Security Orchestration and Enforcement in NFV/SDN-Aware UAV Deployments

Software Defined Network (SDN) and Network Function Virtualization (NFV) are bringing many advantages to optimize and automatize security management at the network edge, enabling the deployment of virtual network security functions (VSFs) in MEC nodes, to strengthen the end-to-end security in IoT environments. The benefits could exploit in mobile MEC nodes on-boarded in Unmanned Aerial Vehicles (UAV), as the UAVs would carry on-demand VSFs to particular physical locations. To that aim, this paper proposes a novel NFV/SDN-based zero-touch security management framework for automatic orchestration, configuration and deployment of lightweight VSF in MEC-UAVs, that considers diverse contextual factors, related to both physical and virtual conditions, to optimize the security orchestration. Our solution aims to deploy on-demand VSFs, such as virtual Firewalls (vFirewalls), vProxies, vIDS (Intrusion Detection Systems) and vAAA, to assist during emerging situations in particular physical locations, protecting and optimizing the managed IoT network, as well as replacing or supporting compromised physical devices like IoT gateways. The proposed solution has been implemented, deployed and evaluated in a real testbed with real drones, showing its feasibility and performance.

[1]  Iván Vidal,et al.  Adaptable and Automated Small UAV Deployments via Virtualization , 2018, Sensors.

[2]  Basil S. Maglaris,et al.  Mitigation of Multi-vector Network Attacks via Orchestration of Distributed Rule Placement , 2019, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[3]  Ahmed Meddahi,et al.  SecMANO: Towards Network Functions Virtualization (NFV) Based Security MANagement and Orchestration , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[4]  Xavier Hesselbach,et al.  An NFV-Based Energy Scheduling Algorithm for a 5G Enabled Fleet of Programmable Unmanned Aerial Vehicles , 2019, Wirel. Commun. Mob. Comput..

[5]  Ricard Vilalta,et al.  Control and Management of a Connected Car Using SDN/NFV, Fog Computing and YANG data models , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[6]  Tarik Taleb,et al.  A Service-Based Architecture for Enabling UAV Enhanced Network Services , 2020, IEEE Network.

[7]  Ewen Denney,et al.  A programmable SDN+NFV-based architecture for UAV telemetry monitoring , 2017, 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[8]  Atef Ibrahim,et al.  Softwarization of UAV Networks: A Survey of Applications and Future Trends , 2020, IEEE Access.

[9]  Antonio Iera,et al.  OpenFlow over wireless networks: Performance analysis , 2014, 2014 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting.

[10]  Francisco Valera,et al.  Transport-Layer Limitations for NFV Orchestration in Resource-Constrained Aerial Networks , 2019, Sensors.

[11]  Antonio Skarmeta,et al.  Virtual IoT HoneyNets to Mitigate Cyberattacks in SDN/NFV-Enabled IoT Networks , 2020, IEEE Journal on Selected Areas in Communications.

[12]  Bernhard Rinner,et al.  Drone networks: Communications, coordination, and sensing , 2018, Ad Hoc Networks.

[13]  Wan Haslina Hassan,et al.  Current research on Internet of Things (IoT) security: A survey , 2019, Comput. Networks.

[14]  Tarik Taleb,et al.  Assessing Lightweight Virtualization for Security-as-a-Service at the Network Edge , 2019, IEICE Trans. Commun..

[15]  Antonio Skarmeta,et al.  Security Management Architecture for NFV/SDN-Aware IoT Systems , 2019, IEEE Internet of Things Journal.

[16]  Vivek Kulkarni,et al.  SEMIoTICS Architectural Framework: End-to-end Security, Connectivity and Interoperability for Industrial IoT , 2019, 2019 Global IoT Summit (GIoTS).

[17]  Mats Björkman,et al.  FIREWORK : Fog orchestration for secure IoT networks , 2019 .

[18]  Mohsen Guizani,et al.  Unmanned Aerial Vehicles (UAVs): A Survey on Civil Applications and Key Research Challenges , 2018, IEEE Access.

[19]  Antonio F. Gómez-Skarmeta,et al.  Enabling Virtual AAA Management in SDN-Based IoT Networks † , 2019, Sensors.

[20]  Jiannong Cao,et al.  Providing flexible services for heterogeneous vehicles: an NFV-based approach , 2016, IEEE Network.

[21]  Tarik Taleb,et al.  On Multi-Access Edge Computing: A Survey of the Emerging 5G Network Edge Cloud Architecture and Orchestration , 2017, IEEE Communications Surveys & Tutorials.

[22]  Fadi Al-Turjman,et al.  UAVs assessment in software-defined IoT networks: An overview , 2020, Comput. Commun..

[23]  Antonio F. Gómez-Skarmeta,et al.  Enhancing IoT security through network softwarization and virtual security appliances , 2018, Int. J. Netw. Manag..