Special issue | Techniques for smart and secure 5G softwarized networks

Vol. 74, n° 9-10, September-October 2019
Content available on Springerlink

Guest editors

Laurent Ciavaglia, Nokia, France
Prosper Chemouil, IEEE ComSoc, France
Bruce Maggs, Duke University, Akamai Technologies, USA


Techniques for smart and secure 5G softwarized networks

Laurent Ciavaglia, Prosper Chemouil, Bruce Maggs


DAReSch: deadline-aware request scheduling for cloud storage services

Ghada Tlili1, Haythem Yahyaoui1, Mohamed Faten Zhani1, Halima Elbiaze2

(1) École de Technologie Supérieure (ÉTS Montreal), Montreal, Quebec, Canada
(2) Université du Québec À Montréal, Montreal, Quebec, Canada

Abstract With the emergence of cloud computing and big data, many companies are increasingly relying on the cloud to store and retrieve tremendous amounts of data to leverage the scalability and performance offered by cloud storage services. As a result, data retrieval time has become of a paramount importance for cloud users especially. However, current data management systems are still not optimized to reduce such time. In this paper, we present a deadline-aware data request scheduling scheme, called DAReSch, that aims at scheduling data requests in order to minimize data transfer times and to meet the deadlines specified by the users. We show through real experiments using OpenStack storage system (i.e., Swift) that, compared with the traditional Swift Client system, DAReSch significantly increases the percentage of requests meeting their deadlines, reduces data transfer time, and maximizes bandwidth usage. Furthermore, we also study the impact of the request deadlines on the studied performance metrics. Our extensive experiments show that, when deadlines are stringent, DAReSh allows 60% of the requests to meet their deadline requirements compared with only 10% for the existing solution. When the deadline is less stringent, 90% of the requests can meet their deadline requirements with DAReSh compared with 40% for the existing solution.

Keywords Cloud storage systems / OpenStack Swift / Request scheduling / Deadline-aware data retrieval

Algorithms for the design of 5G networks with VNF-based Reusable Functional Blocks

Luca Chiaraviglio1,2, Fabio D’Andreagiovanni3,4, Simone Rossetti1,2, Giulio Sidoretti1,2Nicola Blefari-Melazzi1,2, Stefano Salsano1,2, Carla-Fabiana Chiasserini5,6, Francesco Malandrino6

(1) Consorzio Nazionale Interunivesitario per le Telecomunicazioni, Rome, Italy
(2) EE Department, University of Rome Tor Vergata, Rome, Italy
(3) National Center for Scientific Research (CNRS), Paris, France
(4) CNRS, Heudiasyc UMR 7253, Sorbonne Universités, Université de Technologie de Compiègne, Compiègne, France
(5) DET Department, Polytechnic Univerisity of Turin, Torino, Italy
(6) IEIIT National Research Center (CNR), Rome, Italy

Abstract We face the problem of designing a 5G network composed of Virtual Network Function (VNF)-based entities, called Reusable Functional Blocks (RFBs). RFBs provide a high level of flexibility and scalability, which are recognized as core functions for the deployment of the forthcoming 5G technology. Moreover, the RFBs can be run on different HardWare (HW) and SoftWare (SW) execution environments located in 5G nodes, in line with the current trend of network softwarization. After overviewing the considered RFB-based 5G network architecture, we formulate the problem of minimizing the total costs of a 5G network composed of RFBs and physical 5G nodes. Since the presented problem is NP-Hard, we derive two algorithms, called SFDA and 5G-PCDA, to tackle it. We then consider a set of scenarios located in the city of San Francisco, where the positions of the users and the set of candidate sites to host 5G nodes have been derived from the WeFi app. Our results clearly show the trade-offs that emerge between (i) the total costs incurred by the installation of the 5G equipment, (ii) the percentage of users that are served, and (iii) the minimum downlink traffic provided to the users.

