1,128 research outputs found
Formal Network Models and Their Application to Firewall Policies (UPF-Firewall)
We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip
Formal Network Models and Their Application to Firewall Policies
This is the final version. Available from AFP via the link in this recordWe present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip
Fixed-Mobile Convergence in the 5G era: From Hybrid Access to Converged Core
The availability of different paths to communicate to a user or device
introduces several benefits, from boosting enduser performance to improving
network utilization. Hybrid access is a first step in enabling convergence of
mobile and fixed networks, however, despite traffic optimization, this approach
is limited as fixed and mobile are still two separate core networks
inter-connected through an aggregation point. On the road to 5G networks, the
design trend is moving towards an aggregated network, where different access
technologies share a common anchor point in the core. This enables further
network optimization in addition to hybrid access, examples are userspecific
policies for aggregation and improved traffic balancing across different
accesses according to user, network, and service context. This paper aims to
discuss the ongoing work around hybrid access and network convergence by
Broadband Forum and 3GPP. We present some testbed results on hybrid access and
analyze some primary performance indicators such as achievable data rates, link
utilization for aggregated traffic and session setup latency. We finally
discuss the future directions for network convergence to enable future
scenarios with enhanced configuration capabilities for fixed and mobile
convergence.Comment: to appear in IEEE Networ
A Centralized SDN Architecture for the 5G Cellular Network
In order to meet the increasing demands of high data rate and low latency
cellular broadband applications, plans are underway to roll out the Fifth
Generation (5G) cellular wireless system by the year 2020. This paper proposes
a novel method for adapting the Third Generation Partnership Project (3GPP)'s
5G architecture to the principles of Software Defined Networking (SDN). We
propose to have centralized network functions in the 5G network core to control
the network, end-to-end. This is achieved by relocating the control
functionality present in the 5G Radio Access Network (RAN) to the network core,
resulting in the conversion of the base station known as the gNB into a pure
data plane node. This brings about a significant reduction in signaling costs
between the RAN and the core network. It also results in improved system
performance. The merits of our proposal have been illustrated by evaluating the
Key Performance Indicators (KPIs) of the 5G network, such as network attach
(registration) time and handover time. We have also demonstrated improvements
in attach time and system throughput due to the use of centralized algorithms
for mobility management with the help of ns-3 simulations
Security of 5G-V2X: Technologies, Standardization and Research Directions
Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to
the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to
Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities
involved in vehicular communications and allows the inclusion of
cellular-security solutions to be applied to V2X. For this, the evolvement of
LTE-V2X is revolutionary, but it fails to handle the demands of high
throughput, ultra-high reliability, and ultra-low latency alongside its
security mechanisms. To counter this, 5G-V2X is considered as an integral
solution, which not only resolves the issues related to LTE-V2X but also
provides a function-based network setup. Several reports have been given for
the security of 5G, but none of them primarily focuses on the security of
5G-V2X. This article provides a detailed overview of 5G-V2X with a
security-based comparison to LTE-V2X. A novel Security Reflex Function
(SRF)-based architecture is proposed and several research challenges are
presented related to the security of 5G-V2X. Furthermore, the article lays out
requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary
for 5G-V2X.Comment: 9 pages, 6 figures, Preprin
A framework for the joint placement of edge service infrastructure and User Plane Functions for 5G
Achieving less than 1 ms end-to-end communication latency, required for certain 5G services and use cases, is imposing severe technical challenges for the deployment of next-generation networks. To achieve such an ambitious goal, the service infrastructure and User Plane Function (UPF) placement at the network edge, is mandatory. However, this solution implies a substantial increase in deployment and operational costs. To cost-effectively solve this joint placement problem, this paper introduces a framework to jointly address the placement of edge nodes (ENs) and UPFs. Our framework proposal relies on Integer Linear Programming (ILP) and heuristic solutions. The main objective is to determine the ENs and UPFs’ optimal number and locations to minimize overall costs while satisfying the service requirements. To this aim, several parameters and factors are considered, such as capacity, latency, costs and site restrictions. The proposed solutions are evaluated based on different metrics and the obtained results showcase over 20% cost savings for the service infrastructure deployment. Moreover, the gap between the UPF placement heuristic and the optimal solution is equal to only one UPF in the worst cases, and a computation time reduction of over 35% is achieved in all the use cases studied.Postprint (author's final draft
Achieving Ultra-Reliable Low-Latency Communication (URLLC) in Next-Generation Cellular Networks with Programmable Data Planes
Recent advancements in wireless technologies towards the next-generation
cellular networks have brought a new era that made it possible to apply
cellular technology on traditionally-wired networks with tighter requirements,
such as industrial networks. The next-generation cellular technologies (e.g.,
5G and Beyond) introduce the concept of ultra-reliable low-latency
communications (URLLC). This thesis presents a Software-Defined Networking
(SDN) architecture with programmable data planes for the next-generation
cellular networks to achieve URLLC. Our design deploys programmable switches
between the cellular core and Radio Access Networks (RAN) to monitor and modify
data traffic at the line speed. We introduce the concept of
\textit{intra-cellular optimization}, a relaxation in cellular networks to
allow pre-authorized in-network devices to communicate without being required
to signal the core network. We also present a control structure, Unified
Control Plane (UCP), containing a novel Ethernet Layer control protocol and an
adapted version of link-state routing information distribution among the
programmable switches. Our implementation uses P4 with an 5G implementation
(Open5Gs) and a UE/RAN simulator. We implement a Python simulator to evaluate
the performance of our system on multi-switch topologies by simulating the
switch behavior. Our evaluation indicates latency reduction up to 2x with
\textit{intra-cellular optimization} compared to the conventional architecture.
We show that our design has a ten-millisecond level of control latency, and
achieves fine-grained network security and monitoring.Comment: M.Sc. Thesis, Bogazici University, 202
- …