Distributed Trust Empowerment for Secure Offline Communications

Most of today’s digital communications over the Internet rely on central entities, such as certificate authority servers, to provide secure and authenticated communication. In situations when the Internet is unavailable due to lack of reception in remote areas, natural disasters destroying network infrastructure, or congestion due to large amounts of traffic, these central entities may not be available. This causes secure communication, even among users in the vicinity of each other, to become a challenge. This paper contributes with a solution that enables peers within the vicinity to communicate securely without a connection to the Internet backbone. The solution operates on the Wi-Fi infrastructure mode and exploits a private distributed ledger to ensure a trusted authorization among users without a third party. Moreover, the solution enables users to set up secure communication channels using mutual authentication for exchanging data securely. Finally, the solution is validated through a proof of concept application and an extensive experimental study aiming at optimizing system parameters and investigating the performance of the application is conducted. The results from these measurements indicate that the solution performs well on small to medium-scale networks

CoShare: An Efficient Approach for Redundancy Allocation in NFV

An appealing feature of Network Function Virtualization (NFV) is that in an NFV-based network, a network function (NF) instance may be placed at any node. On the one hand this offers great flexibility in allocation of redundant instances, but on the other hand it makes the allocation a unique and difficult challenge. One particular concern is that there is inherent correlation among nodes due to the structure of the network, thus requiring special care in this allocation. To this aim, our novel approach, called CoShare, is proposed. Firstly, its design takes into consideration the effect of network structural dependency, which might result in the unavailability of nodes of a network after failure of a node. Secondly, to efficiently make use of resources, CoShare proposes the idea of shared reservation, where multiple flows may be allowed to share the same reserved backup capacity at an NF instance. Furthermore, CoShare factors in the heterogeneity in nodes, NF instances and availability requirements of flows in the design. The results from a number of experiments conducted using realistic network topologies show that the integration of structural dependency allows meeting availability requirements for more flows compared to a baseline approach. Specifically, CoShare is able to meet diverse availability requirements in a resource-efficient manner, requiring, e.g., up to 85% in some studied cases, less resource overbuild than the baseline approach that uses the idea of dedicated reservation commonly adopted for redundancy allocation in NFV

On Monolithic and Microservice deployment of Network Functions

Network Function Virtualization (NFV) has recently attracted telecom operators to migrate network functionalities from expensive bespoke hardware systems to virtualized IT infrastructures where they are deployed as software components. Scalability, up-gradation, fault tolerance and simplified testing are important challenges in the field of NFV. In order to overcome these challenges, there is significant interest from research communities to scale or decompose network functions using the monolithic and microservice approach. In this paper, we compare the performance of both approaches using an analytic model and implementing test-bed experiments. In addition, we calculate the number of instances of monoliths or microservices in which a network function could be scaled or decomposed in order to get the maximum or required performance. Single and multiple CPU core scenarios are considered. Experimentation is performed by using an open source network function, SNORT and running monoliths and microservices of SNORT as Docker containers on bare metal machines. The experimental results compare the performance of monolith and microservice approaches and are used to estimate the validity of the analytic model. The results also show the effectiveness of our approach in finding the number of instances (monoliths or microservices) required to maximize performance

Network Coding Schemes for Device-to-Device Communications Based Relaying for Cellular Coverage Extension

Although network assisted device-to-device (D2D) communications is known to improve the spectraland energy efficiency of proximal communications, its performance is less understood when employedto extend the coverage of cellular networks.In this paper, we study the performance of D2D basedrange extension in terms of sum rate and power efficiency when a relaying user equipment (UE) helps to improvethe coverage for cell-edge UEs.In our design, the relaying UE has own traffic to transmit and receive to/from the cellular base station (BS) andcan operate either in amplify-and-forward (AF) or decode-and-forward (DF) modes and can make use of either digital oranalogue (PHY layer) network coding.In this rather general setting, we propose mode selection, resource allocation and power control schemesand study their performance by means of system simulations.We find that the performance of the DF scheme with network coding is superior both to the traditional cellularand the AF based relaying schemes, including AF with two-slot or three-slot PHY layer network coding.QC 20150316</p

Keeping Connected When the Mobile Social Network Goes Offline

WiFi Direct is an embedded technology in a vast majority of smartphone devices running the Android operating system. As a result, it represents a promising technology that can be exploited in re-establishing connectivity among user devices in case of cellular network outages. A technique that smart devices can use to restore connectivity in situations where they are unable to connect to a cellular tower or access point, but close enough to support device-to-device communication is presented. The proposed technique envisions a combination of security layers that ensure authentication, confidentiality, and integrity of communications among end users. Each device is issued a certificate by a central authentication entity at sign up and when it is unable to connect to the server component, it will attempt to form a group with nearby devices in the same situation over WiFi Direct. Once a WiFi Direct group has been formed, the group owner will temporarily assume the role of the server, and each group member and the group owner will verify each others identity and connect using mutual Transport Layer Security (mTLS), facilitating secure communication. The approach is validated through the implementation of a mobile social application involving several mobile devices, and overheads due to the additional security features are investigated

