Wu Qiang,Wu Chun-Ming,Chen Lin

DOI: https://doi.org/10.1049/iet-com.2018.5584

IF: 1.345

2019-01-01

IET Communications

Abstract:With a traditional static model of telecommunications service, it is difficult to deal with the uncertain factors and differentiation of massive mobile Internet services. Cloud computing, software-defined networking (SDN), and network function virtualisation (NFV) drive telecom networks to a new round of network reconstruction. The IaaS platform can partially solve the 'production tool' problem of operators; however, the 'production relationship' problem persists. After infrastructure reconstruction is completed, due to the 5G service vision of networks on demand and sliced networks, a PaaS environment is introduced to implement a new-generation of virtual network functions (VNFs). Based on the analysis of the necessity and feasibility of an Information and Communications Technology PaaS (ICT-PaaS) Platform, following the technical trend of 5G, the ICT-PaaS platform is proposed to construct a future network featuring elasticity, automation, flexibility, and openness. The adoption of lightweight VNF design ideas based on componentisation, containerisation, and microservice can better satisfy the requirements of flexible 'network slicing' than the traditional heavy monolith VNF-based on VMs. The measured results show that the optimisation implementations can significantly improve network forwarding performance. From the evaluation result of the cost benefits of it is possible to highlight potentials of the platform introduction.

Shalitha Wijethilaka,Awaneesh Kumar Yadav,An Braeken,Madhusanka Liyanage

DOI: https://doi.org/10.1109/tnsm.2024.3416418

2024-08-25

IEEE Transactions on Network and Service Management

Abstract:The rapid evolution of heterogeneous applications signifies the requirement for network slicing to cater to diverse network requirements. Network Functions (NFs), which are the essential elements of network slices, are required to communicate with each other securely to facilitate network services. Certificates are the established method to authenticate each other. However, dynamic certificate management while allowing NFs to communicate in a multi-operator environment is arduous. Also, sharing NFs between network slices originates authorization-related security challenges such as unauthorized service utilization, deceptive Denial of Service attacks, and data leakages from network slices. In this paper, we develop a novel framework to address the security challenges related to authentication and authorization in 5G network slicing systems. A blockchain-based multi-party distributed certificate management framework with secure communication protocols is developed using elliptic curve cryptography to facilitate certificate services for multi-operator environments. Also, we propose a blockchain-based NF authorization framework to mitigate the security vulnerabilities in NF sharing between network slices. We implement the proposed framework using Hyperledger Fabric blockchain with Java chain codes and perform comprehensive experiments to show the significance of our framework.The Ability to mitigate the single point of failure with respect to state-of-the-art, including traditional certificate authorities and blockchain-based certificate authorities, time analysis for certificate generation, and the potential to eliminate the mentioned authorization attacks are some of the experiments conducted.Also, we have shown that our framework is secure using informal and formal (using Real-Or-Random (ROR) logic and Scyther Validation tool) security verification mechanisms.

computer science, information systems

Nan Ma,Xiaofeng Zhong,Peng Liu,Shidong Zhou

DOI: https://doi.org/10.1109/vtc2020-spring48590.2020.9128924

2020-01-01

Abstract:With the continuous advancement of 5G, the system architecture of the network needs to be highly adaptable to serve new and legal cases while meeting the requirements of users for higher security of communications. This paper proposes a SDN/NFV-based core network slicing for secure mobile communication. This slicing provides a solution to the problem of unencrypted user data with strong connectivity, security and scalability. On the one hand, it is compatible with the existing network architecture and suitable for 5G networks. In addition, it uses symmetric keys corresponding to the user and the network to encrypt user data, which is different from VPN. Moreover, core network slicing based on SDN/NFV is the key to satisfying the complex and diverse scenarios of 5G, with future-oriented scalability and flexibility.

Ali Esmaeily,Katina Kralevska

DOI: https://doi.org/10.3390/electronics13081548

IF: 2.9

2024-04-19

Electronics

Abstract:Sharing resources through network slicing in a physical infrastructure facilitates service delivery to various sectors and industries. Nevertheless, ensuring security of the slices remains a significant hurdle. In this paper, we investigate the utilization of State-of-the-Art (SoA) Virtual Private Network (VPN) solutions in 5G networks to enhance security and performance when isolating slices. We deploy and orchestrate cloud-native network functions to create multiple scenarios that emulate real-life cellular networks. We evaluate the performance of the WireGuard, IPSec, and OpenVPN solutions while ensuring confidentiality and data protection within 5G network slices. The proposed architecture provides secure communication tunnels and performance isolation. Evaluation results demonstrate that WireGuard provides slice isolation in the control and data planes with higher throughput for enhanced Mobile Broadband (eMBB) and lower latency for Ultra-Reliable Low-Latency Communications (URLLC) slices compared to IPSec and OpenVPN. Our developments show the potential of implementing WireGuard isolation, as a promising solution, for providing secure and efficient network slicing, which fulfills the 5G key performance indicator values.

