Browsing by Author "Skarmeta, Antonio"
Now showing 1 - 5 of 5
- Results Per Page
- Sort Options
- Enhancing IoT security through network softwarization and virtual security appliances
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä(2018-09) Molina Zarca, Alejandro; Bernal Bernabe, Jorge; Farris, Ivan; Khettab, Yacine; Taleb, Tarik; Skarmeta, AntonioBillions of Internet of Things (IoT) devices are expected to populate our environments and provide novel pervasive services by interconnecting the physical and digital world. However, the increased connectivity of everyday objects can open manifold security vectors for cybercriminals to perform malicious attacks. These threats are even augmented by the resource constraints and heterogeneity of low-cost IoT devices, which make current host-based and static perimeter-oriented defense mechanisms unsuitable for dynamic IoT environments. Accounting for all these considerations, we reckon that the novel softwarization capabilities of Telco network can fully leverage its privileged position to provide the desired levels of security. To this aim, the emerging software-defined networking (SDN) and network function virtualization (NFV) paradigms can introduce new security enablers able to increase the level of IoT systems protection. In this paper, we design a novel policy-based framework aiming to exploit SDN/NFV-based security features, by efficiently coupling with existing IoT security approaches. A proof of concept test bed has been developed to assess the feasibility of the proposed architecture. The presented performance evaluation illustrates the benefits of adopting SDN security mechanisms in integrated IoT environments and provides interesting insights in the policy enforcement process to drive future research. - INSPIRE-5Gplus: Intelligent security and pervasive trust for 5G and beyond networks
A4 Artikkeli konferenssijulkaisussa(2020-08-25) Ortiz, Jordi; Sanchez-Iborra, Ramon; Bernabe, Jorge Bernal; Skarmeta, Antonio; Benzaid, Chafika; Taleb, Tarik; Alemany, Pol; Muñoz, Raul; Vilalta, Ricard; Gaber, Chrystel; Wary, Jean Philippe; Ayed, Dhouha; Bisson, Pascal; Christopoulou, Maria; Xilouris, George; De Oca, Edgardo Montes; Gür, Gürkan; Santinelli, Gianni; Lefebvre, Vincent; Pastor, Antonio; Lopez, DiegoThe promise of disparate features envisioned by the 3GPP for 5G, such as offering enhanced Mobile Broadband connectivity while providing massive Machine Type Communications likely with very low data rates and maintaining Ultra Reliable Low Latency Communications requirements, create a very challenging environment for protecting the 5G networks themselves and associated assets. To overcome such complexity, future 5G networks must employ a very high degree of network and service management automation, which is a security challenge by itself as well as an opportunity for smarter and more efficient security functions. In this paper, we present the smart, trustworthy and liable 5G security platform being designed and developed in the INSPIRE-5Gplus1 project. This platform takes advantage of new techniques such as Machine Learning (ML), Artificial Intelligence (AI), Distributed Ledger Technologies (DLT), network softwarization and Trusted Execution Environment (TEE) for closed-loop and end-to-end security management following a zero-touch model in 5G and Beyond 5G networks. To this end, we specifically elaborate on two key aspects of our platform, namely security management with Security Service Level Agreements (SSLAs) and liability management, in addition to the description of the overall architecture. - An Interledger Blockchain Platform for cross-border Management of Cybersecurity Information
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä(2020-05-01) Neisse, Ricardo; Hernandez-Ramos, Jose Luis; Matheu-Garcia, Sara Nieves; Baldini, Gianmarco; Skarmeta, Antonio; Siris, Vasilios; Lagutin, Dmitrij; Nikander, PekkaCybersecurity certification is a core notion to support the mitigation of cybersecurity risks of Information and Communication Technologies (ICT). At the European Union (EU) level, the Cybersecurity Act establishes a common cybersecurity certification framework supporting the coexistence of different certification schemes across Member States. However, its realization needs to be sustained by technical approaches to enable ICT stakeholders from different sectors or countries to exchange cybersecurity information and evaluate the up-to-date security level of an ICT system throughout their lifecycle. Toward this end, we propose a blockchain-based platform using a novel interledger design, where ledgers associated with ICT artifacts, cybersecurity certificates, and vulnerabilities are interconnected. The main purpose is to leverage the advantages of blockchain in terms of distributed trust, transparency, and accountability, while at the same time coping with scalability, performance, and interoperability requirements. We analyze the impact of our platform in the current EU legislation and provide insights for its deployment. - A Machine Learning Security Framework for Iot Systems
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä(2020-01-01) Bagaa, Miloud; Taleb, Tarik; Bernabe, Jorge Bernal; Skarmeta, AntonioInternet of Things security is attracting a growing attention from both academic and industry communities. Indeed, IoT devices are prone to various security attacks varying from Denial of Service (DoS) to network intrusion and data leakage. This paper presents a novel machine learning (ML) based security framework that automatically copes with the expanding security aspects related to IoT domain. This framework leverages both Software Defined Networking (SDN) and Network Function Virtualization (NFV) enablers for mitigating different threats. This AI framework combines monitoring agent and AI-based reaction agent that use ML-Models divided into network patterns analysis, along with anomaly-based intrusion detection in IoT systems. The framework exploits the supervised learning, distributed data mining system and neural network for achieving its goals. Experiments results demonstrate the efficiency of the proposed scheme. In particular, the distribution of the attacks using the data mining approach is highly successful in detecting the attacks with high performance and low cost. Regarding our anomaly-based intrusion detection system (IDS) for IoT, we have evaluated the experiment in a real Smart building scenario using one-class SVM. The detection accuracy of anomalies achieved 99.71%. A feasibility study is conducted to identify the current potential solutions to be adopted and to promote the research towards the open challenges. - QoS and Resource-aware Security Orchestration and Life Cycle Management
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä(2022-08-01) Bagaa, Miloud; Taleb, Tarik; Bernal Bernabe, Jorge; Skarmeta, AntonioZero-touch network and Service Management (ZSM) exploits Network Function Virtualization (NFV) and Software-Defined Networking (SDN) to efficiently and dynamically orchestrate different Service Function Chaining (SFC), whereby reducing capital expenditure and operation expenses. The SFC is an optimization problem that shall consider different constraints, such as Quality of Service (QoS), and actual resources, to achieve cost-efficient scheduling and allocation of the service functions. However, the large-scale, complexity and security issues brought by virtualized IoT networks, which embrace different network segments, e.g. Fog, Edge, Core, Cloud, that can also exploit proximity (computation offloading of virtualized IoT functions to the Edge), imposes new challenges for ZSM orchestrators intended to optimize the SFC, thereby achieving seamless user-experience, minimal end-to-end delay at a minimal cost. To cope with these challenges, this paper proposes a cost-efficient optimized orchestration system that addresses the whole life-cycle management of different SFCs, that considers QoS (including end-to-end delay, bandwidth, jitters), actual capacities of Virtual Network Functions (VNFs), potentially deployed across multiple Clouds-Edges, in terms of resources (CPU, RAM, storage) and current network security levels to ensure trusted deployments. The proposed orchestration system has been implemented and evaluated in the scope of H2020 Anastacia EU project$^1$, showing its feasibility and performance to efficiently manage SFC, optimizing deployment costs, reducing overall end-to-end delay and optimizing VNF instances distribution.