Scalable software switch based service function chaining for 5G network slicing

Service Function Chaining (SFC) is a key enabler for network slicing in the Fifth-Generation (5G) mobile networks. Despite the ongoing standardisation activities and open source projects in addressing SFC, built-in 5G network support for SFC has not been sufficiently addressed on 5G Multi-tenant infrastructures. This paper proposes an Service Function Forwarder (SFF) and Classifier which is able to provide network slicing capabilities to the Service Data Plane in this type of infrastructures. The proposed prototype has been implemented as an extension of the popular Open Virtual Switch (OVS). The results of the empirical validation demonstrate that the proposed prototype is able to deal simultaneously with up to 8192 network slices with a maximum delay of 11 microseconds and 0% packet loss processing traffic at speeds up to 20 Gbps in a 5G architecture. The performance values achieved in this work are compliant with the 5G KPI expectation

Enhancing honeynet-based protection with network slicing for massive Pre-6G IoT Smart Cities deployments

Internet of Things (IoT) coupled with 5G and upcoming pre-6G networks will provide the scalability and performance required to deploy a wide range of new digital services in Smart Cities. This new digital services will undoubtedly contribute to an improvement in the quality of life of citizens. However, security is a major concern in IoT where low-powered constrained devices are a target for attackers who identify them as a vulnerable entry point to exploit the network weaknesses. This concern is exacerbated in Smart Cities where it is expected to deploy millions of heterogeneous yet unattended and vulnerable IoT devices throughout vast urban areas. A security breach in a Smart City allows attackers to target critical services such as the power grid network or the road traffic control or to expose sensitive health data to intruders. Thus, the security and privacy of citizens could be seriously compromised. Honeynets are an effective security mechanism to distract attackers from legitimate targets and collect valuable information on how they operate. Meanwhile, current honeynets lack functionality to protect the real and lure networks from large-scale volumetric Distributed Denial of Service (DDoS) attacks. This paper provides a novel solution to empower honeynet security tools with Network Slicing capabilities as an innovative way to isolate and minimize the network resources available from attackers. The proposed system supports the ambitious IoT scalability requirements associated to 5G networks and the forthcoming 6G networks. The solution has been empirically evaluated in a emulated testbed where promising results have been achieved when dealing with mMTC and eMBB traffic profiles. In mMTC scenarios where scalability is a challenge, the solution is able to deal with up to 1000 slices and 1 Million IoT devices sending traffic simultaneously. In eMBB use cases, the solution is able to cope with up to 19 Gbps of combined bandwidth. The gathered results demonstrate that the proposed solution is suitable as a security tool in 5G IoT multi-tenant infrastructures as those expected in Smart Cities deployments

Network slicing as 6G security mechanism to mitigate cyber-attacks:the RIGOUROUS approach

With the emergence of 6G, novel approaches are demanded to identify and address cyber-security, trust and privacy risks threatening the softwarised and virtualised networks and computing infrastructure, and next-generation services. One of the main innovations beyond State-of-the-Art envisioned is to deliver End-to-End Multi-domain Multi-tenant 6G Network Slicing capabilities over Zero-touch Security Network Management. This paper introduces a novel security enabler deployed in the data plane where network slicing is explored as a security mitigation mechanism. In this way, legitimate traffic can be isolated from harmful traffic and the attacker will have near zero vulnerability surface to compromise the implemented security measures. The proposed solution is centred on Network SelfProtection (NSP) based on the Open Virtual Switch (OVS) platform, to which significant extensions have been undertaken to support Network Slicing capabilities in multi-tenant multidomain beyond 5G networks. Preliminary experiments show promising results in terms of overhead introduced in the data plane (in the order of microseconds) and high scalability when deploying up to 2048 network slices. The proposed software network slicing enabler is a suitable candidate for coping with network traffic with different levels of nested encapsulation associated with this kind of virtualised infrastructures

Topology-aware cognitive self-protection framework for automated detection and mitigation of security and privacy incidents in 5G-IoT networks

Internet of Things (IoT) coupled with 5G networks enable unprecedented levels of scalability and performance in the computing industry. These enhanced performance features allow to offer and deploy a wide range of new use cases and services in scenarios such as Smart Cities, Smart Grid or Industry 5.0 just to mention a few. However, the inherent complexity of such networks is a serious concern in terms of security. Furthermore, the vulnerability and low-power constraints of IoT devices make such networks a targeted vector for cyber criminals. In this contribution, authors present an innovative topology-aware Cognitive Self-protection framework able to detect and mitigate attacks in an autonomous way with no human intervention in the wired segments of 5G-IoT multi-tenant networks. Preliminary tests carried out on a realistic emulated testbed show promising results in terms of time spent in stopping DDoS attacks (less than 47 seconds) and scalability for scenarios with different number of tenants and UEs (2 virtual tenants deployed in 4 Edge nodes and up to 64 IoT devices or sensors connected to the infrastructure)

Multi-domain orchestration of 5G vertical services and network slices

This paper presents an orchestration framework for the delivery of 5G vertical services and end-to-end network slices in a multi-domain scenario. The proposed architecture relies on a business model where verticals and service providers take the roles of digital service consumers, digital service providers and network service providers, each acting in its administrative domain. The interactions and delivery procedures among these entities leverage on standard solutions for interfaces and information models defined by ETSI and 3GPP. The paper also presents proof-of-concept applications of the proposed architecture in two H2020 European research initiatives

6G BRAINS Topology-aware Industry-Grade Network Slice Management and Orchestration

This paper describes the integration between the Open Network Automation Platform (ONAP) and UWS Slice Manager within the European project 6G Brains. The proposed solution allows for End-To-End(E2E) Network Slicing, enabling fine-grain and optimal traffic engineering of the Network components. This work’s findings ensure an E2E connection. The solution allows external services to create slices and attach them easily. The UWS Network Slice Manager allows for detailed monitoring of the network slice’s inner components. With this information, ONAP can improve the network by creating and optimising slices on demand. The validation of the integration presents the workflow to create and attach slices. These operations enable autonomous workflows for deploying E2E Services that ensure the QoS/QoE in the network