1

Name : Solat Mahmood

Roll No. : BCSM-S17-004

Class : BS (computer science)

Semester : 6th

Subject : Data Communication & Networks

Marks : 60

Due Date : 16th April, 2020

Topic : Security issues in software Define Mobile

Networks (SDMN)
 2

Title
Security issues in software define Mobile networks (SDMN)

By-line and Affiliation

Embedded and Pervasive Computing Lab, School of Computer Science and Technology,
Huazhong University of Science and Technology, Wuhan, 430074, China

 Min Chen
  & Yongfeng Qian

Department of Electrical & Computer Engineering, Auburn University, 200 Broun Hall, Auburn,
AL, 36849-5201, USA

 Shiwen Mao

College of Computer Science, South-Central University for Nationalities, Wuhan, 430074, China

 Wan Tang
  & Ximin Yang

Abstract

 Traffic volumes in mobile networks square measure rising and end-user wish square

measure fast dynamic . Mobile network operators want a lot of flexibility, lower network
operative prices, fast service roll-out cycles, and new revenue resources.
 The fifth Generation (5G) and future networks ambition to deliver ultra-fast and ultra
reliable network access capable of supporting the anticipated surge in knowledge traffic
and connected nodes in years to back.
Several technologies square measure made or develop to satisfy these emerging demands
of future mobile networks, among these square measure coding system created public
 3

networking, network operate virtualization, and cloud computing. throughout this

paper, we tend to tend to tend to discussion the protection challenges these new
technologies square measure liable to within the context of the new telecommunication
paradigm.
 We tend to tend to gift a multitier component-based security vogue to handle these
challenges and secure 5G coding system created public mobile network (SDMN), by
handling security at altogether wholly completely different levels to shield the network
and its users. The planned vogue contains 5 elements, i.e., secure communication, policy-
based communication, security info and event management, security created public
observation, and deep packet review elements for elevated security within the
management and therefore the data planes of SDMNs.
 Finally the planned security mechanisms area unit valid using geographic
point experiments.
 The future 5G wireless is triggered by the upper demand on wireless capability.
 With package created public Network (SDN), the information layer ar typically separated
from the management layer.
the event of relevant studies regarding Network operate Virtualization (NFV) and cloud
computing has the potential of giving a faster and many reliable network access for
growing information traffic.
below such conditions, package created public Mobile Network (SDMN) is given as a
promising account meeting the wireless information demands.
This paper provides a survey of SDMN and its connected security issues.
 As SDMN integrates cloud computing, SDN, and NFV, and works on up network
functions, performance, flexibility, energy potency, and quantifiability, it's a
awfully vital a district of consecutive generation telecommunication networks.

Introduction
 SDMN could be a programmable, versatile and flow-centric mobile
network created by employing a combination of SDN, NFV, and cloud computing.
SDMN is that the design of embodiment and application extension of the thought that
the management layer in an exceedinglyn SDN is separated from the forwarding layer in
 4

a wireless network.
the normal mobile network has distinctive variations from AN SDMN.
 The core of the software-defined mobile packet forwarding involves the issues of
matching the sending/control layer and mobile surroundings, the service logic of mobile
communication, that is transmitted to the cloud to ensure the programmability of
LTC/EPC structure within, and therefore the combination of SDN and NFV.
SDMN has several benefits, like centralized management, high flexibility, effective
division, automatic network management, and reduction of the backhaul
device disbursement.
 With the expected powerful increase in mobile traffic demand, and therefore
the compelling wants for provisioning of elastic service, shared operating capability,
transmission speed, and quality of service (QoS), as well as, the
necessity for expensive network upgrades, package outlined Mobile Network (SDMN)
has been recognized as an answer to fulfill these challenges.
 SDMN is AN integration of cloud computing, Network operate Virtualization (NFV),
and package outlined Network (SDN). In SDMN, rising network technologies like SDN
and NFV area unit integrated into the mobile specification so as to
fulfill its dynamical demand.
 To be a lot of specific, at the core of SDMN, the package management aims
to change dynamic traffic management and useful reconfiguration. rather
than typical static informatics based mostly networking structure, the backbone network
is abstracted through traffic-based NFV in SDMN.
 In a front haul affiliation, the network capability and QoS area unit improved through
centralized management of wireless spectrum resources and therefore the implementation
of Software-Defined Radio (SDR), psychological feature Radio (CR) for reconfigurable
networks.

