Identification of Genes involved in Iron Metabolism in Rhizobium leguminosarum ATCC 14479 Genome through the use of In-silico Analysis

The complete genomic sequence of Rhizobium leguminosarum ATCC 14479 has been determined. Its genome size is 7,935,223 base-pairs of DNA (bp). This multipartite genome contains 5 distinct replicons: a chromosome of 4,883,137 bp and four mega-plasmids of size 1,234,209 bp, 415,988 bp, 771,583 bp, and 630,306 bp. In silico (literally: on computer) analysis was done on the complete genome to detect genes relating to iron metabolism by bacteria. Seven iron-related operons and genes were found: nodulation genes, the Tol operon, the hmuPSTUV operon, iron response regulator genes, the cycHJKL operon, genes for bacterial cyclic glucans, and vicibactin genes

A pragmatic approach toward securing inter-domain routing

Internet security poses complex challenges at different levels, where even the basic requirement of availability of Internet connectivity becomes a conundrum sometimes. Recent Internet service disruption events have made the vulnerability of the Internet apparent, and exposed the current limitations of Internet security measures as well. Usually, the main cause of such incidents, even in the presence of the security measures proposed so far, is the unintended or intended exploitation of the loop holes in the protocols that govern the Internet. In this thesis, we focus on the security of two different protocols that were conceived with little or no security mechanisms but play a key role both in the present and the future of the Internet, namely the Border Gateway Protocol (BGP) and the Locator Identifier Separation Protocol (LISP). The BGP protocol, being the de-facto inter-domain routing protocol in the Internet, plays a crucial role in current communications. Due to lack of any intrinsic security mechanism, it is prone to a number of vulnerabilities that can result in partial paralysis of the Internet. In light of this, numerous security strategies were proposed but none of them were pragmatic enough to be widely accepted and only minor security tweaks have found the pathway to be adopted. Even the recent IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) efforts including, the Resource Public Key Infrastructure (RPKI), Route Origin authorizations (ROAs), and BGP Security (BGPSEC) do not address the policy related security issues, such as Route Leaks (RL). Route leaks occur due to violation of the export routing policies among the Autonomous Systems (ASes). Route leaks not only have the potential to cause large scale Internet service disruptions but can result in traffic hijacking as well. In this part of the thesis, we examine the route leak problem and propose pragmatic security methodologies which a) require no changes to the BGP protocol, b) are neither dependent on third party information nor on third party security infrastructure, and c) are self-beneficial regardless of their adoption by other players. Our main contributions in this part of the thesis include a) a theoretical framework, which, under realistic assumptions, enables a domain to autonomously determine if a particular received route advertisement corresponds to a route leak, and b) three incremental detection techniques, namely Cross-Path (CP), Benign Fool Back (BFB), and Reverse Benign Fool Back (R-BFB). Our strength resides in the fact that these detection techniques solely require the analytical usage of in-house control-plane, data-plane and direct neighbor relationships information. We evaluate the performance of the three proposed route leak detection techniques both through real-time experiments as well as using simulations at large scale. Our results show that the proposed detection techniques achieve high success rates for countering route leaks in different scenarios. The motivation behind LISP protocol has shifted over time from solving routing scalability issues in the core Internet to a set of vital use cases for which LISP stands as a technology enabler. The IETF's LISP WG has recently started to work toward securing LISP, but the protocol still lacks end-to-end mechanisms for securing the overall registration process on the mapping system ensuring RLOC authorization and EID authorization. As a result LISP is unprotected against different attacks, such as RLOC spoofing, which can cripple even its basic functionality. For that purpose, in this part of the thesis we address the above mentioned issues and propose practical solutions that counter them. Our solutions take advantage of the low technological inertia of the LISP protocol. The changes proposed for the LISP protocol and the utilization of existing security infrastructure in our solutions enable resource authorizations and lay the foundation for the needed end-to-end security

OpenUEBA – A systematic approach to learn behavioural patterns

For years, Security Operations Centers (SOC) have resorted to SIEM and IDS tools as the core defence shield, offering reactive detection capabilities against latent threats. Despite the effectiveness of the tools described above, cybercriminal groups have professionalized themselves by launching very sophisticated campaigns that unfortunately, go unnoticed by current detection tools. In order to revolutionize the current range of security tools, we present our vision and advances in openUEBA; An open-source framework focused on the study of the behaviour of users and entities on the network; Where through state-of-the-art Artificial Intelligence techniques are learn behavioural patterns of those users who later fall into cyber attacks. With the learnt knowledge, the tool calculates the user exposure; in other words, it predicts which users will be victims of latent threats, allowing the analyst to make preventive decisions.Peer ReviewedPostprint (published version

