NET1 – 6G Native Trustworthiness
Tuesday, 4 June 2024, 11:00-13:00, room Gorilla Room 4
Session Chair: Nina Slamnik – Kriještorac (University of Antwerp-IMEC, BE)
Towards Trustworthy Reinforcement Learning-Based Resource Management in Beyond 5G
Jordi Pérez-Romero (Universitat Politècnica de Catalunya (UPC), Spain); Oriol Sallent (Universitat Politècnica de Catalunya, Spain); Irene Vilà (Universitat Politècnica de Catalunya (UPC), Spain); Elli Kartsakli (Barcelona Supercomputing Center, Spain); Ömer Faruk Tuna (Ericsson Research, Turkey); Swarup Kumar Mohalik (Ericsson Research, India); Xin Tao (Ericsson Research, Sweden)
It is envisaged that future Beyond 5G (B5G) systems will make extensive use of Artificial Intelligence (AI) capabilities to achieve an efficient automated management and optimization of communication and computing resources and to support advanced data-driven applications that provide the users with highly immersive services. Ensuring the trustworthiness of the AI solutions is key for their successful introduction in B5G, as this will guarantee their robustness towards errors and potential attack threats, the privacy of the used data and trained models and the explainability of AI-based decisions, ensuring that they do not have unsafe consequences. In this context, this paper focuses on the trustworthiness of Reinforcement Learning (RL) solutions, as their inherent trial-and-error behavior during training makes them particularly challenging from the robustness perspective. Then, the paper proposes a framework for managing the lifecycle of an RL-based resource management solution for both training and inference stages to ensure its trustworthy operation. The framework relies on an RL training configuration function to specify the training conditions, a Network Digital Twin (NDT) to perform the training on a safe environment and a continuous operation function to monitor the behaviour of the trained policy during inference. The framework is illustrated with an applicability use case of capacity sharing for network slicing.
Building Trust in the Era of 6G: A Level of Trust Assessment Function for Cloud Continuum
José M. Jorquera Valero (University of Murcia, Spain); Jose Ordonez-Lucena (Telefonica I+D, Spain); Antonio Pastor (Telefonica I+D & Universidad Politécnica de Madrid, Spain); Diego Lopez (Telefonica I+D, Spain); Manuel Gil Pérez and Gregorio Martinez Perez (University of Murcia, Spain)
Sixth-Generation Wireless Networks are conceived as dynamic and self-management scenarios that support end-users to cover their business and network requirements. Endless resource pools aim at supporting end-users by exposing them to a range of services and infrastructures available to meet their real-time requirements. Yet, the number of feasible options and combinations that resource pools can offer end-users makes it difficult for them to allocate and manage such a large amount of resources. This challenge has been emphasized through the novel paradigm boosted by 6G networks, Cloud Continuum, that integrates resources across various network domains (Extreme Edge, Edge, and Cloud) and faces pending challenges in managing distributed infrastructure resources. Nonetheless, the lack of trust and uncertainty, especially when using services from unfamiliar stakeholders, is still present, affecting end-users’ decision-making. Thus, this article introduces a Level of Trust Assessment Function (LoTAF) for efficient resource and infrastructure management within the Cloud Continuum in 6G networks. LoTAF serves as a neutral and intelligent service to assess trust levels in network services, ensuring trustworthy end-to-end (E2E) connections across multiple domains and providers. By incorporating trust as a novel intent, LoTAF allows stakeholders to manifest needs and manage resources using insights from historical data and ongoing exploration, expressed in semi-natural language. Additionally, we also introduce the Trust Level Agreement (TLA) concept, evolving from traditional Service Level Agreements (SLAs), to incorporate stakeholder trust levels and display both LoTAF and TLA in a 6G-oriented scenario.
Towards Accountable and Resilient AI-Assisted Networks: Case Studies and Future Challenges
Shen Wang, Chamara Sandeepa, Thulitha Senevirathna and Bartlomiej Siniarski (University College Dublin, Ireland); Manh-Dung Nguyen (Montimage EURL, France); Samuel Marchal (VTT Technical Research Center of Finland, Finland); Madhusanka Liyanage (University College Dublin, Ireland)
Artificial Intelligence (AI) will play a critical role in future networks, exploiting real-time data collection for optimized utilization of network resources. However, current AI solutions predominantly emphasize model performance enhancement, engendering substantial risk when AI encounters irregularities such as adversarial attacks or unknown misbehaves due to its “black-box” decision process. Consequently, AI-driven network solutions necessitate enhanced accountability to stakeholders and robust resilience against known AI threats. This paper introduces a high-level process, integrating Explainable AI (XAI) techniques and illustrating their application across three typical use cases: encrypted network traffic classification, malware detection, and federated learning. Unlike existing task-specific qualitative approaches, the proposed process incorporates a new set of metrics, measuring model performance, explainability, security, and privacy, thus enabling users to iteratively refine their AI network solutions. The paper also elucidates future research challenges we deem critical to the actualization of trustworthy, AI-empowered networks.
