Sandro Rodriguez Garzon,Hakan Yildiz,Axel Kupper

DOI: https://doi.org/10.1109/mnet.009.2100736

IF: 10.294

2022-10-19

IEEE Network

Abstract:A key challenge for mobile network operators in 6G is to bring together and orchestrate a variety of new emerging players of today's mobile eco-systems in order to provide economically viable and seamless mobile connectivity in the form of a multi-stakeholder service. With each new player, be it a cloud, edge, or hardware provider, the need for interfaces with secure authentication and authorization mechanisms increases, as does the complexity and operational costs of the public key infrastructures required for the identity and key management. While today's centralized public key infrastructures have proven to be technically feasible in confined and trusted spaces, they do not provide the required security for access control once centralized identity providers must be avoided because of limited cross-domain interoperability, national data protection legislation, or geopolitical-strategic reasons. Recent decentralized identity management concepts, such as the W3C recommendation of decentralized identifiers, provide a secure, tamper-proof, and cross-domain identity management alternative for future multi-stakeholder 6G networks without relying on centralized identity providers or certification authorities. This article introduces the concept of decentralized identifiers together with the principles of self-sovereign identity, and discusses opportunities and potential benefits of their application and usage for cross-domain and privacy-preserving identity and key management in 6G networks.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Sandro Rodriguez Garzon,Hakan Yildiz,Axel Küpper

DOI: https://doi.org/10.48550/arXiv.2203.00300

2022-03-01

Networking and Internet Architecture

Abstract:Trust-building mechanisms among network entities of different administrative domains will gain significant importance in 6G because a future mobile network will be operated cooperatively by a variety of different stakeholders rather than by a single mobile network operator. The use of trusted third party issued certificates for initial trust establishment in multi-stakeholder 6G networks is only advisable to a limited extent, as trusted third parties not only represent single point of failures or attacks, but they also cannot guarantee global independence due to national legislation and regulatory or political influence. This article proposes to decentralize identity management in 6G networks to enable secure mutual authentication between network entities of different trust domains without relying on a trusted third party and to empower network entities with the ability to shape and strengthen cross-domain trust relationships by the exchange of verifiable credentials. A reference model for decentralized identity management in 6G is given as an initial guide for the fundamental design of a common identity management system whose operation and governance are distributed equally across multiple trust domains of interconnected and multi-stakeholder 6G ecosystems.

Qiang Wu,Chun-Ming Wu,Hai-feng Zhou,Yan-song Wang

DOI: https://doi.org/10.1109/compcomm.2016.7925190

2016-01-01

Abstract:The core-network suffers from inflexible and expensive equipment. Service chaining is a common but important problem of network management in Gi-LAN. The requirements of business agility drive the service architecture to services flexibility and scalability. To address these challenges, SDN centralized control and the NFV concept of CT reconstruction with IT virtualization technology are used to enable a reform in the mobile core network and the Gi-LAN service field. In this paper, following the technical trend of 5G, we propose the Cloud-ICT Convergence Service Architecture to construct an open and elastic digital information ecosystem. This architecture is a solution that provides flexibility in managing infrastructure and uses virtualization to dynamically orchestrate service chains on demand. The information ecosystem constructed in this architecture can provide the functional convergence of IT&CT services in addition to the traditional cellular network functions.

