-
Quarantining Malicious IoT Devices in Intelligent Sliced Mobile Networks
Authors:
David Candal-Ventureira,
Pablo Fondo-Ferreiro,
Felipe Gil-Castiñeira,
Francisco Javier González-Castaño
Abstract:
The unstoppable adoption of the Internet of Things (IoT) is driven by the deployment of new services that require continuous capture of information from huge populations of sensors, or actuating over a myriad of "smart" objects. Accordingly, next generation networks are being designed to support such massive numbers of devices and connections. For example, the 3rd Generation Partnership Project (3…
▽ More
The unstoppable adoption of the Internet of Things (IoT) is driven by the deployment of new services that require continuous capture of information from huge populations of sensors, or actuating over a myriad of "smart" objects. Accordingly, next generation networks are being designed to support such massive numbers of devices and connections. For example, the 3rd Generation Partnership Project (3GPP) is designing the different 5G releases specifically with IoT in mind. Nevertheless, from a security perspective this scenario is a potential nightmare: the attack surface becomes wider and many IoT nodes do not have enough resources to support advanced security protocols. In fact, security is rarely a priority in their design. Thus, including network-level mechanisms for preventing attacks from malware-infected IoT devices is mandatory to avert further damage. In this paper, we propose a novel Software-Defined Networking (SDN)-based architecture to identify suspicious nodes in 4G or 5G networks and redirect their traffic to a secondary network slice where traffic is analyzed in depth before allowing it reaching its destination. The architecture can be easily integrated in any existing deployment due to its interoperability. By following this approach, we can detect potential threats at an early stage and limit the damage by Distributed Denial of Service (DDoS) attacks originated in IoT devices.
△ Less
Submitted 28 March, 2024;
originally announced March 2024.
-
Latency Reduction in Vehicular Sensing Applications by Dynamic 5G User Plane Function Allocation with Session Continuity
Authors:
Pablo Fondo-Ferreiro,
David Candal-Ventureira,
Francisco Javier González-Castaño,
Felipe Gil-Castiñeira
Abstract:
Vehicle automation is driving the integration of advanced sensors and new applications that demand high-quality information, such as collaborative sensing for enhanced situational awareness. In this work, we considered a vehicular sensing scenario supported by 5G communications, in which vehicle sensor data need to be sent to edge computing resources with stringent latency constraints. To ensure l…
▽ More
Vehicle automation is driving the integration of advanced sensors and new applications that demand high-quality information, such as collaborative sensing for enhanced situational awareness. In this work, we considered a vehicular sensing scenario supported by 5G communications, in which vehicle sensor data need to be sent to edge computing resources with stringent latency constraints. To ensure low latency with the resources available, we propose an optimization framework that deploys User Plane Functions (UPFs) dynamically at the edge to minimize the number of network hops between the vehicles and them. The proposed framework relies on a practical Software-Defined-Networking (SDN)-based mechanism that allows seamless re-assignment of vehicles to UPFs while maintaining session and service continuity. We propose and evaluate different UPF allocation algorithms that reduce communications latency compared to static, random, and centralized deployment baselines. Our results demonstrated that the dynamic allocation of UPFs can support latency-critical applications that would be unfeasible otherwise.
△ Less
Submitted 28 March, 2024;
originally announced March 2024.
-
Is the edge really necessary for drone computing offloading? An experimental assessment in carrier-grade 5G operator networks
Authors:
David Candal-Ventureira,
Francisco Javier González-Castaño,
Felipe Gil-Castiñeira,
Pablo Fondo-Ferreiro
Abstract:
In this article, we evaluate the first experience of computation offloading from drones to real fifth-generation (5G) operator systems, including commercial and private carrier-grade 5G networks. A follow-me drone service was implemented as a representative testbed of remote video analytics. In this application, an image of a person from a drone camera is processed at the edge, and image tracking…
▽ More
In this article, we evaluate the first experience of computation offloading from drones to real fifth-generation (5G) operator systems, including commercial and private carrier-grade 5G networks. A follow-me drone service was implemented as a representative testbed of remote video analytics. In this application, an image of a person from a drone camera is processed at the edge, and image tracking displacements are translated into positioning commands that are sent back to the drone, so that the drone keeps the camera focused on the person at all times. The application is characterised to identify the processing and communication contributions to service delay. Then, we evaluate the latency of the application in a real non standalone 5G operator network, a standalone carrier-grade 5G private network, and, to compare these results with previous research, a Wi-Fi wireless local area network. We considered both multi-access edge computing (MEC) and cloud offloading scenarios. Onboard computing was also evaluated to assess the trade-offs with task offloading. The results determine the network configurations that are feasible for the follow-me application use case depending on the mobility of the end user, and to what extent MEC is advantageous over a state-of-the-art cloud service.
