Formal Network Models and Their Application to Firewall Policies (UPF-Firewall)

We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip

Formal Network Models and Their Application to Firewall Policies

This is the final version. Available from AFP via the link in this recordWe present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip

Fixed-Mobile Convergence in the 5G era: From Hybrid Access to Converged Core

The availability of different paths to communicate to a user or device introduces several benefits, from boosting enduser performance to improving network utilization. Hybrid access is a first step in enabling convergence of mobile and fixed networks, however, despite traffic optimization, this approach is limited as fixed and mobile are still two separate core networks inter-connected through an aggregation point. On the road to 5G networks, the design trend is moving towards an aggregated network, where different access technologies share a common anchor point in the core. This enables further network optimization in addition to hybrid access, examples are userspecific policies for aggregation and improved traffic balancing across different accesses according to user, network, and service context. This paper aims to discuss the ongoing work around hybrid access and network convergence by Broadband Forum and 3GPP. We present some testbed results on hybrid access and analyze some primary performance indicators such as achievable data rates, link utilization for aggregated traffic and session setup latency. We finally discuss the future directions for network convergence to enable future scenarios with enhanced configuration capabilities for fixed and mobile convergence.Comment: to appear in IEEE Networ

A Centralized SDN Architecture for the 5G Cellular Network

In order to meet the increasing demands of high data rate and low latency cellular broadband applications, plans are underway to roll out the Fifth Generation (5G) cellular wireless system by the year 2020. This paper proposes a novel method for adapting the Third Generation Partnership Project (3GPP)'s 5G architecture to the principles of Software Defined Networking (SDN). We propose to have centralized network functions in the 5G network core to control the network, end-to-end. This is achieved by relocating the control functionality present in the 5G Radio Access Network (RAN) to the network core, resulting in the conversion of the base station known as the gNB into a pure data plane node. This brings about a significant reduction in signaling costs between the RAN and the core network. It also results in improved system performance. The merits of our proposal have been illustrated by evaluating the Key Performance Indicators (KPIs) of the 5G network, such as network attach (registration) time and handover time. We have also demonstrated improvements in attach time and system throughput due to the use of centralized algorithms for mobility management with the help of ns-3 simulations

Security of 5G-V2X: Technologies, Standardization and Research Directions

Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities involved in vehicular communications and allows the inclusion of cellular-security solutions to be applied to V2X. For this, the evolvement of LTE-V2X is revolutionary, but it fails to handle the demands of high throughput, ultra-high reliability, and ultra-low latency alongside its security mechanisms. To counter this, 5G-V2X is considered as an integral solution, which not only resolves the issues related to LTE-V2X but also provides a function-based network setup. Several reports have been given for the security of 5G, but none of them primarily focuses on the security of 5G-V2X. This article provides a detailed overview of 5G-V2X with a security-based comparison to LTE-V2X. A novel Security Reflex Function (SRF)-based architecture is proposed and several research challenges are presented related to the security of 5G-V2X. Furthermore, the article lays out requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary for 5G-V2X.Comment: 9 pages, 6 figures, Preprin

A framework for the joint placement of edge service infrastructure and User Plane Functions for 5G

Achieving less than 1 ms end-to-end communication latency, required for certain 5G services and use cases, is imposing severe technical challenges for the deployment of next-generation networks. To achieve such an ambitious goal, the service infrastructure and User Plane Function (UPF) placement at the network edge, is mandatory. However, this solution implies a substantial increase in deployment and operational costs. To cost-effectively solve this joint placement problem, this paper introduces a framework to jointly address the placement of edge nodes (ENs) and UPFs. Our framework proposal relies on Integer Linear Programming (ILP) and heuristic solutions. The main objective is to determine the ENs and UPFs’ optimal number and locations to minimize overall costs while satisfying the service requirements. To this aim, several parameters and factors are considered, such as capacity, latency, costs and site restrictions. The proposed solutions are evaluated based on different metrics and the obtained results showcase over 20% cost savings for the service infrastructure deployment. Moreover, the gap between the UPF placement heuristic and the optimal solution is equal to only one UPF in the worst cases, and a computation time reduction of over 35% is achieved in all the use cases studied.Postprint (author's final draft

Achieving Ultra-Reliable Low-Latency Communication (URLLC) in Next-Generation Cellular Networks with Programmable Data Planes

Recent advancements in wireless technologies towards the next-generation cellular networks have brought a new era that made it possible to apply cellular technology on traditionally-wired networks with tighter requirements, such as industrial networks. The next-generation cellular technologies (e.g., 5G and Beyond) introduce the concept of ultra-reliable low-latency communications (URLLC). This thesis presents a Software-Defined Networking (SDN) architecture with programmable data planes for the next-generation cellular networks to achieve URLLC. Our design deploys programmable switches between the cellular core and Radio Access Networks (RAN) to monitor and modify data traffic at the line speed. We introduce the concept of \textit{intra-cellular optimization}, a relaxation in cellular networks to allow pre-authorized in-network devices to communicate without being required to signal the core network. We also present a control structure, Unified Control Plane (UCP), containing a novel Ethernet Layer control protocol and an adapted version of link-state routing information distribution among the programmable switches. Our implementation uses P4 with an 5G implementation (Open5Gs) and a UE/RAN simulator. We implement a Python simulator to evaluate the performance of our system on multi-switch topologies by simulating the switch behavior. Our evaluation indicates latency reduction up to 2x with \textit{intra-cellular optimization} compared to the conventional architecture. We show that our design has a ten-millisecond level of control latency, and achieves fine-grained network security and monitoring.Comment: M.Sc. Thesis, Bogazici University, 202