Keeping Connected When the Mobile Social Network Goes Offline

WiFi Direct is an embedded technology in a vast majority of smartphone devices running the Android operating system. As a result, it represents a promising technology that can be exploited in re-establishing connectivity among user devices in case of cellular network outages. A technique that smart devices can use to restore connectivity in situations where they are unable to connect to a cellular tower or access point, but close enough to support device-to-device communication is presented. The proposed technique envisions a combination of security layers that ensure authentication, confidentiality, and integrity of communications among end users. Each device is issued a certificate by a central authentication entity at sign up and when it is unable to connect to the server component, it will attempt to form a group with nearby devices in the same situation over WiFi Direct. Once a WiFi Direct group has been formed, the group owner will temporarily assume the role of the server, and each group member and the group owner will verify each others identity and connect using mutual Transport Layer Security (mTLS), facilitating secure communication. The approach is validated through the implementation of a mobile social application involving several mobile devices, and overheads due to the additional security features are investigated

Towards Carrier-Grade Service Provisioning in NFV

Network Function Virtualization (NFV) is an emerging technology that reduces cost and brings flexibility in the provisioning of services. NFV-based networks are expected to be able to provide carrier-grade services, which require high availability. One of the challenges for achieving high availability is that the commodity servers used in NFV are more error prone than the purpose-built hardware. The “de-facto” technique for fault tolerance is redundancy. However, unless planned carefully, structural dependencies among network nodes could result in correlated node unavailabilities that undermine the effect of redundancy. In this paper, we address the challenge of developing a redundancy resource allocation scheme that takes into account correlated unavailabilities caused by network structural dependencies. The proposed scheme consist of two parts. In the first part, we propose an algorithm to identify nodes that can be highly affected by a node failure because of their network structural dependency with this node. The algorithm analyzes such dependencies using a recently proposed centrality measure called dependency index. In the second part, a redundancy resource allocation scheme that places backup network functions on nodes considering their dependency nature and assigns the instances to flows optimally is proposed. The results show that not considering the network structural dependency in backup placement may significantly affect the service availability to flows. The results also give insights into the trade-off between cost and performance

Network-Aware Availability Modeling of an End-to-End NFV-Enabled Service

Network Function Virtualization (NFV) represents a key shift in nowadays network service provisioning by entailing higher flexibility, elasticity, and programmability of network services. Dependability is one of the main aspects that need to be investigated and tackled in order to profitably use NFV in the future. The main objective of this paper is to propose a comprehensive approach to estimate the end-to-end NFV-deployed service availability and present a quantitative assessment of the network factors that affect the availability of the service provided by an NFV architecture. To achieve this goal, we adopted a two-level availability model where i) the low level considers the network topology structure and NFV connectivity requirements through the definition of the system structure function based on minimal-cut sets and ii) the higher level examines dynamics and failure modes of network and NFV elements through stochastic activity networks. By using the proposed model, we have carried out an extensive sensitivity analysis to identify the impact on the service availability of the different service elements involved in the delivery, and their deployment across the network. The results highlight the significant impact that network nodes have on the end-to-end network service. Less robust network nodes may reduce the availability of an NFV-enabled service by more than one order of magnitude even though NFV elements like VNFs or MANO are provided with redundancy. Moreover, the results show that adopting an SDN-integrated network degrades the service availability and increases the vulnerability of the network service to SDN controllers unless adequately protected

On the Resilience of the NFV-MANO: An Availability Model of a Cloud-native Architecture

With Network Function Virtualization (NFV), the management and orchestration of network services require a new set of functionalities to be added on top of legacy models of operation. Due to the introduction of the virtualization layer and the decoupling of the network functions and their running infrastructure, the operation models need to include new elements like virtual network functions (VNFs) and a new set of relationships between them and the NFV Infrastructure (NFVI). The NFV Management and Orchestration (MANO) framework plays the key role in managing and orchestrating the NFV infrastructure, network services and the associated VNFs. Failures of the MANO hinders the network ability to react to new service requests or events related to the normal lifecycle operation of network services. Thus, it becomes extremely important to ensure a high level of availability for the MANO architecture. The goal of this work is to model, analyze, and evaluate the impact that different failure modes have on the MANO availability. A model based on Stochastic Activity Networks (SANs), derived from current standard-compliant microservice-based implementations, is proposed as a case study. The case study is used to quantitatively evaluate the steady-state availability and identify the most important parameters influencing the system availability for different deployment configurations