Advertisement

A Testbed for Trusted Telecommunications Systems in a Safety Critical Environment

  • Ian OliverEmail author
  • Aapo Kalliola
  • Silke Holtmanns
  • Yoan Miche
  • Gabriela Limonta
  • Borger Vigmostad
  • Kiti Muller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)

Abstract

Telecommunications systems are critical aspects of infrastructure with more safety-critical systems utilising their capabilities. Domains such as medicine and automotive applications are required to be resilient and failure tolerant. We have constructed a testbed environment that can be configured into various telecommunication operator configurations based around Network Function Virtualisation, Edge Cloud and Internet-of-Things along with trusted computing. Utilising a medical application as the motivating case to demonstrate reliability, resiliency and as a compelling demonstration we can investigate the interaction of these security technologies in telecommunications environment while providing a safety-critical use case.

Notes

Acknowledgement

This work has been partially funded by EU ECSEL Project SECREDAS (Grant Number: 783119) and EU Horizon 2020 Project SCOTT (Grant Number: 737422).

References

  1. 1.
    Ahmad, I., Kumar, T., Liyanage, M., Okwuibe, J., Ylianttila, M., Gurtov, A.V.: 5G security: analysis of threats and solutions. In: IEEE Conference on Standards for Communications and Networking, CSCN 2017, Helsinki, Finland, 18–20 September 2017, pp. 193–199. IEEE (2017).  https://doi.org/10.1109/CSCN.2017.8088621
  2. 2.
    Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A.R., Schunter, M.: SANA. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS 2016, pp. 731–742. ACM Press, New York (2016). http://dl.acm.org/citation.cfm?doid=2976749.2978335
  3. 3.
    Asokan, N., et al.: SEDA: Scalable Embedded Device Attestation. http://www.ics.uci.edu/~gts/paps/seda-CCS15.pdf
  4. 4.
    Augot, D., Chabanne, H., Chenevier, T., George, W., Lambert, L.: A user-centric system for verified identities on the bitcoin blockchain. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds.) ESORICS/DPM/CBT -2017. LNCS, vol. 10436, pp. 390–407. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-67816-0_22CrossRefGoogle Scholar
  5. 5.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., Doorn, L.: vTPM: Virtualizing the trusted platform module. In: USENIX Security, pp. 305–320 (2006)Google Scholar
  6. 6.
    Berger, S., Goldman, K., Pendarakis, D., Safford, D., Valdez, E., Zohar, M.: Scalable attestation: a step toward secure and trusted clouds. In: 2015 IEEE International Conference on Cloud Engineering, pp. 185–194. IEEE (2015). http://ieeexplore.ieee.org/document/7092916/
  7. 7.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A protocol for property-based attestation. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing - STC 2006, p. 7. ACM Press, New York (2006). http://portal.acm.org/citation.cfm?doid=1179474.1179479
  8. 8.
    Danev, B., Masti, R.J., Karame, G.O., Capkun, S.: Enabling secure VM-vTPM migration in private clouds. In: ACSAC 2011, pp. 187–196 (2011)Google Scholar
  9. 9.
    Dewan, P., Durham, D., Khosravi, H., Long, M., Nagabhushan, G.: A hypervisor-based system for protecting software runtime memory and persistent storage. In: Proceedings of the 2008 Spring Simulation Multiconference, SpringSim 2008, pp. 828–835. Society for Computer Simulation International, San Diego, CA, USA (2008). http://dl.acm.org/citation.cfm?id=1400549.1400685
  10. 10.
    Dryburgh, L., Hewett, J.: Signaling System No. 7 (SS7/C7): Protocol, Architecture, and Applications. Cisco Press (2003)Google Scholar
  11. 11.
    Fajardo, V., Arkko, J., Loughney, J., Zorn, G.: Diameter Base Protocol. RFC 6733 (2012). https://rfc-editor.org/rfc/rfc6733.txt
  12. 12.
    Ghosh, A., Sapello, A., Poylisher, A., Chiang, C.J., Kubota, A., Matsunaka, T.: On the feasibility of deploying software attestation in cloud environments. In: 2014 IEEE 7th International Conference on Cloud Computing, pp. 128–135. IEEE (2014). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6973733
  13. 13.
    Ghosh, M., Varghese, A., Gupta, A., Kherani, A.A., Muthaiah, S.N.: Detecting misbehaviors in VANET with integrated root-cause analysis. Ad Hoc Netw. 8(7), 778–790 (2010). http://www.sciencedirect.com/science/article/pii/S157087051000034XCrossRefGoogle Scholar
  14. 14.
    Holtmanns, S., Miche, Y., Oliver, I.: Subscriber profile extraction and modification via diameter interconnection. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) NSS 2017. LNCS, vol. 10394, pp. 585–594. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-64701-2_45CrossRefGoogle Scholar
  15. 15.
    Holtmanns, S., Oliver, I.: SMS and one-time-password interception in LTE networks. In: IEEE International Conference on Communications, ICC 2017, Paris, France, 21–25 May 2017, pp. 1–6. IEEE (2017).  https://doi.org/10.1109/ICC.2017.7997246
  16. 16.
