Trusted Execution Environment-enabled platform for 5G security and privacy enhancement

Chapter on Springer Book: Security and Privacy Preserving for IoT and 5G Networks – 10 Oct. 2021

  • Abstract:With the deployment of 5G networks and the beginning of the design of beyond 5G communications, new critical requirements are emerging in terms of performance, security, and trust for leveraged technologies, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV). One of the requirements at the security and trust level is that when delegating critical tasks and data to the infrastructure deployed in an external domain, the client needs guarantees that the execution has been carried out securely, without data breaches or compromises during computing tasks. for useful insights to this work from 5GZORRO Consortium.
  • Authors: José María Jorquera Valero, Pedro Miguel Sánchez Sánchez, Manuel Gil Pérez, Alberto Huertas Celdrán, Gregorio Martínez Pérez – Universidad de Murcia

Design of a Security and Trust Framework for 5G Multi‑domain Scenarios

  • Abstract: A 5GZORRO Article published in the prestigious Journal of Network and Systems Management (#JNSM) Springer – Volume 30, issue 1, January 2022: ‘Design of a security and trust framework for 5G multi-domain scenarios’ In 5G-enabled scenarios, adversaries can exploit vulnerabilities associated with resource sharing to perform lateral movements targeting other tenant resources, as well as to disturb the 5G services ofered or even the infrastructure resources. Moreover, existing security and trust models are not adequate to react to the dynamicity of the 5G infrastructure threats nor to the multi-tenancy security risks.5GZORRO proposes in this work a new security and trust framework for 5G multi-domain scenarios. To motivate its application, we detail a threat model covering multi-tenant scenarios in an underlying 5G network infrastructure. We also propose diferent ways to mitigate these threats by increasing the security and trust levels using network security monitoring, threat investigation, and end-to-end trust establishments.The framework is applied in a realistic use case of 5GZORRO- H2020 project, which envisions a multi-tenant environment where domain owners share resources at will.
  • Authors: José María Jorquera Valero, Pedro Miguel Sánchez Sánchez, Manuel Gil Pérez, Alberto Huertas Celdrán, Gregorio Martínez Pérez – Universidad de Murcia; Javier Fernandez Hidalgo, M. Shuaib Siddiqui – i2CAT; Alexios Lekidis – Intracom-Telecom.

Toward True Cloud Native NFV MANO

  • Abstract: The telecommunication industry is making a major shift towards cloud native Network Functions Virtualization. However, being cloud native implies more than just replacing Virtual Machines with containers. The cloud native approach changes the way virtual network functions are being composed, deployed, and configured as network services and how these services are being orchestrated and managed at run time.
  • Authors: David Breitgand, Vadim Eisenberg, Nir Naaman, Nir Rozenbaum, Avi Weit IBM Research – Haifa, Israel

5G Ecosystems 2021

  • Abstract:Europe is investing significant resources in research and technology development of 5G networks through the 5G Private Public Partnership (5G PPP). In addition to various scientific and technological topics, the effort focuses on societal and business challenges creating value with 5G networks. 5GZORRO has contributed to this white paper on that discusses 5G ecosystems as a prerequisite for value creation for and by the engaged stakeholders and return of investment as a potential award for the engagement.
  • Related Info:  paper can be read here 
  • Authors: Sergi Figuerola, Eunice Ribeiro – i2CAT

AI and ML –Enablers for Beyond 5G Networks

  • Abstract: 5GZORRO has contributed to this white paper on AI/ML as enablers of 5G and B5G networks. The white paper is based on contributions from 5G PPP projects that research, implement and validate 5G and B5G network systems. The white paper discusses the application of AI/ML in the 5G network architecture. In this context is identifies solutions pertaining to AI-based autonomous slice management, control and orchestration, AI/ML-based scaling operations in network service orchestration, AI/ML as a Service in network management and orchestration, enablement of ML for the verticals’ domain, cross-layer optimization, management analytics in general, 3rd party ML analytics for network operation optimization in particular, anomaly detection using AI/ML. In the context of architecture it discusses the requirements for ML model lifecycle and interface management. Furthermore it investigates the global efforts for the enablement of AI/ML in networks, including the network data analytics function, the lack of availability of data-sets for training the AI/ML models and the associated privacy concerns. Finally, it identifies the challenges in view of trust in AI/ML-based networks and potential solutions such as the zero-trust management approach. The section concludes with a brief overview of AI/ML-based KPI validation and system troubleshooting.
  • Authors:Alexios Lekidis (ICOM) Rasoul Behravesh (FBK), Tejas Subramanya (FBK), Pedro Miguel Sánchez Sánchez (UMU), José María Jorquera Valero (UMU), Alberto Huertas Celdrán (UMU), Manuel Gil Pérez (UMU), Gregorio Martínez Pérez (UMU), Gino Carrozzo (NXW)