A Protocol Agnostic Polymorphic Network Packet Transformer for 5G Malware Traffic Classification Using Deep Learning Models
Eftychia Makri (Yale University, USA); Georgios Agrafiotis (Centre for Research and Technology Hellas – CERTH, Greece); Antonios Lalas (Centre for Research and Technology – Hellas (CERTH), Greece); Konstantinos Votis (Information Technologies Institute, Centre For Research and Technology Hellas, Greece); Dimitrios Tzovaras (Centre for Research and Technology Hellas, Greece)
The increasing complexity of 5G networks has created new challenges for cybersecurity, especially with the rise of IoT devices that can be targeted by attackers to spread malware. This work proposes a novel approach to detecting 5G malware traffic using a polymorphic network packet transformer and neural network models. The system is able to transform network packets into various polymorphic forms, making it difficult for malware to evade detection. The paper presents three machine learning models, a typical 1D-CNN network, a LeNet-5 and a Vision Transformer, for detecting malware traffic, along with a preprocessing method that automatically learns features without prior knowledge of malware activity or feature extraction from network data. The proposed approach is more efficient, resilient, and adaptable to evolving threats and protocols. The enhanced toolkit, called Polymorphic Network Packet Transformer, can extract embeddings from raw traffic load using an autoencoder network, enabling more accurate representations that may be applied in a commercial Intrusion Detection System (IDS) application, in a protocol agnostic manner. The results show that the proposed system achieves higher accuracy rates in detecting 5G malware traffic and provides a new approach of defending against 5G malware attacks, paving the way for elaboration in the upcoming 6G networks.
Beyond Certificates: 6G-Ready Access Control for the Service-Based Architecture with Decentralized Identifiers and Verifiable Credentials
Sandro Rodriguez Garzon (Technische Universität Berlin & Telekom Innovation Laboratories, Germany); Hai Dinh-Tuan and Maria Mora Martinez (Technische Universität Berlin, Germany); Axel Küpper (TU Berlin, Germany); Hans Joachim Einsiedler (Deutsche Telekom, Berlin, Germany); Daniela Schneider (Deutsche Telekom AG, Austria)
Next generation mobile networks are poised to transition from monolithic structures owned and operated by single mobile network operators into multi-stakeholder networks where various parties contribute with infrastructure, resources, and services. However, a federation of networks and services brings along a crucial challenge: Guaranteeing secure and trustworthy access control among network entities of different administrative domains. This paper introduces a novel technical concept and a prototype, outlining and implementing a 5G Service-Based Architecture that utilizes Decentralized Identifiers and Verifiable Credentials instead of traditional X.509 certificates and OAuth2.0 access tokens to authenticate and authorize network functions among each other across administrative domains. This decentralized approach to identity and permission management for network functions reduces the risk of single points of failure associated with centralized public key infrastructures. It unifies access control mechanisms and lays the groundwork for lesser complex and more trustful cross-domain key management for highly collaborative network functions in a multi-party Service-Based Architecture of 6G.
Dynamic Deployment and Security Assessment of Resilient Services over Digital Twins
Juan Tamboleo, Alejandro Molina Zarca and Antonio Fernando Skarmeta Gomez (University of Murcia, Spain); Jose Manuel Manjón (Telefonica, Spain); Antonio Pastor (Telefonica I+D & Universidad Politécnica de Madrid, Spain); Diego Lopez (Telefonica I+D, Spain); Fabrizio Granelli (University of Trento, Italy)
Today’s world is immersed in unprecedented complexity, the deployment of convoluted networking infrastructures generates a lot of problems and challenges due to the variety of technologies used in the architectures. One of the most pressing problems lies in the inability to analyse and verify the impact of the attacks, updates and security measures in production environments. A possible solution to these situations, is the use of replicas, but the reality is that they are often not continuously updated. To address this issue, this paper presents a comprehensive framework design for securing networks by providing threat detection and security assessments of resilient services, both over Digital Twins (DTs). The solution will be able to constantly look for threats using AI-based algorithms and orchestrate the deployments of DTs in order to evaluate the possible impact of different mitigations on the network. To do so, in one of the DTs, attacks and countermeasures will be applied in different areas of the network architecture and with different time ranges. The threat impact and mitigation results will be automatically measured and analysed. With this information, new configurations will be automatically applied to the real network in order to improve network security, following an automated reactive approach.
Enhancing NFC/RFID System Security Through Accelerometer-Generated Dynamic Keys
Jaya Dofe and Mariam Mousa (California State University Fullerton, USA)
The integration of Near Field Communication (NFC) and Radio Frequency Identification (RFID) systems on the Internet of Things (IoT) has become increasingly prevalent in various sectors, from residential automation to government institutions and healthcare facilities. However, this proliferation has raised concerns about individual security and privacy. This thesis focuses on identifying and addressing vulnerabilities in NFC and RFID systems, specifically mitigating eavesdropping and replay attacks. Our proposed solution centers on developing a hardware-encrypted Printed Circuit Board (PCB) to prevent these attacks at their source. The PCB integrates several components, including AES-128 encryption, a secure element chip, and the dynamic power of accelerometers. Our proposed approach harnesses the potential of accelerometers for generating dynamic cryptographic keys, which, when combined with secure elements for key storage, represent a formidable defense against attack vectors such as eavesdropping and replay attacks. Our method has a 17.8 \micro\s average encryption time and 9.3 \micro\s average key generation time. It successfully mitigated 35 out of 37 real-world scenario relay attacks. The proposed solution is indispensable in elevating the security framework of NFC/RFID systems. It mitigates vulnerabilities and champions the cause of security, integrity, and privacy, enhancing the trustworthiness of our everyday technological interactions and fortifying our digital lives.