SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks (2015) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1243
SPECIAL ISSUE PAPER
A security and trust framework for virtualized networks and software-defined networking Zheng Yan1,2*, Peng Zhang3 and Athanasios V. Vasilakos4 1 2 3 4
State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an, 710071, China Department of Communications and Networking, Aalto University, Espoo, 02150, Finland The Institute of Mobile Internet, Xian University of Posts and Telecommunications, Xi’an, 710121, China University of Western Macedonia, Kozani, Greece
ABSTRACT With the great success of the second-generation wireless telephone technology and the third-generation mobile telecommunications technology, and the fast development of the fourth-generation mobile telecommunications technology, the phase of fifth-generation mobile networks or fifth-generation wireless systems (5G) is coming. In this article, we indicate the open research issues of 5G security and trust in the context of virtualized networking and software-defined networking. We further propose a framework of security and trust focusing on solving 5G network security issues. The proposed framework applies adaptive trust evaluation and management technologies and sustainable trusted computing technologies to ensure computing platform trust and achieve software-defined network security. It adopts cloud computing to securely deploy various trustworthy security services over the virtualized networks. We analyze that the framework can support and satisfy all security requirements specified in standardization. We also suggest future research work according to the proposed framework and discuss the advantages of our framework in terms of practical deployment. Copyright © 2015 John Wiley & Sons, Ltd. KEYWORDS 5G security; network function virtualization; software-defined networking; trusted computing; trust management; cloud computing *Correspondence Zheng Yan, State Key Laboratory of Integrated Services Networks, Xidian University, POX 119, No. 2 South Taibai Road, 710071, Xi’an, China. E-mail:
[email protected];
[email protected]; zheng.yan@aalto.fi
1. INTRODUCTION With the great success of second-generation wireless telephone technology and third-generation mobile telecommunications technology, and the fast development of fourth-generation mobile telecommunications technology, the phase of fifth-generation mobile networks or fifth-generation wireless systems (5G) is coming. Fifthgeneration wireless systems aim to offer a big data bandwidth and infinite capability of networking. They will bring brilliant user experiences on mobile communications and multimedia sharing. Fifth-generation wireless systems are also referred to as beyond 2020 mobile communication technologies. At present, 5G has not yet been described by any particular specifications in any official documents published by any telecommunication standardization bodies. Some
Copyright © 2015 John Wiley & Sons, Ltd.
governments, telecommunication companies (e.g., Samsung, Huawei, Telefonica, Ericsson, and Nokia), and scientific researchers have initiated their activities on 5G research and development in recent years. Beyond fourthgeneration mobile telecommunications technology, the major difference of 5G is much more than increased maximum throughput. Considering the current technical advance including massive dense networks, interference and mobility management, Internet of Things [1,2], software-defined networking (SDN), network functions virtualization (NFV), pervasive and social computing [3,4], mobile ad hoc networks, wireless mesh networks [5], cognitive radio [6], cloud computing [7–9], and so on, what will the 5G look at? What is the perspective of 5G security and trust? Some experts commented that 5G will definitely apply and benefit from the aforementioned technologies, and the aforementioned technologies will
Security and trust framework for virtualized networks and SDN
Z. Yan, P. Zhang and A. V. Vasilakos
The rest of the article is organized as follows. Section 2 specifies security and trust problems in virtualized networks and SDN. Section 3 gives a brief overview of related literature. Section 4 introduces the design of framework, followed by detailed descriptions of key technologies applied in the framework in Section 5. In Section 6, we analyze that the proposed framework can satisfy the security requirements specified in standardization. Finally, a conclusion is presented in the last section.
based on the instruction generated by the control plane by applying whatever smart routing and traffic controlling technologies [6]. This evolution makes possible to intelligently and flexibly control traffic flows by applying recent technical advances, such as Internet-of-Things data mining [1], traffic monitoring and analysis [11–13], and smart intrusion detection, in order to achieve the best network throughput. However, security and trust become a crucial issue in practical deployment of the aforementioned technologies in 5G. The critical problem is that there is no practical security and trust architecture that can support virtualized networks: (1) the network function virtualization infrastructure (NFVI) (hardware and middleware) should be secured and trustworthy enough to deploy and allocate various network functions (software); (2) how to make NFVI to ensure the quality-of-service (QoS) of various virtualized network functions (VNFs) running on it is a trust management problem in NFVI (how to select trustworthy functions to allocate in NFVI in a specific context becomes a serious issue); (3) how to ensure SDN security and NFVI security to resist against intrusions and countermeasure malicious attacks and vulnerabilities specially target on them; (4) how to flexibly provide sufficient security services or functions in the future networks in an economic way; (5) how to provide various security functions (SFs) based on NFVI in a trustworthy way, supposed that many options offered by different vendors are available in a global market; and (6) how to make a set of VNFs to cooperate and work together as the expectation of an authorized party? Herein, we only list a limited number of security and trust issues related to 5G. We believe there could be more issues raised when we further investigate 5G security and trust and when a standard 5G infrastructure is available under a specific security and trust model. Because 5G is just initiated, standardized network architecture and concrete trust and security models are not available yet, we assume in this article that (1) NFVI is a basic network function deployment platform, which can be applied by a networking device; (2) SDN is applied for network traffic flow control (e.g., routing and switching); and (3) network functions are provisioned based on cloud computing technologies and deployed based on NFVI.
