Virtual Networking Performance in OpenStack Platform for Network Function Virtualization

The emerging Network Function Virtualization (NFV) paradigm, coupled with the highly flexible and programmatic control of network devices offered by Software Defined Networking solutions, enables unprecedented levels of network virtualization that will definitely change the shape of future network architectures, where legacy telco central offices will be replaced by cloud data centers located at the edge. On the one hand, this software-centric evolution of telecommunications will allow network operators to take advantage of the increased flexibility and reduced deployment costs typical of cloud computing. On the other hand, it will pose a number of challenges in terms of virtual network performance and customer isolation. This paper intends to provide some insights on how an open-source cloud computing platform such as OpenStack implements multitenant network virtualization and how it can be used to deploy NFV, focusing in particular on packet forwarding performance issues. To this purpose, a set of experiments is presented that refer to a number of scenarios inspired by the cloud computing and NFV paradigms, considering both single tenant and multitenant scenarios. From the results of the evaluation it is possible to highlight potentials and limitations of running NFV on OpenStack

Insider Threats in Emerging Mobility-as-a-Service Scenarios

Mobility as a Service (MaaS) applies the everything-as- \ a-service paradigm of Cloud Computing to transportation: a MaaS \ provider offers to its users the dynamic composition of solutions of \ different travel agencies into a single, consistent interface. \ Traditionally, transits and data on mobility belong to a scattered \ plethora of operators. Thus, we argue that the economic model of \ MaaS is that of federations of providers, each trading its resources to \ coordinate multi-modal solutions for mobility. Such flexibility comes \ with many security and privacy concerns, of which insider threat is \ one of the most prominent. In this paper, we follow a tiered structure \ — from individual operators to markets of federated MaaS providers \ — to classify the potential threats of each tier and propose the \ appropriate countermeasures, in an effort to mitigate the problems

Privacy-Preserving Design of Data Processing Systems in the Public Transport Context

The public transport network of a region inhabited by more than 4 million people is run by a complex interplay of public and private actors. Large amounts of data are generated by travellers, buying and using various forms of tickets and passes. Analysing the data is of paramount importance for the governance and sustainability of the system. This manuscript reports the early results of the privacy analysis which is being undertaken as part of the analysis of the clearing process in the Emilia-Romagna region, in Italy, which will compute the compensations for tickets bought from one operator and used with another. In the manuscript it is shown by means of examples that the clearing data may be used to violate various privacy aspects regarding users, as well as (technically equivalent) trade secrets regarding operators. The ensuing discussion has a twofold goal. First, it shows that after researching possible existing solutions, both by reviewing the literature on general privacy-preserving techniques, and by analysing similar scenarios that are being discussed in various cities across the world, the former are found exhibiting structural effectiveness deficiencies, while the latter are found of limited applicability, typically involving less demanding requirements. Second, it traces a research path towards a more effective approach to privacy-preserving data management in the specific context of public transport, both by refinement of current sanitization techniques and by application of the privacy by design approach. Available at: https://aisel.aisnet.org/pajais/vol7/iss4/4

Federated Platooning: Insider Threats and Mitigations

Platoon formation is a freight organization system where a group of vehicles follows a predefined trajectory maintaining a desired spatial pattern. Benefits of platooning include fuel savings, reduction of carbon dioxide emissions, and efficient allocation of road capacity. While traditionally platooning has been an exclusive option limited to specific geographical areas managed by a single operator, recent technological developments and EU initiatives are directed at the creation of an international, federated market for platooning, i.e., a consortium of platoon operators that collaborate and coordinate their users to constitute freights covering international routes. In this paper, we look at federated platooning from an insiders\u27 perspective. In our development, first we outline the basic elements of platooning and federation of platooning operators. Then, we provide a comprehensive analysis to identify the possible insiders (employees, users, operators, and federated members) and the threats they pose. Finally, we propose two layered, composable technical solutions to mitigate those threats: \emph{a}) a decentralized overlay network that regulates the interactions among the stakeholders, useful to mitigate issues linked to data safety and trustworthiness and \emph{b}) a dynamic federation platform, needed to monitor and interrupt deviant behaviors of federated members

