Security for Future Software Defined Mobile Networks

5G constitutes the next revolution in mobile communications. It is expected to deliver ultra-fast, ultra-reliable network access supporting a massive increase of data traffic and connected nodes. Different technologies are emerging to address the requirements of future mobile networks, such as Software Defined Networking (SDN), Network Function Virtualization (NFV) and cloud computing concepts. In this paper, we introduce the security challenges these new technologies are facing, inherent to the new telecommunication paradigm. We also present a multitier approach to secure Software Defined Mobile Network (SDMN) by tackling security at different levels to protect the network itself and its users. First, we secure the communication channels between network elements by leveraging Host Identity Protocol (HIP) and IPSec tunnelling. Then, we restrict the unwanted access to the mobile backhaul network with policy based communications. It also protects the backhaul devices from source address spoofing and Denial of Service (DoS) attacks. Finally, we leverage Software Defined Monitoring (SDM) and data collection to detect, prevent and react to security threats.

[1]  Abdallah Shami,et al.  NFV: state of the art, challenges, and implementation in next generation mobile networks (vEPC) , 2014, IEEE Network.

[2]  Mathieu Bouet,et al.  DISCO: Distributed multi-domain SDN controllers , 2013, 2014 IEEE Network Operations and Management Symposium (NOMS).

[3]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[4]  Wissam Mallouli,et al.  Software Defined Mobile Networks (SDMN): Beyond LTE Network Architecture , 2015 .

[5]  Andrei Gurtov,et al.  Software Defined Mobile Networks - SDMN: Beyond LTE Network Architecture , 2015 .

[6]  Gail-Joon Ahn,et al.  FLOWGUARD: building robust firewalls for software-defined networks , 2014, HotSDN.

[7]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[8]  Russell J. Clark,et al.  Resonance: dynamic access control for enterprise networks , 2009, WREN '09.

[9]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[10]  Andrei Gurtov,et al.  IP-Based Virtual Private Network Implementations in Future Cellular Networks , 2014 .

[11]  Andrei Gurtov,et al.  A Case Study on Security Issues in LTE Backhaul and Core Networks , 2014 .

[12]  Pontus Sköldström,et al.  Scalable fault management for OpenFlow , 2012, 2012 IEEE International Conference on Communications (ICC).

[13]  Jan Korenek,et al.  Software Defined Monitoring of application protocols , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[14]  Sasu Tarkoma,et al.  Software defined networking for security enhancement in wireless mobile networks , 2014, Comput. Networks.

[15]  Yan Wang,et al.  Mobileflow: Toward software-defined mobile networks , 2013, IEEE Communications Magazine.

[16]  Jörg Schwenk,et al.  Lessons Learned From Previous SSL/TLS Attacks - A Brief Chronology Of Attacks And Weaknesses , 2013, IACR Cryptol. ePrint Arch..

[17]  Ying Zhang,et al.  On Resilience of Split-Architecture Networks , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[18]  Ehab Al-Shaer,et al.  FlowChecker: configuration analysis and verification of federated openflow infrastructures , 2010, SafeConfig '10.

[19]  Vinod Yegneswaran,et al.  Model checking invariant security properties in OpenFlow , 2013, 2013 IEEE International Conference on Communications (ICC).

[20]  Aditya Akella,et al.  Extensible and Scalable Network Monitoring Using OpenSAFE , 2010, INM/WREN.

[21]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[22]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[23]  Andrei V. Gurtov,et al.  Secured VPN Models for LTE Backhaul Networks , 2012, 2012 IEEE Vehicular Technology Conference (VTC Fall).

[24]  Marco Canini,et al.  Automating the Testing of OpenFlow Applications , 2011 .

[25]  José Costa-Requena,et al.  SDN and NFV integration in generalized mobile network architecture , 2015, 2015 European Conference on Networks and Communications (EuCNC).

[26]  Sharad Malik,et al.  An assertion language for debugging SDN applications , 2014, HotSDN.

[27]  Nick McKeown,et al.  MPLS-TE and MPLS VPNS with openflow , 2011, SIGCOMM.

[28]  Edjard de Souza Mota,et al.  A replication component for resilient OpenFlow-based networking , 2012, 2012 IEEE Network Operations and Management Symposium.

[29]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[30]  Fang Hao,et al.  Secure Cloud Computing with a Virtualized Network Infrastructure , 2010, HotCloud.

[31]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[32]  Andrei V. Gurtov,et al.  Securing the control channel of software-defined mobile networks , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[33]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.