Conference Paper

Towards Automatic Deployment of Virtual Firewalls to Support Secure mMTC in 5G Networks

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Other existing approaches solve less general or different problems, such as firewall rule generation for a specific architecture of industrial control networks [19], or firewall rule distribution across firewall VNFs using heuristics [20]. ...
... It is true for the placeholder rules that are included in ℎ . To achieve the optimization goal, the soft constraint (20) is thus exploited to represent the ideal condition in which no firewall rule needs to be configured. ...
... Since the priority of goal 2) is less than the priority of goal 1), the weight of (17) must be higher than the sum of the weights of the soft clauses (20) related to all the firewall placeholder rules: ...
Article
Full-text available
The configuration of security functions in computer networks is still typically performed manually, which likely leads to security breaches and long re-configuration times. This problem is exacerbated for modern networks based on network virtualization, because their complexity and dynamics make a correct manual configuration practically unfeasible. This article focuses on packet filters, i.e., the most common firewall technology used in computer networks, and it proposes a new methodology to automatically define the allocation scheme and configuration of packet filters in the logical topology of a virtual network. The proposed method is based on solving a carefully designed partial weighted Maximum Satisfiability Modulo Theories problem by means of a state of the art solver. This approach formally guarantees the correctness of the solution, i.e., that all security requirements are satisfied, and it minimizes the number of needed firewalls and firewall rules. This methodology is extensively evaluated using different metrics and tests on both synthetic and real use cases, and compared to the state-of-the-art solutions, showing its superiority.
... Work in [105] proposed a trust and reputation model based on social aspects of IoT devices [106], in such a way that the definition of a new topology takes the model's values into account. Moreover, authors of [107] integrated SDN and NFV concepts to design an automated deployment of virtual firewalls to protect NB-IoT communications. Besides, in [108] an efficient traffic filtering approach for encapsulated traffic was proposed in order to address mobility requirements of 5G networks based on NB-IoT devices. ...
Article
Full-text available
The convergence of the Internet of Things (IoT) and 5G will open a range of opportunities for the deployment of enhanced sensing, actuating and interactive systems as well as the development of novel services and applications in a plethora of fields. Given the processing and communication limitations of both IoT devices and the most novel IoT transmission technologies, namely, Low Power Wide Area Network (LPWAN), there are notable concerns regarding certain security issues to be overcome in order to achieve a successful integration of LPWAN systems within 5G architectures. In this survey work, we analyze the main security characteristics of LPWANs, specially focusing on network access, and contrast them with 5G security requirements and procedures. Besides, we present a comprehensive review and analysis of research works proposing security solutions for the 5G-LPWAN integration. Finally, we explore open issues and challenges in the field and draw future research directions. From our analysis, it is evident that many efforts are being devoted from the academia, industry and Standards Developing Organizations (SDOs) for achieving the desired confluence of IoT and 5G worlds. We envision a successful integration of both ecosystems by exploiting novel lightweight security schemes addressing the stringent security requirements of 5G while being assumable by constrained IoT devices.
Chapter
This paper is written as a continuation of works devoted to solving the task of increasing the firewall performance in conditions of high heterogeneity and variability of the parameters of the filtered network traffic. The paper shows a simulation model that is intended for the evaluation of the major performance indicators of a firewall when ranging a filtration rule set. We’ve evaluated the effectiveness of the method for ranging a filtration rule set (it was developed earlier by the authors) for various parameters of the simulation model and different scenarios of network traffic behavior.
Article
Full-text available
Lately, the sustainable and smart building concept is gaining momentum in public, thus attracting the attention of researchers and city authorities worldwide. In achieving these goals, 5G technology can play a significant role in the construction of buildings together with their operation and management by providing superior service and proficient function. Singapore is one of top smart cities in the world which first adopted 5G technology in various sectors including the smart buildings. Based on these facts, this paper revisits the ongoing research and development trends as well as challenges for 5G network applications in smart energy and smart buildings facilities management. Additionally, some recent applications of 5G network technology and its future prospects supported by the Singapore government are emphasized. Various uses of 5G networks for smart buildings and further improvement of build environment are discussed. It is concluded that the current study can serve as a benchmark for the researchers and industries in the future development of smart energy and buildings in the context of big data.
Conference Paper
Network management have posed ever-increasing complexity with the evolution of virtualized and softwarized mobile networking paradigm, demanding advanced network visualization and automation technologies to address this significant paradigm shift. This paper provides a novel holographic immersive network management interface that extends the standardized ETSI Zero-Touch Network and Service Management (ZSM) reference architecture to allow network administrators to understand real-time automated tasks in a 5G network without human intervention. This augmented reality based system has been validated and prototyped using Microsoft Hololens 2 in a realistic 5G infrastructure.