2. PROBLEM STATEMENT
3. LITERATURE BACKGROUND
Applying NFV, SDN, and cloud computing technologies to enhance the flexibility of network function provision and update, as well as reduce deployment cost, has been widely accepted and adopted in industry in recent years. In the future, network functions can be accessed like the Information Technology (IT) services we use today, as benefited from cloud computing technologies. Based on SDN, data planes and control planes are separated to make the data traffic forwarded from a source to a destination
3.1. SDN and its security
be also further developed because of 5G. However, integrating all the aforementioned and innovating new techniques for 5G could introduce extreme challenges on 5G security and trust. A number of issues such as 5G security and trust architecture, trustworthy transmission collaboration, secure 5G service provision, seamless and secure integration of heterogeneous networking resources, and so on have not been seriously explored and studied. Without any doubt, 5G introduces tremendous challenges on security and trust, but this study is just initiated in industry and academia. This article proposes a framework of security and trust for 5G based on the perspective that the next generation network functions will be highly virtualized and SDN is applied for traffic control. Network hardware and software are separated at most of devices (e.g., server, switches, routers, and base stations) over the whole networks. Most network vendors adopt network function virtualization. Our framework applies adaptive trust evaluation and management technologies and sustainable trusted computing technologies to ensure computing platform trust and achieves SDN security. It applies cloud computing to securely deploy various trustworthy security services over the virtualized networks. Specifically, the contributions of the article can be summarized as follows: (1) We indicate the open issues of 5G security and trust in the context of virtualized networking and SDN; (2) We propose a security and trust framework that supports and satisfies all security requirements specified in standardization based on analysis [10]; (3) We further point out future research work on the basis of the proposed framework and discuss the advantages of our framework in terms of practical deployment.
Software-defined networking is an approach to design, build, and manage networks. The basic concept is that SDN separates the network’s control (brains) and dataforwarding (muscle) planes to make it easier to optimize each. In this environment, a controller in the control plane acts as the “brain”, providing an abstract, centralized view of the overall network. Through the controller, network Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Z. Yan, P. Zhang and A. V. Vasilakos
administrators can quickly and easily make and push out decisions on how the underlying systems (e.g., switches and routers) of the data-forwarding plane (in short data plane) should handle traffic. The most common protocol used in SDN networks to facilitate the communication between the controller and the data planes (called southbound application programmatic interface (API)) is currently OpenFlow. An SDN environment also uses open APIs to support all the services and applications running over the networks. These APIs, commonly called northbound APIs, facilitate innovation and enable efficient service orchestration and automation. As a result, SDN enables a network administrator to shape traffic and deploy services to address the needs of business changes, without having to touch each individual switch or router in the dataforwarding plane. Applying SDN has many benefits, such as reducing cost of new network function deployment; making it easy to design, deploy, manage, and scale networks; improving deliver agility and flexibility; and enabling innovation. Current research on SDN security has two divisions: (1) exploiting the SDN framework for enhanced network security and (2) studying for ensuring the security of SDN itself. In the first division, the SDN technology is applied to implement or deploy security solutions to achieve secure networking, for example, applying SDN to perform intrusion/malware detection and unwanted traffic control [11,14,15]. In the second division, it is estimated that applying SDN could expose the network to a range of new attacks and vulnerabilities, such as intrusions on SDN controllers, trustworthy authentication between a control plane and a data plane, and malicious control on routers/switches due to the misbehaviors of controllers due to attacks [16–20]. Without a significant focus on security, it will not be possible for SDN to support the evolving capability associated with, for example, NFV [18]. There are many untapped potential and unresolved challenges. A concerted effort in both directions could yield a truly secure and reliable software-defined network. In the Open Networking Foundation (https://www. opennetworking.org/) and the European Telecommunications Standards Institute (ETSI; http://www.etsi.org/), groups focused specifically on security in SDN and NFV, respectively, have been launched. In the Internet Research Task Force (https://irtf.org/) and the International Telecommunication Union—Telecommunication Standardization Sector (http://www.itu.int/en/ITU-T/Pages/default. aspx), general SDN study groups have been launched in which security in SDN is an identified issue. 3.2. NFV and its security We can find some documents about NFV in the site of ETSI [21]. An introduction, benefits, enablers, and challenges of NFV are specified for initiating actions with regard to applying NFV in future networking. Similar to the concept of cloud computing, network functions can be provided as a service for the purpose of networking. Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Security and trust framework for virtualized networks and SDN
A number of use cases are specified with regard to NFV, such as NFVI-as-a-service, VNF-as-a-service, virtual-network-platform-as-a-service, VNF forwarding graphs, virtualization of mobile core network and IP multimedia subsystem (IMS), virtualization of mobile base station, virtualization of the home environment, virtualization of Content Delivery Networks (CDNs), and fixed access network functions virtualization [22]. ETSI specifies NFV reference architectural framework [23] and requirements, including security [12, p. 9–10] in Oct. 2013. However, it lacks a uniform and generic security and trust framework to support the aforementioned security requirements over virtualized networks. 3.3. Cloud computing and its security We performed a survey on cloud computing security and specified the open issues/challenges on the trust management of mobile cloud computing in [7]. Cloud computing has emerged as a promising service business. Quite a number of vendors, such as Google, Amazon, Microsoft, and IBM, have shipped cloud computing services into markets. Many technologies have been proposed to enhance its trustworthiness [24]. The technologies applied for ensuring a trustworthy cloud computing include data access control for secure data storage at cloud service providers (CSPs) [25–27], identity management [28,29], privacy enhancement and cloud computing verification [30,31], resource optimization [8,32], QoS enhancement [33,34], and trust establishment [35–37]. Notably, most of existing solutions can also be applied into the scenarios of mobile cloud computing when user data are stored at a third party, especially when making use of mobile Internet architecture. Existing security solutions for cloud computing are enablers to ensure cloud computing quality and trust. However, the existing solutions cannot solve the problems specified in Section 2 in the context of 5G if applying SDN and NFV. Without any doubt, cloud computing will play an important role in 5G for service delivery. In particular, it provides a sound infrastructure for deploying Securityas-a-Service to enhance the security of 5G. But the Security-as-a-Service cannot solve all security and trust issues of 5G, such as those listed in Section 2.
