Dirk Kutscher, profile picture
Uploaded byDirk Kutscher
PPTX, PDF1,675 views

Security and Transport Performance in 5G

The document discusses performance and security challenges in 5G networks. It describes current approaches like TCP proxies, traffic management systems, and application optimizers that are used but have limitations. It proposes that information-centric networking (ICN) could help address issues with heterogeneous access networks, ubiquitous caching, mobility, and security in 5G. The document summarizes results from ICN testbeds and provides an example of how ICN could be deployed in a 5G network to improve performance for various use cases while allowing for multitenancy. Key challenges for 5G include user privacy with encrypted traffic and supporting diverse performance needs across heterogeneous networks.

Embed presentation

Downloaded 74 times
Security & Transport Performance in 5G Dr.-Ing. Dirk Kutscher Chief Researcher Networking NEC Laboratories Europe
2 © NEC Corporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers
3 © NEC Corporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies
4 © NEC Corporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies Traffic Management Systems
5 © NEC Corporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies Traffic Management Systems Application (Video) Optimizers
6 © NEC Corporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies Traffic Management Systems Application (Video) Optimizers Mobile Throughput Guidance
7 © NEC Corporation 2015 Motivation ▌TCP proxies Lack of AQM and ECN deployment Sub-optimal performance: e2e control loop over heterogenous networks ▌Traffic management systems Lack of AQM and ECN deployment Lack of incentives for adaptive applications Perceived need for policing applications depending on access network conditions ▌Application optimizers Operator resource conservation and performance concerns Access to user data for analytics ▌Mobile Throughput Guidance All of the above
8 © NEC Corporation 2015 CDN Today Mainstream CDN
9 © NEC Corporation 2015 CDN Tomorrow Mainstream CDN
10 © NEC Corporation 2015 CDN Tomorrow: Silo Danger Mainstream CDN VOD CDN Social Network CDN
11 © NEC Corporation 2015 Motivation ▌TCP proxies  Lack of AQM and ECN deployment  Sub-optimal performance: e2e control loop over heterogenous networks ▌Traffic management systems  Lack of AQM and ECN deployment  Lack of incentives for adaptive applications  Perceived need for policing applications depending on access network conditions ▌Application optimizers  Operator resource conservation and performance concerns  Access to user data for analytics ▌Mobile Throughput Guidance  All of the above ▌CDN  Network offloading  QoE improvement through latency reduction  Moving data and computation closer to the edge  Application-layer request/content routing policies
12 © NEC Corporation 2015 Observations ▌Significant infrastructure required to make things „only work“ today Overcoming TCP e2e performance issues in heterogenous networks ▌Caching deemed important for scalable, low-latency data access Deployment likely going to increase in next generation networks (edge caching) General CDN and application-specific CDN deployments (new OTT services) How many different CDN-like overlays will you have to run as an ISP? ▌What does that mean for 5G networks?
13 © NEC Corporation 2015 NGMN 5G Use Cases Low latency, local loop communication Optimized Forwarding for Heterogenous Access Decentralized Communication Security, User Privacy
14 © NEC Corporation 2015 NGMN 5G Use Cases Security, User Privacy
15 © NEC Corporation 2015 Security & User Privacy ▌HTTP/2 is here to stay ▌Connection-based encryption on transport layer (TLS) Encrypt connection (and authenticate endpoints) Encrypted channel for all communication ▌De-facto ubiquitous (client implementations...) ▌No (easy) way for traffic management (based on flow/application information) ▌Major concerns with network operators See recent GSMA/IAB workshop on Managing Radio Networks in an Encrypted World (MaRNEW) Many of the previously mentioned optimization become difficult/expensive/impossible
16 © NEC Corporation 2015 TLS and Future Deep CDN ▌CDN and TLS CDN nodes maintain certificates on keying material on behalf of publishers Managing those certificates/keys is an important function of any CDN Protecting those certificates/keys is an important security requirement ▌Scaling CDNs More attack surfaces More challenges to certificate/key management User-privacy only guaranteed for connection to CDN proxy ▌Are there better ways? Object-based security Generic object caching & forwarding infrastructure Mainstream CDN
17 © NEC Corporation 2015 Optimized Forwarding for Heterogenous Access ▌Low latency, high-bandwidth Fiber, new radios ▌Slow, ad-hoc, unpredictable Low-power radios, sleep/duty cycles Constrained devices ▌Massively scalable distribution Server-push or pub/sub style Possibly in-network adaptation ▌Variable performance Dynamically changing network conditions Disruptions and delays On-board caching for all applications & protocols
18 © NEC Corporation 2015 Optimized Forwarding for Heterogenous Access ▌Will be difficult to implement with TCP as is ▌Remember: reduced deployment options for application-layer gateways ▌Network of TCP proxies does not sound convincing ▌Need more powerful forwarding layer and transport services Potential for hop-by-hop forwarding strategies Caching for local retransmissions User Equipment Access Network Core/Service Network Application Servers
19 © NEC Corporation 2015 Information-Centric Networking ▌Accessing Named Data Objects (NDOs) in the network ADUs, chunks, fragments ▌Data-centric security approach Disentangled means for name-content binding validation, publisher authentication, confidentiality ▌Name-Content binding validation: Public-Key and hash-based schemes ▌Publisher authentication One approach: publishers to sign NDOs, signature part of NDO meta data; trust model a la PKI ▌Confidentiality and access control Payload encryption
20 © NEC Corporation 2015 ICN Overview Requestor 1 Original Content “XY1” Owner “Joe” Content Repository Requestor 2 • Request Response, Receiver-driven • Pending Interesting Tables • Forward-by-name (prefix) • Per-node forwarding strategies • Object-based security • Ubiquitous caching /com/netflix/video/starwars
