5G Communication Network Attack Prevention Using SDN Technology under Internet of Things

doi:10.21203/rs.3.rs-1244448/v1

Download PDF

Research Article

5G Communication Network Attack Prevention Using SDN Technology under Internet of Things

https://doi.org/10.21203/rs.3.rs-1244448/v1

This work is licensed under a CC BY 4.0 License

Version 1

posted

You are reading this latest preprint version

the purpose is to guarantee the security of 5G (5-Generation Mobile Networks) technology in IoT (Internet of Things) environment, and improve the ability of wireless network communication to resist attacks. First, in terms of attack prevention, the 5G network security structure is proposed to replace the plaintext information commonly used in the original system with Ciphertext based on SDN (Software Defined Networking), thereby alleviating the security risks of the data dimension. Second, concerning attack detection, the signal is identified by using the imperfections and differences of equipment manufacturing based on the above security structure, preventing the attacker from further harming the sensitive data leaked. It is found that the SDN-based 5G network attack prevention scheme avoids the centralized exposure of sensitive data, improves security, reduces computational overhead, and simplifies encryption logic. Without affecting the bandwidth, the existing 5G network system is greatly prevented from network attacks. The detection mechanism is not limited by the low-dimensional feature space, and has strong robustness and stability. It can effectively detect the network attacks that 5G network systems are suffering. This study provides an important reference for the protection of 5G communication network attacks under IoT.

Internet of Things

Software defined networking

5G communication

Network attack prevention

Network attack detection

Wireless communication systems are vulnerable to security threats from the very beginning [1, 2]. The information of mobile phones and wireless channels in 1G wireless networks is easy to be cloned illegally and falsified [3]. In 2G wireless networks, garbage information not only attacks the system, but also spreads false information or broadcasts unnecessary marketing information [4]. In 3G wireless networks, the increase in IP (Internet Protocol)-based communication requirements lead to an endless stream of network security vulnerabilities [5]. In 4G wireless networks, the emergence of smart devices, multimedia traffic, and new applications brings more complex and dynamic threats to mobile communication [6]. The 5G wireless communication system meets the requirements of ubiquitous broadband access, mobility of high-quality devices, and connectivity of a large number of devices in a super-reliable and affordable way, which will face more complex security threats than before. Such as, in the ubiquitous power Internet of things, 5G technology can make the power distribution network system more reliable and productive. And once the 5G communication network is attacked, the normal operation of the power system can be interrupted or execute incorrectly instructions. More seriously, the power system failure maybe leads to a series of security incidents related to it. For example, the power cut of Ukrainian power companies caused by attack brought a series of livelihood crises in 2016. Therefore, the study of wireless communication security under 5G communication technology has great significance to promote the development of Power related industries.

Due to the lack of reliable encryption logic and authentication mechanism, 5G network is difficult to resist advanced network attack technology, which will eventually lead to security problems such as vulnerable system communication and sensitive data leakage [7]. Therefore, it is needed to design a strong security structure and establish an effective security mechanism [8]. In traditional wireless networks, there are two types of methods to solve communication security, namely the network attack prevention scheme, and the network attack detection scheme [9]. The network attack prevention scheme can also be divided into two types. One is to design a new network security structure combined with the key network technologies, but there is no security structure fully applicable to 5G networks [10]. The other is to use the knowledge of cryptography to encrypt the transmission data, achieving the goal of protecting network communication security [11]. However, the existing cryptography-based methods have two limitations: (1) some encryption algorithms need high computational overhead [12]; (2) some password-based methods are vulnerable to the attack of the protocol layer. Besides, the traditional network attack detection scheme also needs to be improved [13]. First, most existing physical identification systems rely on data and cannot protect the channel security of wireless networks. Second, physical layer recognition technology is vulnerable to some uncertain or signal acquisition factors.

Therefore, with the application and popularization of the 5G network, prospective research of emerging technologies should be conducted. Here, the advantages of new technologies are combined to design a comprehensive security protection scheme for 5G network, the security challenges faced by 5G system communication are comprehensively analyzed, and a 5G network security structure and the mechanism is designed from the perspectives of network attack prevention and detection to avoid network attacks, improving the communication security of the 5G network system.