△ Less
Submitted 28 March, 2024;
originally announced March 2024.
-
Coordinated Allocation of Radio Resources to Wi-Fi and Cellular Technologies in Shared Unlicensed Frequencies
Authors:
David Candal-Ventureira,
Francisco Javier González-Castaño,
Felipe Gil-Castiñeira,
Pablo Fondo-Ferreiro
Abstract:
Wireless connectivity is essential for industrial production processes and workflow management. Moreover, the connectivity requirements of industrial devices, which are usually long-term investments, are diverse and require different radio interfaces. In this regard, the 3GPP has studied how to support heterogeneous radio access technologies (RATs) such as Wi-Fi and unlicensed cellular technologie…
▽ More
Wireless connectivity is essential for industrial production processes and workflow management. Moreover, the connectivity requirements of industrial devices, which are usually long-term investments, are diverse and require different radio interfaces. In this regard, the 3GPP has studied how to support heterogeneous radio access technologies (RATs) such as Wi-Fi and unlicensed cellular technologies in 5G core networks. In some cases, these technologies coexist in the same spectrum. Dynamic spectrum sharing (DSS), which has already been proven to increase spectrum efficiency in licensed bands, can also be applied to this scenario. In this paper, we propose two solutions for mobile network operators (MNOs) or service providers to dynamically divide (multiplex) the radio resources of a shared channel between a Wi-Fi basic service set (BSS) and one or several carriers of scheduled wireless networks, such as cellular technologies, with a configurable level of sharing granularity. These solutions do not require modifications to the current commercial off-the-shelf (COTS) end devices. We adapt the existing IEEE 802.11 procedures to notify the Wi-Fi stations that they must share channels with different access networks. We demonstrate that our dynamic sharing proposals are also advantageous over direct coexistence and evaluate each of them quantitatively and qualitatively to determine when one or the other is preferable. The evaluation is particularized for IEEE 802.11ac and long-term evolution (LTE) license assisted access (LAA), but the solutions can be easily extended to 5G new radio-unlicensed (5G NR-U) or to any other wireless technology in which the network side schedules end device transmissions.
△ Less
Submitted 28 March, 2024;
originally announced March 2024.
-
A Software-Defined Networking Solution for Interconnecting Network Functions in Service-Based Architectures
Authors:
Pablo Fondo-Ferreiro,
Felipe Gil-Castiñeira,
Francisco Javier González-Castaño,
David Candal-Ventureira
Abstract:
Mobile core networks handle critical control functions for delivering services in modern cellular networks. Traditional point-to-point architectures, where network functions are directly connected through standardized interfaces, are being substituted by service-based architectures (SBAs), where core functionalities are finer-grained microservices decoupled from the underlying infrastructure. In t…
▽ More
Mobile core networks handle critical control functions for delivering services in modern cellular networks. Traditional point-to-point architectures, where network functions are directly connected through standardized interfaces, are being substituted by service-based architectures (SBAs), where core functionalities are finer-grained microservices decoupled from the underlying infrastructure. In this way, network functions and services can be distributed, with scaling and fail-over mechanisms, and can be dynamically deployed, updated, or removed to support slicing. A myriad of network functions can be deployed or removed according to traffic flows, thereby increasing the complexity of connection management. In this context, 3GPP Release 16 defines the service communication proxy (SCP) as a unified communication interface for a set of network functions. In this paper, we propose a novel software-defined networking (SDN)-based solution with the same role for a service mesh architecture where network functions can be deployed anywhere in the infrastructure. We demonstrated its efficiency in comparison with alternative architectures.
△ Less
Submitted 28 March, 2024;
originally announced March 2024.