Shalitha Wijethilaka,Awaneesh Kumar Yadav,An Braeken,Madhusanka Liyanage

DOI: https://doi.org/10.1109/tnsm.2024.3416418

2024-08-25

IEEE Transactions on Network and Service Management

Abstract:The rapid evolution of heterogeneous applications signifies the requirement for network slicing to cater to diverse network requirements. Network Functions (NFs), which are the essential elements of network slices, are required to communicate with each other securely to facilitate network services. Certificates are the established method to authenticate each other. However, dynamic certificate management while allowing NFs to communicate in a multi-operator environment is arduous. Also, sharing NFs between network slices originates authorization-related security challenges such as unauthorized service utilization, deceptive Denial of Service attacks, and data leakages from network slices. In this paper, we develop a novel framework to address the security challenges related to authentication and authorization in 5G network slicing systems. A blockchain-based multi-party distributed certificate management framework with secure communication protocols is developed using elliptic curve cryptography to facilitate certificate services for multi-operator environments. Also, we propose a blockchain-based NF authorization framework to mitigate the security vulnerabilities in NF sharing between network slices. We implement the proposed framework using Hyperledger Fabric blockchain with Java chain codes and perform comprehensive experiments to show the significance of our framework.The Ability to mitigate the single point of failure with respect to state-of-the-art, including traditional certificate authorities and blockchain-based certificate authorities, time analysis for certificate generation, and the potential to eliminate the mentioned authorization attacks are some of the experiments conducted.Also, we have shown that our framework is secure using informal and formal (using Real-Or-Random (ROR) logic and Scyther Validation tool) security verification mechanisms.

computer science, information systems

Seunghwan Son,Deokkyu Kwon,Sangwoo Lee,Hyeokchan Kwon,Youngho Park

DOI: https://doi.org/10.1109/access.2024.3484522

IF: 3.9

2024-10-29

IEEE Access

Abstract:The sixth generation (6G) is the next generation of wireless communication technology, is not limited to cellular networks but can be used to provide better services in all areas of wireless communication, including vehicles, drones, and smart homes. However, these advancements in 6G technology require further security considerations. In earlier networks, authentication schemes were designed to rely on a secure channel between the core network and access points. The 6G network is an open, distributed network that integrates multiple domains and entities and cannot guarantee secure channels in the network. The 6G network requires a new security authentication scheme that applies the zero-trust model. Therefore, this study proposes a zero-trust authentication scheme with access control for 6G-enabled Internet of Things environments. The scheme uses blockchain technology for mutual authentication in a distributed environment and lightweight attribute-based encryption to ensure dynamic access control and network efficiency. This study compares the proposed authentication method with existing methods and demonstrates that this scheme has better performance and security. To the best of our knowledge, this paper is the first to propose a specific authentication protocol with access control considering the zero-trust model in a 6G environment.

computer science, information systems,telecommunications,engineering, electrical & electronic

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

Pragya Sharma,Tolga Atalay,Hans-Andrew Gibbs,Dragoslav Stojadinovic,Angelos Stavrou,Haining Wang

2024-04-20

Abstract:5G mobile networks leverage Network Function Virtualization (NFV) to offer services in the form of network slices. Each network slice is a logically isolated fragment constructed by service chaining a set of Virtual Network Functions (VNFs). The Network Repository Function (NRF) acts as a central OpenAuthorization (OAuth) 2.0 server to secure inter-VNF communications resulting in a single point of failure. Thus, we propose 5G-WAVE, a decentralized authorization framework for the 5G core by leveraging the WAVE framework and integrating it into the OpenAirInterface (OAI) 5G core. Our design relies on Side-Car Proxies (SCPs) deployed alongside individual VNFs, allowing point-to-point authorization. Each SCP acts as a WAVE engine to create entities and attestations and verify incoming service requests. We measure the authorization latency overhead for VNF registration, 5G Authentication and Key Agreement (AKA), and data session setup and observe that WAVE verification introduces 155ms overhead to HTTP transactions for decentralizing authorization. Additionally, we evaluate the scalability of 5G-WAVE by instantiating more network slices to observe 1.4x increase in latency with 10x growth in network size. We also discuss how 5G-WAVE can significantly reduce the 5G attack surface without using OAuth 2.0 while addressing several key issues of 5G standardization.