A. Network Security Architecture

The security of the network structure attracts the attention of many scholars. Among them, Yao et al. proposed a 5G network security architecture based on the concept of domain and hierarchy, which solves the security problem of 5G network load caused by Internet of Things equipment deployment by capturing a new trust model and identifying security control points [14]. Abdulqadder et al. proposed a multi-layer network security structure, which is based on the host identity protocol to achieve the goal of secure communication between network elements, and the backhaul device from the source address spoofing and denial of service attacks [15]. Mrabet et al. proposed a 5G network security structure composed of the data layer, control layer, security application layer, and program layer, but the biggest problem of the system is that the coupling degree between security and 5G network management is not close enough, when the security layer cannot work [16]. Cao et al. proposed a robust 5G network security architecture by studying the security standards of the 5G network, which can protect WLAN and mobile access devices from network attacks at the same time. However, the scheme is expensive and has no practical application value [17]. Fang et al. proposed a new 5G wireless security architecture, which studied the 5G network handover process and signaling load scheme, achieving the effect of reducing signaling load and ensuring 5G security service quality [18].

B. Security Authentication Scheme

Vinodha proposed a new data transmission planning for WSN (Wireless Sensor Networks) based on elliptic curve cryptography and homomorphic encryption. The encryption scheme uses a genetic algorithm to construct the best network structure in cluster form [19]. Baek established a new wireless network transmission data sWIFI algorithm to cut the energy consumption of the network by using homomorphic encryption technology. The sWIFI algorithm has a higher performance than HMAC (Hash Message Authentication Code) cipher algorithm [20]. Wang put forward a location-based data encryption scheme for wireless sensor networks. The scheme can only complete key updates through conversion, but it cannot resist the DoS (Disk Operating System) attack [21]. Vivekrabinson suggested a secure data exchange scheme for wireless fault-tolerant networks based on attribute encryption. The scheme makes the content data only accessed by authorized nodes and authenticated by routing messages [22]. Jerbi made a new data encryption transmission scheme, which adopts lightweight encryption technology to make multiple sensor nodes cooperate to encrypt and transmit data, thus reducing the load of a single sensor node and ensuring communication security [23]. Zhang gave a lightweight block cipher scheme under chaos mapping and genetic operation, which uses elliptic curve points to prove communication nodes, which is 9 times faster than led protocol [24].

C. A Review of Related Research Issues

As a whole, the existing solutions only use a single method to protect the traditional network or detect or prevent 5G network communication security, and there are still some problems in actual use. To overcome the shortcomings of the existing research, a comprehensive 5G network security protection scheme is proposed from the following two aspects. First, a 5G network security structure based on SDN (Software Defined Networking) is designed for 5G network attack prevention, and it can prevent the network attack through establishing a data encryption authentication mechanism between the control layer and the data transmission layer. This method can decrease the possibility of attacks, while the transmission overhead is small, and does not affect the existing network bandwidth. Second, a network attack detection mechanism based on RF fingerprint is proposed for 5G network attack detection based on the above network security structure. The method can reduce the security risk of 5G network system effectively, and has great application prospects.

A. Component Deployment of Network Security Architecture

According to the 5G business scenario requirements and the trend of technology development, the communication security of the 5G network system should be ensured, and the flexible deployment of 5G network function, the network scalability and programming, and low cost and low energy consumption should be achieved before a new 5G network security structure is designed [25]. A 5G network security structure based on SDN is put forward. As shown in Figure 1, there are three layers in the structure, which are application layer, control layer, and data transmission layer. A new SecE (Security Entity) is added to the control layer as the control entity to control SecE and other security functions, protect the hash table and seed of all devices, and offer encryption authentication during data transmission [26]. This structure not only reduces the operation and maintenance cost of the 5G network, but also prevents the data leakage caused by network attacks when the equipment and users communicate in different scenarios [27].