Keywords 5G networks / 5G Design / CAPEX reduction / 5G performance evaluation / Network softwarization

The controller placement problem for robust SDNs against malicious node attacks considering the control plane with and without split-brain

Dorobella Santos1, Amaro de Sousa2, Carmen Mas Machuca3

(1) INESC-Coimbra, Coimbra, Portugal
(2) Instituto de Telecomunicações, DETI, Universidade de Aveiro, Aveiro, Portugal
(3) Technical University of Munich, Munich, Germany

Abstract In software-defined networking (SDN), the control plane is separated from the data plane. For scalability and robustness reasons, the logically centralized control plane is implemented by physically distributing different controllers throughout the network. The determination of the number and location of the SDN controllers is known as the controller placement problem (CPP). For given maximum switch-controller (SC) and controller-controller (CC) delays in the regular (failure-free) state, we aim to find a CPP solution that maximizes the control plane robustness against a given number of malicious node attacks. We describe an ILP-based method aiming to enumerate all CPP solutions that guarantee the existence of a data plane path from every switch to any controller if all other controller nodes are shut down (worst-case scenario). Then, for different malicious node attacks, based on node centrality metrics and corresponding to different attacker’s strategies, we evaluate the previous solutions to determine the ones that maximize the network robustness, considering the SDN control plane operating with or without split-brain. In the computational results, we compare the robustness and the average SC and CC delays of the best CPP solutions. Since a control plane with split-brain requires more controllers, the average SC and CC delays in the regular state of its CPP solutions are significantly better, on average. Concerning robustness, split-brain does not always provide the best robust CPP solutions due to its feature of requiring a minimum number of connected controllers (which must be over half of the total number of them) to be operational.

Keywords SDN / Controller placement problem / Malicious node attacks / Integer linear programming / Node centrality

A survey on authentication and access control for mobile networks: from 4G to 5G

Shanay Behrad1, Emmanuel Bertin1, Noel Crespi2

(1) Orange Labs, Caen, France
(2) Institut Mines-Télécom, Télécom SudParis, CNRS 5157, Evry, France

Abstract The next generation of mobile networks, 5G, is expected to support a set of multiple requirements and use cases that will create an improved user experience. 5G will also be able to provide a high level of security by considering a variety of security aspects, such as authentication and access control mechanisms. The current protocol in 4G designed to address security is 4G AKA. It presents some weaknesses and vulnerabilities that negatively affect operators’ networks and their subscribers’ security. In designing an authentication and access control mechanism for 5G, it is crucial to evaluate both 4G AKA’s weaknesses and the new requirements of 5G. In this paper, we survey the vulnerabilities of the 4G AKA protocol, as well as the current 5G architectural answers brought by the 3GPP.

Keywords 5G, mobile network / Authentication and access control / AKA protocol

Embedded network design to support availability differentiation

Abdulaziz Alashaikh1, David Tipper2, Teresa Gomes3,4

(1) Department of Computer Science, Umm Al-Qura University, Mecca, Saudi Arabia
(2) Graduate Telecommunications and Networking Program, School of Computing and Information, University of Pittsburgh, Pittsburgh, USA
(3) Department of Electrical and Computer Engineering, University of Coimbra, Coimbra, Portugal
(4) Institute for Systems Engineering and Computers at Coimbra (INESC Coimbra), Coimbra, Portugal

Abstract The problem of how to provide, in a cost-efficient manner, high levels of availability and service differentiation in communication networks was investigated in Tipper (Telecommun Syst 56(1): 5–16 2014), Gomes et al. (2014), and Alashaikh et al. (Comput Netw 82:4–19 2015). The strategy adopted was to embed in the physical layer topology a high availability set of links and nodes (termed the “spine”). The spine enables through protection, routing, and cross-layer mapping, the provisioning of differentiated classes of resilience with varying levels of end-to-end availability. Here, we present an optimization model formulation of the spine design problem, considering link availability and the cost of upgrading link availability. The design problem seeks to minimize the cost while attaining a desired target flow availability. Extensive numerical results illustrate the benefits of modifying the availability of a subset of links of the network to implement quality of resilience classes.

