very realistic that we may only see some point solutions involving SDN technology instead of a fully SDN-enabled RAN. This survey paper identifies all important obstacles in the way and looks at the state of the art of the relevant solutions. This survey is different from the previous surveys on SDN-based RAN as it focuses on the salient problems and discusses solutions proposed within and outside SDN literature. Our main focus is on fronthaul, backward compatibility, supposedly disruptive nature of SDN deployment, business cases and monetization of SDN related upgrades, latency of general purpose processors (GPP), and additional security vulnerabilities, softwarization brings along to the RAN. We have also provided a summary of the architectural developments in SDN-based RAN landscape as not all work can be covered under the focused issues. This paper provides a comprehensive survey on the state of the art of SDN-based RAN and clearly points out the gaps in the technology.Comment: 33 pages, 10 figure

PLC Hardware Discrimination using RF-DNA fingerprinting

Programmable Logic Controllers are used to control and monitor automated process in many Supervisory Control and Data Acquisition (SCADA) critical applications. As with virtually all electronic devices, PLCs contain Integrated Circuits (IC) that are often manufactured overseas. ICs that have been unknowingly altered (counterfeited, manufactured with hardware Trojans, etc.) pose a significant security vulnerability. To mitigate this risk, the RF-Distinct Native Attribute (RF-DNA) fingerprinting process is applied to PLC hardware devices to augment bit-level security. RF-DNA fingerprints are generated using two independent signal collection platforms. Two different classifiers are applied for device classification. A verification process is implemented for analysis of Authorized Device Identification and Rogue Device Rejection. Fingerprint feature dimensional reduction is evaluated both Qualitatively and Quantitatively to enhance experimental-to-operational transition potential. The findings of this research are that the higher quality signal collection platform had a classification performance gain of approximately 10dB SNR. Performance of the classifiers varied between signal collection platforms, and also with the application of fingerprint dimensional reduction. The lower quality signal collection platform saw a maximum gain of 5dB SNR using reduced dimensional feature sets compared against the full dimensional feature set

A discrete event simulation-based approach for managing cyber vulnerabilities in a full-service deep waterway port

Deepwater sea ports are considered to be gateways for global trade and susceptible to a diverse range of risks, including natural disasters such as hurricane, storm, drought, as well as a course of events ranging from human error to malicious cyber-attack. To deal with cyber vulnerabilities, this study examines how cyber-attack to a given technology (e.g., Programmable Logic Controllers (PLC), Radio Frequency Identification Tags (RFID), Navigation Technologies, and others) impacts the overall port operations. We use Port of Pascagoula as testbed to visualize and validate the modeling results utilizing FlexSim software. Several sets of experiments are conducted to provide important managerial insights for decision makers. Results indicate that cyber-attack on technologies used by the port may significantly impact the port operations. In overall, cyber-attack has meaningful impacts on ports systems that may result in significant economic and operational loss as well as long-term security and sustainability for overall ports performances

Radio Frequency Based Programmable Logic Controller Anomaly Detection

The research goal involved developing improved methods for securing Programmable Logic Controller (PLC) devices against unauthorized entry and mitigating the risk of Supervisory Control and Data Acquisition (SCADA) attack by detecting malicious software and/or trojan hardware. A Correlation Based Anomaly Detection (CBAD) process was developed to enable 1) software anomaly detection discriminating between various operating conditions to detect malfunctioning or malicious software, firmware, etc., and 2) hardware component discrimination discriminating between various hardware components to detect malfunctioning or counterfeit, trojan, etc., components

Cyberthreats, Attacks and Intrusion Detection in Supervisory Control and Data Acquisition Networks

Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real world documented incidents and cyber-attacks affecting SCADA systems, which clearly illustrate critical infrastructure vulnerabilities. These reported incidents demonstrate that cyber-attacks against SCADA systems might produce a variety of financial damage and harmful events to humans and their environment. This dissertation documents four contributions towards increased security for SCADA systems. First, a set of cyber-attacks was developed. Second, each attack was executed against two fully functional SCADA systems in a laboratory environment; a gas pipeline and a water storage tank. Third, signature based intrusion detection system rules were developed and tested which can be used to generate alerts when the aforementioned attacks are executed against a SCADA system. Fourth, a set of features was developed for a decision tree based anomaly based intrusion detection system. The features were tested using the datasets developed for this work. This dissertation documents cyber-attacks on both serial based and Ethernet based SCADA networks. Four categories of attacks against SCADA systems are discussed: reconnaissance, malicious response injection, malicious command injection and denial of service. In order to evaluate performance of data mining and machine learning algorithms for intrusion detection systems in SCADA systems, a network dataset to be used for benchmarking intrusion detection systemswas generated. This network dataset includes different classes of attacks that simulate different attack scenarios on process control systems. This dissertation describes four SCADA network intrusion detection datasets; a full and abbreviated dataset for both the gas pipeline and water storage tank systems. Each feature in the dataset is captured from network flow records. This dataset groups two different categories of features that can be used as input to an intrusion detection system. First, network traffic features describe the communication patterns in a SCADA system. This research developed both signature based IDS and anomaly based IDS for the gas pipeline and water storage tank serial based SCADA systems. The performance of both types of IDS were evaluates by measuring detection rate and the prevalence of false positives

Side Channel Anomaly Detection in Industrial Control Systems Using Physical Characteristics of End Devices

Industrial Control Systems (ICS) are described by the Department of Homeland Security as systems that are so \vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security. Attacks like Stuxnet show that these systems are vulnerable. The end goal for Stuxnet was to spin centrifuges at a frequency rate outside of normal operation and hide its activity from the ICS operator. This research aims to provide a proof of concept for an anomaly detection system that would be able to detect an attack like Stuxnet by measuring the physical change in vibration caused by the attack. The attack can hide what is reported to the operator, but it cannot hide the physical changes caused by the attack. This research uses a piezoelectric vibration sensor to collect vibration data coming from a centrifugal pump and ow meter on an ICS training system at each operating level. The collected data is then fingerprinted and classified using established RF-DNA techniques to determine if it can differentiate between the vibrations produced at each of the operating level. A clear differentiation between operating levels indicates that an ADS is feasible

Deep Learning -Powered Computational Intelligence for Cyber-Attacks Detection and Mitigation in 5G-Enabled Electric Vehicle Charging Station

An electric vehicle charging station (EVCS) infrastructure is the backbone of transportation electrification. However, the EVCS has various cyber-attack vulnerabilities in software, hardware, supply chain, and incumbent legacy technologies such as network, communication, and control. Therefore, proactively monitoring, detecting, and defending against these attacks is very important. The state-of-the-art approaches are not agile and intelligent enough to detect, mitigate, and defend against various cyber-physical attacks in the EVCS system. To overcome these limitations, this dissertation primarily designs, develops, implements, and tests the data-driven deep learning-powered computational intelligence to detect and mitigate cyber-physical attacks at the network and physical layers of 5G-enabled EVCS infrastructure. Also, the 5G slicing application to ensure the security and service level agreement (SLA) in the EVCS ecosystem has been studied. Various cyber-attacks such as distributed denial of services (DDoS), False data injection (FDI), advanced persistent threats (APT), and ransomware attacks on the network in a standalone 5G-enabled EVCS environment have been considered. Mathematical models for the mentioned cyber-attacks have been developed. The impact of cyber-attacks on the EVCS operation has been analyzed. Various deep learning-powered intrusion detection systems have been proposed to detect attacks using local electrical and network fingerprints. Furthermore, a novel detection framework has been designed and developed to deal with ransomware threats in high-speed, high-dimensional, multimodal data and assets from eccentric stakeholders of the connected automated vehicle (CAV) ecosystem. To mitigate the adverse effects of cyber-attacks on EVCS controllers, novel data-driven digital clones based on Twin Delayed Deep Deterministic Policy Gradient (TD3) Deep Reinforcement Learning (DRL) has been developed. Also, various Bruteforce, Controller clones-based methods have been devised and tested to aid the defense and mitigation of the impact of the attacks of the EVCS operation. The performance of the proposed mitigation method has been compared with that of a benchmark Deep Deterministic Policy Gradient (DDPG)-based digital clones approach. Simulation results obtained from the Python, Matlab/Simulink, and NetSim software demonstrate that the cyber-attacks are disruptive and detrimental to the operation of EVCS. The proposed detection and mitigation methods are effective and perform better than the conventional and benchmark techniques for the 5G-enabled EVCS