The application layer is composed of end-user business applications and other control entities. The control layer includes logically centralized controllers, which perform unified control functions. A distributed security gateway is an intermediate device between the control layer and the data transmission layer. The lowest data transmission layer contains a wireless access network and a core transmission network [28].

B. Authentication strategy of data encryption

The authentication mechanism of data encryption has 2 endpoints. The left end is SDN device, which is equivalent to a switch controlled by SDN. The key storage in each device is composed of three parts. The key is randomly generated. Whenever the device requests to establish a communication channel, it will regenerate a new key [29]. After the device authentication is completed, the back end will generate a new key and reload it into the device. The degree difference of authentication adaptive node is Di, the residual node energy is ηi, and the node motion similarity is Mi. The equation of the weight of the model is as follows:

$${w_i}=\frac{{{q_i}}}{{\sum\nolimits_{{k=1,m}} {{q_i}} }}$$

i can be taken as 1,2,…m. w is the weight of the parameter, q is the reference factor, and

$${W_i}={w_1}{D_i}+{w_{\text{2}}}{\eta _i}{\text{+}}{w_{\text{3}}}{M_i}$$

When ${w_1}+{w_2}+{w_3}=1$, the outage probability p is determined by the equation in the core network:

$$p=\frac{S}{{\pi N{r^2}}}$$

Radius is a function of the total energy E, which is consumed by the network in data collection:

$$\left\{ {\begin{array}{*{20}{c}} {\hbox{min} :E} \\ {s.t.0cript>$$

If there are n nodes, the average node degree is as follows:

$$\bar {D}=\frac{{\sum\limits_{{i=0}}^{n} {{D_i}} }}{n}$$

The degree difference of adaptive nodes is obtained by subtracting the degree of each sub-node from the degree of the average node:

$${\varepsilon _i}=|{D_i} - \bar {D}|$$

In the core network, the smaller degree difference of the node is, the worse the degree of the adaptive node is:

$${D_i}{\text{=}}{e^{ - {\varepsilon _i}}}$$

To calculate the residual energy of nodes, the initial energy of the network is set as E and the residual energy is Es. When the node has a non-cluster head, the energy consumption per unit time is e1. When the node has a cluster head, the energy consumption per unit time is e2. Therefore, the equation of the residual energy of the node is as follows (14):

$${E_s}{\text{=E-}}\sum\limits_{1}^{i} {{e_1}{D_{ni}}{t_i}} - \sum\limits_{1}^{j} {{e_2}{D_{nj}}{t_j}}$$

In the equation, i is the number of the nodes having non-cluster head, ${D_{ni}}$ is the degree of the node acting as non-cluster head for the i-th times, and ${t_i}$ is the time of the nodes acting as non-cluster head; j is the times of the nodes acting as the cluster head, ${D_{nj}}$ is the degree of the nodes acting as the cluster head, and ${t_j}$ is the time of the nodes acting as the cluster head for the i-th times. Thus, in each round of cluster head election, the efficiency equation is as follows:

$$\eta {\text{=}}\frac{{{E_s}}}{E}$$

The average velocity difference equation is as follows:

$${\bar {v}_{Ax}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {({v_A}\cos \alpha - {v_i}\cos {\theta _i})} }}{n}$$

$${\bar {v}_{Ay}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {({v_A}\sin \alpha - {v_i}\sin {\theta _i})} }}{n}$$

Therefore, the difference of the average speed is:

$${\bar {v}_A}{\text{=}}\sqrt {{{\bar {v}}_{Ax}}^{2}+{{\bar {v}}_{Ay}}^{2}}$$

Then the variance of velocity difference between adjacent nodes on the x-axis and y-axis is:

$${\sigma _{Ax}}^{{\text{2}}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {{{({{\bar {v}}_{Ax}} - {v_{Aix}})}^2}} }}{n}$$

$${\sigma _{Ay}}^{{\text{2}}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {{{({{\bar {v}}_{Ay}} - {v_{Aiy}})}^2}} }}{n}$$