Multi-Party Collaboration in 5G Networks via DLT-Enabled Marketplaces: A Pragmatic Approach

  • Abstract: To fully cope with the requirements of innovative 5G use cases, evolving business models and flexible networking scenarios spanning multiple administrative domains are envisioned. In this context, transparent and trusted frameworks that enable network service providers and infrastructure providers to advertise, negotiate, and acquire, in real-time, 5G resources and services, distributed over various geographical areas, are extremely valuable. To address this goal, emerging Distributed Ledger Technologies (DLTs) arise as well-suited solutions to ensure distributed security and trust, as well as effective and agile transaction management across the various parties involved in the 5G service chain implementation. Following this vision, this paper presents the design of a DLT-enabled Marketplace aimed to foster the secure trading of heterogeneous resources in dynamic 5G ecosystems.
  • Authors: Fundació i2CAT, Spain; Nextworks, Italy; BARTR Group, UK; Altice Labs, Portugal; University of Murcia, Spain; Telefonica, Spain.

Blockchain-Based Zero Touch Service Assurance in Cross-Domain Network Slicing

  • Abstract: 5G infrastructure can be optimised through the inclusion of resource sharing schemes within Network Function Virtualisation (NFV) ecosystems and extended capabilities of network slicing services (reducing the costs for operators to scale up their network coverage). In such environments, marketplaces are formed to facilitate the exchange of NFV services across administrative domains, which may, however, belong to untrusted and unreliable entities. In this work, we propose a novel zero-touch approach for cross-domain network slicing service assurance, using enterprise blockchain technologies and employing an AI-driven closed-loop automation architecture. Our approach is based on the lifecycle management of Service Level Agreements (SLAs) using smart contracts – from service negotiation to service binding, monitoring, reconfiguration, and decommissioning.
  • Authors: Intracom Telecom, Greece; IBM I, Israel; Fundació i2CAT, Spain; Ubiwhere, Portugal; Fondazione Bruno Kessler, Italy; BARTR, UK.

Zero-Touch AIOps in Multi-Operator 5G Networks

  • Abstract: Automation and intelligence are key functionalities for implementing smart network management decisions in 5G/6G softwarised networks. In this work, we present the 5GZORRO approach for applying Artificial Intelligence to network operations (AIOps). The goal of the 5GZORRO AIOps is to implement truly zero-touch automation of operation and maintenance tasks in the specific context of multi-operator networks. The approach goes beyond the current state of the art of single domain 5G networks and paves the way to an evolution of Network management from 5G towards 6G. In this paper, we shortly cover the motivation, explain the technology, and show how heavily it relies on secure, reliable, and intelligent data collection, aggregation and processing. We put forward our assessment of domain specific requirements and challenges and introduce 5GZORRO Operational Data Lake, one of the major innovations towards fully automated multi-operator networks required for smooth progression into 6G.
  • Authors:Katherine Barabash,David Breitgand, Gino Carrozzo, Dean Lorenz,Kalman Meth, Shuaib M. Siddiqui5G-ZORRO Project

