Security has become the primary concern in many telecommunications industries today as risks can have high consequences. Especially, as the core and enable technologies will be associated with 5G network, the confidential information will move at all layers in future wireless systems. Several incidents revealed that the hazard encountered by an infected wireless network, not only affects the security and privacy concerns, but also impedes the complex dynamics of the communications ecosystem. Consequently, the complexity and strength of security attacks have increased in the recent past making the detection or prevention of sabotage a global challenge. From the security and privacy perspectives, this paper presents a comprehensive detail on the core and enabling technologies, which are used to build the 5G security model; network softwarization security, PHY (Physical) layer security and 5G privacy concerns, among others. Additionally, the paper includes discussion on security monitoring and management of 5G networks. This paper also evaluates the related security measures and standards of core 5G technologies by resorting to different standardization bodies and provide a brief overview of 5G standardization security forces. Furthermore, the key projects of international significance, in line with the security concerns of 5G and beyond are also presented. Finally, a future directions and open challenges section has included to encourage future research.

/pdf/a-survey-on-security-and-privacy-of-5g-technologies-1hq5wqw2pb.pdf

A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions

Internet of Things (IoT) is one of the most rapidly used technologies in the last decade in various applications. The smart things are connected in wireless or wired for communication, processing, computing, and monitoring different real-time scenarios. The things are heterogeneous and have low memory, less processing power. The implementation of the IoT system comes with security and privacy challenges because traditional based existing security protocols do not suitable for IoT devices. In this survey, the authors initially described an overview of the IoT technology and the area of its application. The primary security issue CIA (confidentially, Integrity, Availability) and layer-wise issues are identified. Then the authors systematically study the three primary technology Machine learning(ML), Artificial intelligence (AI), and Blockchain for addressing the security issue in IoT. In the end, an analysis of this survey, security issues solved by the ML, AI, and Blockchain with research challenges are mention.

Survey on IoT security: Challenges and solution using machine learning, artificial intelligence and blockchain technology

Service-oriented architecture (SOA) is gaining momentum as an emerging distributed system architecture for business-to-business collaborations. This momentum can be observed in both industry and academic research. SOA presents new challenges and opportunities for testing and verification, leading to an upsurge in research. This paper surveys the previous work undertaken on testing and verification of service-centric systems, which in total are 177 papers, showing the strengths and weaknesses of current strategies and testing tools and identifying issues for future work. Copyright © 2012 John Wiley & Sons, Ltd.

Testing and verification in service-oriented architecture: a survey

A scalable distributed machine learning approach for attack detection in edge computing environments

Security attacks typically result from unintended behaviors or invalid inputs. Security testing is labor intensive because a real-world program usually has too many invalid inputs. It is highly desirable to automate or partially automate security-testing process. This paper presents an approach to automated generation of security tests by using formal threat models represented as Predicate/Transition nets. It generates all attack paths, i.e., security tests, from a threat model and converts them into executable test code according to the given Model-Implementation Mapping (MIM) specification. We have applied this approach to two real-world systems, Magento (a web-based shopping system being used by many online stores) and FileZilla Server (a popular FTP server implementation in C++). Threat models are built systematically by examining all potential STRIDE (spoofing identity, tampering with data, repudiation, information disclosure, denial of service, and elevation of privilege) threats to system functions. The security tests generated from these models have found multiple security risks in each system. The test code for most of the security tests can be generated and executed automatically. To further evaluate the vulnerability detection capability of the testing approach, the security tests have been applied to a number of security mutants where vulnerabilities are injected deliberately. The mutants are created according to the common vulnerabilities in C++ and web applications. Our experiments show that the security tests have killed the majority of the mutants.

Automated Security Test Generation with Formal Threat Models

Security is a critical issue in dynamic and open distributed environments such as network-based services or wireless networks. To ensure that a certain level of security is maintained in such environments, the system behavior has to be restrained by a security policy in order to regulate the nature and the context of actions that can be performed within the system, according to specific roles. In this paper, we propose a passive testing approach that permits to check whether a system respects its security policy. To reach this goal, we specify this policy using 'Nomad' formal language which is based on deontic and temporal logics. This language is well adapted to passive testing methods that aim to analyze collected system execution traces in order to give a verdict about their conformity with to the system security requirements. Finally, we apply our methodology to an industrial case study provided by SAP group to demonstrate its reliability.

Security Rules Specification and Analysis Based on Passive Testing

This paper is devoted to the problem of evaluating the quality of experience (QoE) for a given multimedia service based on the values of service parameters such as QoS indicators. This paper proposes to compare two self learning approaches for predicting the QoE index, namely the approach based on logic circuit learning and the approach based on fuzzy logic expert systems. Experimental results for comparing these two approaches with respect to the prediction ability and the performance are provided.

http://mallouli.com/recherche/publications/ijoci2014.pdf

QoE Prediction for Multimedia Services: Comparing Fuzzy and Logic Network Approaches

The applications that rely on the combined use of multiple independent clouds pose a challenge to the control of their security. The difficulty of this task resides on the lack of insight on the cloud providers security measures, plus the need to simultaneously monitor the behaviour of multipleindividual components deployed in different clouds. This paper presents the SLA-driven monitoring of multi-cloud application security compliance. In this approach, the application security levels, controls and metrics are specified at design time in the Service Level Agreement (SLA) creation process and continuously monitored at runtime once the application components are deployed over the multi-cloud. The security monitoring is based on the Montimage Monitoring Tool (MMT), that combines Deep Packet Inspection (DPI) and data mining techniques to collect and analyse measurements at both network and application component levels for a holistic assurance.

SLA-Driven Monitoring of Multi-cloud Application Components Using the MUSA Framework

The fifth generation of mobile broadband is more than just an evolution to provide more mobile bandwidth, massive machine-type communications, and ultra-reliable and low-latency communications. It relies on a complex, dynamic and heterogeneous environment that implies addressing numerous testing and security challenges. In this paper we present 5Greplay, an open-source 5G network traffic fuzzer that enables the evaluation of 5G components by replaying and modifying 5G network traffic by creating and injecting network scenarios into a target that can be a 5G core service (e.g., AMF, SMF) or a RAN network (e.g., gNodeB). The tool provides the ability to alter network packets online or offline in both control and data planes in a very flexible manner. The experimental evaluation conducted against open-source based 5G platforms, showed that the target services accept traffic being altered by the tool, and that it can reach up to 9.56 Gbps using only 1 processor core to replay 5G traffic.

5Greplay: a 5G Network Traffic Fuzzer - Application to Attack Injection

Development and operation of multi-cloud applications, i.e. applications which consume and orchestrate services from multiple independent Cloud Service Providers, are challenging topics nowadays. Systematically addressing security assurance in such applications is an additional issue, unsolved at state of art. This paper introduces the MUSA DevOps approach to holistic security assurance in multi-cloud applications and details particularly the proposed approach to dynamic assurance at operation phase, which enables to early feed back the application security status to the development phase in order to take corrective actions as soon as possible, whenever they are needed.

Wissam Mallouli

Papers

Security Rules Specification and Analysis Based on Passive Testing

QoE Prediction for Multimedia Services: Comparing Fuzzy and Logic Network Approaches

SLA-Driven Monitoring of Multi-cloud Application Components Using the MUSA Framework

5Greplay: a 5G Network Traffic Fuzzer - Application to Attack Injection

Dynamic security assurance in multi-cloud DevOps