Therefore, the variance between A and adjacent nodes can be expressed as:

$${\sigma _A}^{2}{\text{=}}\frac{{{\sigma _{Ax}}^{2}+{\sigma _{Ay}}^{2}}}{2}$$

Therefore, the motion similarity equation is as follows:

$${M_A}{\text{=}}{e^{ - \left( {{\sigma _A}^{2}+{{\bar {v}}_A}^{2}} \right)}}$$

C. Authentication Mechanism Interaction of Data Encryption

As shown in Figure 2, the switch first sends the authentication request M1 to SecGW. And M1 consists of two parts: the unique ID and the preloaded hash table Hi provided by the back end. Finally, SecGW forwards the authentication message to DPS (Damage per Second) [30]. If DPS passes the authentication, it will update its key and allow communication between control layer devices. If DPS fails, it will not perform any action or make another request. The specific equation of the weight of document i in service node k is as follows:

$$Weigh{t_j}=\frac{{{\raise0.7ex\hbox{${{t_i}}$} \!\mathord{\left/ {\vphantom {{{t_i}} T}}\right.\kern-0pt}\!\lower0.7ex\hbox{$T$}}}}{{{s_i}}} * \frac{1}{{{f_n}+1}}$$

T is the latest T accesses and it is a constant. ${t_i}$ is the number of times when the file i is accessed in the latest T accesses of users, ${s_i}$ is the size of the file, and ${f_n}$ is the number of nodes where the file i is adjacent to the cache file i of the fog node j during the access.

$${S_{OHHR}}=\frac{{\sum {{{\text{h}}_i}} }}{{\sum {{r_i}} }},i=1,2, \cdots ,m$$

$$S{}_{{SHR}}=\frac{{\sum {S{H_i}} }}{{\sum {{r_i}} }},i=1,2, \cdots ,m$$

$S{H_i}$ is the hits of file i in the system and is the total number of accesses of file i. The response delay of the system is calculated as follows:

$$S{}_{{ARR}}=\frac{{\sum {{R_i} * {S_i}} }}{{\sum {{T_i}} }},i=1,2, \cdots ,m$$

${R_i}$ is the total number of accesses of file i, ${S_i}$ is the size of file i, and ${T_i}$ is the total response time of file i. A reasonable bandwidth is used:

$$\begin{gathered} {S_{BC}}=\sum {\left( {{c_i} * {h_i}+\left( {{c_i}+{c_0}} \right) * s{h_i}+\left( {{c_i}+{c_0}} \right) * c{h_i}} \right) * {f_j}} \hfill \\ \begin{array}{*{20}{c}} {}&{}&{} \end{array}i=1,2, \cdots ,p;j=1,2, \cdots ,m \hfill \\ \end{gathered}$$

${h_i}$ is the hits of the node i, $s{h_i}$ is the hits of adjacent nodes, and $c{h_i}$ is the times of the hits.

As shown in Figure 3, information interaction of control layer devices is established between DPS1 and DPS2. DPS1 first sends the request M1 to DPS2, which is composed of the device ID and relevant hash value. After the request from DPS1 is received, DPS2 sends the authentication request REQ to SecGW. SecGW sends the authentication message ACK (Acknowledge Character) associated with DPS1 AND DPS2 TO DPS2. If the request passes the authentication, DPS2 sends the authentication message M2 to DPS1. If one of the DPS fails, they will no longer perform any operations [31].

D. Experimental Deployment and Performance Analysis

To verify the feasibility and security of the proposed authentication mechanism of data encryption, the network simulator Mininet is used to simulate the 5G network experiment scenario. The scheme uses four laptops and two Ethernet hubs on the test bench. OpenVSwitch version 1.10.0 is installed on every laptop. As shown in Figure 4, the scheme uses a virtual machine to simulate the host. One of the laptops acts as the SDN controller, and the POX controller runs on this laptop. The other three laptops are connected through two D-LINKDSR-250N routers. According to the experimental scenario, the attacker is connected to each hub.