Overview of the Security and Trust Mechanisms in the 5GZORRO Project

  • Abstract: In these scenarios, the automated management of the services with minimal human intervention, also known as zero-touch management, is a pivotal requirement to ensure a proper functioningand to enable real-time responses to possible incidents or scalability needs. Nonetheless, these new scenarios and requirements also introduce new security risks that entail a complex threat landscape for beyond 5G networks. Hence, zero-touch management demands new solutions capable of securely controlling network resources into end-to-end scenarios distributed in multiple domains. In this vein, several challenges arise and need to be addressed, such as integrity, non-repudiation, confidentiality, security, and trust. Therefore, the H2020 5GZORRO project proposes new security and trust solutions for multi-domain and multi-stakeholder scenarios in 5G and beyond networks. To deal with the utmost importance security and trust challenges, we introduce different modules to mitigate them, namely, integrity and non-repudiation through Distributed Ledger Technologies, decentralized identity through an Identity and Permission Manager, end-to-end trustworthy relationships via a Trust ManagementFramework, secure workloads across different tenants and stakeholders via Trusted Execution Environment Security Management, detection and response to internal vulnerabilities and attacks via Network Monitoring, and on-demand secure cross-domain connections via VPN-as-a-Service. Therefore, the built security and trust 5GZORRO mechanisms form a secure environment with zero-touch automation capabilities, minimizing human interventionIn the evolution from 5G to beyond 5G networks, new business models are emerging where multi-domain and multistakeholder scenarios will play a paramount role as enablers.
  • Authors: José M. Jorquera Valero and Pedro Miguel Sánchez Sánchez (University of Murcia, Spain); Alexios Lekidis (Intracom Telecom, Greece); James Taylor (Bartr Group, United Kingdom (Great Britain)); Javier Fernandez Hidalgo and Adriana Fernández-Fernández (Fundació i2CAT, Internet i Innovació Digital a Catalunya, Spain); Paulo Chainho and Bruno Santos (Altice Labs, Portugal); Jean-Marie Mifsud and Antoine Sciberras (Malta Communications Authority, Malta); Muhammad Shuaib Siddiqui (Fundació i2CAT, Internet i Innovació Digital a Catalunya, Spain); Manuel Gil Pérez, Alberto Huertas Celdrán and Gregorio Martinez Perez (University of Murcia, Spain)

Smart Contracts in the 5G Roaming Architecture: The Fusion of Blockchain with 5G Networks

  • Abstract: The roll-out of the fifth generation of cellular network (5G) technology has generated a new surge of interest in the potential of blockchain to automate various use cases involving cellular networks. 5G is indeed expected to offer new market opportunities for small and large enterprises alike. In this article, we introduce a new roaming network architecture for 5G based on a permissioned blockchain platform with smart contracts. The proposed solution improves the visibility for mobile network operators of their subscribers’ activities in the visited network, as well as enabling quick payment reconciliation and reducing fraudulent transactions. The paper further reports on the methodology and architecture of the proposed blockchain-based roaming solution using the Hyperledger platform.This work has been performed within the EU’s H2020 projects 5G-CARMEN (825012), and 5G-ZORRO (871533) and funded through a collaborative program between the University of Bologna and the Fondazione Bruno Kessler.
  • Authors: Babak Mafakheri, University of Bologna, Fondazione Bruno Kessler; Andreas Heider-Aviet, Deutsche Telekom 5G Program; Roberto Riggio, RISE Research Institutes of Sweden AB (former I2CAT); Leonardo Goratti, Safran Passenger Innovations GmbH.

Edge Computing for 5G Networks

  • Abstract: This whitepaper presents a rationale on why and how 5G can benefit from Edge Computing; a review on how 5GPPP projects have been using and enhancing Edge Computing for 5G and beyond systems. The 5G PPP Initiative and the 5GIA are happy to present a new white paper entitled “Edge Computing for 5G Networks”. This white paper provides a) a brief introduction to the Edge computing concept, b) an exhaustive technology review focusing on virtualisation, orchestration, network control, and operational frameworks, c) a discussion about the role of security, and d) an analysis of several business aspects around the Edge ecosystem. Moreover, the white paper provides an in-depth analysis of Edge solutions that have been selected, deployed and validated by 17 different EU funded 5G PPP projects. Read the 5GZORRO contribution.
  • Authors: David Breitgand (IBM), Gino Carrozzo(NXW)

Centralized and Federated Learning for Predictive VNF Autoscaling in Multi-domain 5G Networks and Beyond

