On the security of software-defined next-generation cellular networks

In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable appropriate levels of security

Software-defined open architecture for front- and backhaul in 5G mobile networks

New software-defined open network concepts are proposed in this paper to enable an efficient implementation of front- and backhaul solutions for future 5G mobile networks. Main requirements for 5G front- and backhaul are derived and then related to the open network architecture enabling multiple operators to share the same physical infrastructure. The value of software-defined networking (SDN) is particularly outlined therefore. For the use of SDN in the fronthaul, CPRI over Ethernet (CoE) is proposed as a new transport protocol. In the backhaul, distributed security can be implemented using SDN where direct links are confined inside the access domain, as opposed to the current centralized security solution including also the transport domain. In this way, low latency can be realized e.g. for machine-type communications. As the benefits for fixed-mobile convergence are evident, SDN should be enabled increasingly in the access domain. © 2014 IEEE

A systematic literature review of cyberwarfare and state-sponsored hacking teams

It is expected that the creation of next-generation wireless networks would result in the availability of high-speed and low-latency connectivity for every part of our life. As a result, it is important that the network is secure. The network's security environment has grown more complicated as a result of the growing number of devices and the diversity of services that 5G will provide. This is why it is important that the development of effective security solutions is carried out early. Our findings of this review have revealed the various directions that will be pursued in the development of next-generation wireless networks. Some of these include the use of Artificial Intelligence and Software Defined Mobile Networks. The threat environment for 5G networks, security weaknesses in the new technology paradigms that 5G will embrace, and provided solutions presented in the key studies in the field of 5G cyber security are all described in this systematic literature review for prospective researchers. Future research directions to protect wireless networks beyond 5G are also covered.Comment: 3 figure

Security for 5G Mobile Wireless Networks

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding security services including authentication, availability, data confidentiality, key management and privacy. The paper further discusses the new security features involving different technologies applied to 5G such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software defined networks and Internet of Things. Motivated by these security research and development activities, we propose a new 5G wireless security architecture, based on which the analysis of identity management and flexible authentication is provided. As a case study, we explore a handover procedure as well as a signaling load scheme to show the advantage of the proposed security architecture. The challenges and future directions of 5G wireless security are finally summarized

Security requirements modelling for virtualized 5G small cell networks

It is well acknowledged that one of the key enabling factors for the realization of future 5G networks will be the small cell (SC) technology. Furthermore, recent advances in the fields of network functions virtualization (NFV) and software-defined networking (SDN) open up the possibility of deploying advanced services at the network edge. In the context of mobile/cellular networks this is referred to as mobile edge computing (MEC). Within the scope of the EU-funded research project SESAME we perform a comprehensive security modelling of MEC-assisted quality-of-experience (QoE) enhancement of fast moving users in a virtualized SC wireless network, and demonstrate it through a representative scenario toward 5G. Our modelling and analysis is based on a formal security requirements engineering methodology called Secure Tropos which has been extended to support MEC-based SC networks. In the proposed model, critical resources which need protection, and potential security threats are identified. Furthermore, we identify appropriate security constraints and suitable security mechanisms for 5G networks. Thus, we reveal that existing security mechanisms need adaptation to face emerging security threats in 5G networks

Infrastructure sharing of 5G mobile core networks on an SDN/NFV platform

When looking towards the deployment of 5G network architectures, mobile network operators will continue to face many challenges. The number of customers is approaching maximum market penetration, the number of devices per customer is increasing, and the number of non-human operated devices estimated to approach towards the tens of billions, network operators have a formidable task ahead of them. The proliferation of cloud computing techniques has created a multitude of applications for network services deployments, and at the forefront is the adoption of Software-Defined Networking (SDN) and Network Functions Virtualisation (NFV). Mobile network operators (MNO) have the opportunity to leverage these technologies so that they can enable the delivery of traditional networking functionality in cloud environments. The benefit of this is reductions seen in the capital and operational expenditures of network infrastructure. When going for NFV, how a Virtualised Network Function (VNF) is designed, implemented, and placed over physical infrastructure can play a vital role on the performance metrics achieved by the network function. Not paying careful attention to this aspect could lead to the drastically reduced performance of network functions thus defeating the purpose of going for virtualisation solutions. The success of mobile network operators in the 5G arena will depend heavily on their ability to shift from their old operational models and embrace new technologies, design principles and innovation in both the business and technical aspects of the environment. The primary goal of this thesis is to design, implement and evaluate the viability of data centre and cloud network infrastructure sharing use case. More specifically, the core question addressed by this thesis is how virtualisation of network functions in a shared infrastructure environment can be achieved without adverse performance degradation. 5G should be operational with high penetration beyond the year 2020 with data traffic rates increasing exponentially and the number of connected devices expected to surpass tens of billions. Requirements for 5G mobile networks include higher flexibility, scalability, cost effectiveness and energy efficiency. Towards these goals, Software Defined Networking (SDN) and Network Functions Virtualisation have been adopted in recent proposals for future mobile networks architectures because they are considered critical technologies for 5G. A Shared Infrastructure Management Framework was designed and implemented for this purpose. This framework was further enhanced for performance optimisation of network functions and underlying physical infrastructure. The objective achieved was the identification of requirements for the design and development of an experimental testbed for future 5G mobile networks. This testbed deploys high performance virtualised network functions (VNFs) while catering for the infrastructure sharing use case of multiple network operators. The management and orchestration of the VNFs allow for automation, scalability, fault recovery, and security to be evaluated. The testbed developed is readily re-creatable and based on open-source software

