To keep our research in touch with the up-to-date technologies, in this section, we present several prerequisites that are supposed to use in building the functionality in our system (in the next chapters). For each term, we cover an overview and then hint its role to our work. In other words, the summary from this chapter provides a brief on how each
Low-Power Phy (IEEE 802.15.4) Low-Power MAC (IEEE 802.15.4)
6LoWPAN RPL, IPv4, IPv6
TCP/UDP CoAP, MQTT
Application
LPAN domain Internet domain
PHY (802.3, 802.11, 802.16, LTE..) MAC (802.3, 802.11,
802.16, LTE..) Application
HTTP TCP/UDP
RIP, OSPF,…
IPv4, IPv6
RF layer PHY MAC Application (Restful API)
LPWAN domain
Figure 2.1.3: The relationship of low-power personal networks (LPAN)/low-power wide area networks (LPWAN) and IP-based protocol stacks (Internet domain). Most protocols in both domains are changed to satisfy the energy consumption requirement and the simplicity of LPW devices.
assisting technology contributes to building the components of TrioSys.
5G connectivity technology
4G is the fourth generation of broadband cellular network technology that has been commercially deployed since 2009. Interestingly, most commercial cellular infrastructures over the world are still running 4G or possibly its advanced version (e.g., LTE-Advanced, LTE-Advanced Pro). Although 4G may be soon replaced by 5G, so far most available devices and simulation frameworks have been developed based on the 4G standards. Thus, several of our evaluations still rely on the 4G structure, e.g., in [6]; however, even in that case, we also suggest several modifications if necessary for future networks.
5G is a commonly used term for certain advanced wireless technologies of the fifth- generation networking and a hot research field. Besides the term, 5G, means the network technology using the spectrum under 6GHz, industry associations such as 3GPP recommend to refer to 5G as any system using “5G NR” (5G New Radio, on the consensus by late 2018). 5G-relevant communications such as 5G cellular-V2X and 5G for industrial IoT are in this term. A 5G network architecture is illustrated in Fig. 2.2.1.
Several glossary terms consist of Policy Control Function (PCF), Network Repository Function (NRF), Network Slice Selection Function (NSSF), Unified Data Management
(UDM),User Plane Function (UDM), Access and Mobility Function (AMF), and Session Management Function (SMF). The detail of 5G architecture can be referred to in technical specifications issued by associations and standard organizations such as 3GPPP and International Telecommunication Union (ITU) [35]. In this architecture, our security system contributes to the UPF layer, particularly the Local Area Data Network (LADN).
For 5G, LADN implies a network accessed only in specific locations or small geographical areas, so-called cells. Like existing cellular networks, when a user moves from one cell to another, their 5G-supported devices will be automatically handed over to the new cell without interruption to the communication. Note that the new 5G devices also have 4G LTE capability, as the new networks use 4G for initially establishing the connection with the cell [35], as well as in locations where 5G access is unavailable.
RAN
DU CU
UE
AUSF AMF SMF
UPF
NSSF UDM NRF PCF NEF
Naf
N4
MEC RAN API
MEC Platform MEC PlatformManager
MEC UE Identity API
Regional Certificate
Data Network (LA/DN) Virtualization Infrastructure
MEC App
MEC Cache
Our system
Distributed Host LevelSystem Level
MEC Orchestrator
5G Core Network
RAN info
Provision/
Subscription
Monitoring/
Notification
Figure 2.2.1: The architecture of 5G network and the position of our proposal (bold/red text). Our system primarily located at MEC (5G LA/DN).
Several technologies promise to be the core of 5G such as massive Multiple-input and Multiple-output (MIMO), edge computing, small cell, beam-forming and SDN/NFV.
Notably, the communications based on millimeter-wave can be the game changer to several applications such as autonomous vehicles, since their antennas are much smaller, sometimes only a few inches long, than the large antennas used in previous cellular networks. This technology along with beamforming and MIMO all plays an important role for implementing two verification mechanisms in the data exchange of V2X applications.
The details of these mechanisms are presented in Chapter 5.
Multi-access Edge Computing
MEC is under development, and it is intended to form an open standard and extend edge computing capabilities in various networks owned by different operators. MEC promises to be a fundamental component of 5G/B5G, and can be deployed near the eNodeB/gNB [36], [37]. It is supposed to handle both user traffic and control traffic to perform related processing tasks near the clients. Due to such features, MEC can significantly help the built-in security defenses to detect and eliminate unwanted traffic close to the sources or cut off attacks such as DDoS before they become volumetric [38]. Without loss of generality, we assume that MEC servers can decode information from all protocol stack layers to provide processing capacity and packet orientation towards proper operations due to their inherent features in collecting real-time network data like subscriber locations and movement directions [36]. We also suppose that MEC servers collect the raw data streams from registered IoT and mobile devices, classify them into different groups on the basis of the type of data, and then transmit them to the corresponding MEC-based applications.
In our security architecture model, the detection engine and filtering modules are native MEC-based applications. By combining a chain of various engines can help to achieve the goals of preventing and mitigating many attacks, even if they start from different slices.
The position of our MEC-based detectors is illustrated in Fig. 2.2.2.