engineering, electrical & electronic,computer science, information systems,physics, applied

Qian Li,Geng Wu,Apostolos Papathanassiou,Udayan Mukherjee

DOI: https://doi.org/10.48550/arXiv.1608.00572

2016-08-01

Abstract:Wireless industry nowadays is facing two major challenges: 1) how to support the vertical industry applications so that to expand the wireless industry market and 2) how to further enhance device capability and user experience. In this paper, we propose a technology framework to address these challenges. The proposed technology framework is based on end-to-end vertical and horizontal slicing, where vertical slicing enables vertical industry and services and horizontal slicing improves system capacity and user experience. The technology development on vertical slicing has already started in late 4G and early 5G and is mostly focused on slicing the core network. We envision this trend to continue with the development of vertical slicing in the radio access network and the air interface. Moving beyond vertical slicing, we propose to horizontally slice the computation and communication resources to form virtual computation platforms for solving the network capacity scaling problem and enhancing device capability and user experience. In this paper, we explain the concept of vertical and horizontal slicing and illustrate the slicing techniques in the air interface, the radio access network, the core network and the computation platform. This paper aims to initiate the discussion on the long-range technology roadmap and spur development on the solutions for E2E network slicing in 5G and beyond.

Networking and Internet Architecture,Information Theory

Jie Zeng,Liping Rong,Xin Su

DOI: https://doi.org/10.1109/ICT.2016.7500388

2016-01-01

Abstract:Existing mobile networks suffer from complex protocols, inflexible equipment, and vendor specific configuration interfaces and other problems. This paper proposes a novel framework, NO Stack (short for “Not Only Stack”), which is a software-defined framework for 5G mobile network. NO Stack emphasizes on the decoupling of the user plane, control plane and management plane, pushes down the layer-by-layer protocol stack. In this paper, three key technologies are introduced: flat user plane, global network view (GNV) and on-demand network slice. The demo instance is set up to certify NO Stack can implement the virtualization shield of the infrastructure resources, to enable the highly elasticity of the network and seamless migration.

M. Bagaa,T. Taleb,J. B. Bernabe,A. Skarmeta

DOI: https://doi.org/10.48550/arXiv.2201.03369

2022-01-05

Abstract:Network Function Virtualization (NFV) and Software Distributed Networking (SDN) technologies play a crucial role in enabling 5G system and beyond. A synergy between these both technologies has been identified for enabling a new concept dubbed service function chains (SFC) that aims to reduce both the capital expenditures (CAPEX) and operating expenses (OPEX). The SFC paradigm considers different constraints and key performance indicators (KPIs), that includes QoS and different resources, for enabling network slice services. However, the large-scale, complexity and security issues brought by these technologies create an extra overhead for ensuring secure network slicing. To cope with these challenges, this paper proposes a cost-efficient optimized SFC management system that enables the creation of SFCs for enabling efficient and secure network slices. The proposed system considers the network and computational resources and current network security levels to ensure trusted deployments. The simulation results demonstrated the efficiency of the proposed solution for achieving its designed objectives. The proposed solution efficiently manages the SFCs by optimizing deployment costs and reducing overall end-to-end delay

Networking and Internet Architecture

V. Chamola,Vikas Hassija,G. Praveen,D. Niyato

DOI: https://doi.org/10.1109/MNET.011.2000489

IF: 10.294

2021-05-01

IEEE Network

Abstract:5G communications technologies are the backbone of future communications systems in satisfying different heterogeneous requirements of the industry and consumer applications. These systems rely on standardized protocols and heterogeneous architectures to engineer massive scaling of communication devices. Network Slicing (NS) can be incorporated into 5G to cater to the ever increasing needs of smart communications, ranging from Enhanced Mobile Broadband (eMBB) to Ultra-Reliable Low Latency Communications (URLLC). In this article, we present the performance analysis of such a network using real-world deployment and testing scenarios with state based network slice allocation. To account for transparency and security, a Blockchain-based model is integrated within the network operations. In particular, we carefully account for the latency aware operations of Network Slicing along with its UE state based allocation by telecom providers using Blockchain. Furthermore, provisioning the Blockchain in the Network Slice allocations increases the transparency and efficiency of resource handling operations within the network.

