FIGURE 1 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
Internet of Things (IoT) or massive Machine Type Communications (mMTC) is one of the essential aspects addressed by 5G mobile telecommunications. 5G core network has been deployed with Software-defined Networking (SDN) where security is an important issue. The overhead of offering security in 5G is high, which is typically incurred in encoding and...
Contexts in source publication
Context 1
... is claimed that 5G has made significant enhancement over 4 G LTE technologies in three aspects: Ultra-reliable and Low Latency Communications (URLLC), enhanced Mobile Broadband (eMBB) and massive Machine Type Communications (mMTC). To support these three aspects, both the radio system ( Figure 1 (1) and (2)) and the core network ( Figure 1 (3) and (4)) have been advanced. In the control plane of the core network ( Figure 1 (3)), several network functions are connected through the Service Based Interface (SBI). ...
Context 2
... is claimed that 5G has made significant enhancement over 4 G LTE technologies in three aspects: Ultra-reliable and Low Latency Communications (URLLC), enhanced Mobile Broadband (eMBB) and massive Machine Type Communications (mMTC). To support these three aspects, both the radio system ( Figure 1 (1) and (2)) and the core network ( Figure 1 (3) and (4)) have been advanced. In the control plane of the core network ( Figure 1 (3)), several network functions are connected through the Service Based Interface (SBI). ...
Context 3
... support these three aspects, both the radio system ( Figure 1 (1) and (2)) and the core network ( Figure 1 (3) and (4)) have been advanced. In the control plane of the core network ( Figure 1 (3)), several network functions are connected through the Service Based Interface (SBI). Among these network functions, the Access and Mobility Management Function (AMF; Figure 1 (5)) controls the User Equipment (UE; Figure 1 (1)) through the N1 interface and the Radio Access Network (RAN; Figure 1 The user data, in particular, Internet of Things (IoT) packets for mMTC [1] are delivered between the UE and the IoT server located at the external Data Network (DN; Figure 1 (7)) through the RAN and the UPF via N3, N9, and N6 interfaces. ...
Context 4
... the control plane of the core network ( Figure 1 (3)), several network functions are connected through the Service Based Interface (SBI). Among these network functions, the Access and Mobility Management Function (AMF; Figure 1 (5)) controls the User Equipment (UE; Figure 1 (1)) through the N1 interface and the Radio Access Network (RAN; Figure 1 The user data, in particular, Internet of Things (IoT) packets for mMTC [1] are delivered between the UE and the IoT server located at the external Data Network (DN; Figure 1 (7)) through the RAN and the UPF via N3, N9, and N6 interfaces. An example of IoT server is IoTtalk developed to support smart campus [2] and smart farming [3]. ...
Context 5
... the control plane of the core network ( Figure 1 (3)), several network functions are connected through the Service Based Interface (SBI). Among these network functions, the Access and Mobility Management Function (AMF; Figure 1 (5)) controls the User Equipment (UE; Figure 1 (1)) through the N1 interface and the Radio Access Network (RAN; Figure 1 The user data, in particular, Internet of Things (IoT) packets for mMTC [1] are delivered between the UE and the IoT server located at the external Data Network (DN; Figure 1 (7)) through the RAN and the UPF via N3, N9, and N6 interfaces. An example of IoT server is IoTtalk developed to support smart campus [2] and smart farming [3]. ...
Context 6
... the control plane of the core network ( Figure 1 (3)), several network functions are connected through the Service Based Interface (SBI). Among these network functions, the Access and Mobility Management Function (AMF; Figure 1 (5)) controls the User Equipment (UE; Figure 1 (1)) through the N1 interface and the Radio Access Network (RAN; Figure 1 The user data, in particular, Internet of Things (IoT) packets for mMTC [1] are delivered between the UE and the IoT server located at the external Data Network (DN; Figure 1 (7)) through the RAN and the UPF via N3, N9, and N6 interfaces. An example of IoT server is IoTtalk developed to support smart campus [2] and smart farming [3]. ...
Context 7
... process consists of two parts. A permutation cipher scheme [12] is used in the SDN controller (Figure 2 (1)) to produce a permutation cipher key. The key is sent to both SDN Switches 1 and 2. We partition the payload of the packet into n portions (codewords), and the key is used at Switch 1 to shuffle all codewords of the payload around. ...
Similar publications
Dual Connectivity (DC) is one of the key techniques
to harness the potential of heterogeneous cellular networks.
However, 3rd Generation Partnership Project (3GPP) has introduced disparate mechanisms for DC support in different
Radio Access Technologies (RATs), bringing complexity to the
network nodes in a Multi-RAT Radio Access Network (RAN).
More...