There are 5 hosts in the sparse networks, 50 hosts in the medium networks, and 500 hosts in the dense network. The connection outage rate is used to evaluate the performance of the scheme. The connection outage rate is the most important index when the network is attacked. The spatial modeling equation is as follows:

$$H(u(t+r))=A(d)(1+pow(u(t+r))){e^{i(w+\Delta w)(t+r)}}$$

$A(d)$ is not just a constant, $pow(u(t+r)$$^{{i(w+\Delta w)(t+r)}}$ is an amplitude nonlinear term, and $H(u(t+r))$is a phase nonlinear term. The received signal C can be expressed as:

$$C \approx \sum\limits_{{i=1}}^{n} {H(i) \cdot H(u(t+r))}$$

t is the time, r is the transmission path, and u is the transmission energy. The connection interruption rate of the experiment is expressed as follows:

$$r=nu{m_{dis}}/100$$

num _dis is the number of times the connection is interrupted in the simulation. The similarity is used for analysis, and the calculation is as follows:

$$w=1 - \sum\limits_{{i=1}}^{N} {{{({V_{pred}}-{V_{true}})}^2}/} \sum\limits_{{i=1}}^{N} {{{({V_{true}}-\overline {{{V_{true}}}} )}^2}}$$

${V_{pred}}$ is the RF (Radio Frequency) signal output by the prediction device and ${V_{true}}$ is the RF signal output by the device. The most advanced TFSv1 and SDSecurity are compared to explore their performance. TFSV1 is commonly used in the commercial SDN, but it is usually subjected to the above three attacks due to the lack of authentication.

A. Spoofing Simulation of IP Address

As shown in Figure 5, the result of disconnection rate under the spoofing of IP address is achieved. The number of attacks is slowly adjusted from 0 to 500, and the disconnection rate is recorded to test the feasibility of the scheme. When the number of attacks is 500, the disconnection rate is less than 0.1%.

Figure 6 shows that the connection interruption rate of Robust, TFSv1, and SDSecurity is increasing with the increase of the number of attacks. The disconnection rate of Robust is very low. Even if the attacks is 500, the maximum disconnection rate of Robust is still lower than 0.01%, which is much less than that of TFSv1 and SDSecurity. With the increase of the number of hosts, SDSecurity will experience a great loss. The disconnection rate of Robust does not change much. Under the interference of the spoofing of IP address, the performance of Robust is much better than that of the existing schemes.

B. MITM Attack Simulation

Figure 7 shows the simulation results under MITM (Man-in-the-MiddleAttack). Similar to the simulation in the spoofing of IP address, the number of attacks is slowly adjusted from 0 to 500, and the related disconnection rate is recorded. When the number of attacks reaches 500, the disconnection rate is less than 0.1%.

Figure 8 shows that when the host is medium, the disconnection rate of Robust is still lower than 0.01%, which is much better than that of TFSv1 and SDSecurity. Due to the lack of authentication in TFSv1 communication, the performance of TFSv1 decreases greatly with the increase of attacks. For SDSecurity, if it is used in dense scenes, its performance will still degrade a lot and it cannot be used in large scenes. These observations show that the scheme has better performance in detecting MITM.

C. Replay Attack Simulation

Figure 9 shows the simulation result under replay attack. The attacker steals the information between the devices in the control layer and records the messages from the devices, and then makes the attacker repeat the messages to the SecE. When the number of attacks reaches 500, the disconnection rate is less than 0.1%.

As shown in Figure 10, Robust has the lowest disconnection rate under replay attack. Under these three attacks, the disconnection rate of this scheme is less than 0.01%, which is the lowest of the three security architectures. For the other two architectures, the disconnection rate of TFSv1 is about 75%, and that of SDSecurity is 8%. Although the disconnection rate of SDSecurity is relatively low and at the medium level, its performance will degrade a lot in dense scenarios, and the disconnection rate increases as high as 73%. It is concluded that the scheme can meet the requirements of commercial use.

D. Results of Accuracy Test

Figure 11 shows that the accuracy of the proposed method is more than 90%. And the accuracy of PARADIS, FBSleuth, and SP decreases from 97–88%, 93–75%, and 92–37%, respectively. This shows that the scheme overcomes the problem of insufficient robustness of the authentication of another physical layer.