Constraint Programming for Flexible Service Function Chaining Deployment

Network Function Virtualization (NFV) and Software Defined Networking (SDN) are technologies that recently acquired a great momentum thanks to their promise of being a flexible and cost-effective solution for replacing hardware-based, vendor-dependent network middleboxes with software appliances running on general purpose hardware in the cloud. Delivering end-to-end networking services across multiple NFV/SDN network domains by implementing the so-called Service Function Chain (SFC) i.e., a sequence of Virtual Network Functions (VNF) that composes the service, is a challenging task. In this paper we address two crucial sub-problems of this task: i) the language to formalize the request of a given SFC to the network and ii) the solution of the SFC design problem, once the request is received. As for i) in our solution the request is built upon the intent-based approach, with a syntax that focuses on asking the user what she needs and not how it should be implemented, in a simple and high level language. Concerning ii) we define a formal model describing network architectures and VNF properties that is then used to solve the SFC design problem by means of Constraint Programming (CP), a programming paradigm which is often used in Artificial Intelligence applications. We argue that CP can be effectively used to address this kind of problems because it provides very expressive and flexible modeling languages which come with powerful solvers, thus providing efficient and scalable performance. We substantiate this claim by validating our tool on some typical and non trivial SFC design problems

Time sensitive networking security: issues of precision time protocol and its implementation

Time Sensitive Networking (TSN) will be an integral component of industrial networking. Time synchronization in TSN is provided by the IEEE-1588, Precision Time Protocol (PTP) protocol. The standard, dating back to 2008, marginally addresses security aspects, notably not encompassing the frames designed for management purposes (Type Length Values or TLVs). In this work we show that the TLVs can be abused by an attacker to reconfigure, manipulate, or shut down time synchronization. The effects of such an attack can be serious, ranging from interruption of operations to actual unintended behavior of industrial devices, possibly resulting in physical damages or even harm to operators. The paper analyzes the root causes of this vulnerability, and provides concrete examples of attacks leveraging it to de-synchronize the clocks, showing that they can succeed with limited resources, realistically available to a malicious actor

When Operation Technology Meets Information Technology: Challenges and Opportunities

Industry 4.0 has revolutionized process innovation while facilitating and encouraging many new possibilities. The objective of Industry 4.0 is the radical enhancement of productivity, a goal that presupposes the integration of Operational Technology (OT) networks with Information Technology (IT) networks, which were hitherto isolated. This disruptive approach is enabled by adopting several emerging technologies in Enterprise processes. In this manuscript, we discuss what we believe to be one of the main challenges preventing the full employment of Industry 4.0, namely, the integration of Operation Technology networking and Information Technology networking. We discuss the technical challenges alongside the potential tools while providing a state-of-the-art use case scenario. We showcase a possible solution based on the Asset Administration Shell approach, referring to the use case of camera synchronization for collaborative tasks

A Service-Oriented Approach to Crowdsensing for Accessible Smart Mobility Scenarios

This work presents an architecture to help designing and deploying smart mobility applications. The proposed solution builds on the experience already matured by the authors in different fields: crowdsourcing and sensing done by users to gather data related to urban barriers and facilities, computation of personalized paths for users with special needs, and integration of open data provided by bus companies to identify the actual accessibility features and estimate the real arrival time of vehicles at stops. In terms of functionality, the first "monolithic" prototype fulfilled the goal of composing the aforementioned pieces of information to support citizens with reduced mobility (users with disabilities and/or elderly people) in their urban movements. In this paper, we describe a service-oriented architecture that exploits the microservices orchestration paradigm to enable the creation of new services and to make the management of the various data sources easier and more effective. The proposed platform exposes standardized interfaces to access data, implements common services to manage metadata associated with them, such as trustworthiness and provenance, and provides an orchestration language to create complex services, naturally mapping their internal workflow to code. The manuscript demonstrates the effectiveness of the approach by means of some case studies