Networking and Internet Architecture

Marinos Vomvas,Norbert Ludant,Guevara Noubir

2024-05-21

Abstract:The fifth generation (5G) of cellular networks starts a paradigm shift from the traditional monolithic system design to a Service Based Architecture, that fits modern performance requirements and scales efficiently to new services. This paradigm will be the foundation of future cellular core networks beyond 5G. The new architecture splits network functionalities into smaller logical entities that can be disaggregated logically, physically, and geographically. This affords interoperability between the mobile network operators and commercial software and hardware vendors or cloud providers. By making use of commodity services and products, this system construct inherits the vulnerabilities in those underlying technologies, thereby increasing its attack surface and requiring a rigorous security analysis. In this work, we review the security implications introduced in B5G networks, and the security mechanisms that are supported by the 5G standard. We emphasize on the support of Zero Trust Architecture in 5G and its relevance in decentralized deployments. We revisit the definition of trust in modern enterprise network operations and identify important Zero Trust properties that are weakened by the nature of cloud deployments. To that end, we propose a vertical extension of Zero Trust, namely, Zero Trust Execution, to model untrusted execution environments, and we provide an analysis on how to establish trust in Beyond-5G network architectures using Trusted Execution Environments. Our analysis shows how our model architecture handles the increased attack surface and reinforces the Zero Trust Architecture principles in the 5G Core, without any changes to the 5G standard. Finally, we provide experimental results over a 5G testbed using Open5GS and UERANSIM that demonstrate minimal performance overhead, and a monetary cost evaluation.

Cryptography and Security

José María Jorquera Valero,Pedro Miguel Sánchez Sánchez,Manuel Gil Pérez,Alberto Huertas Celdrán,Gregorio Martínez Pérez

DOI: https://doi.org/10.48550/arXiv.2210.11501

2022-10-21

Abstract:Trust, security, and privacy are three of the major pillars to assemble the fifth generation network and beyond. Despite such pillars are principally interconnected, they arise a multitude of challenges to be addressed separately. 5G ought to offer flexible and pervasive computing capabilities across multiple domains according to user demands and assuring trustworthy network providers. Distributed marketplaces expect to boost the trading of heterogeneous resources so as to enable the establishment of pervasive service chains between cross-domains. Nevertheless, the need for reliable parties as ``marketplace operators'' plays a pivotal role to achieving a trustworthy ecosystem. One of the principal blockages in managing foreseeable networks is the need of adapting previous trust models to accomplish the new network and business requirements. In this regard, this article is centered on trust management of 5G multi-party networks. The design of a reputation-based trust framework is proposed as a Trust-as-a-Service (TaaS) solution for any distributed multi-stakeholder environment where zero trust and zero-touch principles should be met. Besides, a literature review is also conducted to recognize the network and business requirements currently envisaged. Finally, the validation of the proposed trust framework is performed in a real research environment, the 5GBarcelona testbed, leveraging 12% of a 2.1GHz CPU with 20 cores and 2% of the 30GiB memory. In this regard, these outcomes reveal the feasibility of the TaaS solution in the context of determining reliable network operators.

Cryptography and Security,Networking and Internet Architecture

Hui Gao,Yiming Zhang,Tao Wan,Jia Zhang,Haixin Duan

DOI: https://doi.org/10.1109/globecom46510.2021.9685173

2021-01-01

Abstract:In 5G networks, base stations, namely gNBs (5G NodeB, as per 3GPP nomenclature) periodically broadcast the system information messages including network identifiers to facilitate User Equipment (UE) to connect to the network. As in prior generations, the system information messages in 5G are transmitted in clear text without any security protection. Therefore, an adversary could spoof a legitimate gNB to become a man-on-the-side (MOTS) or man-in-the-middle (MITM) attacker. This vulnerability is being studied by 3GPP and a number of solutions have been proposed in the Technical Report (TR 33.809), including a promising solution namely Digital Signing Network Function (DSnF). In this paper, we provided an evaluation of DSnF, including the practicality of its assumption, feasibility of its certificate trans-mission within the system information message, and quantitative analysis of its performance. Our evaluation results show that DSnF is practical in general. Initial results from this paper have been provided to 3GPP and incorporated into TR 33.809.