4. A TRUST AND SECURITY FRAMEWORK We propose a framework of security and trust for future 5G networks based on the perspective that the next generation network functions will be highly virtualized; network hardware and software are separated at most of network devices over the whole networks; SDN is applied to control traffic flows; and cloud computing is adopted to deliver networking functions and services. Figure 1 shows a reference architectural framework
Security and trust framework for virtualized networks and SDN
Z. Yan, P. Zhang and A. V. Vasilakos
Figure 1. Network functions virtualization (NFV) reference architectural framework (a reference only) [23]. VNF, virtualized network function; OSS, operation support system; BSS, business support system; EMS, element management system.
applied in standardization in which our proposed framework can be embedded [23]. The detailed description of this reference architectural framework is provided in Appendix A. As shown in Figure 2, our proposed security and trust framework contains two types of services related to security and trust: NFVI Trust Platform (NFVI-TP) as-a-service; SF-as-a-service, and trust functions (TF) as-a-service, which can be flexibly deployed in NFVI-TP in a trustworthy way. The NFVI-TP can be embedded into a standard NFVI by an authorized party (e.g., an NFVI vendor; Figure 1). It ensures NFVI platform layer security by providing a root trusted module (RTM) to ensure every component built upon it is certified as trusted [38], for example, by verifying the newly installed component in the infrastructure is from a trustworthy party or as expected by the RTM. Thus, the RTM can support a middleware layer (e.g., located in the virtualization layer of VFNI in Figure 1) in a trustworthy way to ensure its each component is trusted. The middleware layer contains a number of security and trust management components to work as a security and trust management layer to realize, maintain, and ensure the trustworthiness of the virtualized SFs and TFs as follows. First, a reputation management component is applied to monitor and evaluate the performance of VNFs to select a trustworthy VNF to execute in a specific context. Note that a number of NFVI-TPs can collaborate together over the network and exchange trust/reputation information in a secure way to help the reputation management component to select most suitable VNFs for deployment.
Second, a trust enhancement component is used to ensure the QoS of one VNF or a composed number of VNFs, for example, by applying a suitable resource arrangement strategy or adopting the best control modes in the NFVI. Third, a trust insurance component is applied to ensure one VNF to work as the expectation of an authorized party (e.g., a remote home operator) and ensure a number of VNFs to collaborate with each other based on a specified policy (e.g., according to a VNF forwarding graph or the criteria/policies/rules of a third authorized party). Last but not the least, fundamental SFs are embedded to offer traditional or standard SFs, such as key generation, secure storage, secure authentication, cryptographic computation, verification, and other functionalities to ensure data confidentiality and integrity, information availability, authentication and non-repudiation, which could be legacy SFs that should be provided to make the proposed framework compatible with old systems and can work in parallel with the legacy network devices. Notably, additional NFVI-TP components can be flexibly embedded into the NFVI-TP to provide new functions or support new demands of security or trust management. The NFVI-TP can dynamically deploy any number of SFs and TFs as VNFs needed in secure networking. SF and TF can be provided by cloud computing services. Typical SFs include intrusion detection functions, malware detection functions, smart firewall functions, virus cleaning functions, privacy preservation functions, identity management functions, policy management functions, resource access control functions, data access control functions, secure storage functions, data rights management functions, securityrelated computing functions (e.g., encryption/decryption, Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Z. Yan, P. Zhang and A. V. Vasilakos
Security and trust framework for virtualized networks and SDN
Figure 2. Security and trust framework. NFVI-TP, network functions visualiztion infrastructure trust platform.