Design and evaluation of a K8s-based system for distributed open-source cellular networks

Virtualization in cellular networks is one of the key areas of research where technologies, infrastructure and challenges are rapidly changing as 5G system architecture demands a paradigm shift. This paper aims to study the viability and the performance of cloud-native infrastructures for hosting network functions. The selected frameworks implement both the 4G and the 5G stacks and their network functions. This work considers a variety of scenarios for enabling the deployment of a distributed and open-source cellular network: a baremetal setup, an all-docker-based setup and the proposed Kubernetes setup. Moreover, an analysis of the impact that the Radio Access Network (RAN) and the Core Network (CN) have on computational resource utilization is presented as the network conditions vary. The design proposed in this work has been validated and analyzed using the proposed prototype and testbed. This paper proposes a design to increase resource usage flexibility and performance and reduction of deployment time. The analysis of the gathered data reveals that the deployments of containerized cellular networks display better performance in terms of flexibility, low startup times, and ease of deployment while consuming the same resources as the non-containerized.This work has been supported by the EU’s H2020 projects 5GaaS (958832) and AI@EDGE (101015922). The authors would also like to acknowledge CERCA Programme / Generalitat de Catalunya for sponsoring this work. This work has been also supported by the EU “NextGenerationEU/PRTR”, MCIN and AEI (Spain) under project IJC2020-043058-I.Peer ReviewedObjectius de Desenvolupament Sostenible::9 - Indústria, Innovació i InfraestructuraPostprint (published version

An SDN-based solution for horizontal auto-scaling and load balancing of transparent VNF clusters

© 2021 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/)This paper studies the problem of the dynamic scaling and load balancing of transparent virtualized network functions (VNFs). It analyzes different particularities of this problem, such as loop avoidance when performing scaling-out actions, and bidirectional flow affinity. To address this problem, a software-defined networking (SDN)-based solution is implemented consisting of two SDN controllers and two OpenFlow switches (OFSs). In this approach, the SDN controllers run the solution logic (i.e., monitoring, scaling, and load-balancing modules). According to the SDN controllers instructions, the OFSs are responsible for redirecting traffic to and from the VNF clusters (i.e., load-balancing strategy). Several experiments were conducted to validate the feasibility of this proposed solution on a real testbed. Through connectivity tests, not only could end-to-end (E2E) traffic be successfully achieved through the VNF cluster, but the bidirectional flow affinity strategy was also found to perform well because it could simultaneously create flow rules in both switches. Moreover, the selected CPU-based load-balancing method guaranteed an average imbalance below 10% while ensuring that new incoming traffic was redirected to the least loaded instance without requiring packet modification. Additionally, the designed monitoring function was able to detect failures in the set of active members in near real-time and active new instances in less than a minute. Likewise, the proposed auto-scaling module had a quick response to traffic changes. Our solution showed that the use of SDN controllers along with OFS provides great flexibility to implement different load-balancing, scaling, and monitoring strategies.Postprint (published version

Service specific management and orchestration for a content delivery network

Any non-trivial network service requires service specific orchestration to meet its carrier-grade requirements regarding resiliency, availability, etc. How the network service components are mapped on the substrate, how VNFs get reconfigured after a monitored event or how they scale, only network service/function developers know how to execute such workflows to guarantee an optimal QoS. It is therefore of paramount importance that NFV Service Platforms allow developer specified input when performing such life cycle events, instead of defining generic workflows. Within the scope of the SONATA and SGTANGO projects, a mechanism was designed that allows developers to create and execute Service and Function Specific Managers. These managers are processes, created by the developer, that define service or function specific orchestration behaviour. The SONATA Service Platform executes these managers to overwrite generic Service Platform behaviour, creating developer customised life cycle workflows. We will demonstrate the development, testing and operational execution of these managers by using a Content Delivery Network which requires specific placement and scaling behaviour

A Survey on Explainable AI for 6G O-RAN: Architecture, Use Cases, Challenges and Research Directions