Our system
Figure 2.2.2: The abstract of multi-access edge computing system [23] and the position of our proposal (bold/red color). Our system accommodates in MEC VNFs.
Software-defined networks and Programmable network model
The explosion of IoT and mobile devices, virtualization technologies, and the advent of cloud services are driving the networking industry to re-examine conventional architectures.
The first target of SDN is to simplify the network complexity by disassociating the forwarding process of network packets (i.e., the data plane) from the routing process (i.e., the control plane), and then leverage the powerful ability of centralized servers at the cloud to handle the control plane. However, several challenges of SDN such as security, scalability, and elasticity [39], give few options to let the SDN technologies replace the traditional networking model. Recently, several industrial SDN frameworks, e.g., Open Network Operating System (ONOS) [40], [41], promise to offer valuable implementations for overcoming both scalability and elasticity. The cluster model of SDN controllers is thus the key to mitigate the signaling overload of the control plane. ONOS also becomes the core of CORD™ project (Central Office Re-architected as a Datacenter), which is intent on a complete integrated platform for the services such as Internet-as-a-service and monitoring-as-a-service. In a case of this work [25], we also have implemented the control part in our system by using the ONOS APIs and SDN-control architecture to evaluate the scalability of the architecture in the next-generation network model.
Without a programmable data plane, the development of SDN switches may rely on the view of various vendors/manufactures. A promising trend is to abstract the forwarding layer to a programmable model, e.g., Protocol-Independent Switch Architecture (PISA).
This model enables flexible mechanisms for parsing packets and matching headers, and thus frees the programmers from heavy dependence on a hardware framework of a specific vendor. At present, producing high performance and reliable commodity devices is a competitive race of major switch manufacturers (vendor-supplied), e.g., Barefoot Tofino [42]. Many implementations [43] have targeted a programmable data plane model. For example, P4 is a leading open-source, well supported by a large number of technical contributions from companies, universities and individuals. P4 programs are designed with the spirit of the PISA architecture such as general-purpose CPUs, system(s)-on-chip, network processors, and ASICs [44]. In our model, P4 is primarily used to implement the detectors for programmable devices such as BMv2 switches [25].
Service chaining & Security as a service
Service function chaining (SFC) is a capability that leverages SDN capabilities to create a chain of connected network services (e.g., firewalls and intrusion detection systems) in a
logic way and connect them in a virtual chain [3]. Network operators are used to using this capability to set up groups of connected services from multiple functions in a single network connection. The most visible advantage of this model is to automate the way that virtual network connections can be set up to handle traffic flows for lease users or on-demand services. For example, an SDN controller can take a chain of security services and apply them to different traffic flows depending on the source, destination or traffic type. The SFC capability automates traditional tasks such as setting up a series of physical devices to process incoming and outgoing network traffic, which may often require the manual intervention of the network administrators. Service chaining now promises to be a fundamental technique in many SDN and NFV use cases and deployment, particularly data centers and carrier networks. Moreover, by enabling automated provisioning of network applications, SFC can be operationally beneficial by getting the proper network resources or characteristics (e.g., bandwidth) all in an automated fashion. In our approach, the overall performance for detecting multiple attacks can be improved by applying a chain of specific detection engines, in which each engine deals with specific kinds of attacks.
In contrast, the term Security as a service (SECaaS) means a business model in which the security services can be provided on a subscription basis. This model allows end-users or organizations to get security functions at a more affordable cost than deploying the whole standalone solutions by themselves. Inspired by the software-as-a-service, SECaaS promises to be widely applied to security services due to no requirement for on-premises hardware, and thus help to reduce significant capital outlays. For example, with a relative comparison, a life cycle of building up a legacy security product to deploy can be up to several years [45]. A change means an exorbitant amount of time, money and resources, which most organizations simply do not have. SECaaS is proposed to secure the network with the awareness of changing/updating by minutes, rather than by months. This model eliminates the burden associated with the deployment, testing, acquisition, and management of security products so that organizations can be empowered with instant-on security that can accommodate practically any change or business requirement. A SECaaS- based system can significantly reduce the deployment time, e.g., up to by 91% [45], when compared to the time and logistics typically required to roll out traditional, legacy security tools. SECaaS can support authentication, anti-malware/spyware, intrusion detection, and so on. It is booming, and the outsourced security licensing models based on it appear to be a competitive multi-billion-dollar market in the near future. SECaaS is the reference design model and the target for our system, particularly the C-TrioSys engine. Besides, we
also structure major detection and filtering engines as configurable components embedded into programmable facilities such as switches/MEC-based servers, and the whole program can be easily updated or deployed in minutes to the clients through a centralized control system in the cloud. Fig. 2.2.3 illustrates a conceptual SECaaS-based framework with the support of SDN and the programmable model.
Our control system Our client detectors SDN Applications
IP-based secure tunnel Networking Operating System P4 Runtime
Programmable Switch, Edge router
Home network Home Router, Switch
Mobile network gNB
Figure 2.2.3: The abstract of SECaaS-based security architecture with the support of SDN and the programmable model. We structure major detection and filtering engines as configurable components embedded into programmable facilities such as switches/MEC- based servers.