authentication etc.), failure detection [39], and so on. Typical TFs include trust evaluation functions, reputation generation functions, recommender functions, and trust management functions. Additional SFs and TFs can be deployed by the NFVI-TP by applying verification on either reputation or certificate, or both. SFs and TFs can access some basic security functionalities offered by the fundamental SFs provided by the NFVI-TP following access control policies that are ensured by RTM. The access rights are decided based on the functionalities of SFs and TFs and their reputations. In summary, the NFVI-TP ensures each network device to work and collaborate with each other in a trustworthy way. The SFs and TFs guarantee that the network device can be protected or perform in a secure way or securely collaborate with other network devices by applying any security/trust-related functions offered by different thirdparty service providers (e.g., CSPs). The SFs and TFs are generally virtualized SFs/TFs deployed in a network function layer that can be commonly called by and cooperated with other VNFs. In Figure 1 (a standardized NFV reference architectural framework in [23]), RTM is one of hardware resources. NFVI-TP middleware layer is located at the virtualization layer as one of the virtualized infrastructure managers. SFs and TFs are deployed as VNFs in a dynamic way by authenticating the service providers and according to the analysis provided by the reputation management component in NFVI-TP. Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
5. KEY TECHNOLOGIES A number of key technologies are applied in the security and trust framework for virtualized networks and SDN. 5.1. Remote attestation and trust sustainment This mechanism is applied in the trust insurance component in NFVI-TP to ensure that one VNF can work as the expectation of an authorized party (e.g., a remote home operator) at a networking device. One use case is a home operator may depend on a foreign operator to perform some network functions according to its expectation in a trustworthy way, for example, for counting traffic volumes directly at the foreign network without the involvement of the host’s home network during roaming. The purpose is to achieve better performance and release the load of network management. To ensure the trustworthy execution of some network functions as a third party’s expectation at a remote site according to the agreement between local site and remote site, an NFVI-TP mechanism should be designed to support this mechanism. Herein, we use RTM to ensure the fulfillment of execution policies (defined by a third authorized party) of a VNF running at a networking device. One example implementation is to use the protocol for trust sustainability among trusted computing platforms, as described in [38]. The idea is to
Security and trust framework for virtualized networks and SDN
allow an authorized party to use RTM to attest a networking device’s trustworthiness, and to embed the authorized party’s policies/criteria/rules into the trust insurance component of the device NFVI-TP; thus, it is possible to ensure the fulfillment of the aforementioned policies/criteria/rules at the networking device as expectation. One example implementation of RTM can be a trusted platform module defined in Trusted Computing Group standard forum (http:// www.trustedcomputinggroup.org/). 5.2. Trust management and QoS enhancement of VNFs The NFVI-TP is responsible for ensuring the QoS of VNFs running upon it. The performance with regard to quality attributes of each VNF should be monitored, and an adaptive mechanism should be applied to ensure the trustworthiness of VNFs at runtime based on the capability and competence of NFVI-TP. One example implementation technology is to apply an adaptive trust control model to dynamically adjust VNFI resources based on real-time trust evaluation results and select the most suitable trust management or control modes to enhance the QoS and trust of VNFs running in the NFVI. One solution based on the theory of fuzzy cognitive map is provided in [40] to achieve autonomic trust management adaptive to context changes. This functionality is implemented by the trust enhancement component in NFVI-TP. 5.3. Reputation ensured deployment of SFs and TFs The performance of SFs and TFs provided by different vendors are monitored and evaluated by the reputation management component of NFVI-TP. The trust of each SF or TF thus can be evaluated by this component at each networking device over the networks. The local trust values of each SF and TF can be further accumulated in either a centralized way or a distributed way to generate reputation of SF and TF in terms of real application contexts. Thereby, SF and TF deployment trust can be enhanced by selecting the most reputable SFs and TFs based on trust evaluation and reputation generation. Various mechanisms for trust evaluation and reputation generation can be flexibly embedded into the proposed framework and implemented by the reputation management component in NFVI-TP with context-awareness support. 5.4. Execution of VNF forwarding graph and policies of a third party A very crucial issue in a virtualized network is how to ensure that VNFs can cooperate with each other based on VNF forwarding graph and the rules/criteria/ policies defined by an authorized party (e.g., an operator). In the proposed security and trust framework, the trust insurance component in NFVI-TP is applied to authenticate authorized parties and embed their policies into the NFVI-TP
Z. Yan, P. Zhang and A. V. Vasilakos
(secure storage) by negotiating with related parties and controlling an execution flow by applying the RTM to ensure that trustworthy and correct functions are installed and executed, which exactly follows the execution policies/rules/criteria and the forwarding graph. The trust insurance component registers the VNF Forwarding Graph and execution policies/rules/criteria for each running VNF and makes sure that the expected execution flow happens and meanwhile VNFs cooperate together based on the VNF Forwarding Graph. Note that the framework supports dynamically embedding policies/rules/criteria and VNF forwarding graphs into the trust insurance component. Secure authentication and trust verification should be performed for this process. 5.5. VNF reputation generation The reputation of VNF is generated based on local performance monitoring and trust evaluation on each running VNF, and/or the trust information collected from other network devices. The generated reputation triggers requests to a CSP to deploy a concrete VNF at a local NFVI or initiate recommendations to other networking devices with the same purpose. 5.6. Identity management In the proposed framework, VNF is identified using its hash code. The identifier of VNF is used for generating reputation, evaluating trust, and indicating a VNF in a VNF forwarding graph. The identifiers of all installed VNFs in an NFVI are registered at the secure storage of RTM. For the purpose of communications, the VNF identifier is certified by the RTM of its host networking device. 5.7. Secure authentication The authentication of VNFs can be achieved by authenticating reputation level of VNFs, issued by each NFVI-TP and signed by the NFVI-TP’s RTM. 5.8. SDN security protection The control plane and data plane of SDN can be implemented based on the referral architecture of NFV and the proposed security and trust framework. The devices that implement the control plane and data plane are built up based on the NFVI and our proposed security and trust framework. The SDN security concerns two important issues: (1) secure authentication between the control plane and the data plane and (2) protection on control plane and data plane against security threats. We illustrate the proposed security and trust framework can protect SDN security as follows. The control plane and data plane can authenticate with each other based on the identifiers of control plane and data plane, and their reputations. Their identifiers are certified Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Z. Yan, P. Zhang and A. V. Vasilakos
by the RTM. An identity management VNF can process authentication at the control plane and the data plane, respectively. Both the control plane and the data plane can be well protected from various security threats by installing SFs and TFs on the basis of NFVI-TP. Malicious unwanted traffic intrusions and malware intrusions can be detected, a smart firewall can block attacks from detected malicious sources, and a virus cleaner can kill and clean virus efficiently if there is any. In addition, TFs assist the planes to collect useful information to perform trust evaluation on a third network entity, generate reputation by exchanging experiences with other entities, and select trustworthy entities for cooperation. By integrating both TFs and SFs, security threats can be effectively eliminated. To fight against malicious control instructions from a control plane at the data plane, a kind of intrusion detection SF against malicious traffic controls should be certified and installed at the data plane device. One example implementation of this SF is applying pattern recognition mechanisms to find abnormal control instructions to take corresponding actions effectively.
