In the current paper, we present our work towards accelerating intrusion detection operations at the edge network using FPGAs.Cloud computing and network function virtualization have led to a new appealing paradigm for service delivery and management. Unfortunately, this paradigm fails to correctly support IoT applications and services that seek better communication platforms. Security as a Service can also be seen as a cloud-based model that needs to be accommodated to fulfill these services requirements. Again, one of the main issues to be addressed in this context is how to improve the performance of such systems or services in order to make them capable of coping with the huge amount of data while remaining reliable. A potential solution is the FPGA based edge computing, which is a powerful combination offering FPGA acceleration capabilities together with edge and fog benefits. Indeed, our work focusses on devising an Intrusion Prevention architecture called FORTISEC (40SEC), that is meant to operate in a completely softwarized as well as in an FPGA accelerated mode. Thereby, we present suitable algorithms, design methodologies and well defined components towards the implementation of accelerated intrusion prevention on the edge. It is worth to mention that although 40SEC is discussed here in the context of edge computing, it can serve as a security solution for any Small and Medium Enterprise looking for full protection of its network at a reasonable price. We also present a testbed being utilized for the implementation of 40SEC and its performance testing.
Great research efforts are made towards transferring additional data, such as location and sensor information, within the duration of an NG112 call. Especially in the field of emergency communication, the transmission of eHealth sensor data, which provide information about the vital parameters of a person in need of help, could improve the overall rescue operation. Since emergency calls are time-critical, it is necessary to analyse the impact of the attached sensor data on the emergency call system. In this paper, we present a TTCN-3 Test System that emulates smart devices by sending simulated sensor data via Bluetooth to a smartphone to trigger automated emergency calls. This emergency call is routed through an NG112 platform back to the Test System to measure the latency between sending the data and receiving the call. By incrementing the number of simulated sensors, the impact of the attached sensor data can be evaluated.
Firewalls are a critical part in any security framework.Most firewalls consist of a large amount of sequential rules that are unstructured and confusing. Unfortunately, because a lot of rules configuration work is done manually by the network administrators, misconfigurations are very common and can affect the reliability of the firewall. Identifying such anomalies is a challenging task. In this paper, we propose a tree based simulation and verification model to verify if the implemented firewall of a system is in compliance with the belonging firewall requirements. The proposed methodology was developed in relation with the H2020 FORTIKA project and was evaluated in the scope of case studies with industrial partners. The case studies in question related to large scale telecom infrastructures involving critical scenarios in the scope of Smart Cities in general and SME cyber-security protection. Thereby, the executed case studies demonstrate how our approach can lead to improved structuring of firewalls and belonging rules, to the comfortable visualization of firewall structures and decision patterns, and finally to the verification of system and context requirements imposed by the firewall operation environment.
VoIP-based emergency communication is a promising approach to improving the safety of citizens worldwide. The transition required in this scope includes substituting the legacy PSTN/SS7 based emergency call system by Next Generation IP based components for call establishment and control. Thereby, SIP is used as a session control protocol and RTP as the means to transfer emergency data between the caller and the corresponding Public Safety Access Point (PSAP). The emergency data is not only restricted to voice communication but can cover a rich variety of data, which can be acquired by different means (including the end-user devices) and transmitted over IP. This includes video, geopositioning data, voice, Real-Time Text, and sensor data in line with emerging IoT architectures and approaches. A vital aspect in this scope is given by the performance of the underlying network, including its capability to establish calls in emergencies and to transfer the data required for serving the situation. Therefore, in this paper, we evaluate the computational performance of the most recent VoIP emergency system implementation, which was developed by the H2020-EMYNOS project as a realisation of the EENA NG112 Long Term Definition (LTD) vision. We perform a series of trials and evaluate the performance of the EMYNOS system in a multi-party lab environment established during the project. We evaluate the time needed to perform basic emergency call operations over IP, whilst in parallel generating Internet type of background traffic. Correspondingly, we worked out a methodology and implemented it in our testbed, both of which are presented in the current paper. The obtained numerical results lead to the conclusion that SIP-based emergency services stand a good chance to replace legacy systems when it comes to their performance. Additionally, we also provide a perspective on how the blockchain technology could potentially be put to use to enhance the quality of the next-generation emergency services. We propose the utilisation of blockchain technology for tracking emergency calls and enabling efficient recognition of fraud calls, which is a critical aspect for PSAP providers concerning the potential denial of service attacks. In this context, we provide evaluations and numerical results based on a private Ethereum based blockchain playground running at the premises of Fraunhofer FOKUS.
The quality assurance of large scale integrative systems often requires complex testbed environments and simulations that allow to test the overall functionality and enables various experiments towards systematically verifying the realization of the identified user and system requirements. Thereby, an integration setup and resulting activities lead to another level of quality assurance, whereby the integrator deals with the quality examination of the single components and their integrative interplay according to a set of overall system and user requirements. In such context, it is often the case that the testing activity is conducted by various partners (e.g. single companies and legal entities) with complementing know how required for specific sub-tasks -e.g. PKI, chip cards, special network protocols, firewall, security architectures, and penetration testing. This leads to the emergence of a large number of proprietary testbeds focusing on specific aspects resulting in the lack of a unified testbed configuration, versioning and technological foundations (e.g. operating system, network stack implementations, hypervisor technology …). In this paper, we present our experiences drafted from a large scale industrial project with 600-700 requirements relating to a critical eHealth infrastructure within a telecom provider context. Thereby, various sub-contractors had to be unified in their approach to testbed management in order to achieve reproducible and traceable (with respect to system requirements) test results based on a test architecture accommodating various quality assurance activities (unit testing, development tests, component testing, integration testing, security testing …). We gradually analyze the project situation with respect to testbed management and argue on the need for unified testbed management across multiple teams and stakeholders in a large scale telecom integration setup. Subsequently, we propose possible solutions and conduct a series of experiments highlighting the advantages of the proposed approach and belonging solution.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.