21 © NEC Corporation 2015 ICN Performance and Resource Management ▌Key ICN properties Requesting individual Named Data Objects Ubiquituous Caching ▌Implicit caching Every router can store NDO – depending on configuration, policy etc. Even with encrypted traffic, caching can help with local retransmissions, media re- play etc. ▌Simplified mobility management Request/Response model – eliminates need for tunnels ▌Flexible multipath communication Powerful forwarding layer Every router can make forwarding decisions depending on strategy, network characteristics, name prefix, policy ▌Easy policing and filtering Requestors, publishers and requestors see ICN requests and responses Policing without DPI Enabling other optimizations: in-network pre-fetching etc.
22 © NEC Corporation 2015 Proof-of-Concept ▌ICN for managing multi-path connectivity in Hybrid Access scenarios HGW HAG LTE DSL Core Network Internet Cloud Services ▌State of the art Connection Bundling over IP tunnels (GRE): poor performance with transport protocols MPTCP: better from transport perspective, but problematic interaction with CDN (DNS redirection per interface) and lack of policy control
23 © NEC Corporation 2015 Proof-of-Concept ▌ICN for managing multi-path connectivity in Hybrid Access scenarios HGW HAG LTE DSL Core Network Internet Cloud Services ▌ICN approach  Routers have better visibility of interface performance (can continously measure latency between requests and responses on a name-prefix basis)  Easy to implement policy based on request prefixes  Our implementation: prioritizing critical applications by constantly assessing interface performance and by assigning best interfaces to prioritized applications  Works with high degree of dynamicity (mobile networks) ▌First results  Extremely fast response to congestion – on all nodes of a heterogenous path  Constantly high capacity utilization  Effective prioritization /com/netflix/video/starwars /com/os/updates
24 © NEC Corporation 2015 Other Recent Results http://www.ietf.org/proceedings/interim/2014/09/27/icnrg/proceedings.html
25 © NEC Corporation 2015 Orange/ALU/SystemX Testbed Measurement Results http://www.ietf.org/proceedings/interim/2014/09/27/icnrg/proceedings.html
26 © NEC Corporation 2015 5G Blueprint Ctrl. HA Load Balancer Ctrl. …Internet RNC IW3G WiFi 4G 5G xDSL Cable IW vPoPs Transport Data Center DB auth. services Minimal IPv6 connectivity Baseline IP e2e applications Mobility-managed, seamless IP connectivity IM, server applications M2M applications In-network processing Interactive real-time Low-latency, transport- enhanced service Caching, multicast Video streaming, VOD
27 © NEC Corporation 2015 5G Multitenancy Ctrl. HA Load Balancer Ctrl. … Internet RNC IW3G WiFi 4G 5G xDSL Cable IW vPoPs Transport Data Center DB auth. services Minimal IPv6 connectivity Baseline IP e2e applications Mobility-managed, seamless IP connectivity IM, server applications M2M applications In-network processing Interactive real-time Low-latency, transport- enhanced service Caching, multicast Video streaming, VOD Telco IaaS ISP A Mobile TV service
28 © NEC Corporation 2015 Possible 5G ICN Deployment Option Ctrl. HA Load Balancer Ctrl. … Internet RNC IW3G WiFi 4G 5G xDSL Cable IW vPoPs Transport Data Center DB auth. services Minimal IPv6 connectivity Telco IaaS ISP A Information-Centric Networking Infrastructure Mobility-managed, seamless IP connectivity In-network caching In-network execution Mobile TV service Video streaming, VOD IoT Service In-network IoT platforms Interactive Multi- media service WebRTC Platform
29 © NEC Corporation 2015 Conclusions: 5G has challenges beyond SDN/NFV ▌Security User-privacy concerns one of the drivers for HTTP/2 (TLS) adoption Will reduce leverage for operators for „value-added service“, application-layer optimizations etc. Security challenges for TLS and (Deep) CDN ▌Performance 5G has potential for better performance due to new link layers and backhaul architectures But: heterogenous access and diverse use cases also imply new challenges ▌Information-Centric Networking Data-centric communication approach more suitable for secure and efficient communication Powerful forwarding layer: node-specific forwarding strategies thanks to better visibility of forwarding performance Common infrastructure for different types of applications: enabling efficient multi-tenancy operation without silos
30 © NEC Corporation 2015 IRTF ICNRG ▌Cross-project research community Not limited to a specific funding authority, project, protocol Sharing of research results, new ideas Documenting ICN scenarios, challenges, state-of-the-art solutions, gaps Specifying protocols and semantics for ICN Sharing implementation, experience from experiments ▌ICNRG and standards Not setting standards... But: helping to understand what needs to be standardized And: working on specifications ▌ICNRG Administrivia Web: http://irtf.org/icnrg Chairs • Börje Ohlman (Ericsson Research) • Dave Oran (Cisco Systems) • Dirk Kutscher (NEC Laboratories)
31 © NEC Corporation 2015 ICNRG Work Items ▌Scenarios, use cases  Baseline scenarios (RFC 7476)  Video distribution  IoT  Challenged networks and disaster scenarios ▌Challenges, evaluation  Research challenges  Evaluation Methodology ▌Protocol specifications  CCNx Messages in TLV format  CCNx Semantics ▌Newly proposed topics  Manifests, chunking, fragmentation, versioning  User privacy, access control  Name resolution  Named function networking Documenting use cases & opportunities Evolving research agenda & evaluation approaches Creating interoperable platforms for experimentation Evolving ICN concepts and technologies
32 © NEC Corporation 2015 Running Code ▌CCNx-1.0 (PARC) PARC license Developed by PARC Implements ccnx-messages and ccnx-semantics ▌CCN-lite (University of Basel) Open Source, free to use without restrictions Implements ccnx protocol Used by RIOT project ▌NDN NFD (NDN project) GPL-3.0 Maintained by NDN project Implemented NDN protocol
Security and Transport Performance in 5G
Security and Transport Performance in 5G