Tooba Faisal,Jose Antonio Ordońez Lucena,Diego R. Lopez,Chonggang Wang,Mischa Dohler

DOI: https://doi.org/10.1109/mcom.001.2200131

IF: 9.03

2023-03-25

IEEE Communications Magazine

Abstract:With the growing demand for network connectivity and diversity of network applications, one primary challenge that network service providers are facing is managing the commitments for Service Level Agreements (SLAs). Service providers typically monitor SLAs for management tasks such as improving their service quality, customer billing and future network planning. Network service customers, on their side, monitor services provided to them, to optimize their network usage and apply, when required, penalties related to service failures. In future 6G networks, critical network applications such as remote surgery and connected vehicles will require these SLAs to be more dynamic, flexible, and automated to match their diverse requirements on network services. Moreover, these SLAs should be transparent to all stakeholders to address the trustworthiness on network services and service providers required by critical applications. Currently, there is no standardized method to immutably record and audit SLAs, leading to challenges in aspects such as SLA enforcement and accountability - traits essential for future network applications. This work explores new requirements for future service contracts, that is, on the evolution of SLAs. Based on those new requirements, we propose an end to end layered SLA architecture leveraging Distributed Ledger Technology (DLT) and smart contracts. Our architecture is inheritable by an existing telco-application layered architectural frameworks to support future SLAs. We also discuss some limitations of DLT and smart contracts and provide several directions of future studies.

telecommunications,engineering, electrical & electronic

Ya Tao,Haitao Du,Jie Xu,Li Su,Baojiang Cui

DOI: https://doi.org/10.3390/s23115075

IF: 3.9

2023-05-26

Sensors

Abstract:Satellite–ground integrated networks (SGIN) are in line with 6th generation wireless network technology (6G) requirements. However, security and privacy issues are challenging with heterogeneous networks. Specifically, although 5G authentication and key agreement (AKA) protects terminal anonymity, privacy preserving authentication protocols are still important in satellite networks. Meanwhile, 6G will have a large number of nodes with low energy consumption. The balance between security and performance needs to be investigated. Furthermore, 6G networks will likely belong to different operators. How to optimize the repeated authentication during roaming between different networks is also a key issue. To address these challenges, on-demand anonymous access and novel roaming authentication protocols are presented in this paper. Ordinary nodes implement unlinkable authentication by adopting a bilinear pairing-based short group signature algorithm. When low-energy nodes achieve fast authentication by utilizing the proposed lightweight batch authentication protocol, which can protect malicious nodes from DoS attacks. An efficient cross-domain roaming authentication protocol, which allows terminals to quickly connect to different operator networks, is designed to reduce the authentication delay. The security of our scheme is verified through formal and informal security analysis. Finally, the performance analysis results show that our scheme is feasible.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Neeraj Kumar,Rifaqat Ali

DOI: https://doi.org/10.1016/j.adhoc.2024.103606

IF: 4.816

2024-07-26

Ad Hoc Networks

Abstract:Nanotechnology has recently emerged as a pivotal field with wide-ranging implications. Its integration into the 6G-enabled Internet of Things (IoT) has given rise to the 6G-enabled IoNT (Internet of Nano Things) paradigm, impacting sectors such as healthcare, industries, smart homes, aerospace, and defense. This technology offers opportunities to revolutionize existing methodologies and enhance efficiency. Research efforts are now focusing on developing secure, scalable network infrastructures tailored for the healthcare sector at the nanoscale, leading to the concept of the Internet of Nano Medical Things (IoNMT). However, the unique characteristics of nanotechnology pose security challenges, particularly concerning privacy, confidentiality, dependability, latency, and the expensive consequences of blockchain-based storage. Authentication and transparency are vital for ensuring secure data handling in IoNMT networks, necessitating a secure access mechanism resistant to unauthorized interference. To tackle these challenges, this study proposes a smart contract-based authentication protocol developed specifically for 6G-IoNMT networks. The framework aims to manage real-time information with minimal latency through decentralized peer-to-peer cloud servers while addressing security and privacy concerns. Thorough security and privacy assessments, including ROR model evaluations, Scyther tool analysis, and informal security evaluations, validate the protocol's effectiveness. Moreover, the simulation highlights that this protocol offers superior security and efficiency as well as energy consumption compared to existing protocols.