As shown in Figure 12, PLF (Physical Layer Function) has good stability. At the same time, the FNR (False Negative Rate) of PLF is close to the FPR (False Positive Rate), which is usually called equal error rate in the training model. The closer the two probabilities are, the more effective the parameter threshold selection is and the higher the overall recognition ability of the mechanism is. This shows that the threshold selected in the experiment is very effective.

E. Training Time Analysis

As shown in Figure 13, the training time of the model largely depends on the amount of bit data. If the number of the bit data is large, the training time will be the long. Also, the accuracy is proportional to the amount of bit data. The more bit data are, the higher the accuracy is. PLF achieves more than 95% accuracy when the amount of bit data is more than 35MB, which takes less than 7 minutes. When the amount of bit data of CNN (Cable News Network) is more than 35MB, the accuracy is more than 86%, and the training time is as long as 30 minutes.

Figure 15 shows that the accuracy of RNN (Recurrent Neural Network) is more than 92% when the amount of bit data is more than 35MB, but the training time is more than 30 minutes, which proves that it takes more than 30 minutes for CNN and RNN to identify 5G signals, and their accuracy is not high. Therefore, it is concluded that PLF is the most reliable authentication method for 5G devices.

A comprehensive communication protection scheme for the 5G network system is proposed from the perspective of network attack prevention and detection, aiming at the problem that the existing 5G network structure has no reliable encryption logic and is difficult to resist advanced network attack technology. The scheme uses the current advanced network security technology SDN to separate the control of the existing network from the data stream, so that the system users can control and observe the abnormal behavior of network transmission and effectively prevent attacks. To further improve the security of data transmission in the network structure, a new distributed security gateway is designed between the control layer and the data transmission layer, and a new encryption authentication mechanism based on cryptography is established. After SDN data communication is masked, the possibility of sensitive information leakage is further reduced and the reliability is strong. The results of the experiment show that the scheme can prevent several traditional attacks, and improve the communication security of the 5G system. Based on the network security structure, a reliable mechanism based on RF fingerprint is proposed to detect 5G network attacks from the perspective of network attack detection, which makes up for the lack of security of attack prevention scheme. Meanwhile, a mechanism of encryption attack prevention is established between the control layer and the data transmission layer to improve the security of data transmission in the network system. Ciphertext is used to replace the plaintext used in the communication of the original system components and prevent it from attacks. The research and analysis of three typical attacks are carried out. The Mininet design experiment of the network emulator used verifies the security and stability of the proposed scheme.

The communication security of 5G network system IS deeply analyzed, and a comprehensive communication protection scheme for 5G network system from the perspectives of network attack prevention and network attack detection is proposes. And a new distributed security gateway is designed between the control layer and the data transmission layer, and a new data encryption authentication mechanism based on cryptography is established to protect the security of data transmission in the network structure. The 5G network attack prevention scheme based on SDN avoids the centralized exposure of sensitive data, improves the security, reduces the computational overhead, and has simple encryption logic. Although a more comprehensive system is proposed, there are still many shortcomings in this study: First, the 5G network attack prevention scheme based on SDN proposed doesn’t detect any possible security threats, so it is necessary to take targeted design to strengthen the security of the algorithm; Second, the 5G network attack detection mechanism based on RF fingerprint is a successful attempt to break the traditional mode of feature-based RFID (Radio Frequency Identification) system. But if the attacker uses a high-end RF transceiver, the copied signal will be very similar to the real signal. Therefore, how to use the scheme to resist this kind of attack is challenging.

VII. Acknowledgement:

This work was supported by the Research program of Liaoning Electric Power Research Institute of State Grid Corporation of China under Grant No. 2021YF-55, the Fundamental Research Funds for the Central Universities of China under Grant No.2020GFZD014.