The recent O-RAN specifications promote the evolution of RAN architecture by function disaggregation, adoption of open interfaces, and instantiation of a hierarchical closed-loop control architecture managed by RAN Intelligent Controllers (RICs) entities. This paves the road to novel data-driven network management approaches based on programmable logic. Aided by Artificial Intelligence (AI) and Machine Learning (ML), novel solutions targeting traditionally unsolved RAN management issues can be devised. Nevertheless, the adoption of such smart and autonomous systems is limited by the current inability of human operators to understand the decision process of such AI/ML solutions, affecting their trust in such novel tools. eXplainable AI (XAI) aims at solving this issue, enabling human users to better understand and effectively manage the emerging generation of artificially intelligent schemes, reducing the human-to-machine barrier. In this survey, we provide a summary of the XAI methods and metrics before studying their deployment over the O-RAN Alliance RAN architecture along with its main building blocks. We then present various use-cases and discuss the automation of XAI pipelines for O-RAN as well as the underlying security aspects. We also review some projects/standards that tackle this area. Finally, we identify different challenges and research directions that may arise from the heavy adoption of AI/ML decision entities in this context, focusing on how XAI can help to interpret, understand, and improve trust in O-RAN operational networks.Comment: 33 pages, 13 figure

Design of aI-based resource forecasting methods for network slicing

With the forthcoming of 5G networks, the underlying infrastructure needs to support a higher number of heterogeneous services with different QoS needs than ever. For that reason, 5G inherently provides a way to allocate these services over the same infrastructure through the concept of Network Slicing. However, to maximize revenue and reduce operational costs, a method to proactively adapt the resources assigned to each slice becomes imperative. For that reason, this work presents two Machine Learning (ML) models, leveraging Long-Short Term Memory (LSTM) and Random Forest algorithms, to forecast the throughput of each slice and adapt accordingly the amount of resources needed. The models are evaluated using NS-3, which has been integrated with the ML models through a shared memory framework. This enables a closed loop in which the predictions of the models can be used at run time to introduce changes in the network. Consequently, it makes it able to cope with the forecasted requirements, eliminating the need for off-line training and resembling better a real-life scenario. The evaluation performed shows the ability of the models to predict the slices’ throughput under various settings and proves that Random Forest provides up to 26% better results than LSTM

A Novel Construction of Substitution Box Involving Coset Diagram and a Bijective Map

The substitution box is a basic tool to convert the plaintext into an enciphered format. In this paper, we use coset diagram for the action of PSL(2,Z) on projective line over the finite field GF29 to construct proposed S-box. The vertices of the cost diagram are elements of GF29 which can be represented by powers of α, where α is the root of irreducible polynomial px=x9+x4+1 over Z2. Let GF⁎29 denote the elements of GF29 which are of the form of even powers of α. In the first step, we construct a 16×16 matrix with the elements of GF⁎29 in a specific order, determined by the coset diagram. Next, we consider h:GF⁎29⟶GF28 defined by hα2n=ωn to destroy the structure of GF28. In the last step, we apply a bijective map g on each element of the matrix to evolve proposed S-box. The ability of the proposed S-box is examined by different available algebraic and statistical analyses. The results are then compared with the familiar S-boxes. We get encouraging statistics of the proposed box after comparison

Improving reliability in multi-layer networks with Network Coding Protection

© 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.A major concern among network providers is to endow their networks with the ability to withstand and recover from failures. In recent years, there is a trend in network research referred to as Network Coding Protection (NCP). NCP combines the use of network coding techniques with a proactive protection scheme with the aim of improving network reliability. Although today's network backbone is a multi-layer network formed by the convergence of IP/MPLS and Optical technologies, the information available in the literature related to the performance of NCP schemes in multi-layer network scenarios is yet scarce. In this paper, we propose a novel NCP scheme referred to as DPNC+. The novelty of DPNC+ is that it exploits cross-layer information in order to improve the reliability of multi-layer (IP/MPLS over Optical) networks against link failures. Our evaluation results show that reduction up to 50% -related to protection cost- can be obtained when using the proposed scheme compared to conventional proactive protection techniques.This work was supported by the Spanish Ministry of Economy under contract TEC2012-34682, and the Catalan Research Council (CIRIT) under contract 2009 SGR1508.Peer ReviewedPostprint (author's final draft