6. SECURITY ANALYSIS We further discuss that the proposed framework is able to support and fulfill the security requirements listed in [10] with regard to nine aspects to analyze the security of the proposed framework. First, the NFVI-TP can provide appropriate security countermeasures for the NFV framework in the following points: • To cure or alleviate security vulnerabilities introduced by the virtualization layer, the RTM can be applied to ensure any components installed and executed at the virtualization layer of NFV framework is trustworthy. • To protect data stored on shared storage resources or transmitted via shared network resources in virtualized networks, SFs about security computing and secure data communications can be deployed to support secure data transmission via the shared network resources. • To protect new interfaces exposed by the interconnectivity among NFV end-to-end architectural components, for example, hardware resources, VNFs, and management systems, the NFVI-TP can be configured to support trustworthy interconnectivity and cooperation among NFV architectural components. In this regard, the execution trust of VNFs can be ensured by adaptively adopting suitable trust management and control modes at NFVI and applying the technology of trust management and QoS enhancement as discussed earlier. Execution policies can be ensured using remote attestation, trust sustainment, and RTM technologies, as discussed in Section 5. Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Security and trust framework for virtualized networks and SDN
• The trust insurance component in NFVI-TP can be configured to achieve an isolation of distinct VNF sets executing over the NFVI to ensure security and separation between these VNF sets. In this regard, policies of the VNF isolation can be registered as execution policies by the trust insurance component, and then, it can make sure that the execution isolation is achieved by ensuring the fulfillment of the execution policies of related VNFs. The trust insurance component can further controls communications happening inside the indicated sets of the executed VNFs based on its embedded policies/rules/criteria related to these actions if any. If isolation cannot be ensured and found by RTM, a warning will be raised by the NFVI-TP. For example, this can be implemented with the technology for execution of the vnf forwarding graph and policies of a third party, as discussed earlier. Trusted execution environment can be thus implemented by making the policies to ensure limited resource control required by execution isolation. • To support a secure management of VNF sets by other third-party entities (e.g. virtual network platform-as-a-service, enterprise virtual customer premises equipment, and virtual consumer home gateways), the technology of remote attestation and trust sustainment as discussed earlier can be applied, to ensure one or a set of VNFs to execute based on the policies/rules/criteria specified by a third authorized party. We believe implementation is essential for evaluating the effectiveness of our proposed framework, especially for supporting the aforementioned aspects. This will be an important task of our future work. Second, the proposed security and trust framework can further enable the NFV framework to provide mechanisms for a network operator to control and verify the configuration of the elements that virtualize the hardware resource. As a part of the NFV framework, NFVI-TP can be configured by the network operator that deploys it at different networking devices for satisfying the demand on hardware resource virtualization. Hardware resource allocation can be handled by NFVI-TP by applying the technology of trust management and QoS enhancement as discussed earlier. In this regard, the trust management and control mode is a configuration of hardware resource and security/trust enhancement mechanisms, which can be adopted at the NFV framework at the runtime of VNFs. NFVI-TP’s trust enhancement component is applied to realize this function for adaptively selecting a suitable trust management and control mode. The configuration of the elements that virtualize the hardware resource can be verified as expectation by using attestation based on RTM, which can be triggered by the network operator. Future research needs to further investigate how to realize auto-configuration on networking resources based on trust management to support practical demands.
Security and trust framework for virtualized networks and SDN
Third, the fundamental SFs in NFVI-TP and SFs can be deployed, to enable management and orchestration functionalities by using standard security mechanisms wherever applicable for authentication, authorization, encryption, and validation. Fourth, through NFVI-TP, the NFV Infrastructure is able to use standard security mechanisms wherever applicable for authentication, authorization, encryption, and validation. In this regard, the proposed security and trust framework can embed or deploy standard security mechanisms as either the fundamental SFs in NFVI-TP or deploying SFs as VNFs. In particular, any standard security mechanisms can be deployed as SFs over NFVI by selecting the best candidates from a CSP (e.g., a cloud security-service provider). Further, security of shared storage (e.g. mirroring and backups) can be realized by the trust enhancement component. In this regard, mirroring or backups are kinds of trust management or control mechanisms configured as a part of a control mode offered by the NFVI-TP. Fifth, the proposed security and trust framework can further enable the NFV framework to provide role-based information access control and rights management. In this regard, data access control mechanisms based on roles, identities, reputation/trust, or attributes can be deployed as SFs in the NFVI-TP. Data rights management can also be deployed as an SF. For example, the SFs for identity and policy management can be deployed in the NFVITP. They cooperate with the trust insurance component in NFVI-TP and (resource/data) access control SFs to enable each actor, based on its associated role definition, to access to a subset of the VNF instances and a subset of the VNF instances management functions (e.g. creation, modification, and activation). A special role is the administrator role that is able to manage roles and rights. Concrete solutions should be further investigated for real implementation. This could be an interesting topic worth our further efforts. Sixth, establishing a trust relationship chain among different layers of a networking device can protect access to NFV functions via NFV-exposed APIs at all layers. As discussed earlier, in the proposed security and trust framework, the trust relationship chain can be established based on the RTM. In the RTM, NFVI-TP, and SFs, standard security mechanisms can be provided and embedded based on practical demands so that the access via exposed APIs can be protected by using standard security mechanisms appropriate for that layer, wherever applicable for authentication, authorization, data confidentiality, and data integrity. Seventh, an SF for resource access control can be configured in the proposed security and trust framework, to enable the management and orchestration functionality in the NFV architecture to provide at least two levels of privileges to API clients, for example, root privilege and user privilege. In this case, the root privilege is a higher level of privilege than the user one. Each privilege gives access to a range of differentiated APIs.