S.V. Kuleshov, A.A. Zaytseva, and A.Y. Aksenov, "The conceptual view of unmanned aerial vehicle implementation as a mobile communication node of active data transmission network." International Journal of Intelligent Unmanned Systems. vol. no. pp.112-123, Oct. 2018.
A.M. Lonzetta, P. Cope, J. Campbell, B.J. Mohd, and T. Hayajneh, "Security vulnerabilities in Bluetooth technology as used in IoT." Journal of Sensor and Actuator Networks. vol. 7, no. 3, pp. 28–36, Jul. 2018.
K. Bu, M. Weng, Y. Zheng, B. Xiao, and X. Liu, "You can clone but you cannot hide: A survey of clone prevention and detection for RFID." IEEE Communications Surveys & Tutorials. vol. 19, no. 3, pp. 1682-1700, Mar. 2017.
D. Goel and A.K. Jain, "Mobile phishing attacks and defence mechanisms: State of art and open research challenges." Computers & Security. vol. 73, no. pp. 519–544, Mar.2018.
A.H.M. Aman, N. Shaari, and R. Ibrahim, "Internet of things energy system: Smart applications, technology advancement, and open issues." International Journal of Energy Research. vol.6, no. 11, pp.256-263, Jan. 2021.
K. Bilal, O. Khalid, A. Erbad, and S.U. Khan, "Potentials, trends, and prospects in edge technologies: Fog, cloudlet, mobile edge, and micro data centers." Computer Networks. vol. 130, no.25, pp. 94-120, Jan. 2018.
T.-Y. Wu, Z. Lee, M.S. Obaidat, S. Kumari, S. Kumar, and C.-M. Chen, "An authenticated key exchange protocol for multi-server architecture in 5G networks." IEEE Access. vol. 8, no.25, pp. 28096–28108, Jan. 2020.
T.H. Ting, T.N. Lin, S.H. Shen, and Y.W. Chang, "Guidelines for 5G end to end architecture and security issues." arXiv preprint arXiv:1912.10318. vol.26, no. 26, pp.115-123, Dec. 2019.
M. Abu Talib, S. Abbas, Q. Nasir, and M.F. Mowakeh, "Systematic literature review on Internet-of-Vehicles communication security." International Journal of Distributed Sensor Networks. vol. 14, no. 12, pp. 1550147718815054-1550147718815063, Dec. 2018.
E.N. Yılmaz and S. Gönen, "Attack detection/prevention system against cyber attack in industrial control systems." Computers & Security. vol. 77, no. pp. 94-105, Aug. 2018.
C. Senarak, "Port cybersecurity and threat: A structural model for prevention and policy development." The Asian Journal of Shipping and Logistics. vol. 37, no. 1, pp. 20-36, Mar. 2021.
N. Kaaniche and M. Laurent, "Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms." Computer Communications. vol. 111, no. pp. 120-141, Oct. 2017.
M.H. Saračević et al., "Data Encryption for Internet of Things Applications Based on Catalan Objects and Two Combinatorial Structures." IEEE Transactions on Reliability. vol.26, no. 11, pp. 1256-1263, Aug. 2020.
J. Yao, Z. Han, M. Sohail, and L. Wang, "A robust security architecture for SDN-based 5G networks." Future Internet. vol. 11, no. 4, pp. 85, Mar. 2019.
I.H. Abdulqadder, S. Zhou, D. Zou, I.T. Aziz, and S.M.A. Akber, "Multi-layered intrusion detection and prevention in the SDN/NFV enabled cloud of 5G networks using AI-based defense mechanisms." Computer Networks. vol. 179, no.3, pp. 107364-107376, Oct. 2020.
H. Mrabet, S. Belguith, A. Alhomoud, and A. Jemai, "A survey of IoT security based on a layered architecture of sensing and data analysis." Sensors. vol. 20, no. 13, pp. 3625-3636, Jun. 2020.
J. Cao, Z. Yan, R. Ma, Y. Zhang, Y. Fu, and H. Li, "LSAA: A Lightweight and Secure Access Authentication Scheme for Both UE and mMTC Devices in 5G Networks." IEEE Internet of Things Journal. vol. 7, no. 6, pp. 5329–5344, Feb. 2020.
