Biblio

5G and beyond 5G low power wireless networks make Internet of Things (IoT) and Cyber-Physical Systems (CPS) applications capable of serving massive amounts of devices and machines. Due to the broadcast nature of wireless networks, it is crucial to secure the communication between these devices and machines from spoofing and interception attacks. This paper is concerned with the security of carrier frequency offset (CFO) based continuous physical layer authentication. The interaction between an attacker and a defender is modeled as a dynamic discrete leader-follower game with imperfect information. In the considered model, a legitimate user (Alice) communicates with the defender/operator (Bob) and is authorized by her CFO continuously. The attacker (Eve), by listening/eavesdropping the communication between Alice and Bob, tries to learn the CFO characteristics of Alice and aims to inject malicious packets to Bob by impersonating Alice. First, by showing that the optimal attacker strategy is a threshold policy, an optimization problem of the attacker with exponentially growing action space is reduced to a tractable integer optimization problem with a single parameter, then the corresponding defender cost is derived. Extensive simulations illustrate the characteristics of optimal strategies/utilities of the players depending on the actions, and show that the defender’s optimal false positive rate causes attack success probabilities to be in the order of 0.99. The results show the importance of the parameters while finding the balance between system security and efficiency.

Haptic communications and 5G networks in conjunction with AI and robotics will augment the human user experience by enabling real-time task performance via the control of objects remotely. This represents a paradigm shift from content delivery-based networks to task-oriented networks for remote skill set delivery. The transmission of user skill sets in remote task performance marks the advent of a haptic-enabled Internet of Skills (IoS), through which the transmission of touch and actuation sensations will be possible. In this proposed research, a conceptual Task-Technology Fit (TTF) model of a haptic-enabled IoS is developed to link human users and haptic-enabled technologies to technology use and task performance between master (control) and remote (controlled) domains to provide a Quality of Experience (QoE) and Quality of Task (QoT) oriented perspective of a Haptic Internet. Future 5G-enabled applications promise the high availability, security, fast reaction speeds, and reliability characteristics required for the transmission of human user skills over large geographical distances. The 5G network and haptic-enabled IoS considered in this research will support a number of critical applications. One such novel scenario in which a TTF of a Haptic Internet can be modelled is the use case of remote-controlled Unmanned Aerial Vehicles (UAVs). This paper is a contribution towards the realization of a 5G network and haptic-enabled QoE-QoT-centric IoS for augmented user task performance. Future empirical results of this research will be useful to understanding the role that varying degrees of a fit between context-specific task and technology characteristics play in influencing the impact of haptic-enabled technology use for real-time immersive remote UAV (drone) control task performance.

The fifth-generation (5G) mobile telecom network has been garnering interest in both academia and industry, with better flexibility and higher performance compared to previous generations. Along with functionality improvements, new attack vectors also made way. Network operators and regulatory organizations wish to have a more precise idea about the security posture of 5G environments. Meanwhile, various security metrics for IT environments have been around and attracted the community’s attention. However, 5G-specific factors are less taken into consideration.This paper considers such 5G-specific factors to identify potential gaps if existing security metrics are to be applied to the 5G environments. In light of the layered nature and multi-ownership, the paper proposes a new approach to the modular computation of security metrics based on cross-layer projection as a means of information sharing between layers. Finally, the proposed approach is evaluated through simulation.

The fifth-generation (5G) standard is the last telecommunication technology, widely considered to have the most important characteristics in the future network industry. The 5G system infrastructure contains three principle interfaces, each one follows a set of protocols defined by the 3rd Generation Partnership Project group (3GPP). For the next generation network, 3GPP specified two authentication methods systematized in two protocols namely 5G Authentication and Key Agreement (5G-AKA) and Extensible Authentication Protocol (EAP). Such protocols are provided to ensure the authentication between system entities. These two protocols are critical systems, thus their reliability and correctness must be guaranteed. In this paper, we aim to formally re-examine 5G-AKA protocol using micro Common Representation Language 2 (mCRL2) language to verify such a security protocol. The mCRL2 language and its associated toolset are formal tools used for modeling, validation, and verification of concurrent systems and protocols. In this context, the authentication protocol 5G-AKA model is built using Algebra of Communication Processes (ACP), its properties are specified using Modal mu-Calculus and the properties analysis exploits Model-Checker provided with mCRL2. Indeed, we propose a new mCRL2 model of 3GPP specification considering 5G-AKA protocol and we specify some properties that describe necessary requirements to evaluate the correctness of the protocol where the parsed properties of Deadlock Freedom, Reachability, Liveness and Safety are positively assessed.