-
Efficient Anchor Point Deployment for Low Latency Connectivity in MEC-Assisted C-V2X Scenarios
Authors:
Pablo Fondo-Ferreiro,
Felipe Gil-Castiñeira,
Francisco Javier González-Castaño,
David Candal-Ventureira,
Jonathan Rodriguez,
Antonio J. Morgado,
Shahid Mumtaz
Abstract:
Next-generation cellular networks will play a key role in the evolution of different vertical industries. Low latency will be a major requirement in many related uses cases. This requirement is specially challenging in scenarios with high mobility of end devices, such as vehicular communications. The Multi-Access Edge Computing (MEC) paradigm seeks to satisfy it. In this article we propose the dyn…
▽ More
Next-generation cellular networks will play a key role in the evolution of different vertical industries. Low latency will be a major requirement in many related uses cases. This requirement is specially challenging in scenarios with high mobility of end devices, such as vehicular communications. The Multi-Access Edge Computing (MEC) paradigm seeks to satisfy it. In this article we propose the dynamic deployment of anchor point network functions at edge locations and the assignment of terminals to these anchor points with the joint objective of minimizing communications latency and reducing network overhead. We formally define the problem as a multi-objective optimization and also propose a novel heuristic greedy algorithm for approximating the solution. This algorithm compares favorably with baseline and state-of-the-art strategies for latency minimization while reducing the overhead caused by network reconfigurations.
△ Less
Submitted 28 March, 2024;
originally announced March 2024.
-
Fast Decision Algorithms for Efficient Access Point Assignment in SDN-Controlled Wireless Access Networks
Authors:
Pablo Fondo-Ferreiro,
Saber Mhiri,
Cristina López-Bravo,
Francisco Javier González-Castaño,
Felipe Gil-Castiñeira
Abstract:
Global optimization of access point (AP) assignment to user terminals requires efficient monitoring of user behavior, fast decision algorithms, efficient control signaling, and fast AP reassignment mechanisms. In this scenario, software defined networking (SDN) technology may be suitable for network monitoring, signaling, and control. We recently proposed embedding virtual switches in user termina…
▽ More
Global optimization of access point (AP) assignment to user terminals requires efficient monitoring of user behavior, fast decision algorithms, efficient control signaling, and fast AP reassignment mechanisms. In this scenario, software defined networking (SDN) technology may be suitable for network monitoring, signaling, and control. We recently proposed embedding virtual switches in user terminals for direct management by an SDN controller, further contributing to SDN-oriented access network optimization. However, since users may restrict terminal-side traffic monitoring for privacy reasons (a common assumption by previous authors), we infer user traffic classes at the APs. On the other hand, since handovers will be more frequent in dense small-cell networks (e.g., mmWave-based 5G deployments will require dense network topologies with inter-site distances of ~150-200 m), the delay to take assignment decisions should be minimal. To this end, we propose taking fast decisions based exclusively on extremely simple network-side application flow-type predictions based on past user behavior. Using real data we show that a centralized allocation algorithm based on those predictions achieves network utilization levels that approximate those of optimal allocations. We also test a distributed version of this algorithm. Finally, we quantify the elapsed time since a user traffic event takes place until its terminal is assigned an AP, when needed.
△ Less
Submitted 27 March, 2024;
originally announced March 2024.
-
A Software-Defined Networking Solution for Transparent Session and Service Continuity in Dynamic Multi-Access Edge Computing
Authors:
Pablo Fondo-Ferreiro,
Felipe Gil-Castiñeira,
Francisco Javier González-Castaño,
David Candal-Ventureira
Abstract:
Multi-Access Edge Computing (MEC) will allow implementing low-latency services that have been unfeasible so far. The European Telecommunications Standards Institute (ETSI) and the 3rd Generation Partnership Project (3GPP) are working towards the standardization of MEC in 5G networks and the corresponding solutions for routing user traffic to applications in local area networks. Nevertheless, there…
▽ More
Multi-Access Edge Computing (MEC) will allow implementing low-latency services that have been unfeasible so far. The European Telecommunications Standards Institute (ETSI) and the 3rd Generation Partnership Project (3GPP) are working towards the standardization of MEC in 5G networks and the corresponding solutions for routing user traffic to applications in local area networks. Nevertheless, there are neither practical implementations for dynamically relocating applications from the core to a MEC host nor from one MEC host to another ensuring service continuity. In this paper we propose a solution based on Software-Defined Networking (SDN) to create a new instance of the IP anchor point to dynamically redirect User Equipment (UE) traffic to a new physical location (e.g. an edge infrastructure). We also present a novel approach that leverages SDN to replicate the previous context of the connection in the new instance of the IP anchor point, thus guaranteeing Session and Service Continuity (SSC), and compare it with alternative state replication strategies. This approach can be used to implement edge services in 4G or 5G networks.
△ Less
Submitted 13 June, 2021; v1 submitted 3 September, 2020;
originally announced September 2020.