computer science, information systems,telecommunications

André N. Barreto,Stefan Köpsell,Arsenia Chorti,Bertram Poettering,Jens Jelitto,Julia Hesse,Jonathan Boole,Konrad Rieck,Marios Kountouris,Dave Singelee,Kumar Ashwinee

DOI: https://doi.org/10.48550/arXiv.2112.09411

2021-12-17

Abstract:Imagine interconnected objects with embedded artificial intelligence (AI), empowered to sense the environment, see it, hear it, touch it, interact with it, and move. As future networks of intelligent objects come to life, tremendous new challenges arise for security, but also new opportunities, allowing to address current, as well as future, pressing needs. In this paper we put forward a roadmap towards the realization of a new security paradigm that we articulate as intelligent context-aware security. The premise of this roadmap is that sensing and advanced AI will enable context awareness, which in turn can drive intelligent security mechanisms, such as adaptation and automation of security controls. This concept not only provides immediate answers to burning open questions, in particular with respect to non-functional requirements, such as energy or latency constraints, heterogeneity of radio frequency (RF) technologies and long life span of deployed devices, but also, more importantly, offers a viable answer to scalability by allowing such constraints to be met even in massive connectivity regimes. Furthermore, the proposed roadmap has to be designed ethically, by explicitly placing privacy concerns at its core. The path towards this vision and some of the challenges along the way are discussed in this contribution.

Cryptography and Security

José María Jorquera Valero,Manuel Gil Pérez,Gregorio Martínez Pérez

DOI: https://doi.org/10.48550/arXiv.2210.11517

2022-10-21

Abstract:5G networks intend to cover user demands through multi-party collaborations in a secure and trustworthy manner. To this end, marketplaces play a pivotal role as enablers for network service consumers and infrastructure providers to offer, negotiate, and purchase 5G resources and services. Nevertheless, marketplaces often do not ensure trustworthy networking by analyzing the security and trust of their members and offers. This paper presents a security and trust framework to enable the selection of reliable third-party providers based on their history and reputation. In addition, it also introduces a reward and punishment mechanism to continuously update trust scores according to security events. Finally, we showcase a real use case in which the security and trust framework is being applied.

Cryptography and Security

Haotian Deng,Chuan Zhang,Weiting Zhang,Jinwen Liang,Licheng Wang,Liehuang Zhu

DOI: https://doi.org/10.1109/mnet.2024.3381081

IF: 10.294

2024-01-01

IEEE Network

Abstract:The upcoming 6G Non-Terrestrial Networks (NTN) technology is expected to enable comprehensive connectivity of the Internet of Things (IoT) across various environments. The presence of a large number of IoT devices operating in diverse scenarios, along with the associated vast amounts of data, poses challenges in terms of security and privacy for the 6G NTN IoT networks. Therefore, blockchain technology is considered a key solution for enhancing network security and simplifying management in 6G networks. While IoT devices usually adopt heterogeneous blockchain platforms in different scenarios, cross-chain identity authentication technology is a prerequisite for secure interactions. However, traditional authentication techniques, such as PKI-based solutions, face challenges in handling authentication within 6G Non-Terrestrial Networks, since techniques heavily rely on trusted third-party certificate authorities (CAs) to issue credentials across blockchains. In response to these challenges, we propose a decentralized cross-chain identity authentication scheme for 6G NTN IoT networks called IoTAuth. We design a novel authentication mechanism with user autonomy, combining threshold signatures and DID technology to transform the process of identity credential issuance into a collaborative issuance by multiple nodes under the 6G NTN IoT networks. Furthermore, the scheme realizes cross-chain identity authentication without a centralized manner via an identity conversion mechanism based on relay-chain technology, which further guarantees security in the 6G NTN IoT networks context. The experimental results illustrate the effectiveness and practicality of the scheme. Finally, we present comprehensive future directions.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Angelos Michalas,Constantinos Patsakis,Dimitrios D. Vergados,Dimitrios J Vergados