Article
The increasing popularity of video applications and ever-growing high-quality video transmissions (e.g. 4K resolutions), has encouraged other sectors to explore the growth of opportunities. In the case of health sector, mobile Health services are becoming increasingly relevant in real-time emergency video communication scenarios where a remote medical experts’ support is paramount to a successful and early disease diagnosis. To minimize the negative effects that could affect critical services in a heavily loaded network, it is essential for 5G video providers to deploy highly scalable and priorizable in-network video optimization schemes to meet the expectations of a large quantity of video treatments. This paper presents a novel 5G Video Optimizer Virtual Network Function () that leverages the latest technologies in 5G and video processing to address this important challenge. Advanced traffic filtering is coupled with Scalable H.265 video coding to enable run-time bandwidth-saving video optimization without compromising Quality of Service (QoS); kernel-space video processing is introduced to achieve further performance gains; and the use of a Virtual Network Function (VNF) facilitates dynamic deployment of virtualized video optimizers to achieve scalability and flexibility in this service. The proposed approach is implemented in a realistic 5G testbed and empirical results demonstrate the superior scalability and performance achieved.
Article
Full-text available
Internet of Things (IoT) is a key business driver for the upcoming fifth-generation (5G) mobile networks, which in turn will enable numerous innovative IoT applications such as smart city, mobile health, and other massive IoT use cases being defined in 5G standards. To truly unlock the hidden value of such mission-critical IoT applications in a large scale in the 5G era, advanced self-protection capabilities are entailed in 5G-based Narrowband IoT (NB-IoT) networks to efficiently fight off cyber-attacks such as widespread Distributed Denial of Service (DDoS) attacks. However, insufficient research has been conducted in this crucial area, in particular, few if any solutions are capable of dealing with the multiple encapsulated 5G traffic for IoT security management. This paper proposes and prototypes a new security framework to achieve the highly desirable self-organizing networking capabilities to secure virtualized, multitenant 5G-based IoT traffic through an autonomic control loop featured with efficient 5G-aware traffic filtering. Empirical results have validated the design and implementation and demonstrated the efficiency of the proposed system, which is capable of processing thousands of 5G-aware traffic filtering rules and thus enables timely protection against large-scale attacks.
Article
Full-text available
The progress in realizing the Fifth Generation (5G) mobile networks has been accelerated recently towards deploying 5G prototypes with increasing scale. One of the Key Performance Indicators (KPIs) in 5G deployments is the service deployment time, which should be substantially reduced from the current 90 hours to the target 90 minutes on average as defined by the 5G Public-Private Partnership (5G-PPP). To achieve this challenging KPI, highly automated and coordinated operations are required for the 5G network management. This paper addresses this challenge by designing and prototyping a novel 5G service deployment orchestration architecture that is capable of automating and coordinating a series of complicated operations across physical infrastructure, virtual infrastructure, and service layers over a distributed mobile edge computing paradigm, in an integrated manner. Empirical results demonstrate the superior performance achieved, which meets the 5G-PPP KPI even in the most challenging scenario where 5G services are installed from bare metal.
Article
Full-text available
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT are rapidly increasing with a major security concern. This study focuses on the state-of-the-art IoT security threats and vulnerabilities by conducting an extensive survey of existing works in the area of IoT security. The taxonomy of the current security threats in the contexts of application, architecture, and communication is presented. This study also compares possible security threats in the IoT. We discuss the IoT security scenario and provide an analysis of the possible attacks. Open research issues and security implementation challenges in IoT security are described as well. This study aims to serve as a useful manual of existing security threats and vulnerabilities of the IoT heterogeneous environment and proposes possible solutions for improving the IoT security architecture.
Article
Full-text available
With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IoT Sentinel, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IoT Sentinel is effective in identifying device types and has minimal performance overhead.
Conference Paper
Full-text available
Availability of information and services, along with integrity and confidentiality presents a critical parameter in security in information and communication systems. Activities focused on denial of network communication availability are current from the beginning of global communication network development and they demand continuous development of protection methods. Significant challenge is the emergence of the Internet of Things (IoT) concept which will significantly increase the number of connected devices. That kind of environment is possible to use for generation of DDoS attacks. The paper investigates the effect of a significant increase in the number of connected devices in the IoT concept on increase of the number and volume of DDoS attacks.