D. Fang and Y. Qian, "5G wireless security and privacy: Architecture and flexible mechanisms." IEEE Vehicular Technology Magazine. vol. 15, no. 2, pp. 58-64, Mar. 2020.
D. Vinodha, E.M. Anita, and D.M. Geetha, "A novel multi functional multi parameter concealed cluster based data aggregation scheme for wireless sensor networks (NMFMP-CDA)." Wireless Networks. vol. 27, no. 2, pp. 1111-1128, Sept. 2021.
J. Baek, S.I. Han, and Y. Han, "Optimal UAV route in wireless charging sensor networks." IEEE Internet of Things Journal. vol. 7, no. 2, pp. 1327-1335, Nov. 2019.
H. Wang, G. Han, W. Zhang, M. Guizani, and S. Chan, "A probabilistic source location privacy protection scheme in wireless sensor networks." IEEE Transactions on Vehicular Technology. vol. 68, no. 6, pp. 5917-5927, Jun. 2019.
K. Vivekrabinson and K. Muneeswaran, "Fault-Tolerant Based Group Key Servers with Enhancement of Utilizing the Contributory Server for Cloud Storage Applications." IETE Journal of Research. vol. no. pp. 1-16, Mar. 2021.
W. Jerbi, A. Guermazi, O. Cheikhrouhou, and H. Trabelsi, "CoopECC: A Collaborative Cryptographic Mechanism for the Internet of Things." Journal of Sensors. vol. 2021, no.26, pp. 258-296, Apr. 2021.
Y.Q. Zhang, H.F. Huang, X.Y. Wang, and X.H. Huang, "A secure image encryption scheme based on genetic mutation and MLNCML chaotic system." Multimedia Tools and Applications. vol. no. pp. 1-15, Feb. 2021.
A. Muthanna et al., "Secure and reliable IoT networks using fog computing with software-defined networking and blockchain." Journal of Sensor and Actuator Networks. vol. 8, no. 1, pp. 15–26, Feb.2019.
L. Boero, R. Bruschi, F. Davoli, M. Marchese, and F. Patrone, "Satellite networking integration in the 5G ecosystem: Research trends and open challenges." Ieee Network. vol. 32, no. 5, pp. 9-15, Sep. 2018.
X. Huang, S. Cheng, K. Cao, P. Cong, T. Wei, and S. Hu, "A survey of deployment solutions and optimization strategies for hybrid SDN networks." IEEE Communications Surveys & Tutorials. vol. 21, no. 2, pp. 1483–1507, Sep. 2018.
G. Xu, Y. Cao, Y. Ren, X. Li, and Z. Feng, "Network security situation awareness based on semantic ontology and user-defined rules for Internet of Things." IEEE Access. vol. 5, no. pp. 21046–21056, Aug. 2017.
G. Deep, R. Mohana, A. Nayyar, P. Sanjeevikumar, and E. Hossain, "Authentication protocol for cloud databases using blockchain mechanism." Sensors. vol. 19, no. 20, pp. 4444-4453, Oct. 2019.
U. Khalid, M. Asim, T. Baker, P.C. Hung, M.A. Tariq, and L. Rafferty, "A decentralized lightweight blockchain-based authentication mechanism for IoT systems." Cluster Computing. vol. no. pp. 1-21, Feb. 2020.
S. Gupta, A. Buriro, and B. Crispo, "DriverAuth: Behavioral biometric-based driver authentication mechanism for on-demand ride and ridesharing infrastructure." ICT Express. vol. 5, no. 1, pp. 16-20, Mar. 2019.

No competing interests reported.

Download PDF

Version 1

posted

You are reading this latest preprint version

5G Communication Network Attack Prevention Using SDN Technology under Internet of Things

Status:

Version 1

Abstract

Figures

I. Introduction

Ii. Network Security And Authentication

Iii. Construction And Analysis Of The Model

IV. results of the performance test of the Model

V. Discussion and analysis of research results

VI. CONCLUSION

Declarations

VII. Acknowledgement:

References

Additional Declarations

Status:

Version 1