More Related Content

PPTX
Take Most Advanced "5G Training" From Tonex Training
byBryan Len
 
PDF
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...
byMavenir
 
PPTX
5G Technology Strategy: Next-Generation Mobile Networking
byvenkada ramanujam
 
PDF
Aviation 5G/5G in Aviation
byAssem mousa
 
PPTX
From broadband to 5G
byDamjan Slapar
 
PDF
5G Technology
byBenu Sagar Dubey
 
PDF
Securing 4G and LTE systems with Deep Learning and Virtualization
byDr. Edwin Hernandez
 
PDF
Alcatel Wimax Whitepaper (quantumwimax.com)
byAri Zoldan
 
Take Most Advanced "5G Training" From Tonex Training
byBryan Len
 
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...
byMavenir
 
5G Technology Strategy: Next-Generation Mobile Networking
byvenkada ramanujam
 
Aviation 5G/5G in Aviation
byAssem mousa
 
From broadband to 5G
byDamjan Slapar
 
5G Technology
byBenu Sagar Dubey
 
Securing 4G and LTE systems with Deep Learning and Virtualization
byDr. Edwin Hernandez
 
Alcatel Wimax Whitepaper (quantumwimax.com)
byAri Zoldan
 

What's hot

PPTX
Fundamentals of 5G Network Slicing
byTonex
 
PDF
Qualcomm 5g-vision-presentation
byYali Wang
 
PPTX
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
byPositiveTechnologies
 
PDF
Etsi wp24 mec_deployment_in_4_g_5g_final
bySaurabh Verma
 
PDF
5G, IoT and AI. Overview strategy for business_Rev20200505
byAgustin Francisco Melian
 
PPTX
How To : 5G Network Slicing, Key Principles, Architecture and Implementation ...
byBryan Len
 
PDF
5g tutorial
bylarbi gacemi
 
PDF
Parallel Wireless Webinar: 5G at #MWC19
byParallel Wireless, Inc.
 