Computer Science,Engineering

Joao P. Ferreira,Vinicius C. Ferreira,Sergio L. Nogueira,Joao M. Faria,Jose A. Afonso

DOI: https://doi.org/10.3390/info15040213

2024-11-23

Abstract:The sharing of mobile network infrastructure has become a key topic with the introduction of 5G due to the high costs of deploying such infrastructures, with neutral host models coupled with features such as network function virtualization (NFV) and network slicing emerging as viable solutions for the challenges in this area. With this in mind, this work presents the design, implementation, and test of a flexible infrastructure-sharing 5G network architecture capable of providing services to any type of client, whether an operator or not. The proposed architecture leverages 5G's network slicing for traffic isolation and compliance with the policies of different clients, with roaming employed for the authentication of users of operator clients. The proposed architecture was implemented and tested in a simulation environment using the UERANSIM and Open5GS open-source tools. Qualitative tests successfully validated the authentication and the traffic isolation features provided by the slices for the two types of clients. Results also demonstrate that the proposed architecture has a positive impact on the performance of the neutral host network infrastructure, achieving 61.8% higher throughput and 96.8% lower packet loss ratio (PLR) in a scenario sharing the infrastructure among four clients and eight users when compared to a single client with all the network resources.

Networking and Internet Architecture

Ravishankar Ravindran,Asit Chakraborti,Syed Obaid Amin,Aytac Azgin,Guoqiang Wang

DOI: https://doi.org/10.48550/arXiv.1610.01182

2016-10-05

Abstract:The challenging requirements of 5G--from both the applications and the architecture perspectives--motivate the need to explore the feasibility of delivering services over new network architectures. As 5G proposes application-centric network slicing, which enables the use of new data planes realizable over a programmable compute, storage, and transport infrastructure, we consider Information-centric Networking (ICN) as a candidate network architecture to realize 5G objectives. This can co-exist with end-to-end IP services that are offered today. To this effect, we first propose a 5G-ICN architecture and compare its benefits (i.e., innovative services offered by leveraging ICN features) to current 3GPP-based mobile architectures. We then introduce a general application-driven framework that emphasizes on the flexibility afforded by Network Function Virtualization (NFV) and Software Defined Networking (SDN) over which 5G-ICN can be realized. We specifically focus on the issue of how mobility-as-a-service (MaaS) can be realized as a 5G-ICN slice, and give an in-depth overview on resource provisioning and inter-dependencies and -coordinations among functional 5G-ICN slices to meet the MaaS objectives.

Networking and Internet Architecture

S. Mohalik,Marin Orlic,Ajay Kattepur,Ian Burdick,Leonid Mokrushin

DOI: https://doi.org/10.1109/WCNC57260.2024.10570716

2024-04-21

Abstract:5G advanced network slicing use cases have gained momentum with the ability to provide differentiated Quality of Service (QoS) to various services (voice, mobile broadband, gaming, eXtended Reality, enterprise). However, it is essential to implement adaptive and scalable Network Slice Assurance to ensure differentiated service performance with varying traffic and dynamic requirements. The intent-driven network management paradigm aims at building autonomous systems with minimal expert-driven policies, which may be applied to slice assurance. In this paper, we propose Convergence, a cognitive intent driven framework for 5G Radio Access Network (RAN) slice assurance. Via the use of intelligent agents registered during the prediction, assurance, evaluation and actuation phases, emerging issues in slice assurance may be handled autonomously. In particular, Artificial Intelligence (AI) planning agents are exploited to generate partition over-use, partition top-up or partition ramp-down actions dynamically. The slice assurance framework is demonstrated over a real-world operator use case with multiple slices and intent specifications.

Computer Science,Engineering

Paul Wright,Catherine White,Ryan C. Parker,Jean-Sébastien Pegon,Marco Menchetti,Joseph Pearse,Arash Bahrami,Anastasia Moroz,Adrian Wonfor,Richard V. Penty,Timothy P. Spiller,Andrew Lord

DOI: https://doi.org/10.1364/JOCN.413918

2021-01-08

Abstract:We demonstrate how the 5G network slicing model can be extended to address data security requirements. In this work we demonstrate two different slice configurations, with different encryption requirements, representing two diverse use-cases for 5G networking: namely, an enterprise application hosted at a metro network site, and a content delivery network. We create a modified software-defined networking (SDN) orchestrator which calculates and provisions network slices according to the requirements, including encryption backed by quantum key distribution (QKD), or other methods. Slices are automatically provisioned by SDN orchestration of network resources, allowing selection of encrypted links as appropriate, including those which use standard Diffie-Hellman key exchange, QKD and quantum-resistant algorithms (QRAs), as well as no encryption at all. We show that the set-up and tear-down times of the network slices takes of the order of 1-2 minutes, which is an order of magnitude improvement over manually provisioning a link today.