5G improves previous generations not only in terms of radio access but the whole infrastructure and services paradigm. Automation, dynamism and orchestration are now key features that allow modifying network behaviour, such as Virtual Network Functions (VNFs), and resource allocation reactively and on demand. However, such dynamic ecosystem must pay special attention to security while ensuring that the system actions are trustworthy and reliable. To this aim, this paper introduces the integration of the Manufacturer Usage Description (MUD) standard alongside a Trust and Reputation Manager (TRM) into the INSPIRE-5GPlus framework, enforcing security properties defined by MUD files while the whole infrastructure, virtual and physical, as well as security metrics are continuously audited to compute trust and reputation values. These values are later fed to enhance trustworthiness on the zero-touch decision making such as the ones orchestrating end-to-end security in a closed-loop.

Analyzing safety and security requirements remains a difficult task in the development of real-life network protocols. Although numerous modeling and analyzing methods have been proposed in the past decades, most of them handle safety and security requirements separately without considering their interplay. In this work, we propose a collaborative modeling framework that enables co-analysis of safety and security requirements for network protocols. Our modeling framework is based on a well-defined type system and supports modeling of network topology, message flows, protocol behaviors and attacker behaviors. It also supports the specification of safety requirements as temporal logical formulae and typical security requirements as queries, and leverages on the existing verification tools for formal safety and security analysis via model transformations. We have implemented this framework in a prototype tool CMSS, and illustrated the capability of CMSS by using the 5G AKA initialization protocol as a case study.

5G smart grid applications rely on its high-performance transmission and bearer network. With the help of complex network theory, this paper first analyzes the complex network characteristic parameters of 5G smart grid, and explains the necessity and supporting significance of network vulnerability analysis for efficient transmission of 5G network. Then the node importance analysis algorithm based on node degree and clustering coefficient (NIDCC) is proposed. According to the results of simulation analysis, the power network has smaller path length and higher clustering coefficient in terms of static parameters, which indicates that the speed and breadth of fault propagation are significantly higher than that of random network. It further shows the necessity of network vulnerability analysis. By comparing with the other two commonly used algorithms, we can see that NIDCC algorithm can more accurately estimate and analyze the weak links of the network. It is convenient to carry out the targeted transformation of the power grid and the prevention of blackout accidents.

Cyber ranges are proven to be effective towards the direction of cyber security training. Nevertheless, the existing literature in the area of cyber ranges does not cover, to our best knowledge, the field of 5G security training. 5G networks, though, reprise a significant field for modern cyber security, introducing a novel threat landscape. In parallel, the demand for skilled cyber security specialists is high and still rising. Therefore, it is of utmost importance to provide all means to experts aiming to increase their preparedness level in the case of an unwanted event. The EU funded SPIDER project proposes an innovative Cyber Range as a Service (CRaaS) platform for 5G cyber security testing and training. This paper aims to present the evaluation framework, followed by SPIDER, for the extraction of the user requirements. To validate the defined user requirements, SPIDER leveraged of questionnaires which included both closed and open format questions and were circulated among the personnel of telecommunication providers, vendors, security service providers, managers, engineers, cyber security personnel and researchers. Here, we demonstrate a selected set of the most critical questions and responses received. From the conducted analysis we reach to some important conclusions regarding 5G testing and training capabilities that should be offered by a cyber range, in addition to the analysis of the different perceptions between cyber security and 5G experts.