Experimental method
 5

 Without the power to breed AN experiment, it's not possible to conclude that the results

generalize on the far side the info set employed in the experiment. In alternative words,
experimental results that can't be verified severally lack external validity.
 Moreover, the info sets should be updated endlessly to make sure that the info has
relevancy to the present cyber threat landscape i.e. to make sure the content validity of
experiments. These, further as alternative threats to validity square
measure typically caused by the info assortment method and also
the experimental strategies used.
 For lineage and place of origin, assembling and learning end-host information facilitates
experiments that may yield general and representative results. as an example, malware
samples and discourse data collected on finish hosts round the world offer a
various information set for experimentation, probably to hide an outsized variety of
malware families.
 Reconstructing the timeline of cyber attacks, for lineage and place of origin studies, can
even like observations created on finish hosts, as a result of network traces might
not reveal that member of a malware family was discharged initial (e.g, completely
different members of constant malware family could turn out similar network traffic) and
since the malicious behavior might not be reproducible within the workplace (e.g.,
bots typically become down once their command
and management nodes are neutralized). this instance any emphasizes the necessity to
update the corpus of field information endlessly, so as to replicate the frequent
changes within the cyber threat landscape.

Result
 6

 Here, we tend to implement a proof-of-concept example on a work for the parts of

the projected design in four sets of experiments. We tend to then offer a
performance analysis for every part. the primary set of experiments was for the secure
communication part. During this experiment, we tend to evaluated the performance
penalty of this part in terms of outturn, interference and latency. we tend
to additional measured the aptitude of the projected design to shield the communication
channels against common informatics primarily based attacks like communications
protocol SYN DoS and communications protocol reset attacks. We tend to used OF
protocol [39] with TLS/SSL session as reference for the management channel.
Figure nine illustrates the preliminary work parts for this experiment.
 As shown during this figure, the work contains 2 information Plane (DP)
switches, Associate in Nursing SDN controller and 2 hubs. We tend to used the most
recent version of POX controller because the SDN controller and Open V switch (OVS)
version one.10.0 virtual switches as DP switches. we've used four virtual hosts as
users. for every OVS, 2 virtual hosts were connected. we tend to used 2 D-LINK DSR-
250N routers to attach the controller and therefore the switches. For this experiments, we
tend to unbroken out-band management channel. we tend to sculptured the
safety entree and LSAs exploitation Open HIP. we tend to used IPERF
network measure tool to live the performance in terms of outturn and latency. we tend
to finally connected Associate in Nursing aggressor to every hub for every situation of
 7

the experiment the aggressor operates from Associate in Nursing i5-3210M CPU of

two.5GHz processor laptop computer.

Discussion
Introducing SDN and NFV to networking are a significant game changer to the wireless
networking arena.
The prices, potency and network performance are the most drivers of the amendment.
There are 2 notable theories once it involves network security. 1st is that
the plan of centralizing network management to reduce the fragmentation of security
mechanisms.
However, this unwittingly ends up in higher risk of security lapses at one purpose of failure,
and this provides rise to the second theory that is exploitation SDN to reinforce network security
by investing on its international network visibility feature moreover because
the centralized management functions.
The security may be any improved by moving to a additional cooperative
approach inside massive trust alliances wherever trust proof or the results of
trust process ar shared over the cloud.
Naturally, such technological advancements sometimes go along with revived threat landscape,
this paper has highlighted such potential threats for SDMN,
It conjointly conferred corresponding mitigation techniques in conjunction
with initial check results.
This paper proposes the utilization of HIP-based IPSec tunneling design to secure
the channel between separated planes. The planned security gateways during
this design conceal the particular controller from potential adversaries, thereby, mitigating
against potential DoS and DDoS attacks.
The network is accessed through policy-based communication that's implemented at the network
edges exploitation CES. The CES helps to guard the network against
inherent net vulnerabilities like address spoofing and DoS attacks.
It is additionally capable of limiting the communication to solely non-spoofed flows or
simply the approved hosts employing a tool that's capable of implementing Anything-as-a
Service delegations supported the given policy management techniques. CES
 8

links information services with the safety infrastructure that has forever been a vital a part

of mobile networks; e.g. authentication may be created a precondition of finish to finish digital
communication. CES may also enforce black lists once necessary. additionally, SIEM-based
security management and time period sensors-assisted watching may also be accustomed enforce
network-wide security.