Citations
... Here, malicious nodes can copy other nodes, claim fake identities, and generate a random number of different identities only using hardware devices Lin et al. 2019). Sybil types of attacks make the system generate false reports, and that can make users get spam and lose privacy ). ...
A wireless backhaul optimization approach using a delay jitter is suggested to handle the wireless backhaul issue for 5G dynamic heterogeneous situations. First, the delay and delay jitter issues in 5G dynamic heterogeneous situations are carefully evaluated, optimization indicators are defined, and the fundamental backhaul model is further built. Then, considering the optimization action needs, include delay constraints to create better model 1; examine network overload, relax channel number allocation variables to construct improved model 2, and present a matching hierarchical method for a quick solution. The simulation results reveal that the suggested approach has improved delay jitter performance compared with three kinds of current wireless backhaul optimization algorithms.
... Here, malicious nodes can copy other nodes, claim fake identities, and generate a random number of different identities only using hardware devices Lin et al. 2019). Sybil types of attacks make the system generate false reports, and that can make users get spam and lose privacy ). ...
The use of previous generation networks like 4G was vastly used in the Internet of Things (IoT) devices. The constant need to grow and develop just so the network can fulfill the requirement of IoT devices is still going on. The exponential growth of the data services substantially challenged the security and the networks of IoT because they were run by the mobile internet requiring high bit rate, low latency, high availability, and performances within various networks. The IoT integrates several sensors and data to provide services and a communication standard. Fifth Generation Communication System (5G) enabled IoT devices to allow the seamless connectivity of billions of interconnected devices. Cellular connections have become a central part of the society that powers our daily lives. Numerous security issues have come to light because of the exponential expansion of 5G technologies and the adaptation of the slow counterpart of IoT devices. Network services without security and privacy pose a threat to the infrastructure and sometimes endanger human lives. Analyzing security threats and mitigation is a crucial and fundamental part of the IoT ecosystem. Authorization of data, confidentiality, trust, and privacy of 5G enabled IoT devices are the most challenging parts of the system. And to provide a solution to these, we need a robust system to handle cyberattacks and prevent vulnerabilities by countermeasures. This paper includes a comprehensive discussion of 5G, IoT fundamentals, the layered architecture of 5G IoT, security attacks and their mitigation, current research, and future directions for 5G enabled IoT infrastructure.
... Here, malicious nodes can copy other nodes, claim fake identities, and generate a random number of different identities only using hardware devices Lin et al. 2019). Sybil types of attacks make the system generate false reports, and that can make users get spam and lose privacy ). ...
Security of data is very important while providing communication either by the wired or wireless medium. It is a very challenging issue in the world and the wireless mobile network makes it more challenging. In a wireless mobile network, there is a cluster of self-contained, self-organized networks that form a temporarily multi-hop peer-to-peer radio network, lacking any use of the pre-determined organization. As these networks are mobile and wireless connection links are used to connect these networks through each other, many of the times these kinds of networks are accomplished of self-manage, self-define, and self-configure. Due to their dynamic nature, wireless mobile networks/systems do not have a fixed infrastructure and, due to this, it is more vulnerable to many types of hostile attacks. Different kinds of security attacks that are present in wireless mobile networks are stated in the paper with their spotting and precaution techniques. Furthermore, the paper deliberates on the various types of mobile networks along with their numerous challenges and issues. Moreover, the paper defines the need and goals of security in wireless mobile networks as well as many security attacks along with their detection or prevention methods.
... Lin et al. [87] propose a content permutation algorithm for handling IoT traffic in 5G networks. Their approach involves implementing the algorithm in P4 switches, where packet payloads are split into code words and shuffled according to a secret cipher generated at an SDN controller. ...
... In [91], a defense mechanism against cellular botnets restricts traffic to 40 requests per second. Additionally, the secret permutation implemented in [87] encodes and decodes IoT packet payloads at a line rate of 6.4 Tbps, which the authors claim to be the fastest rate reported in the literature. ...
Applications in 5G and Beyond Architectures: A Systematic Review. Sensors 2023, 23, 6955. https:// Abstract: The rapid evolution of 5G and beyond technologies has sparked an unprecedented surge in the need for networking infrastructure that can deliver high speed, minimal latency, and remarkable flexibility. The programmable data plane, which enables the dynamic reconfiguration of network functions and protocols, is becoming increasingly important in meeting these requirements. This paper provides an overview of the current state of the art in programmable data planes implemented in 5G and beyond architectures. It proposes a classification of the reviewed studies based on system architecture and specific use cases. Furthermore, the article surveys the primary applications of programmable devices in emerging telecommunication networks, such as tunneling and forwarding, network slicing, cybersecurity, and in-band telemetry. Finally, this publication summarizes the open research challenges and future directions. In addition to offering a comprehensive review of programmable data plane applications in telecommunication networks, this article aims to guide further research in this promising field for network operators and researchers alike.
