Dr Kallol Krishna Karmakar

The evolution of integrated clinical environments (ICE) and the future generations of mobile networks brings to reality the hospitals of the future and their innovative clinical scenarios. The mobile edge computing paradigm together with network function virtualization techniques and the software-defined networking paradigm enable self-management, adaptability, and security of medical devices and data management processes making up clinical environments. However, the logical centralized approach of the SDN control plane and its protocols introduce new vulnerabilities which affect the security of the network infrastructure and the patients¿ safety. The paper at hand proposes an SDN/NFV-based architecture for the mobile edge computing infrastructure to detect and mitigate cybersecurity attacks exploiting SDN vulnerabilities of ICE in real time and on-demand. A motivating example and experiments presented in this paper demonstrate the feasibility of of the proposed architecture in a realistic clinical scenario.

With the cool upcoming wave of 5G, currently, the networking and telecommunication industries are facing various digital transformations, which are changing the very fundamental nature of the existing network management infrastructure. Besides the Internet of Things (IoT) domain, we also notice that the 5G network in itself is composed of millions of heterogeneous physical entities and nodes, multiple domains, complex protocols and technologies, different gateways, and so on. This heterogeneity imposes critical impacts on the application specific quality of service (QoS) requirements, performance and utilization of network resources, and data and user security. In order to alleviate the above impacts, researchers propose to use different technologies such as software-defined networking, network function virtualization, blockchain, and artificial intelligence in 5G-enabled IoT networking. We notice that the layers over layers (of protocols and technologies) act like a plug-in over plug-in (PoP) in the network in order to accomplish various aims, including meeting QoS demands, enhancing security, load balancing, and so on. On one hand, we agree that this integration of different technologies in 5G networks bring numerous advantages, but on the other hand, we realize that this has posed a lot of unique critical issues in modern 5G network management. In this article, we point out that this straightforward approach of PoP is eventually not a healthy approach for network transformation. In this regard, using open source MANO (OSM), we provide a proof of concept (PoC) to show that at varying degrees of heterogeneity, PoP adds the delay in the VNF deployment process and further impacts the VIM CPU performance. This eventually affects the QoS requirements of IoT nodes or applications. Following this, we propose a high-level holistic approach that helps to alleviate the PoP issue. Finally, in this context, we also discuss the associated challenges and research opportunities.

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT-based applications. In this article, we present a security architecture for IoT networks by leveraging the underlying features supported by software-defined networks (SDNs). Our security architecture not only restricts network access to authenticated IoT devices but also enforces fine granular policies to secure the flows in the IoT network infrastructure. The authentication is achieved using a lightweight protocol to authenticate IoT devices. Authorization is achieved using a dynamic policy driven approach. Such an integrated security approach involving authentication of IoT devices and enables authorized flows to protect IoT networks from malicious IoT devices and attacks. We have implemented and validated our architecture using ONOS SDN Controller and Raspbian Virtual Machines, and demonstrated how the proposed security mechanisms can counteract malware packet injection, DDoS attacks using Mirai, spoofing/masquerading, and man-in-the-middle attacks. An analysis of the security and performance of the proposed security mechanisms and their applications is presented in this article.