Physical-layer security is a new paradigm that offers data protection against eavesdropping in wireless 5G networks. In this context, the Gaussian channel is a typical model that captures the practical aspects of confidentially transmitting a message through the wireless medium. In this paper, we consider the peculiar case of transmitting a message through a wireless, state-dependent channel which is prone to eavesdropping, where the state knowledge is non-causally known and shared between the sender and the eavesdropper. We show that a novel structured coding scheme, which combines random coding arguments and the dirty-paper coding technique, achieves the fundamental limit of secure and reliable communication for the considered model.

The industry of telecommunications is being transformed towards 5G technology, because it has to deal with the emerging and existing use cases. Because, 5G wireless networks need rather large data rates and much higher coverage of the dense base station deployment with the bigger capacity, much better Quality of Service - QoS, and the need very low latency [1–3]. The provision of the needed services which are envisioned by 5G technologies need the new service models of deployment, networking architectures, processing technologies and storage to be defined. These technologies will cause the new problems for the cybersecurity of 5G systems and the security of their functionality. The developers and researchers working in this field make their best to secure 5G systems. The researchers showed that 5G systems have the security challenges. The researchers found the vulnerabilities in 5G systems which allow attackers to integrate malicious code into the system and make the different types of the illegitimate actions. MNmap, Battery drain attacks and MiTM can be successfully implemented on 5G. The paper makes the analysis of the existing cyber security problems in 5G technology. Based on the analysis, we suggest the novel Intrusion Detection System - IDS by means of the machine-learning algorithms. In the related papers the scientists offer to use NSL-KDD in order to train IDS. In our paper we offer to train IDS using the big datasets of DOS/DDOS attacks, besides of training using NSL-KDD. The research also offers the methodology of integration of the offered intrusion detection systems into an standard architecture of 5G. The paper also offers the pseudo code of the designed system.

With the gradually popular high-speed wireless networks and 5G environments, the quality and reliability of network services will be suited for mobile vehicles. In addition to communicating information between vehicles, they can also communicate information with surrounding roadside equipment, pedestrians or traffic signs, and thus improve the road safety of passers-by.Recently, various countries have continuously invested in research on autonomous driving and unmanned vehicles. The open communication environment of the Internet of Vehicles in 5G will expose all personal information in the field of wireless networks. This research is based on the consideration of information security and personal data protection. We will focus on how to protect the real-time transmission of information between mobile vehicles to prevent from imbedding or altering important transmission information by unauthorized vehicles, drivers or passers-by participating in communications. Moreover, this research proposes a multi-level security key management agreement based on a dynamic M-tree structure for Internet of Vehicles to achieve flexible and scalable key management on large-scale Internet of Vehicles.

The goal of the edge computing framework is to solve the problem of management and control in the access of massive 5G terminals in the power Internet of things. Firstly, this paper analyzes the needs of IOT agent in 5G ubiquitous connection, equipment management and control, intelligent computing and other aspects. In order to meet with these needs, paper develops the functions and processes of the edge computing framework, including unified access of heterogeneous devices, protocol adaptation, edge computing, cloud edge collaboration, security control and so on. Finally, the performance of edge computing framework is verified by the pressure test of 5G wireless ubiquitous connection.

Radio is the most important part of any wireless network. Radio Access Network (RAN) has been virtualized and disaggregated into different functions whose location is best defined by the requirements and economics of the use case. This Virtualized RAN (vRAN) architecture separates network functions from the underlying hardware and so 5G can leverage virtualization of the RAN to implement these functions. The easy expandability and manageability of the vRAN support the expansion of the network capacity and deployment of new features and algorithms for streamlining resource usage. In this paper, we try to address the problem of scheduling 5G vRAN with mid-haul network capacity constraints as a combinatorial optimization problem. We transformed it to a Quadratic Unconstrained Binary Optimization (QUBO) problem by using a newly proposed quantum-based algorithm and compared our implementation with existing classical algorithms. This work has demonstrated the advantage of quantum computers in solving a particular optimization problem in the Telecommunication domain and paves the way for solving critical real-world problems using quantum computers faster and better.

