Abstract

Edge computing is crucial for many of the new 5G business vertical use-cases, such as Industry 4.0 robots, safety-critical communications, and highly-efficient smart grids. However, the tighter integration of such impactful businesses into previously core network operations raises significant security, trustworthiness, and reliability issues. A business vertical must not compromise the Edge platform to other business verticals. Likewise, the vertical Network Services (NSs) entrusted to the Edge should not be compromisable by adversary action. Inspired by the existing Internet Services Two-Factor Authentication (2FA) systems, we propose a Moving Target Defense (MTD) mechanism that protects sensitive NSs using a port mutation akin to a seamless Time-based One-Time Password (TOTP) authentication. Our architecture leverages Software-Defined Networking (SDN) to perform the mutations, having the option of working exclusively as a Virtual Network Function (VNF) that can be instantiated on-demand, or in conjunction with OpenFlow hardware-accelerated switches for smarter resource usage. The straightforward Proof-of-Concept implementation showed the approach was viable, with good forwarding plane performance (exceeding the current Network Interface Controllers capabilities), and effective at stopping the unauthorized interactions with the NS being protected. Because the TOTP approach depends on time and there is commonly occurring jitter (e.g., network), the Threat Detection must make a trade-off between minimizing false-positives (too many alarms) and having false-negatives (attempts that go unreported). We have struck a balance that reduces the probability of a rogue probe reaching the NS to nearly 0.0045%, while the probability of stopping an attack but not generating the alarm is approximately 2%. Future work, such as adaptive delay compensation or the use of AI/ML, may further improve the effectiveness of the solution.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.