PDF
Private 5G Seminar Brochure
byThe Besen Group, LLC
 
PPTX
Jisc's Vision for 5G - Digital Catapult Future of 5G Summit
byMartin Hamilton
 
PDF
Samsung 5g vision white paper
byTaeho Im
 
PDF
Tcl telecom expertise v 2 00 vs 220812
byTransition Consulting Limited, India
 
PDF
IPLOOK Technologies(E.V)
byIPLOOK Networks
 
PDF
DWSPR19 Sessions plenieres 17042019 - 5G - Thierry BOISNON - Nokia
byIDATE DigiWorld
 
PDF
Driving fixed mobile convergence with 5 g 140617 final with notes
byDr. David Soldani
 
PPTX
Saguna edge computing solution for private enterprise networks
bySaguna
 
PPTX
Mavenir: Evolution of Real-Time Machine Learning (RRML) in Core Network Secur...
byMavenir
 
PDF
5G Spectrum Recommendations White Paper
bySitha Sok
 
PPTX
TADSummit Closing Keynote: BYOSpectrum – Why private cellular is a game-changer
byAlan Quayle
 
PPTX
iotmaship - Webinos iot and m2m - allott
bywebinos project
 
Fundamentals of 5G Network Slicing
byTonex
 
Qualcomm 5g-vision-presentation
byYali Wang
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
byPositiveTechnologies
 
Etsi wp24 mec_deployment_in_4_g_5g_final
bySaurabh Verma
 
5G, IoT and AI. Overview strategy for business_Rev20200505
byAgustin Francisco Melian
 
How To : 5G Network Slicing, Key Principles, Architecture and Implementation ...
byBryan Len
 
5g tutorial
bylarbi gacemi
 
Parallel Wireless Webinar: 5G at #MWC19
byParallel Wireless, Inc.
 
Private 5G Seminar Brochure
byThe Besen Group, LLC
 
Jisc's Vision for 5G - Digital Catapult Future of 5G Summit
byMartin Hamilton
 
Samsung 5g vision white paper
byTaeho Im
 
Tcl telecom expertise v 2 00 vs 220812
byTransition Consulting Limited, India
 
IPLOOK Technologies(E.V)
byIPLOOK Networks
 
DWSPR19 Sessions plenieres 17042019 - 5G - Thierry BOISNON - Nokia
byIDATE DigiWorld
 
Driving fixed mobile convergence with 5 g 140617 final with notes
byDr. David Soldani
 
Saguna edge computing solution for private enterprise networks
bySaguna
 
Mavenir: Evolution of Real-Time Machine Learning (RRML) in Core Network Secur...
byMavenir
 
5G Spectrum Recommendations White Paper
bySitha Sok
 
TADSummit Closing Keynote: BYOSpectrum – Why private cellular is a game-changer
byAlan Quayle
 
iotmaship - Webinos iot and m2m - allott
bywebinos project
 

Viewers also liked

PDF
5G-webinar from 5G-course, Anritsu, adcomm
bySaurabh Verma
 
PPT
4g security presentation
byKyle Ly
 
PDF
LTE :Mobile Network Security
bySatish Chavan
 
PDF
Security Testing 4G (LTE) Networks - 44CON 2012
by44CON
 
PDF
4G LTE Security - What hackers know?
byStephen Kho
 
PPT
5G Presentation
byEricsson
 
PPT
Long Term Evolution (LTE) -
byTinniam V Ganesh (TV)
 
PDF
IoT and 5G: Opportunities and Challenges, SenZations 2015
bySenZations Summer School
 
PDF
Security In LTE Access Network
bySukhvinder Singh Malik
 
DOCX
Lte security solution white paper(20130207)
byMohamed Tharwat Waheed
 
PPTX
Analysis of 1G, 2G, 3G & 4G
byPrateek Aloni
 
PPT
Security in GSM(2G) and UMTS(3G) Networks
byNaveen Kumar
 
PDF
LTE Basics
byPraveen Kumar
 
PPTX
Gsm security and encryption
byRK Nayak
 
DOCX
Gsm security and encryption
byjyothsnapaidi
 
PPTX
4G LTE Presentation Group 9
byeel4514team9
 
PDF
Smart Cities, IoT, SDN, 5G Networks, Cloud Computing… Managing Complexity wit...
byBristol Is Open
 
PPTX
Rethinking the Telcos business models in the age of 5G - Carlos LOPEZ, Telefó...
byIDATE DigiWorld
 