Networking and Internet Architecture,Quantum Physics

Sandro Rodriguez Garzon,Hai Dinh Tuan,Maria Mora Martinez,Axel Küpper,Hans Joachim Einsiedler,Daniela Schneider

2024-02-23

Abstract:Next generation mobile networks are poised to transition from monolithic structures owned and operated by single mobile network operators into multi-stakeholder networks where various parties contribute with infrastructure, resources, and services. However, a federation of networks and services brings along a crucial challenge: Guaranteeing secure and trustworthy access control among network entities of different administrative domains. This paper introduces a novel technical concept and a prototype, outlining and implementing a 5G Service-Based Architecture that utilizes Decentralized Identifiers and Verifiable Credentials instead of traditional X.509 certificates and OAuth2.0 access tokens to authenticate and authorize network functions among each other across administrative domains. This decentralized approach to identity and permission management for network functions reduces the risk of single points of failure associated with centralized public key infrastructures. It unifies access control mechanisms and lays the groundwork for lesser complex and more trustful cross-domain key management for highly collaborative network functions in a multi-party Service-Based Architecture of 6G.

Networking and Internet Architecture

Matteo Nerini,David Palma

DOI: https://doi.org/10.48550/arXiv.2101.12644

2021-01-29

Abstract:Future networks will pave the way for a myriad of applications with different requirements and Wi-Fi will play an important role in local area networks. This is why network slicing is proposed by 5G networks, allowing to offer multiple logical networks tailored to the different user requirements, over a common infrastructure. However, this is not supported by current Wi-Fi networks. In this paper, we propose a standard-compliant network slicing approach for the radio access segment of Wi-Fi by defining multiple Service Set Identifiers (SSIDs) per Access Point (AP). We present two algorithms, one that assigns resources according to the requirements of slices in a static way, and another that dynamically configures the slices according to the network's conditions and relevant Key Performance Indicators (KPIs). The proposed algorithms were validated through extensive simulations, conducted in the ns-3 network simulator, and complemented by theoretical assessments. The obtained results reveal that the two proposed slicing approaches outperform today's Wi-Fi access technique, reaching lower error probability for bandwidth intensive slices and lower latency for time-critical slices. Simultaneously, the proposed approach is up to 32 times more energy efficient, when considering slices tailored for low-power and low-bandwidth devices, while increasing the overall spectrum efficiency.

Networking and Internet Architecture

Vijay Varadharajan,Uday Tupakula,Kallol Karmakar

DOI: https://doi.org/10.48550/arXiv.2006.15270

2020-06-27

Abstract:The 5G network systems are evolving and have complex network infrastructures. There is a great deal of work in this area focused on meeting the stringent service requirements for the 5G networks. Within this context, security requirements play a critical role as 5G networks can support a range of services such as healthcare services, financial and critical infrastructures. 3GPP and ETSI have been developing security frameworks for 5G networks. Our work in 5G security has been focusing on the design of security architecture and mechanisms enabling dynamic establishment of secure and trusted end to end services as well as development of mechanisms to proactively detect and mitigate security attacks in virtualised network infrastructures. The focus of this paper is on the latter, namely the facilities and mechanisms, and the design of a security architecture providing facilities and mechanisms to detect and mitigate specific security attacks. We have developed and implemented a simplified version of the security architecture using Software Defined Networks (SDN) and Network Function Virtualisation (NFV) technologies. The specific security functions developed in this architecture can be directly integrated into the 5G core network facilities enhancing its security. We describe the design and implementation of the security architecture and demonstrate how it can efficiently mitigate specific types of attacks.

Cryptography and Security,Networking and Internet Architecture

Lucas Vancina,Geoffrey Xie

2024-08-15

Abstract:Under conventional 5G system design, the authentication and continuous monitoring of user equipment (UE) demands a reliable backhaul connection between the radio access network (RAN) and the core network functions (AMF, AUSF, UDM, etc.). This is not a given, especially in disaster response and military operations. We propose that, in these scenarios, decisions made by core functions can be effectively delegated to the RAN by leveraging the RAN's computing resources and the micro-service programmability of the O-RAN system architecture. This paper presents several concrete designs of core-RAN decision delegation, including caching of core decisions and replicating some of the core decision logic. Each design has revealed interesting performance and security trade-offs that warrant further investigation.

