Abstract
Internet of Things (IoT) is a key business driver for the upcoming fifth-generation (5G) mobile networks, which in turn will enable numerous innovative IoT applications such as smart city, mobile health, and other massive IoT use cases being defined in 5G standards. To truly unlock the hidden value of such mission-critical IoT applications in a large scale in the 5G era, advanced self-protection capabilities are entailed in 5G-based Narrowband IoT (NB-IoT) networks to efficiently fight off cyber-attacks such as widespread Distributed Denial of Service (DDoS) attacks. However, insufficient research has been conducted in this crucial area, in particular, few if any solutions are capable of dealing with the multiple encapsulated 5G traffic for IoT security management. This paper proposes and prototypes a new security framework to achieve the highly desirable self-organizing networking capabilities to secure virtualized, multitenant 5G-based IoT traffic through an autonomic control loop featured with efficient 5G-aware traffic filtering. Empirical results have validated the design and implementation and demonstrated the efficiency of the proposed system, which is capable of processing thousands of 5G-aware traffic filtering rules and thus enables timely protection against large-scale attacks.
Highlights
Internet of Things (IoT) applications are widely envisioned as a major use case in the forthcoming fifth-generation (5G) mobile networks and would account for one-quarter of the global 41 million 5G connections in 2024 [1]
Low-Power Wide-Area Network (LPWAN) protocols employed in IoT scenarios, such as Narrowband IoT (NB-IoT) [5] defined in 3GPP 13 release [6], are not ideal environments to perpetrate Distributed Denial of Service (DDoS) based on high-rate brute force attacks, due to their associated low bit rate (60kpps uplink)
The filtering management solution proposed in this paper enables handling dynamically 5G network traffic according to the decisions made by the autonomic security framework, and it is based on BSD Packet Filter (BPF) as the underlying filtering mechanism to handle efficiently NB-IoT traffic in 5G-enabled networks
Summary
Internet of Things (IoT) applications are widely envisioned as a major use case in the forthcoming fifth-generation (5G) mobile networks and would account for one-quarter of the global 41 million 5G connections in 2024 [1]. In order to counter dynamically and on demand those cyber-threats in a 5G-enabled IoT network, the network operator might need to filter, mirror, divert, and differentiate IoT packets in the edge access network and in the core of the 5G network This traffic control and management should be performed at any packet encapsulation level required in LTE/5G Networks. Our proposed filtering mechanism in this paper allows inspecting and analyzing traffic without having to create any tunnel interfaces to deencapsulate the traffic It allows filtering beyond the first encapsulated layer and dealing with any packet and header of any inner encapsulated traffic to cope with mobility and multitenancy requirements of virtualized 5G networks. (iii) A prototype of a deep packet inspection method is presented, using a kernel space mechanism in order to have full control of encapsulated traffic required in virtualized NB-IoT networks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