  • Abstract: Network Function Virtualization (NFV) and Multi-access Edge Computing (MEC) are two technologies expected to play a vital role in 5G and beyond networks. However, adequate mechanisms are required to meet the dynamically changing network service demands to utilize the network resources optimally and also to satisfy the demanding QoS requirements. Particularly in multi-domain scenarios, the additional challenge of isolation and data privacy among domains needs to be tackled. To this end, centralized and distributed Artificial Intelligence (AI)-driven resource orchestration techniques (e.g., virtual network function (VNF) autoscaling) are foreseen as the main enabler. In this work, we propose deep learning models, both centralized and federated approaches, that can perform horizontal and vertical autoscaling in multi-domain networks.
  • Authors: Tejas Subramanya (Nokia Bell Labs); Roberto Riggio (I2CAT)

AI-driven Zero-touch Operations, Security and Trust in Multi-operator 5G Networks: a Conceptual Architecture

  • Abstract: The 5G network solutions currently standardised and deployed do not yet enable the full potential of pervasive networking and computing envisioned in 5G initial visions: network services and slices with different QoS profiles do not span multiple operators; security, trust and automation is limited. The evolution of 5G towards a truly production-level stage needs to heavily rely on automated end-to-end network operations, use of distributed Artificial Intelligence (AI) for cognitive network orchestration and management and minimal manual interventions (zero-touch automation). All these elements are key to implement highly pervasive network infrastructures. Moreover, Distributed Ledger Technologies (DLT) can be adopted to implement distributed security and trust through Smart Contracts among multiple non-trusted parties. In this paper, we propose an initial concept of a zero-touch security and trust architecture for ubiquitous computing and connectivity in 5G networks. Our architecture aims at cross-domain security & trust orchestration mechanisms by coupling DLTs with AI-driven operations and service lifecycle automation in multi-tenant and multi-stakeholder environments. Three representative use cases are identified through which we will validate the work which will be validated in the test facilities at 5GBarcelona and 5TONIC/Madrid.
  • Authors: Gino Carrozzo (Nextworks); M. Shuaib Siddiqui (I2CAT); August Betzler (I2CAT); José Bonnet (Altice Labs); Gregorio Martinez Perez (Univ. Murcia); Aurora Ramos (ATOS); Tejas Subramanya (Fondazione Bruno Kessler)

Adaptive ML-based Frame Length Optimisation in Enterprise SD-WLANs

  • Abstract: Software-Defned Networking (SDN) is gaining a lot of traction in wireless systems with several practical implementations and numerous proposals being made. Despite instigating a shift from monolithic network architectures towards more modulated operations, automated network management requires the ability to extract, utilise and improve knowledge over time.Machine Learning (ML) is evolving from a simple tool applied in networking to an active component in what is known as Knowledge-Defned Networking (KDN). This work discusses the inclusion of ML techniques in the specifc case of Software-Defned Wireless Local Area Networks (SD-WLANs), paying particular attention to the frame length optimization problem.This work proposes an adaptive MLbased approach for frame size selection on a per-user basis by taking into account both specifc channel conditions and global performance indicators. The approach has been gauged by analysing a multitude of scenarios, with the results showing an average improvement of 18.36% in goodput over standard aggregation mechanisms.
  • Authors: Estefanía Coronado (Fondazione Bruno Kessler); Abin Thomas (FBK); Roberto Riggio (former FBK)

aiOS: An Intelligence Layer for SD-WLANs

  • Abstract: Software-Defined Networking (SDN) promises to deliver a more manageable network whose behaviour could be easily changed using applications written in high-level declarative languages running on top of a logically centralized control plane resulting, on the one hand, in the mushrooming of complex point solutions to very specific problems and, on the other hand, in the creation of a multitude of network configuration options. This fact is especially true for 802.11-based Software-Defined WLANs (SD-WLANs). It is our standpoint that to tame this increase in complexity, future SD-WLANs must follow an Artificial Intelligence (AI) native approach.This paper presents aiOS, an AI-based Operating System for SD-WLANs. The aiOS is used to implement several Machine Learning (ML) models for user-adaptive frame length selection in SD-WLANs.An extensive performance evaluation carried out on a real-world testbed shows that this approach improves the aggregated network throughput by up to 55%. The entire implementation is released including the controller, the ML models, and the programmable data-path under a permissive license for academic use.
  • Related Info: paper can be read here 
  • Authors: Estefanía Coronado (Fondazione Bruno Kessler); Abin Thomas (FBK); Suzan Bayhan (FKB); Roberto Riggio (former FBK)