    Holtmanns, S., Rao, S.P., Oliver, I.: User location tracking attacks for LTE networks using the interworking functionality. In: 2016 IFIP Networking Conference, Networking 2016 and Workshops, Vienna, Austria, 17–19 May 2016, pp. 315–322. IEEE (2016).  https://doi.org/10.1109/IFIPNetworking.2016.7497239
  17. 17.
    Jäger, B.: Security orchestrator: introducing a security orchestrator in the context of the ETSI NFV reference architecture. In: 2015 IEEE TrustCom/BigDataSE/ISPA, Helsinki, Finland, 20–22 August 2015, vol. 1, pp. 1255–1260. IEEE (2015).  https://doi.org/10.1109/Trustcom.2015.514
  18. 18.
    Jøsang, A., Pope, S.: Semantic constraints for trust transitivity. In: Proceedings of the 2nd Asia-Pacific Conference on Conceptual Modelling, APCCM 2005, vol. 43, pp. 59–68. Australian Computer Society Inc., Darlinghurst, Australia, Australia (2005). http://dl.acm.org/citation.cfm?id=1082276.1082284
  19. 19.
    Kalliola, A., Lal, S., Ahola, K., Oliver, I., Miche, Y., Holtmanns, S.: Testbed for security orchestration in a network function virtualization environment. In: 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2017, Berlin, Germany, 6–8 November 2017, pp. 1–4. IEEE (2017).  https://doi.org/10.1109/NFV-SDN.2017.8169857
  20. 20.
    Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: 4th IEEE International Conference on Cloud Networking, CloudNet 2015, Niagara Falls, ON, Canada, 5–7 October 2015, pp. 248–254. IEEE (2015).  https://doi.org/10.1109/CloudNet.2015.7335317
  21. 21.
    Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems (2003). https://dl.acm.org/citation.cfm?id=1251374
  22. 22.
    Liu, Q., Weng, C., Li, M., Luo, Y.: An In-VM measuring framework for increasing virtual machine security in clouds. IEEE Secur. Priv. 8(6), 56–62 (2010). https://doi.org/10.1109/MSP.2010.143CrossRefGoogle Scholar
  23. 23.
    Lukander, K., Jagadeesan, S., Chi, H., Müller, K.: OMG!: a new robust, wearable and affordable open source mobile gaze tracker. In: Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services, MobileHCI 2013, pp. 408–411. ACM, New York (2013).  https://doi.org/10.1145/2493190.2493214
  24. 24.
    Marja, S., et al.: Live delivery of neurosurgical operating theater experience in virtual reality. J. Soc. Inf. Disp. 26(2), 98–104 (2018)CrossRefGoogle Scholar
  25. 25.
    Miche, Y., et al.: Data anonymization as a vector quantization problem: control over privacy for health data. In: Buccafurri, F., Holzinger, A., Kieseberg, P., Tjoa, A.M., Weippl, E. (eds.) CD-ARES 2016. LNCS, vol. 9817, pp. 193–203. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45507-5_13CrossRefGoogle Scholar
  26. 26.
    Oliver, I., Holtmanns, S., Miche, Y., Lal, S., Hippeläinen, L., Kalliola, A., Ravidas, S.: Experiences in trusted cloud computing. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) NSS 2017. LNCS, vol. 10394, pp. 19–30. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-64701-2_2CrossRefGoogle Scholar
  27. 27.
    Oliver, I., Lal, S., Ravidas, S., Taleb, T.: Assuring virtual network function image integrity and host sealing in Telco cloud. In: IEEE ICC 2017, Paris, France (2017)Google Scholar
  28. 28.
    Osborn, J.D., Challener, D.C.: Trusted Platform Module Evolution. Johns Hopkins APL Tech. Dig. 32(2), 536–543 (2013)Google Scholar
  29. 29.
    Seshadri, A., Luk, M., Perrig, A.: SAKE: software attestation for key establishment in sensor networks. In: Nikoletseas, S.E., Chlebus, B.S., Johnson, D.B., Krishnamachari, B. (eds.) DCOSS 2008. LNCS, vol. 5067, pp. 372–385. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-69170-9_25CrossRefGoogle Scholar
  30. 30.
    TCG: Trusted Platform Module Library, Part 1: Architecture. Trusted Platform Module Library Specification, Family 2.0 Level 00, Revision 01.38, The Trusted Computing Group, September 2016Google Scholar
  31. 31.
    Thottan, M., et al.: The network OS: carrier-grade SDN control of multi-domain, multi-layer networks. Bell Labs Tech. J. 21, 1–29 (2017)Google Scholar
  32. 32.
    Yeluri, R., Castro-Leon, E.: Trusted virtual machines: ensuring the integrity of virtual machines in the cloud, pp. 161–178. Apress, Berkeley, CA (2014)Google Scholar
  33. 33.
    Yu, A., Qin, Y., Wang, D.: Obtaining the integrity of your virtual machine in the cloud. In: Lambrinoudakis, C., Rizomiliotis, P., Wlodarczyk, T.W. (eds.) IEEE 3rd International Conference on Cloud Computing Technology and Science, CloudCom 2011, Athens, Greece, November 29–December 1 2011, pp. 213–222. IEEE Computer Society (2011).  https://doi.org/10.1109/CloudCom.2011.37

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Ian Oliver
    • 1
    Email author
  • Aapo Kalliola
    • 1
  • Silke Holtmanns
    • 1
  • Yoan Miche
    • 1
  • Gabriela Limonta
    • 2
  • Borger Vigmostad
    • 2
  • Kiti Muller
    • 3
  1. 1.Cybersecurity Research GroupNokia Bell-LabsEspooFinland
  2. 2.Mobile Networks: Radio CloudNokia NetworksEspooFinland
  3. 3.Medical and Neuroscience GroupNokia Bell-LabsEspooFinland

Personalised recommendations