PPT
Internet of Things: The story so far
byPayamBarnaghi
 
PDF
The leadership in the new digital age carved by the fourth industrial revolu...
byOsaka University
 
5G-webinar from 5G-course, Anritsu, adcomm
bySaurabh Verma
 
4g security presentation
byKyle Ly
 
LTE :Mobile Network Security
bySatish Chavan
 
Security Testing 4G (LTE) Networks - 44CON 2012
by44CON
 
4G LTE Security - What hackers know?
byStephen Kho
 
5G Presentation
byEricsson
 
Long Term Evolution (LTE) -
byTinniam V Ganesh (TV)
 
IoT and 5G: Opportunities and Challenges, SenZations 2015
bySenZations Summer School
 
Security In LTE Access Network
bySukhvinder Singh Malik
 
Lte security solution white paper(20130207)
byMohamed Tharwat Waheed
 
Analysis of 1G, 2G, 3G & 4G
byPrateek Aloni
 
Security in GSM(2G) and UMTS(3G) Networks
byNaveen Kumar
 
LTE Basics
byPraveen Kumar
 
Gsm security and encryption
byRK Nayak
 
Gsm security and encryption
byjyothsnapaidi
 
4G LTE Presentation Group 9
byeel4514team9
 
Smart Cities, IoT, SDN, 5G Networks, Cloud Computing… Managing Complexity wit...
byBristol Is Open
 
Rethinking the Telcos business models in the age of 5G - Carlos LOPEZ, Telefó...
byIDATE DigiWorld
 
Internet of Things: The story so far
byPayamBarnaghi
 
The leadership in the new digital age carved by the fourth industrial revolu...
byOsaka University
 

Similar to Security and Transport Performance in 5G

PDF
Accelerating 5G enterprise networks with edge computing and latency assurance
byADVA
 
PPT
52892794-Ngn-Presentation.ppt......................
bySoud Said
 
PPTX
ICN in the IRTF and IETF
byDirk Kutscher
 
PDF
Using ICN to simplify data delivery, mobility management and secure transmission
byITU
 
PDF
Cisco Prime for IP NGN
byCisco Canada
 
PDF
Prof. Danny Raz, Director, Bell Labs Israel, Nokia
bychiportal
 
PDF
Computer Networking A Top Down Approach 8th Edition Keith W Ross
byvvtjceaqkf412
 
PPTX
Named data networking
byharoonrashidlone
 
PDF
Ccnp Quick Reference Sheets Bundle Exams 642901 642812 642845 642825 Brent St...
byflqcpxfxoq291
 
PDF
A constructive review of in network caching a core functionality of icn slides
byAnshuman Kalla
 
PPTX
Information Centric Networking
byShahneel Siddiqui
 
PPTX
Network latency - measurement and improvement
byMatt Willsher
 
PPT
3303918.ppt
byCommCenter1
 
PDF
Cisco vnp workshop 16-17 april v1-0
byliemgpc2
 
PDF
Part 2: Efficient Multimedia Delivery in Content-Centric Mobile Networks
byDr. Mahfuzur Rahman Bosunia
 
PDF
Cisco connect winnipeg 2018 introducing the network intuitive
byCisco Canada
 
PDF
Study and analysis of mobility, security, and caching issues in CCN
byIJECEIAES
 
PDF
Going Cloud, Going Mobile: Will Your Network Drag You Down?
byWes Morgan
 
PDF
Exploring off path caching with edge caching in information centric networkin...
byAnshuman Kalla
 
PDF
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
byMed labbi
 
Accelerating 5G enterprise networks with edge computing and latency assurance
byADVA
 
52892794-Ngn-Presentation.ppt......................
bySoud Said
 
ICN in the IRTF and IETF
byDirk Kutscher
 
Using ICN to simplify data delivery, mobility management and secure transmission
byITU
 
Cisco Prime for IP NGN
byCisco Canada
 
Prof. Danny Raz, Director, Bell Labs Israel, Nokia
bychiportal
 
Computer Networking A Top Down Approach 8th Edition Keith W Ross
byvvtjceaqkf412
 
Named data networking
byharoonrashidlone
 
Ccnp Quick Reference Sheets Bundle Exams 642901 642812 642845 642825 Brent St...
byflqcpxfxoq291
 
A constructive review of in network caching a core functionality of icn slides
byAnshuman Kalla
 