... This is the author's version which has not been fully edited and content may change prior to final publication. [191]. ...
... Second, in hardware platforms such as NetFPGA, this work does not support the normal operations of modifying header fields based on hashing results since it puts hash functions in the egress of packet processing. • eCPA [191] focuses on the security of 5G core networks. ...
... Year Key Design Software NIC FPGA Switch MAC IP Transport Payload DP-Only Cryptographic hashes [187] 2019 Hash functions with cryptographic properties eCPA [191] 2019 Cryptography for 5G core networks P4-MACsec [192] 2020 Hardware-compatible MACsec for LAN sRDMA [194] 2020 Authentication and encryption for RDMA Cryptography in FPGA [195] 2020 Cryptographic functions for FPGA P4NIS [196] 2021 Authentication and encryption for MITM 214]. To detect timing channels, existing techniques propose to analyze the statistical properties of legitimate traffic IPDs and detect abnormal IPDs based on their analysis results. ...
With the growth of network applications such as 5G and artificial intelligence, network security techniques, i.e., the techniques that detect various attacks (e.g., well-known denial-of service (DDoS) attacks) and prevent production networks (e.g., data center networks) from being attacked, become increasingly essential for network management and have gained great popularity in the networking community. Generally, these techniques are built on proprietary hardware appliances, i.e., middleboxes, or the paradigm that combines both software-defined networking (SDN) and network function virtualization (NFV) to implement security functions. However, the techniques built on middleboxes are proven to be hard-to-manage, costly, and inflexible, thereby making them an out-of-date choice in network security. For the techniques built on SDN and NFV, they virtualize and softwarize security functions on commodity servers, leading to non-trivial performance degradation. Fortunately, the recent emergence of programmable switches brings new opportunities of empowering network security techniques with the characteristics of easy-tomanage, low cost, high flexibility, and Tbps-level performance. In this survey, we focus on this promising trend in network security. More precisely, this survey first presents the preliminaries of programmable switches, which are the primary driver of next-generation network security techniques. Next, we comprehensively review existing techniques built on programmable switches, classify these techniques, and discuss their background, motivation, design, implementation, and limitations case-by-case. Finally, we summarize open issues and future research directions in this promising research topic of network security.
... Security [29] Work on software-defined networking, the Internet of Things, and large machine-type communication incurred in encoding and decoding for 5G security IoT or mMTCs [30] To perform data security in 5G networks, a number of encryption algorithms and cryptanalysis techniques have been mentioned. ...
It is expected that the creation of next-generation wireless networks would result in the availability of high-speed and low-latency connectivity for every part of our life. As a result, it is important that the network is secure. The network's security environment has grown more complicated as a result of the growing number of devices and the diversity of services that 5G will provide. This is why it is important that the development of effective security solutions is carried out early. Our findings of this review have revealed the various directions that will be pursued in the development of next-generation wireless networks. Some of these include the use of Artificial Intelligence and Software Defined Mobile Networks. The threat environment for 5G networks, security weaknesses in the new technology paradigms that 5G will embrace, and provided solutions presented in the key studies in the field of 5G cyber security are all described in this systematic literature review for prospective researchers. Future research directions to protect wireless networks beyond 5G are also covered.
... However, the operation of S-BOX matrix-based cryptographic schemes is cumbersome and cannot meet the requirements of encoding and decoding data packets at line rates. Lin et al. [18,19] designed an enhanced content permutation algorithm (eCPA) with programmable switches that can ensure the confidentiality of data in the ramable data plane. eCPA can perform encoding and decoding operations of data packets at line rate. ...
Recently, the rapid development of software-defined networking (SDN) and programming protocol-independent packet processors (P4) provides a potential possibility for the deployment of Named Data Networking (NDN), which has aroused tremendous attention in academia. Existing P4-based NDN solutions mainly focus on how to describe the stateful forwarding characteristics of NDN in a programmable switch environment. However, the existing solutions still face many challenges such as cache availability and data confidentiality and do not support retransmission of interest packets and multicast forwarding of data packets. In this paper, we propose a new NDN forwarding plane based on programmable switches to address the above challenges. We design a decoupled cache module to avoid a large impact on the data plane forwarding performance when the cache function is enabled. Also, we enhance the design of the existing P4-based NDN forwarding plane to support interest retransmission and multicast forwarding of data packets. In addition, with the advantage of network programmability of P4 technology, we extend the content permutation algorithm and integrate it into the NDN forwarding plane, which makes our scheme support lightweight secure forwarding. Finally, we evaluate our scheme in the prototype system and conduct comparative experiments with representative schemes. Experiment results show that our scheme outperforms it in terms of content retrieval latency and received throughput and can support lightweight secure forwarding with low cost.