Conclusion
 This topic introduced the structure of SDMN, and its special security problems. The
safety measures of SDMN involve 3 layers.
 First, there's the info layer, that is related to the safety threats of Open Flow switch and
terminal, and also the corresponding countermeasures.
 Second, there's the management layer, as well as the safety of all databases. Specific
security issues of SDMN within the management layer and also the corresponding
measures were reviewed and mentioned.
 In addition, the STRIDE methodology was accustomed succeed a classification of
SDMN attacks, because the knowledge layer, management layer, application layer, and
communication protocol attacks. Finally, a listing of security challenges of SDMN
was given that decision for important analysis efforts.
 This topic investigated the safety vulnerabilities in SDMN (Software outlined Mobile
Networks) and projected novel security architectures to mitigate them. On the up aspect,
SDMN ideas can improve network security investing thereon world visibility of the
network state additionally to its centralized management and
network perform softwarization.
 On the down aspect, these same attributes conjointly introduce new vulnerabilities
that square measure inherent to code applications net based mostly systems, and new
technologies.
 This paper given a comprehensive assortment of the professionals and cons associated
with SDMN likewise because the state of the art for implementing security architectures
in SDMN.
 9

 Based on the end result of the experiments during this work, we have a tendency

to maintain that security concerns square measure dominant once looking forward
to SDN and NFV.
 Various security ways are enforced on the SDMN platform. during this work, we have a
tendency to given a multi-tier security design supported 5 key components: (1) secure
communication channels investing on HIP.
 This is employed to secure each management and knowledge channels; (2) policy based
mostly communications. this can serve to mitigate DoS
attacks likewise as supply address spoofing it'll conjointly enable network
communications between finish hosts solely when a thriving negotiation of policy
between edge nodes.
 This can effectively tackle the matter of unwanted traffic across the network and
managing all flow admissions by policy; (3) security management
and watching wherever the safety mechanisms enforced square measure monitored on
one hand whereas detected security threats square measure isolated exploitation DPI and
traffic watching techniques on the opposite hand; (4) Security outlined watching (SDM)
to orchestrate the watching activities associated with security and at last 5)
DeepPacket scrutiny (DPI) element for improved security threat detection.
 In this work, we have a tendency to analyzed the feasibleness of implementing
these elements during a real-world exploitation check beds.
 The outcome of those experiments showed that the projected security design will
be enforced in real-world and would be ready to forestall information processing based
mostly attacks on SDMNs.
 The results of the validation conjointly show
that it's attainable to automatise mitigation associated reaction actions in SDMNs by
providing countermeasures and mitigation actions directly exploitation quiet API in an
SDN controller.
The results of the validation shows that multiple sources of knowledge will
be combined to supply additional correct and fast detection of cyber attack. even
so, bound components of those system still has to be examined in larger detail
before desegregation these new systems with the prevailing production environments.
 10

 We can extend this analysis to any analyze
these needs and outline specific pointers for the mixing of
the projected security elements into the SDMN design.

Summary
This topic presents the protection problems introduced by code outlined networking (SDN),
network perform virtualization, and future mobile networks that integrate these technologies to
become code outlined mobile networks (SDMN).

Acknowledgement
This work was supported by the Program of International S&T Cooperation of MOST
(No.2013DFA11140, No. 2013CFA051), the National Natural Science Foundation of China
(grant No.61210010, No.61300231, 61572220). Mao’s work is supported in part by the US NSF
(Grant CNS-0953513) and by the Wireless Engineering Research and Education Center at
Auburn University.

Reference
Sama MR, Contreras LM, Kaippallimalil J, Akiyoshi I, Qian H, Ni H (2015) Software-defined
control of the virtualized mobile packet core. IEEE Commun Mag 53(2):107–115

Ge X, Yang B, Ye J, Mao G, Wang C-X, Han T (2015) Spatial Spectrum and Energy Efficiency
of Random Cellular Networks. IEEE Trans Commun 63(3):1019–1030
 11

Bernardos C, La Oliva A, Serrano P, Banchs A, Contreras LM, Jin H, Zu´niga JC (2014) An

architecture for software defined wireless ˜ networking. IEEE Wirel Commun 21(3):52–61

Ge X, Huang K, Wang C-X, Hong X, Yang X (2011) Capacity Analysis of a Multi-Cell Multi-
Antenna Cooperative Cellular Network with Co-Channel Interference. IEEE Trans Wirel
Commun 10(10):3298–3309

. He J, Wen Y, Huang J, Wu D (2014) On the Cost–QoE Tradeoff for Cloud-Based Video

Streaming Under Amazon EC2’s Pricing Models. IEEE Transactions on Circuits and Systems
for Video Technology 24(4):669–680

Chavez-Santiago R, Szydełko M, Kliks A, Foukalas F, Haddad ´ Y, Nolan KE, Kelly MY,

Masonta MT, Balasingham I (2015) 5G: The convergence of wireless communications. Wirel
Pers Commun:1–26

Naudts B, Kind M, Westphal F-J, Verbrugge S, Colle D, Pickavet M (2016) Techno-economic

analysis of software defined networking as architecture for the virtualization of a mobile
network. In: 2016 European Workshop on Software Defined Networking (EWSDN). IEEE, pp
67–72