Information Centric Networking
byShahneel Siddiqui
 
Network latency - measurement and improvement
byMatt Willsher
 
3303918.ppt
byCommCenter1
 
Cisco vnp workshop 16-17 april v1-0
byliemgpc2
 
Part 2: Efficient Multimedia Delivery in Content-Centric Mobile Networks
byDr. Mahfuzur Rahman Bosunia
 
Cisco connect winnipeg 2018 introducing the network intuitive
byCisco Canada
 
Study and analysis of mobility, security, and caching issues in CCN
byIJECEIAES
 
Going Cloud, Going Mobile: Will Your Network Drag You Down?
byWes Morgan
 
Exploring off path caching with edge caching in information centric networkin...
byAnshuman Kalla
 
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
byMed labbi
 

Recently uploaded

PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PPTX
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PPTX
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PPTX
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
PPT
html-forms in web development-courseICT.
bymadz33
 
PPTX
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
PPTX
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
PPTX
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
PDF
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PPT
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
PDF
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PPTX
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
html-forms in web development-courseICT.
bymadz33
 
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 

Security and Transport Performance in 5G

  • 1.
    Security & TransportPerformance in 5G Dr.-Ing. Dirk Kutscher Chief Researcher Networking NEC Laboratories Europe
  • 2.
    2 © NECCorporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers
  • 3.
    3 © NECCorporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies
  • 4.
    4 © NECCorporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies Traffic Management Systems
  • 5.
    5 © NECCorporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies Traffic Management Systems Application (Video) Optimizers
  • 6.
    6 © NECCorporation 2015 Performance and Security Today User Equipment Access Network Core/Service Network Application Servers TCP Proxies Traffic Management Systems Application (Video) Optimizers Mobile Throughput Guidance
  • 7.
    7 © NECCorporation 2015 Motivation ▌TCP proxies Lack of AQM and ECN deployment Sub-optimal performance: e2e control loop over heterogenous networks ▌Traffic management systems Lack of AQM and ECN deployment Lack of incentives for adaptive applications Perceived need for policing applications depending on access network conditions ▌Application optimizers Operator resource conservation and performance concerns Access to user data for analytics ▌Mobile Throughput Guidance All of the above
  • 8.
    8 © NECCorporation 2015 CDN Today Mainstream CDN
  • 9.
    9 © NECCorporation 2015 CDN Tomorrow Mainstream CDN
  • 10.
    10 © NECCorporation 2015 CDN Tomorrow: Silo Danger Mainstream CDN VOD CDN Social Network CDN
  • 11.
    11 © NECCorporation 2015 Motivation ▌TCP proxies  Lack of AQM and ECN deployment  Sub-optimal performance: e2e control loop over heterogenous networks ▌Traffic management systems  Lack of AQM and ECN deployment  Lack of incentives for adaptive applications  Perceived need for policing applications depending on access network conditions ▌Application optimizers  Operator resource conservation and performance concerns  Access to user data for analytics ▌Mobile Throughput Guidance  All of the above ▌CDN  Network offloading  QoE improvement through latency reduction  Moving data and computation closer to the edge  Application-layer request/content routing policies
  • 12.
    12 © NECCorporation 2015 Observations ▌Significant infrastructure required to make things „only work“ today Overcoming TCP e2e performance issues in heterogenous networks ▌Caching deemed important for scalable, low-latency data access Deployment likely going to increase in next generation networks (edge caching) General CDN and application-specific CDN deployments (new OTT services) How many different CDN-like overlays will you have to run as an ISP? ▌What does that mean for 5G networks?
  • 13.
    13 © NECCorporation 2015 NGMN 5G Use Cases Low latency, local loop communication Optimized Forwarding for Heterogenous Access Decentralized Communication Security, User Privacy
  • 14.
    14 © NECCorporation 2015 NGMN 5G Use Cases Security, User Privacy
  • 15.