Article
This is the era of smart devices or things which are fueling the growth of Internet of Things (IoT). It is impacting every sphere around us, making our life dependent on this technological feat. It is of high concern that these smart things are being targeted by cyber criminals taking advantage of heterogeneity, minuscule security features, and vulnerabilities within these devices. Conventional centralized IT security measures have limitations in terms of scalability and cost. Therefore, these smart devices are required to be monitored closer to their location ideally at the edge of IoT networks. In this paper, we explore how some security features can be implemented at the network edge to secure these smart devices in a smart home/enterprise environment. We explain the importance of network function virtualization (NFV) in order to deploy security functions at the network edge. To achieve this goal, we introduce NETRA–a novel lightweight docker-based architecture for virtualizing network functions to provide IoT security. Also, we highlight the advantages of the proposed architecture over the standardized NFV architecture in terms of storage, memory usage, latency, throughput, load average, and scalability and explain why the standardized architecture is not suitable for IoT. We study the performance of proposed NFV-based edge analysis for IoT security and show that attacks can be detected with more than 95% accuracy in less than a second.
Article
In the Internet of Things (IoT) era, the number of connected devices and subnets of devices is rapidly increasing. Yet, it remains a challenge for intrusion detection mechanisms to build a trust map among various IoT devices because of the devices’ large quantity and dynamic nature. Through a case study, the author highlights the importance of traffic filtration and sampling in evaluating trustworthiness among IoT devices.
Article
The next generation of fifth generation (5G) network, which is implemented using Virtualized Multi-access Edge Computing (vMEC), Network Function Virtualization (NFV) and Software Defined Networking (SDN) technologies, is a flexible and resilient network that supports various Internet of Things (IoT) devices. While NFV provides flexibility by allowing network functions to be dynamically deployed and inter-connected, vMEC provides intelligence at the edge of the mobile network reduces latency and increases the available capacity. With the diverse development of networking applications, the proposed vMEC use of Container-based Virtualization Technology (CVT) as gateway with IoT devices for flow control mechanism in scheduling and analysis methods will effectively increase the application Quality of Service (QoS). In this work, the proposed IoT gateway is analyzed. The combined effect of simultaneously deploying Virtual Network Functions (VNFs) and vMEC applications on a single network infrastructure, and critically in effecting exhibits low latency, high bandwidth and agility that will be able to connect large scale of devices. The proposed platform efficiently exploiting resources from edge computing and cloud computing, and takes IoT applications that adapt to network conditions to degrade an average 30% of end to end network latency.
Article
The Industrial Internet of Things is growing fast. But the rapid growth of IIoT devices raises a number of security concerns, because the IIoT device is weak in defending against malware, and the method of managing a large number of IIoT devices is awkward and inconvenient. This article proposes a multi-level DDoS mitigation framework (MLDMF) to defend against DDoS attacks for IIoT, which includes the edge computing level, fog computing level, and cloud computing level. Software defined networking is used to manage a large number of IIoT devices and to mitigate DDoS attacks in IIoT. Experimental results show the effectiveness of the proposed framework.
Article
Cloud configuration deployment and management is still largely a manual task carried out by system administrators. Introducing autonomy in Cloud management would entail, amongst other things, the ability for the Cloud manager to automatically scale up or down the number and type of deployed images/virtual machines, to meet SLAs for performance etc. In this paper we present auto Ju Ju, a prototype autonomic cloud manager built on top of Juju, a Cloud service orchestration and deployment manager for the Ubuntu Linux OS. Auto Ju Ju makes autonomous decisions about when to scale Cloud services horizontally (by adding or removing instances) and vertically (by deploying different architectural components) to improve performance. We show how this autonomic Cloud manager can self configure and optimise a Cloud deployment.
Article
Network Function Virtualization (NFV) continues to draw immense attention from researchers in both industry and academia. By decoupling Network Functions (NFs) from the physical equipment on which they run, NFV promises to reduce Capital Expenses (CAPEX) and Operating Expenses (OPEX), make networks more scalable and flexible, and lead to increased service agility. However, despite the unprecedented interest it has gained, there are still obstacles that must be overcome before NFV can advance to reality in industrial deployments, let alone delivering on the anticipated gains. While doing so, important challenges associated with network and function Management and Orchestration (MANO) need to be addressed. In this article, we introduce NFV and give an overview of the MANO framework that has been proposed by the European Telecommunications Standards Institute (ETSI). We then present representative projects and vendor products that focus on MANO, and discuss their features and relationship with the framework. Finally, we identify open MANO challenges as well as opportunities for future research.
Mobile edge computinga key technology towards 5g
  • Y C Hu
  • M Patel
  • D Sabella
  • N Sprecher
  • V Young
Open baton: a framework for virtual network function management and orchestration for emerging software-based 5g networks
  • carella
Mobile edge computinga key technology towards 5g
  • hu