Z. Yan, P. Zhang and A. V. Vasilakos
Eighth, SFs for resource and data access control can be configured to support a division of NFV-exposed APIs based on corresponding levels of privilege. In this regard, the NFV-exposed APIs can be divided into multiple subsets of APIs so that clients with different levels of privilege will only be able to use certain subsets of API functionality based on the clients’ levels of privilege. A special case is that the management and orchestration functionality allows using all APIs for the highest privilege only. It could be an interesting topic worth our study regarding realizing the aforementioned resource access control based on RTM and corresponding SFs to achieve layered control and good performance. Finally, in the NFV architecture, the management and orchestration functionality is able to authorize client’s privilege for using APIs based on operator-defined criteria. For fulfilling this requirement, the RTM, the SF for resource access control and the trust insurance component in NFVI-TP can cooperate together to ensure that the privilege management for resource access should follow the policy or criteria defined by an authorized party. This study can be carried on together with investigating solutions for the aforementioned eight aspects to make it support the criteria specified by a remote authorized party. In summary, according to the embodiments of the proposed framework, security and trust management can be provided by the RTM and NFVI-TP middleware as an essential part of NFVI (in both the hardware and the virtualization layers), which can be deployed as a platform-as-a-service. Additionally or alternatively, various kinds of SFs and TFs can be deployed as security-asa-service and/or trust-as-a-service, which are provided by CSPs and deployed as VNFs in the layer of VNF. In particular, we would like to indicate that additional research issues would be raised with regard to developing concrete solutions to achieve the specified requirements based on the proposed framework. We leave this as future work and would like to instruct future research directions by sketching basic ideas herein.
7. FURTHER DISCUSSIONS The proposed framework has the following advantages. Generality: The proposed security and trust framework is generic and can be deployed in any networking devices, such as servers, routers, switches, and base stations, if their architecture is compatible with NFVI. It provides a generic security and trust infrastructure for networking devices and offers a uniform platform to embed any fundamental SFs and new advanced SFs. Meanwhile, it supports cooperation among networking devices in a secure and trustworthy way in various networking contexts. Flexibility: It is very flexible to embed any required SFs and TFs into the networking device that adopts the proposed framework by applying the RTM, the NFV Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Z. Yan, P. Zhang and A. V. Vasilakos
technology, and the cloud computing technology. Security: The framework achieves security in three folds: First, the platform layer security is ensured by the RTM; based on this root trust, we can induce additional trust on any components established upon it, for example, the NFVI-TP middleware components, SFs, TFs, and VNFs. Second, VNFs’ security is achieved using certification verification or hash code verification that is handled by RTM to ensure VNFs are sourced from a trustworthy party and as expectation. Third, attacks and intrusions, as well as any security threats on networking devices, can be overcome by deploying various SFs and TFs as VNFs. Trustworthiness: The framework also achieves trust in three folds. First, we assume the fundamental trust is offered by RTM, which depends on sound hardware security and advanced cryptographic technologies to achieve this basic trust relationship. Second, trust of each VNF and a number of composed VNFs will be maintained based on adaptive trust management and control mechanisms at runtime by monitoring quality attributes and controlling VNFs’ trust by adopting suitable trust management and control modes. Third, by applying trust evaluation and reputation generation, the networking device based on the proposed framework can select the most trusted VNFs for deployment and is able to cooperate with trustworthy VNFs located in a remote device. Comprehensiveness and integrity: The proposed security and trust framework provides a holistic security and trust solution for virtualized networks and SDN. First, NFVI security can be ensured at a networking device. Applying RTM can ensure that the components and VNFs installed at the device are trustworthy as expectation. Second, RTM and NFVI-TP SFs and TFs help the networking device to perform securely in the cooperation and communication with other devices for the fulfillment of networking tasks, for example, routing and traffic control. Third, SFs and TFs work together to help the networking device overcome any intrusions and attacks, achieve security goals, and avoid security threats. Fourth, RTM and NFVI-TP cooperate to ensure the QoS and running trust of the SFs, TFs, and VNFs installed and executed at the NFVI. Fifth, the framework can guarantee that a VNF running at a device can perform according to the policies/rules/criteria agreed between the local device and a remote device. It can also make sure VNFs can cooperate with each other following their forwarding graph.
8. CONCLUSIONS The phase of 5G is coming, but the picture of 5G is still unclear. Although there are different perspectives and theories proposed for 5G, the common opinion is 5G will benefit from the advances of emerging technologies and Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Security and trust framework for virtualized networks and SDN
will motivate their further development. Concerning the popularity and wide industry adoption of NFV and SDN, we propose a security and trust framework for virtualized networks and SDN. The framework applies the advances of our previous work in the area of adaptive trust evaluation and management and sustainable trusted computing to ensure network computing platform trust and achieve SDN security in the context of virtualized networks. We analyze that the framework can support and satisfy all security requirements specified in standardization and further discuss its advantages regarding generality, flexibility, security, trustworthiness, and integrity. Regarding future work, we suggest making efforts in the following aspects. In the security analysis, we have indicated future research directions in terms of each security requirement based on the proposed framework. This article focuses on network security and trust in 5G. It is important to note that 5G mobile terminal security and air interface trust are other lines of research and development regarding 5G security. For concrete solutions in practical implementation based on the proposed framework, as well as security and trust for 5G terminals and air interface, we leave them as our future work.
