اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدSoftware Enabled Security Architecture and Mechanisms for Securing 5G Network Services
100
0
0.0
(
0
)
نشر من قبل
Kallol Krishna Karmakar
تاريخ النشر
2020
مجال البحث
الهندسة المعلوماتية
والبحث باللغة
English
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
The 5G network systems are evolving and have complex network infrastructures. There is a great deal of work in this area focused on meeting the stringent service requirements for the 5G networks. Within this context, security requirements play a critical role as 5G networks can support a range of services such as healthcare services, financial and critical infrastructures. 3GPP and ETSI have been developing security frameworks for 5G networks. Our work in 5G security has been focusing on the design of security architecture and mechanisms enabling dynamic establishment of secure and trusted end to end services as well as development of mechanisms to proactively detect and mitigate security attacks in virtualised network infrastructures. The focus of this paper is on the latter, namely the facilities and mechanisms, and the design of a security architecture providing facilities and mechanisms to detect and mitigate specific security attacks. We have developed and implemented a simplified version of the security architecture using Software Defined Networks (SDN) and Network Function Virtualisation (NFV) technologies. The specific security functions developed in this architecture can be directly integrated into the 5G core network facilities enhancing its security. We describe the design and implementation of the security architecture and demonstrate how it can efficiently mitigate specific types of attacks.
قيم البحث
اقرأ أيضاً
Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities op
erate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nations security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. In this paper, we discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.
As networks expand in size and complexity, they pose greater administrative and management challenges. Software Defined Networks (SDN) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy driven security
architecture for securing end to end services across multiple SDN domains. We develop a language based approach to design security policies that are relevant for securing SDN services and communications. We describe the policy language and its use in specifying security policies to control the flow of information in a multi-domain SDN. We demonstrate the specification of fine grained security policies based on a variety of attributes such as parameters associated with users and devices/switches, context information such as location and routing information, and services accessed in SDN as well as security attributes associated with the switches and Controllers in different domains. An important feature of our architecture is its ability to specify path and flow based security policies, which are significant for securing end to end services in SDNs. We describe the design and the implementation of our proposed policy based security architecture and demonstrate its use in scenarios involving both intra and inter-domain communications with multiple SDN Controllers. We analyse the performance characteristics of our architecture as well as discuss how our architecture is able to counteract various security attacks. The dynamic security policy based approach and the distribution of corresponding security capabilities intelligently as a service layer that enable flow based security enforcement and protection of multitude of network devices against attacks are important contributions of this paper.
Atomizing various Web activities by replacing human to human interactions on the Internet has been made indispensable due to its enormous growth. However, bots also known as Web-bots which have a malicious intend and pretending to be humans pose a se
vere threat to various services on the Internet that implicitly assume a human interaction. Accordingly, Web service providers before allowing access to such services use various Human Interaction Proofs (HIPs) to authenticate that the user is a human and not a bot. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a class of HIPs tests and are based on Artificial Intelligence. These tests are easier for humans to qualify and tough for bots to simulate. Several Web services use CAPTCHAs as a defensive mechanism against automated Web-bots. In this paper, we review the existing CAPTCHA schemes that have been proposed or are being used to protect various Web services. We classify them in groups and compare them with each other in terms of security and usability. We present general method used to generate and break text-based and image-based CAPTCHAs. Further, we discuss various security and usability issues in CAPTCHA design and provide guidelines for improving their robustness and usability.
Future communication networks such as 5G are expected to support end-to-end delivery of services for several vertical markets with diverging requirements. Network slicing is a key construct that is used to provide end to end logical virtual networks
running on a common virtualised infrastructure, which are mutually isolated. Having different network slices operating over the same 5G infrastructure creates several challenges in security and trust. This paper addresses the fundamental issue of trust of a network slice. It presents a trust model and property-based trust attestation mechanisms which can be used to evaluate the trust of the virtual network functions that compose the network slice. The proposed model helps to determine the trust of the virtual network functions as well as the properties that should be satisfied by the virtual platforms (both at boot and run time) on which these network functions are deployed for them to be trusted. We present a logic-based language that defines simple rules for the specification of properties and the conditions under which these properties are evaluated to be satisfied for trusted virtualised platforms. The proposed trust model and mechanisms enable the service providers to determine the trustworthiness of the network services as well as the users to develop trustworthy applications. .
Fog computing is a paradigm for distributed computing that enables sharing of resources such as computing, storage and network services. Unlike cloud computing, fog computing platforms primarily support {em non-functional properties} such as location
awareness, mobility and reduced latency. This emerging paradigm has many potential applications in domains such as smart grids, smart cities, and transport management. Most of these domains collect and monitor personal information through edge devices to offer personalized services. A {em centralized} server either at the level of cloud or fog, has been found ineffective to provide a high degree of security and privacy-preserving services. Blockchain technology supports the development of {em decentralized} applications designed around the principles of immutability, cryptography, consistency preserving consensus protocols and smart contracts. Hence blockchain technology has emerged as a preferred technology in recent times to build trustworthy distributed applications. The chapter describes the potential of blockchain technology to realize security services such as authentication, secured communication, availability, privacy and trust management to support the development of dependable fog services.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