Will SDN be part of 5G?

For many, this is no longer a valid question and the case is considered settled with SDN/NFV (Software Defined Networking/Network Function Virtualization) providing the inevitable innovation enablers solving many outstanding management issues regarding 5G. However, given the monumental task of softwarization of radio access network (RAN) while 5G is just around the corner and some companies have started unveiling their 5G equipment already, the concern is very realistic that we may only see some point solutions involving SDN technology instead of a fully SDN-enabled RAN. This survey paper identifies all important obstacles in the way and looks at the state of the art of the relevant solutions. This survey is different from the previous surveys on SDN-based RAN as it focuses on the salient problems and discusses solutions proposed within and outside SDN literature. Our main focus is on fronthaul, backward compatibility, supposedly disruptive nature of SDN deployment, business cases and monetization of SDN related upgrades, latency of general purpose processors (GPP), and additional security vulnerabilities, softwarization brings along to the RAN. We have also provided a summary of the architectural developments in SDN-based RAN landscape as not all work can be covered under the focused issues. This paper provides a comprehensive survey on the state of the art of SDN-based RAN and clearly points out the gaps in the technology.Comment: 33 pages, 10 figure

Software-Driven and Virtualized Architectures for Scalable 5G Networks

In this dissertation, we argue that it is essential to rearchitect 4G cellular core networks–sitting between the Internet and the radio access network–to meet the scalability, performance, and flexibility requirements of 5G networks. Today, there is a growing consensus among operators and research community that software-defined networking (SDN), network function virtualization (NFV), and mobile edge computing (MEC) paradigms will be the key ingredients of the next-generation cellular networks. Motivated by these trends, we design and optimize three core network architectures, SoftMoW, SoftBox, and SkyCore, for different network scales, objectives, and conditions. SoftMoW provides global control over nationwide core networks with the ultimate goal of enabling new routing and mobility optimizations. SoftBox attempts to enhance policy enforcement in statewide core networks to enable low-latency, signaling-efficient, and customized services for mobile devices. Sky- Core is aimed at realizing a compact core network for citywide UAV-based radio networks that are going to serve first responders in the future. Network slicing techniques make it possible to deploy these solutions on the same infrastructure in parallel. To better support mobility and provide verifiable security, these architectures can use an addressing scheme that separates network locations and identities with self-certifying, flat and non-aggregatable address components. To benefit the proposed architectures, we designed a high-speed and memory-efficient router, called Caesar, for this type of addressing schemePHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/146130/1/moradi_1.pd

Towards Secure, Power-Efficient and Location-Aware Mobile Computing

In the post-PC era, mobile devices will replace desktops and become the main personal computer for many people. People rely on mobile devices such as smartphones and tablets for everything in their daily lives. A common requirement for mobile computing is wireless communication. It allows mobile devices to fetch remote resources easily. Unfortunately, the increasing demand of the mobility brings many new wireless management challenges such as security, energy-saving and location-awareness. These challenges have already impeded the advancement of mobile systems. In this dissertation we attempt to discover the guidelines of how to mitigate these problems through three general communication patterns in 802.11 wireless networks. We propose a cross-section of a few interesting and important enhancements to manage wireless connectivity. These enhancements provide useful primitives for the design of next-generation mobile systems in the future.;Specifically, we improve the association mechanism for wireless clients to defend against rogue wireless Access Points (APs) in Wireless LANs (WLANs) and vehicular networks. Real-world prototype systems confirm that our scheme can achieve high accuracy to detect even sophisticated rogue APs under various network conditions. We also develop a power-efficient system to reduce the energy consumption for mobile devices working as software-defined APs. Experimental results show that our system allows the Wi-Fi interface to sleep for up to 88% of the total time in several different applications and reduce the system energy by up to 33%. We achieve this while retaining comparable user experiences. Finally, we design a fine-grained scalable group localization algorithm to enable location-aware wireless communication. Our prototype implemented on commercial smartphones proves that our algorithm can quickly locate a group of mobile devices with centimeter-level accuracy