ACKNOWLEDGEMENTS This work is sponsored by the PhD grant (JY0300130104) of Chinese Educational Ministry, the initial grant of Chinese Educational Ministry for researchers from abroad (JY0600132901), the grant of Shaanxi Province for excellent researchers from abroad (680F1303), and Aalto University.
REFERENCES 1. Yan Z, Zhang P, Vasilakos AV. A survey on trust management for Internet of Things. Journal of Network and Computer Applications 2014; 42:120–134. 2. Raza S, Duquennoy S, Höglund J, Roedig U, Voigt T. Secure communication for the Internet of Things—a comparison of link-layer security and IPsec for 6LoWPAN. Security and Communication Networks 2014; 7:2654–2668. 3. Yan Z, Chen Y, Shen Y. PerContRep: a practical reputation system for pervasive content services. Supercomputing 2014; 70(3):1051–1074. 4. Yan Z, Chen Y, Shen Y. A practical reputation system for pervasive social chatting. Computer and System Sciences 2013; 79(5):556–572. 5. Cheng H, Xiong N, Vasilakos AV, Yang LT, Chen G, Zhuang X. Nodes organization for channel assignment with topology preservation in multi-radio wireless mesh networks. Ad Hoc Networks 2012; 10(5): 760–773.
Z. Yan, P. Zhang and A. V. Vasilakos
Security and trust framework for virtualized networks and SDN
6. Xiong N, Vasilakos AV, Yang LT, et al. A novel selftuning feedback controller for active queue management supporting TCP flows. Information Sciences 2010; 180(11):2249–2263. 7. Yan Z. Trust management in cloud computing. In Trust Management in Mobile Environments—Usable and Autonomic Models, Yan Z (ed). IGI Global: Hershey, Pennsylvania, USA, 2013. 8. Li J, Qiu M, Ming Z, Quan G, Qin X, Gu Z. Online optimization for scheduling preemptable tasks on IaaS cloud systems. Journal of Parallel and Distributed Computing 2012; 72(5):666–677. 9. Habib SM, Ries S, Mühlhäuser M, Varikkattu P. Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source. Security and Communication Networks 2014; 7:2185–2200. 10. ETSI GS NFV 004 V1.1.1 (2013-10). Network Functions Virtualization (NFV): Virtualization Requirements. Retrieved from http://www.etsi.org [Accessed on 22 April 2014]. 11. Yan Z, Kantola R, Shen Y. A generic solution for unwanted traffic control through trust management. New Review of Hypermedia and Multimedia 2014; 20(1):25–51. 12. Chen L, Yan Z, Zhang W, Kantola R. TruSMS: a trustworthy SMS spam control system based on trust management. Future Generation Computer Systems 2014. doi:10.1016/j.future.2014.06.010. 13. Shen Y, Yan Z, Kantola R. Analysis on the acceptance of global trust management for unwanted traffic control based on game theory. Computers & Security 2014; 47:3–25. 14. Jin R, Wang B. Malware detection for mobile devices using software-defined networking. Research and Educational Experiment Workshop (GREE), 2013; Second GENI: 81–88. 15. Scott-Hayward S, O’Callaghan G, Sezer S. SDN security: a survey. IEEE SDN for Future Networks and Services (SDN4FNS), 2013; 1–7. 16. Kloti R, Kotronis V, Smith P. OpenFlow: a security analysis. The 21st IEEE International Conference on Network Protocols (ICNP), 2013. 17. Sezer S, Scott-Hayward S, Chouhan P, et al. Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine 2013; 51(7):36–43. 18. Santos MAS, De Oliveira BT, Margi CB, et al. Software-defined networking based capacity sharing in hybrid networks. The 21st IEEE International Conference on Network Protocols (ICNP), 2013. 19. Yu D, Moore AW, Hall C, Anderson R. Authentication for resilience: the case of SDN. Security Protocols
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
XXI Lecture Notes in Computer Science 2013; 8263:39–44. Dotcenko S, Vladyko A, Letenko I. A fuzzy logicbased information security management for softwaredefined networks. 2014 16th International Conference on Advanced Communication Technology (ICACT), 2014; 167–171. NFV ETSI white paper. Retrieved from http://portal. etsi.org/NFV/NFV_White_Paper.pdf [Accessed on 22 April 2014]. ETSI GS NFV 001 V1.1.1 (2013-10). Network Functions Virtualization (NFV): Use Cases. Retrieved from http://www.etsi.org [Accessed on 22 April 2014]. ETSI GS NFV 002 V1.1.1 (2013-10). Network Functions Virtualization (NFV): Architectural Framework. Retrieved from http://www.etsi.org [Accessed on 22 April 2014]. Cheung S-CS, Sun Y, Aberer K, Haritsa J, Horne B, Hwang K. Special issue on privacy and trust management in cloud and distributed systems. IEEE Transactions on Information Forensics and Security 2013; 8(6):835–837. Wan Z, Liu J, Deng RH. HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Transactions on Information Forensics and Security 2012; 7(2):743–754. Yu S, Wang C, Ren K, Lou W. Achieving secure, scalable, and fine-grained data access control in cloud computing. Proceedings of IEEE INFOCOM, 2010; 534–542. Yan Z, Li X, Kantola R. Personal data access based on trust assessment in mobile social networking. IEEE UbiSafe, 2014. Sanchez R, Almenares F, Arias P, Diaz-Sanchez D, Marin A. Enhancing privacy and dynamic federation in IdM for consumer cloud computing. IEEE Transactions on Consumer Electronics 2012; 58(1):95–103. Zhang P, Sun H, Yan Z. Building up trusted identity management in mobile heterogeneous environment. Proceedings of IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2011; 873–877. Wang C, Cao N, Ren K, Lou W. Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE Transactions on Parallel and Distributed Systems 2012; 23(8):1467–1479. Wang C, Wang Q, Ren K, Lou W. Privacy-preserving public auditing for data storage security in cloud computing. Proceedings of IEEE INFOCOM, 2010; 1–9. Zhou Y, Zhang Y, Liu H, Xiong N, Vasilakos AV. A bare-metal and asymmetric partitioning approach to client virtualization. IEEE Transactions on Services Computing 2014; 7(1):40–53.
Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Z. Yan, P. Zhang and A. V. Vasilakos
33. Zhang P, Yan Z. Adaptive QoS management for mobile cloud services. China Communications 2011; 8(6):36–43. 34. Zhang P, Yan Z. A QoS-aware system for mobile cloud computing. Proceedings of IEEE CCIS, Beijing, China, September 2011; 518–522. 35. Khan KM, Malluhi Q. Establishing trust in cloud computing. IT Professional 2010; 12(5):20–27. 36. Lynch L. Inside the identity management game. IEEE Internet Computing 2011; 15(5):78–82. 37. Hwang K, Li D. Trusted cloud computing with secure resources and data coloring. IEEE Internet Computing 2010; 14(5):14–22. 38. Yan Z, Cofta P. A mechanism for trust sustainability among trusted computing platforms. The First International Conference on Trust and Privacy in Digital Business (TrustBus’04), Spain, LNCS 3184, September 2004; 11–19. 39. Xiong N, Vasilakos AV, Yang LT, et al. Comparative analysis of quality of service and memory usage for adaptive failure detectors in healthcare systems. IEEE Journal on Selected Areas in Communications 2009; 27(4):495–509. 40. Yan Z, Prehofer C. Autonomic trust management for a component based software system. IEEE Transactions on Dependable and Secure Computing 2011; 8(6): 810–823.
APPENDIX A Figure 1 illustrates an NFV reference architectural framework in which an exemplary framework of security and trust for virtualized networks and SDN may be embedded. As shown in Figure 1, the architectural framework comprises three main working domains, namely VNF domain, NFVI domain, and NFV management and orchestration. The architectural framework may further comprise an operation support system/business support system of an operator of virtualized networks. The VNF domain comprises one or more VNFs, each of which is a virtualization of a network function in a legacy non-virtualized network. A VNF can be composed of multiple internal components. For example, one VNF can be deployed over multiple virtual machines (VMs), where each VM hosts a single component of the VNF. However, in other cases, the whole VNF can be deployed in a single VM as well. A VNF may be implemented as a software implementation (such as a software-only entity) of a network function, which is capable of running over the NFVI. In the VNF domain, the element management system may be deployed to perform typical management functionalities for one or several VNFs. The NFVI is the totality of all hardware and software components that build up the environment in which VNFs are deployed, managed and executed. The NFVI can span Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd. DOI: 10.1002/sec
Security and trust framework for virtualized networks and SDN
across several locations, that is, places where NFV infrastructure–point of presence are operated. The network providing connectivity between these locations is regarded to be part of the NFVI. From the perspective of VNFs, the virtualization layer and the hardware resources look like a single entity providing them with desired virtualized resources. NFVI supports the execution of the VNFs with the diversity of physical resources that are virtualized. In the NFVI domain, the physical hardware resources include computing, storage, and networking that provide processing, storage, and connectivity to VNFs through the virtualization layer (e.g., hypervisor). Computing hardware is assumed to be commercial-off-the-shelf as opposed to purpose-built hardware. Storage resources can be differentiated between shared network-attached storage and storage that resides on the server itself. Computing and storage resources are commonly pooled. Network resources are comprised of switching functions, for example, routers, and wired or wireless links. Also, network resources can span different domains. The virtualization layer abstracts the hardware resources and decouples the VNF software from the underlying hardware, thus ensuring a hardware independent lifecycle for the VNFs. In short, the virtualization layer is responsible for the following: abstracting and logically partitioning physical resources, commonly as a hardware abstraction layer; enabling the software that implements the VNF to use the underlying virtualized infrastructure; and providing virtualized resources to the VNF so that the latter can be executed. The virtualization layer in the middle ensures VNFs are decoupled from hardware resources, and therefore, the software can be deployed on different physical hardware resources. Typically, this type of functionality is provided for computing and storage resources in the form of hypervisors and VMs. A VNF may be deployed in one or several VMs. The NFV management and orchestration covers the orchestration and lifecycle management of physical and/or software resources that support the infrastructure virtualization and lifecycle management of VNFs. It may focus on all virtualization specific management tasks necessary in virtualized networks. From NFV’s point of view, virtualized infrastructure management comprises the functionalities that are used to control and manage the interaction of a VNF with computing, storage, and network resources under its authority, as well as their virtualization. The virtualized infrastructure orchestration comprises the orchestration and management of NFV infrastructure and software resources, and realizing network services on NFVI. The NFV reference architectural framework is further described in detail in ETSI GS NFV 002V1.1.1, entitled “Network Functions Virtualization (NFV); Architectural Framework”, October 2003, which is incorporated herein by reference in its entirety [23]. It is to be noted that the proposed framework is not restricted to the aforementioned NFV reference architectural framework and can be implemented in any NFV architectural framework.