The emergence of the 5G network has boosted the advancements in the field of the internet of things (IoT) and edge/cloud computing. We present a novel architecture to detect fire in indoor and outdoor environments, dubbed as EAC-FD, an abbreviation of edge and cloud-based fire detection. Compared with existing frameworks, ours is lightweight, secure, cost-effective, and reliable. It utilizes a hybrid edge and cloud computing framework with Intel neural compute stick 2 (NCS2) accelerator is for inference in real-time with Raspberry Pi 3B as an edge device. Our fire detection model runs on the edge device while also capable of cloud computing for more robust analysis making it a secure system. We compare different versions of SSD-MobileNet architectures with ours suitable for low-end devices. The fire detection model shows a good balance between computational cost frames per second (FPS) and accuracy.

Microservices-based architectures gain more and more attention in industry and academia due to their tremendous advantages such as providing resiliency, scalability, composability, etc. To benefit from these advantages, a proper architectural design is very important. The decomposition model of services into microservices and the granularity of these microservices affect the different aspects of the system such as flexibility, maintainability, performance, and security. An inappropriate service decomposition into microservices (improper granularity) may increase the attack surface of the system and lower its security level. In this paper, first, we study the probability of compromising services before and after decomposition. Then we formulate the impacts of possible service decomposition models on confidentiality, integrity, and availability attributes of the system. To do so, we provide equations for measuring confidentiality, integrity, and availability risks of the decomposed services in the system. It is also shown that the number of entry points to the decomposed services and the size of the microservices affect the security attributes of the system. As a use case, we propose three different service decomposition models for the 5G NRF (Network Repository Function) and calculate the impacts of these decomposition models on the confidentiality, integrity, and availability of the system using the provided equations.

The 5G technology will play a crucial role in global economic growth through numerous industrial developments. However, it is essential to ensure the security of these developed systems, while 5G brings unique security challenges. This paper contributes explicitly to the need for an effective Vulnerability Assessment Approach (VAA) to identify and assess the vulnerabilities in 5G networks in an accurate, salable, and dynamic way. The proposed approach develops an optimized mechanism based on the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) to analyze the vulnerabilities in 5G Edge networks from the attacker perspective while considering the dynamic and scalable Edge properties. Furthermore, we introduce a cloud-based 5G Edge security testbed to test and evaluate the accuracy, scalability, and performance of the proposed VAA.

The construction of a strong and smart grid is inseparable from the advancement of the power system, and the effective application of modern communication technologies allows the traditional grid to better transform into the energy Internet. With the advent of 5G, people pay close attention to the application of network slicing, not only as an emerging technology, but also as a new business model. In this article, we consider the delay requirements of certain services in the power grid. First, we analyze the security issues in network slicing and model the 5G core network slicing supply as a mixed integer linear programming problem. On this basis, a heuristic algorithm is proposed. According to the topological properties, resource utilization and delay of the slice nodes, the importance of them is sorted using the VIKOR method. In the slice link configuration stage, the shortest path algorithm is used to obtain the slice link physical path. Considering the delay of the slice link, a strategy for selecting the physical path is proposed. Simulations show that the scheme and algorithm proposed in this paper can achieve a high slice configuration success rate while ensuring the end-to-end delay requirements of the business, and meet the 5G core network slice security requirements.

The 5G network systems are evolving and have complex network infrastructures. There is a great deal of work in this area focused on meeting the stringent service requirements for the 5G networks. Within this context, security requirements play a critical role as 5G networks can support a range of services such as healthcare services, financial and critical infrastructures. 3GPP and ETSI have been developing security frameworks for 5G networks. Our work in 5G security has been focusing on the design of security architecture and mechanisms enabling dynamic establishment of secure and trusted end to end services as well as development of mechanisms to proactively detect and mitigate security attacks in virtualised network infrastructures. The focus of this paper is on the latter, namely the facilities and mechanisms, and the design of a security architecture providing facilities and mechanisms to detect and mitigate specific security attacks. We have developed a simplified version of the security architecture using Software Defined Networks (SDN) and Network Function Virtualisation (NFV) technologies. The specific security functions developed in this architecture can be directly integrated into the 5G core network facilities enhancing its security.