Keywords Crosslayer mapping / Differentiated services / Flow availability

Resource management of cloud-enabled systems using model-free reinforcement learning

Yue Jin1, Makram Bouzid1, Dimitre Kostadinov1, Armen Aghasaryan1

(1) Nokia Bell Labs, Nokia, Paris, France

Abstract The digital system of the future will face the growing challenge of controlling the system behavior in complex dynamically evolving environments. In this paper, we examine the applicability of a new management paradigm based on a reinforcement learning approach, where no preliminary specification of the system model is required. The learning agent identifies the most adequate control policies in live interaction with a partially observed system and provides it with autonomous management capabilities. We present the results of experimentation with cloud-based applications and discuss the technical challenges that need to be addressed in this field. Furthermore, we present the results of experimentation on a 5G network slice that hosts a cloud-based application in a multi-agent reinforcement learning setting, and demonstrate the value of information exchange between learning agents.

Keywords Reinforcement learning / Cloud computing / Application scaling / Resource optimization

Multi-cloud cooperative intrusion detection system: trust and fairness assurance

Adel Abusitta1, Martine Bellaiche1, Michel Dagenais1

(1) Department of Computer and Software Engineering, Ecole Polytechnique de Montreal, Montreal, Canada

Abstract The sophistication of the recent cloud computing systems has made them more vulnerable to intelligent cyber attacks. Moreover, it is becoming very difficult for a single intrusion detection system (IDS) to detect all existing attacks, due to limited knowledge about such attacks’ patterns and implications. Recent works in cloud security have shown that cooperation among cloud-based IDSs can enhance their accuracy. However, there are two main challenges associated with the existing cooperative IDSs, which are related to trust and fairness assurance. To tackle these challenges, we propose in this paper a cooperative cloud-based IDS framework that (1) enables IDSs to distributively form trustworthy IDSs communities by advancing a trust-based hedonic coalitional game, which allows IDSs to increase their individual detection accuracy in the presence of untrusted IDSs and (2) formulates a fairness assurance mechanism as a Stackelberg game between the well-behaving IDSs and the selfish ones that frequently send consultation requests to other IDSs, and at the same do not answer other IDSs’ consultation requests. Experimental results show the effectiveness of the proposed approach in terms of enhancing the accuracy of detection and achieving the fairness among IDSs in terms of benefits obtained through cooperation.

Keywords Intrusion detection systems / Game theory / Fairness assurance / Cloud computing / Security Trust

Automotive virtual edge communicator (AVEC) with vehicular inter-agent service orchestration and resourcing (ViSOR)

Rebecca Copeland1, Michael Copeland1, Shohreh Ahvar2, Noel Crespi2, Oyunchimeg Shagdar3, Romain Durand4

(1) Core Viewpoint Ltd, Kenilworth, UK
(2) Institut Mines Telecom, Paris, France
(3) VeDeCom, Versailles, France
(4) Transatel, Paris, France

Abstract At time of crisis, relief teams must have assured connectivity, not only just within the team but also across different service agencies in the area. Since emergency agencies and essential services always send service cars to affected zones, advanced technologies and computing resources aboard these vehicles can be pooled together to boost network capacity temporarily, just where it is crucially needed. These vehicles become automotive virtual edge communicators (AVECs). They are managed by a vehicular inter-agency service orchestration and resourcing (ViSOR) system that creates transient proximity-based “trust circles” to manage novel cooperative hosting, opportunistic virtualization, and “car sourcing” of crisis zone data. This study evaluates the feasibility for this challenging but highly rewarding concept and identifies gaps in emerging technologies.

Keywords MEC / NFV / PPDR / MCS / ITS / Blockchain