Security Mechanisms for a Cooperative Firewall

Kabir

Loiseau

2017

Int J Communication

Self Cite

Summary This paper analyzes the motivation and strategies for ensuring cooperative behavior among hosts and customer networks in the Internet and 5G networks. The hypothesis is that better cooperation among the benevolent entities could improve the overall Internet welfare, motivating the need for adoption of cooperative security. However, in state of the art, the prevalent security approach in the Internet is based on self‐help, while the adoption of cooperative methods is progressing slowly. At the same time, the ubiquitous reliance on 5G and mission critical nature of some of the new services, for example, ultrareliable (machine‐to‐machine) communication and Internet of things, requires that 5G will do its best to curb the malicious (noncooperative) behavior from becoming a cause of failure to the legitimate services. In this paper, we relate our analysis of the conditions for sustainable cooperation in the Internet with the famous end‐to‐end principle, and present the hypothesis that there is no end‐to‐end solution to the problem of ensuring cooperation among Internet hosts. Game theory allows studying the outcomes of interactions among the players with conflicting interests. We use it to study the hypothesis and show that introducing the reputation of Internet nodes and customer networks can lead to cooperation, which improves the overall Internet welfare and reduces the payoffs of malicious actors. We study the possible response of noncooperative users with advanced defection strategies and the resulting outcomes. We argue that 5G shall make significant progress towards uprooting the selfish behavior and malicious activities using cooperation and relate it with motivation for providing ubiquitous connectivity and ultrareliable services. The paper concludes by summarizing our earlier work on the application of the proposed methods of cooperation to 5G and the Internet; outlining how cooperation in security is not only desirable but also feasible.

Section: Implementing Internet‐wide Trust Managementmentioning

confidence: 99%

mentioning

confidence: 99%

Cooperation and end‐to‐end in the Internet

Kabir

Loiseau

2017

Int J Communication

Self Cite

“…The communication between the end hosts is brokered by the CES nodes, and the policies defined are enforced via the CETP protocol. The following mechanisms are proposed to minimize the risks against network abuse . CETP Cookie TLV : It follows a similar approach to TCP cookie in order to mitigate TCP SYN flood attacks.…”

Section: The Architecture Of Customer Edge Switchingmentioning

confidence: 99%

Section: Ces-to-ces Communicationsmentioning

confidence: 99%

Policy-based communications for 5G mobile with customer edge switching

Security Comm. Networks

Santos

Beijar

2015

Self Cite

Besides more capacity and faster connections, 5G is expected to provide ultra-reliable services, for example, for machineto-machine communications. In this paper, we advocate that 5G must do its best to eliminate malicious traffic as a cause of failure of legitimate services. This paper proposes that all communications in 5G should be controlled by policy. The policies facilitate cooperation of customer networks against misbehaving actors and collecting evidence of malicious activity. Dynamic policies can react to hosts that are used in attacks. We propose a system controlled by policy that overcomes the classical weaknesses in the Internet, namely source address spoofing and denial of service attacks. We propose to improve the mobile device experience by new methods of network address translator traversal suitable for battery-powered mobile devices. We believe that 5G will be the major driver for the future Internet, which is why we relate our approach to other proposals for future Internet architecture. Our approach can be deployed one network at a time as it limits the changes to edge nodes; no compulsory changes are proposed to hosts. The paper reports the experience from experimentation and evaluates scalability and security including initial results on performance.

“…Moreover, we propose to use a cooperative firewall that allows queries to, e.g., the sender's firewall and certification authorities before making the final admission decision. This allows dissolving the boundary between closed and open networks, all managed by the policy [14]. A mobile device under the cooperative firewall is reachable using the host fully qualified domain name (FQDN), a suitable identity and the routing locator of the iOFS.…”

Section: Access Appmentioning

confidence: 99%

Software Defined 5G Mobile Backhaul

Costa-Requena

Proceedings of the 1st International Conference on 5G for Ubiquitous Connectivity

Llorente

et al. 2014

Self Cite

A major challenge of future mobile networks is providing the needed elastic scaling to the increased traffic demand, number of users and applications with acceptable cost. Another challenge is suitability for numerous communications applications while curbing unwanted traffic on the air interface and the mobile devices. This paper proposes a vision of how these challenges can be met by applying the concept of Software Defined Networking (SDN) to mobile networks. We also discuss the needed migration path that minimizes unnecessary replacement investments. While we have verified some key parts of the vision with experiments, we realize that the effectiveness of the proposed approach depends on the adoption of SDN technology for other purposes so that mass production of SDN switches leads to significant economies of scale. The paper shows how we can model mobile networks using SDN concepts and migrate the 3GPP mobile architecture to SDN. The resulting control plane of the mobile architecture consists of a group of SDN applications starting from the base stations i.e., virtual eNodeBs, Backhaul transport, Mobility management, Access, Caching, Monitoring, and Services delivery. The data plane consists of simplified access points and SDN and Carrier Grade Ethernet switches. Our experiments are based on using OpenFlow as the interface between the planes.