    15 © NECCorporation 2015 Security & User Privacy ▌HTTP/2 is here to stay ▌Connection-based encryption on transport layer (TLS) Encrypt connection (and authenticate endpoints) Encrypted channel for all communication ▌De-facto ubiquitous (client implementations...) ▌No (easy) way for traffic management (based on flow/application information) ▌Major concerns with network operators See recent GSMA/IAB workshop on Managing Radio Networks in an Encrypted World (MaRNEW) Many of the previously mentioned optimization become difficult/expensive/impossible
  • 16.
    16 © NECCorporation 2015 TLS and Future Deep CDN ▌CDN and TLS CDN nodes maintain certificates on keying material on behalf of publishers Managing those certificates/keys is an important function of any CDN Protecting those certificates/keys is an important security requirement ▌Scaling CDNs More attack surfaces More challenges to certificate/key management User-privacy only guaranteed for connection to CDN proxy ▌Are there better ways? Object-based security Generic object caching & forwarding infrastructure Mainstream CDN
  • 17.
    17 © NECCorporation 2015 Optimized Forwarding for Heterogenous Access ▌Low latency, high-bandwidth Fiber, new radios ▌Slow, ad-hoc, unpredictable Low-power radios, sleep/duty cycles Constrained devices ▌Massively scalable distribution Server-push or pub/sub style Possibly in-network adaptation ▌Variable performance Dynamically changing network conditions Disruptions and delays On-board caching for all applications & protocols
  • 18.
    18 © NECCorporation 2015 Optimized Forwarding for Heterogenous Access ▌Will be difficult to implement with TCP as is ▌Remember: reduced deployment options for application-layer gateways ▌Network of TCP proxies does not sound convincing ▌Need more powerful forwarding layer and transport services Potential for hop-by-hop forwarding strategies Caching for local retransmissions User Equipment Access Network Core/Service Network Application Servers
  • 19.
    19 © NECCorporation 2015 Information-Centric Networking ▌Accessing Named Data Objects (NDOs) in the network ADUs, chunks, fragments ▌Data-centric security approach Disentangled means for name-content binding validation, publisher authentication, confidentiality ▌Name-Content binding validation: Public-Key and hash-based schemes ▌Publisher authentication One approach: publishers to sign NDOs, signature part of NDO meta data; trust model a la PKI ▌Confidentiality and access control Payload encryption
  • 20.
    20 © NECCorporation 2015 ICN Overview Requestor 1 Original Content “XY1” Owner “Joe” Content Repository Requestor 2 • Request Response, Receiver-driven • Pending Interesting Tables • Forward-by-name (prefix) • Per-node forwarding strategies • Object-based security • Ubiquitous caching /com/netflix/video/starwars
  • 21.
    21 © NECCorporation 2015 ICN Performance and Resource Management ▌Key ICN properties Requesting individual Named Data Objects Ubiquituous Caching ▌Implicit caching Every router can store NDO – depending on configuration, policy etc. Even with encrypted traffic, caching can help with local retransmissions, media re- play etc. ▌Simplified mobility management Request/Response model – eliminates need for tunnels ▌Flexible multipath communication Powerful forwarding layer Every router can make forwarding decisions depending on strategy, network characteristics, name prefix, policy ▌Easy policing and filtering Requestors, publishers and requestors see ICN requests and responses Policing without DPI Enabling other optimizations: in-network pre-fetching etc.
  • 22.
    22 © NECCorporation 2015 Proof-of-Concept ▌ICN for managing multi-path connectivity in Hybrid Access scenarios HGW HAG LTE DSL Core Network Internet Cloud Services ▌State of the art Connection Bundling over IP tunnels (GRE): poor performance with transport protocols MPTCP: better from transport perspective, but problematic interaction with CDN (DNS redirection per interface) and lack of policy control
  • 23.
    23 © NECCorporation 2015 Proof-of-Concept ▌ICN for managing multi-path connectivity in Hybrid Access scenarios HGW HAG LTE DSL Core Network Internet Cloud Services ▌ICN approach  Routers have better visibility of interface performance (can continously measure latency between requests and responses on a name-prefix basis)  Easy to implement policy based on request prefixes  Our implementation: prioritizing critical applications by constantly assessing interface performance and by assigning best interfaces to prioritized applications  Works with high degree of dynamicity (mobile networks) ▌First results  Extremely fast response to congestion – on all nodes of a heterogenous path  Constantly high capacity utilization  Effective prioritization /com/netflix/video/starwars /com/os/updates
  • 24.
    24 © NECCorporation 2015 Other Recent Results http://www.ietf.org/proceedings/interim/2014/09/27/icnrg/proceedings.html