Networking and Internet Architecture

Yinghui Zhang,Axin Wu,Zhenwei Chen,Dong Zheng,Jin Cao,Xiaohong Jiang

DOI: https://doi.org/10.1016/j.comcom.2020.12.014

IF: 5.047

2021-01-01

Computer Communications

Abstract:<p>The fifth generation (5G) mobile communication technologies significantly promote the development of attractive applications such as automatic driving and telemedicine due to its lower latency, higher data rate and massive connectivities. In addition, 5G network slices can be used to realize tailored transmission network according to users' different requirements. Nevertheless, 5G still suffers from security, privacy and performance issues exemplified by authenticated key agreement, identity and network slice privacy, and the flexibility and efficiency of network slice selection. In this paper, we tackle these challenges by proposing FANS, a Flexible and Anonymous Network Slicing method for cloud radio access network enabled authentication of emerging 5G service. FANS achieves users' identity privacy protection by hiding the public key associated with the actual identity in transmitted messages. The privacy, flexibility and efficiency of network slice selection are realized by adopting the idea of privacy-aware one-to-many matching which has been used in anonymous attribute-based encryption. Based on comprehensive security and performance analysis, FANS is shown to be secure and efficient.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Sahrish Khan Tayyaba,Adnan Akhunzada,Noor Ul Amin,Munam Ali Shah,Faheem Khan,Ihsan Ali

DOI: https://doi.org/10.4108/eai.22-3-2018.154387

2018-01-01

ICST Transactions on Mobile Communications and Applications

Abstract:In cellular networks, physical resources are always limited, especially when shared among different contributors such as mobile network operator (MNO) or mobile virtual network operators (MVNO) etc. Software Defined Network (SDN) and Network Function Virtualization (NFV) is a Current research area. SDN-based cellular networks provide high Quality of Services (QoS) to the end-user and NFV provides isolation. The sharing of resources is often provided by leveraging virtualization. SDN can generate new forwarding rules and policies for dynamic routing decision based on the traffic classification. However, virtualization in cellular networks is still in infancy and many issues and challenges remain unaddressed. The queue-length problem for providing QoS is cellular network requires attention. The queue management requires separate management protocols for fair allocation of resources. In this research paper, we propose a novel framework for resource allocation and bandwidth management in the 5G cellular network. We are using two level of virtualization, i.e., implementing dynamic resource optimization at network slice manager and executing optimized policies at the wireless virtual manager.

Prabhakar Krishnan,Kurunandan Jain,Ala-Saleh D. Alluhaidan,P Prabu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109152

IF: 4.152

2024-03-17

Computers & Electrical Engineering

Abstract:The Fifth Generation (5 G) networks exhibit high flexibility and diversity in their design and deployment strategies. Transitions between base stations (BSs), heterogeneous networks (HetNets) and other cellular networks provide significant vulnerabilities and expose users to substantial risks associated with cybersecurity attacks. This article evaluates current handover authentication methods in the context of 5 G networks while proposing a set of security criteria for handover authentication. This study presents a novel authentication technique called SHK (Secure Handover Key) that utilizes SDNs (Software Defined networks). The proposed scheme integrates recycled lightweight dynamic key cryptography and combines security features such as perfect forward secrecy and robustness to leakages. The significance of the proposed approach is assessed in terms of computations, communications, signals, and energy costs on 5 G mobility applications and Vehicular Communication Networks (VCNs). The scheme employed in this study demonstrates enhanced security measures and improved changeover performance compared to conventional schemes.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

H. Zhang,N. Liu,X. Chu,K. Long,A. Aghvami,V. C. M. Leung

DOI: https://doi.org/10.48550/arXiv.1704.07038

2017-04-24

Abstract:The fifth-generation (5G) networks are expected to be able to satisfy users' different quality-of-service (QoS) requirements. Network slicing is a promising technology for 5G networks to provide services tailored for users' specific QoS demands. Driven by the increased massive wireless data traffic from different application scenarios, efficient resource allocation schemes should be exploited to improve the flexibility of network resource allocation and capacity of 5G networks based on network slicing. Due to the diversity of 5G application scenarios, new mobility management schemes are greatly needed to guarantee seamless handover in network slicing based 5G systems. In this article, we introduce a logical architecture for network slicing based 5G systems, and present a scheme for managing mobility between different access networks, as well as a joint power and subchannel allocation scheme in spectrum-sharing two-tier systems based on network slicing, where both the co-tier interference and cross-tier interference are taken into account. Simulation results demonstrate that the proposed resource allocation scheme can flexibly allocate network resources between different slices in 5G systems. Finally, several open issues and challenges in network slicing based 5G networks are discussed, including network reconstruction, network slicing management and cooperation with other 5G technologies.

Information Theory