Dynamic Interdomain Network Slicing for verticals in the 5Growth project

Proceedings of: IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 9-11 Nov. 2021, Heraklion, Greece.This paper proposes and validates a Interdomain Network Slicing framework for verticals, allowing them to directly participate in the establishment and control of end-to-end Communication Services deployment across multiple inter-operator domains. The framework progresses the means made available by different standards and research initiatives to enhance service requesting and provisioning interfaces for the stakeholders involved, namely operators and verticals. The framework is validated under two different use cases, showcasing effective end-to-end service instantiation and a first assessment towards dynamic service modification capability.This work has been supported by EC H2020 5GPPP 5Growth project (Grant 856709)

An SFC-enabled approach for processing SSL/TLS encrypted traffic in future enterprise networks

In this paper, we propose an architecture based on NFV and SDN which allows to balance traffic analysis techniques using a Classifier. It steers flows to the appropriate Service Function Chaining (to open traffic or not) according to network requirements (such as, effectiveness, flexibility, scalability, performance, and privacy). The SSL/TLS traffic processing is carried-out by the centerpiece of this work, the SFC-enabled MITM. A Proof-of-Concept was conducted (focusing on our SFC-enabled MITM) which showed that functionalities lost due to encryption (Content Optimization, Caching, Network Anti-virus, and Content Filter) were recovered when processing opened traffic within its Service Function Chains. We also evaluated its impact on performance. The results show that cipher suite overhead plays a role but can be mitigated, the Classifier can alleviate the performance overhead of different traffic analysis techniques, network functions have lower impact to performance, and Service Function Chaining length influences page load time.publishe

Orchestrating an SFC-enabled SSL/TLS traffic processing architecture using MANO

The heterogeneity of 5G requirements commands more complex network architectures, imposing the need for network orchestration. ETSI NFV MANO is the standard which defines a common framework for vendors and operators to integrate their orchestration efforts. In this paper, we evaluated how an ETSI NFV MANO compliant orchestrator (OSM) fares while orchestrating an SFC-enabled SSL/TLS encrypted traffic processing architecture, which supports both edge and cloud deployments. A quantitative evaluation was carried-out, which assessed the responsiveness and overheads of OSM, as well as the actual functionality of our SSL/TLS processing architecture (with edge computing components). A qualitative evaluation was also carried-out, providing insight into the maturity of the current OSM release, what works well, what requires workarounds, and the actual limitations. A demonstration of the architecture evaluated in this work was accepted as a contribution to the ETSI OSM PoC Framework.publishe

Experimental evaluation of the usage of ad hoc networks as stubs for multiservice networks

This paper describes an experimental evaluation of a multiservice ad hoc network, aimed to be interconnected with an infrastructure, operator-managed network. This network supports the efficient delivery of services, unicast and multicast, legacy and multimedia, to users connected in the ad hoc network. It contains the following functionalities: routing and delivery of unicast and multicast services; distributed QoS mechanisms to support service differentiation and resource control responsive to node mobility; security, charging, and rewarding mechanisms to ensure the correct behaviour of the users in the ad hoc network. This paper experimentally evaluates the performance of multiple mechanisms, and the influence and performance penalty introduced in the network, with the incremental inclusion of new functionalities. The performance results obtained in the different real scenarios may question the real usage of ad-hoc networks for more than a minimal number of hops with such a large number of functionalities deployed

Multi-access Edge Computing as a service

Standardization organizations, such as the European Telecommunications Standards Institute (ETSI), have been gathering efforts to specify the Edge Computing paradigm. However, there is still a lack of complete, interface-wise, actual implementations and evaluations of a fully functional Edge Computing architecture. On these grounds, the work presented in this paper proposes a new Multi-access Edge Computing (MEC)-Network Functions Virtualization (NFV) architecture for a challenging Business to Business to Consumer (B2B2C) model, based on the references provided by ETSI, and provides a prototype implementation to demonstrate its viability. The tests conducted show that the proposed framework can be efficiently deployed, allowing Telecommunications Operators to rapidly instantiate and provide an elastic Edge Infrastructure to their customers.publishe

Developing solutions for pay-as-you-throw information systems

The development of pay-as-you-throw (PAYT) systems – one of the strategies behind smart waste concepts – has a large set of challenges from the information technology (IT) point of view. The diversity of existing charging models in different towns already poses a complexity problem for a single universal IT solution. The situation is even more complex as the diversity of pay-as-you-throw systems is very large, with different tariffs and different objectives. This paper describes the development of an information system for supporting multiple approaches for PAYT systems and describes its implementation in the context of a European project. The design strategy and the use of best practices lead to a scalable and effective PAYT- specific Information System that has proved itself able to support a diversity of requirements across south Europe.info:eu-repo/semantics/publishedVersio

Network slicing security: challenges and directions

Network slicing emerges as a key technology in next generation networks, boosted by the integration of software‐defined networking and network functions virtualization. However, while allowing resource sharing among multiple tenants, such networks must also ensure the security requirements needed for the scenarios they are employed. This letter presents the leading security challenges on the use of network slices at the packet core, the solutions that academy and industry are proposing to address them, pointing out some directions that should be considered.publishe

A network service for preventing data leakage from IoT cloud-assisted equipment

The fact that most IoT solutions are provided by third parties, along with the pervasiveness of the collected data, raises privacy and security concerns. There is a need to verify which data is being sent to the third party, as well as preventing those channels from becoming an exploitation avenue. We propose to use existing API definition languages to create contracts which define the data that can be transmitted, their format and constraints. To verify the compliance with these contracts, we propose a Network Service architecture which validates REST-like API requests/responses against a Swagger schema. We deal with encrypted traffic using an Service Function Chaining (SFC)-enabled Man-in-the-Middle (MITM), allowing verifications in “real-time.” We devised a Proof of Concept and showed that we were able to detect (and stop) contract violations.publishe

Safeguarding from abuse by IoT vendors: edge messages verification of cloud-assisted equipment

The fact that most IoT solutions are provided by 3rd-parties, along with the pervasiveness of the collected data, raises privacy and security concerns. There is a need to verify which data is being sent to the 3rd-party, as well as preventing those channels from becoming an exploitation avenue. We propose to use existing API definition languages to create contracts which define the data that can be transmitted, in what format, and with which constraints. To verify the compliance with these contracts, we propose a converging "Multi-Access Edge Computing" architecture which validates RESTalike API requests/responses against a Swagger schema. We deal with encrypted traffic using an SFC-enabled Man-in-the-Middle, allowing us to do verifications in "real-time". We devised a Proof of Concept and shown that we were able to detect (and stop) contract violations.publishe