  • 25.
    25 © NECCorporation 2015 Orange/ALU/SystemX Testbed Measurement Results http://www.ietf.org/proceedings/interim/2014/09/27/icnrg/proceedings.html
  • 26.
    26 © NECCorporation 2015 5G Blueprint Ctrl. HA Load Balancer Ctrl. …Internet RNC IW3G WiFi 4G 5G xDSL Cable IW vPoPs Transport Data Center DB auth. services Minimal IPv6 connectivity Baseline IP e2e applications Mobility-managed, seamless IP connectivity IM, server applications M2M applications In-network processing Interactive real-time Low-latency, transport- enhanced service Caching, multicast Video streaming, VOD
  • 27.
    27 © NECCorporation 2015 5G Multitenancy Ctrl. HA Load Balancer Ctrl. … Internet RNC IW3G WiFi 4G 5G xDSL Cable IW vPoPs Transport Data Center DB auth. services Minimal IPv6 connectivity Baseline IP e2e applications Mobility-managed, seamless IP connectivity IM, server applications M2M applications In-network processing Interactive real-time Low-latency, transport- enhanced service Caching, multicast Video streaming, VOD Telco IaaS ISP A Mobile TV service
  • 28.
    28 © NECCorporation 2015 Possible 5G ICN Deployment Option Ctrl. HA Load Balancer Ctrl. … Internet RNC IW3G WiFi 4G 5G xDSL Cable IW vPoPs Transport Data Center DB auth. services Minimal IPv6 connectivity Telco IaaS ISP A Information-Centric Networking Infrastructure Mobility-managed, seamless IP connectivity In-network caching In-network execution Mobile TV service Video streaming, VOD IoT Service In-network IoT platforms Interactive Multi- media service WebRTC Platform
  • 29.
    29 © NECCorporation 2015 Conclusions: 5G has challenges beyond SDN/NFV ▌Security User-privacy concerns one of the drivers for HTTP/2 (TLS) adoption Will reduce leverage for operators for „value-added service“, application-layer optimizations etc. Security challenges for TLS and (Deep) CDN ▌Performance 5G has potential for better performance due to new link layers and backhaul architectures But: heterogenous access and diverse use cases also imply new challenges ▌Information-Centric Networking Data-centric communication approach more suitable for secure and efficient communication Powerful forwarding layer: node-specific forwarding strategies thanks to better visibility of forwarding performance Common infrastructure for different types of applications: enabling efficient multi-tenancy operation without silos
  • 30.
    30 © NECCorporation 2015 IRTF ICNRG ▌Cross-project research community Not limited to a specific funding authority, project, protocol Sharing of research results, new ideas Documenting ICN scenarios, challenges, state-of-the-art solutions, gaps Specifying protocols and semantics for ICN Sharing implementation, experience from experiments ▌ICNRG and standards Not setting standards... But: helping to understand what needs to be standardized And: working on specifications ▌ICNRG Administrivia Web: http://irtf.org/icnrg Chairs • Börje Ohlman (Ericsson Research) • Dave Oran (Cisco Systems) • Dirk Kutscher (NEC Laboratories)
  • 31.
    31 © NECCorporation 2015 ICNRG Work Items ▌Scenarios, use cases  Baseline scenarios (RFC 7476)  Video distribution  IoT  Challenged networks and disaster scenarios ▌Challenges, evaluation  Research challenges  Evaluation Methodology ▌Protocol specifications  CCNx Messages in TLV format  CCNx Semantics ▌Newly proposed topics  Manifests, chunking, fragmentation, versioning  User privacy, access control  Name resolution  Named function networking Documenting use cases & opportunities Evolving research agenda & evaluation approaches Creating interoperable platforms for experimentation Evolving ICN concepts and technologies
  • 32.
    32 © NECCorporation 2015 Running Code ▌CCNx-1.0 (PARC) PARC license Developed by PARC Implements ccnx-messages and ccnx-semantics ▌CCN-lite (University of Basel) Open Source, free to use without restrictions Implements ccnx protocol Used by RIOT project ▌NDN NFD (NDN project) GPL-3.0 Maintained by NDN project Implemented NDN protocol

Editor's Notes

  • #16 Note: even with TLS, publishers could still decide which transaction require a secure connection – but Security management concerns HTTP/2 client implementations...
  • #34 #本スライドの活用について NECグループのブランドステートメント「Orchestrating a brighter world」は、ステークホルダーへの約束として、NECグループの企業姿勢、実現したい世界観と、それに対する自らの「行動・能力」を表現したものです。 社外向け発信活動においては、必ず表紙の次ページに本スライドを挿入し、ブランドステートメントとともにどんなストーリーを展開するかを説明するように心掛けてください。 <セリフ例>----- 私たちNECグループは、お客さまや社会と共創して、社会価値を創造していきます。 人が生きる、豊かに生きる、そして明るい未来につなげていくために。 これをブランドステートメント「Orchestrating a brighter world」としました。 NECグループが目指しているこの方向性の中で、本日は、○○○を実現する具体的な取り組み(ソリューション、サービス、技術)についてご説明します。 ----------------- ※そのほか、言葉に込めた意味、マークデザインに込めた意味については、「NEC Brand Principles」で確認してください。