With the rapid development of mobile communication technology, the reconnaissance on terminal capability and identity information is not only an important guarantee to maintain the normal order of mobile communication, but also an essential means to ensure the electromagnetic space security. According to the characteristics of 5G mobile communication terminal's transporting capability and identity information, the smart jamming is first used to make the target terminal away from the 5G network, and then the jamming is turned off at once. Next the terminal will return to the 5G network. Through the time-frequency matching detection method, interactive signals of random access process and network registration between the terminal and the base station are quickly captured in this process, and the scheduling information in Physical Downlink Control Channel (PDCCH) and the capability and identity information in Physical Uplink Shared Channel (PUSCH) are demodulated and decoded under non-cooperative conditions. Finally, the experiment is carried out on the actual 5G communication terminal of China Telecom. The capability and identity information of this terminal are extracted successfully in the Stand Alone (SA) mode, which verifies the effectiveness and correctness of the method. This is a significant technical foundation for the subsequent development on the 5G terminal control equipment.

The advent of 5G, one of the most recent and promising technologies currently under deployment, fulfills the emerging needs of mobile subscribers by introducing several new technological advancements. However, this may lead to numerous attacks in the emerging 5G networks. Thus, to guarantee the secure transmission of user data, 5G Authentication protocols such as Extensible Authentication Protocol - Authenticated Key Agreement Protocol (EAP-AKA) were developed. These protocols play an important role in ensuring security to the users as well as their data. However, there exists no guarantees about the security of the protocols. Thus formal verification is necessary to ensure that the authentication protocols are devoid of vulnerabilities or security loopholes. Towards this goal, we formally verify the security of the 5G EAP-AKA protocol using an automated verification tool called ProVerif. ProVerif identifies traces of attacks and checks for security loopholes that can be accessed by the attackers. In addition, we model the complete architecture of the 5G EAP-AKA protocol using the language called typed pi-calculus and analyze the protocol architecture through symbolic model checking. Our analysis shows that some cryptographic parameters in the architecture can be accessed by the attackers which cause the corresponding security properties to be violated.

The envisioned massive deployment of network slices in 5G and beyond mobile systems makes the shift towards zero-touch, scalable and secure slice lifecycle management a necessity. This is to harvest the benefits of network slicing in enabling profitable services. These benefits will not be attained without ensuring a high level security of the created network slices and the underlying infrastructure, above all in a zero-touch automated fashion. In this vein, this paper presents the architecture of an innovative network slicing security orchestration framework, being developed within the EU H2020 MonB5G project. The framework leverages the potential of Security as a Service (SECaaS) and Artificial Intelligence (AI) to foster fully-distributed, autonomic and fine-grained management of network slicing security from the node level to the end-to-end and inter-slice levels.

In order to overcome a series of problems in the application process of traditional communication engineering in the new era, such as information security, this paper proposes a novel communication engineering application system based on artificial intelligence technology. The application system fully combines the artificial intelligence technology, and applies the artificial intelligence thinking to the reform of traditional communication engineering. Based on this, the application strategy also fully combines the application and development of 5g technology, and strengthens the security of communication engineering in the application process from many aspects. The results show that the application system can give full play to the role of artificial intelligence technology and improve the security of communication process as much as possible, which lays a good foundation for the further development of 5g technology.

Subscription permanent identifier has been concealed in the 5G systems by using the asymmetric encryption scheme as specified in standard 3GPP TS 33.501 to protect the subscriber privacy. The standardized scheme is however subject to the SUPI guess attack as the public key of the home network is publicly available. Moreover, it lacks the inherent mechanism to prevent SUCI replay attacks. In this paper, we propose three methods to enhance the security of the 3GPP scheme to thwart the SUPI guess attack and replay attack. One of these methods is suggested to be used to strengthen the security of the current subscriber protection scheme.

Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.

The use of wireless connectivity has increased exponentially in recent years. Fifth generation (5G) communications will soon be deployed worldwide. Six-generation (6G) communications vision and planning have begun, and the use of 6G communications is expected to begin in the 2030s. The 6G system has higher capacity, higher data rates, lower latency, higher security and better quality of service (QoS) compared to the 5G system. This paper presents a brief overview on the vision and requirements of 6G wireless communications and networks. Finally, some of the challenges in launching the 6G are also explained.