DOI: https://doi.org/10.48550/arXiv.2212.09149

2022-12-19

Abstract:Despite the numerous pompous statements regarding 5G, it is indisputable that 5G creates a radical shift in telecommunications. The main reason is that 5G is an enabler of numerous applications we have long envisioned and either simulated or implemented in test environments, partially or on a smaller scale. 5G will soon unlock the potential of smart cities, industry 4.0, and IoT, to name a few. However, a crucial question is how much we can trust this technology. Since this technology will soon become the core infrastructure for all of the above, it is critical to understand the fundamental security mechanisms that comprise this technology and the guarantees they provide to assess the potential risks we are exposed to. This work follows a non-technical yet bottom-up approach to introduce the reader to the core security mechanisms and establish a baseline for the security of 5G, to demystify the principal notions and processes. Based on the above, we streamline future directions and highlight possible threats.

Cryptography and Security

Miao He,Xiangman Li,Jianbing Ni,Haomiao Yang

DOI: https://doi.org/10.1109/PST52912.2021.9647772

2021-01-01

Abstract:In this paper, we investigate the efficiency of network access control with the co-existence of multiple network operators and propose an efficient and secure network access control architecture (ESNAC) that offers fast identity authentication and access authorization in space-air-ground integrated networks. The major challenge lies in enabling multiple independent network operators to authorize and authenticate mobile users for network access in a secure and efficient way, even they are not mutually trusted. To address this challenge, we introduce an aggregate anonymous credential mechanism to enable a mobile user to present network access authorization of a group of network operators based on the consolidated anonymous credential that is aggregated from the partial anonymous credentials of the network operators. In addition, the efficient authentication of packet delivery is provided based on a sequential aggregate signature that allows each network operator to sign network packets for authentication and sequentially aggregate signatures for communication efficiency. Finally, we discuss the desired security properties of ESNAC and demonstrate its computational and communication efficiency by comparing with the conventional scheme without aggregation.

M. Anisetti,Filippo Berto,C. Ardagna,E. Damiani

DOI: https://doi.org/10.1109/TNSM.2022.3165144

2022-09-01

IEEE Transactions on Network and Service Management

Abstract:Information-Centric Networking is an emerging alternative to host-centric networking designed for large-scale content distribution and stricter privacy requirements. Recent research on Information-Centric Networking focused on the protection of the network from attacks targeting the content delivery protocols, while assuming genuine content can always be retrieved from trustworthy nodes. In this paper, we depart from the assumption of the trustworthiness of network nodes and propose a novel certification methodology for information-centric networks that supports continuous security verification of non-functional properties. Our methodology provides a complete and detailed view of the network security status, increasing the trustworthiness of the network and its services. The proposed approach builds on an enhanced certification model capturing the evolution of the system over time. It also defines certification services that fully integrate with existing networks to collect evidence on the target of certification and carry out the certification process. It finally proposes two certification processes, centralized and decentralized, balancing the impact on the network and the system performance. Efficiency, performance, and soundness of our approach are experimentally evaluated in a simulated Named Data Networking (NDN) network targeting property availability.

Computer Science

Qianhao Miao,Tianyu Ren,Jiahan Dong,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.3390/sym16030336

2024-03-12

Symmetry

Abstract:As an important component of the smart grid, vehicle-to-grid (V2G) networks can deliver diverse auxiliary services and enhance the overall resilience of electrical power systems. However, V2G networks face two main challenges due to a large number of devices that connect to it. First, V2G networks suffer from serious security threats, such as doubtful authenticity and privacy leakage. Second, the efficiency will decrease significantly due to the massive requirements of authentication. To tackle these problems, this paper proposes a cross-domain authentication scheme for V2G networks based on consortium blockchain and certificateless signature technology. Featuring decentralized, open, and transparent transactions that cannot be tampered with, this scheme achieves good performance on both security and efficiency, which proves to be suitable for V2G scenarios in the smart grid.

multidisciplinary sciences