... Lin et al. [102] developed a permutation algorithm that make us of P4's ability to manipulate packets to enhance the security of 5G and IoT applications. Thanks to line-rate processing offered by the switches the performance penalties are minuscule compared to software-based solutions. ...
Software Defined Networking (SDN) marked the beginning of a new era in the field of networking by decoupling the control and forwarding processes through the OpenFlow protocol. The Next Generation SDN is defined by Open Interfaces and full programmability of the data plane. P4 is a domain specific language that fulfills these requirements and has known wide adoption over the last years from Academia and Industry. This work is an extensive survey of the P4 language covering domains of application, a detailed overview of the language and future directions.
... Spoofing Attacks [45][46][47][48][49] DDoS Attacks [6,43,46,[50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66][67] Network Verification [68][69][70][71][72][73][74][75] Privacy and Anonymity [76][77][78][79] Cryptography and Security Protocols [36,[80][81][82][83][84][85] Firewalls [15,[86][87][88][89][90][91][92] Generic Defenses [93][94][95][96][97][98][99][100] ...
... On the contrary, Chen [36] proposes a technique, namely scrambled lookup table, to implement AES encryption entirely in the data plane without controller interaction. AES In 5G/IoT networks, Lin et al. [84] propose a new secret permutation mechanism in the P4 switches to protect 5G packets. The approach is similar to [36] in the sense that it is implemented in the data plane, thus, it does not incur extra packet processing overhead and operates at line rate. ...
... The implementation of AES-128, AES-192, and AES-256 algorithms requires 10, 12, and 14 rounds, respectively, to complete. As a result, the authors in [36] leverage packet recirculation, see Fig. 2 In [84], the controller initially generates a permutation cipher key and installs it to the switches. Accordingly, the payload of the incoming packets is partitioned into codewords and shuffled using the key at the first switch (e.g., entry switch), then the second switch (e.g., exit switch) recovers the original payload. ...
The emergence of the IoT, cloud systems, data centers, and 5G networks is increasing the demand for a rapid development of new applications and protocols at all levels of the protocol stack. However, traditional fixed-function data planes have been characterized by a lengthy and costly development process at the hand of few chip manufacturers. Recently, data plane programmability has attracted significant attention, permitting network owners to run customized packet processing functions using P4, the de facto data plane programming language. Network security is one of the key research areas exploiting the capabilities of programmable switches. Examples include new encapsulations and secure tunnels implemented in short times, mitigation techniques for DDoS attacks that occur at terabit rates, customized firewalls that track hundreds of thousands of connections per second, and traffic anonymization systems that operate at line rate. Moreover, applications can be reconfigured in the field without additional hardware upgrades, facilitating the deployment of new defenses against unforeseen attacks and vulnerabilities. Furthermore, these security applications are designed by network owners who can meet their specific requirements, rather than by chip manufacturers. Despite the impressive advantages of programmable data plane switches, the literature has been missing a comprehensive survey on security applications. To this end, this paper provides a concise background on programmable switches and their main features that are relevant to security. It then presents a taxonomy that surveys, classifies, and analyzes articles related to security applications developed with P4. Additionally, the paper employs a STRIDE analysis to examine vulnerabilities related to general P4 applications (e.g., congestion control, load balancing, in-network cache) and proposes plausible remediation approaches. Furthermore, challenges associated with programmable data planes, the impact of these challenges on security implementations, and schemes to eliminate or mitigate them are discussed. Finally, the paper discusses future endeavors and open research problems. Keywords: P4 language, programmable data plane, P4 security applications and implications, STRIDE model, challenges and solutions in P4.
... The results confirm that the P4 switch performs far better than other approaches. Apart from the UPF implementation, complex algorithms such as enhanced content permutation algorithm [26] can be executed on the Tofino switch to encode/decode up to 6.4 Tb/sec to protect the 5G packets. ...
This paper focuses on hybrid pipeline designs for User Plane Function and next-generation NodeB leveraging target-specific features and an insightful discussion of P4 and target challenges and limitations. The entire or disaggregated UPF runs on P4 targets and allocates packet processing data paths in P4 hardware or DPDK/x86 software based on flow characteristics (e.g., heavy hitters) and QoS requirements (e.g., low-latency slices). For the hybrid gNodeB, most packet processing is executed in commodity Tofino hardware, while unsupported functions such as Automatic Repeat Request and cryptography are performed in DPDK/x86. We show that our hybrid UPF improves the scalability by 18× and reduces latency up to 50%. The results also suggest that careful traffic allocation to pipeline targets is required to optimize each target's strength and avoid processing delays. Finally, we demonstrate a QoS-oriented application of the hybrid UPF and present gNodeB buffer service benchmarks.
