Skip to main content

Advertisement

SpringerLink
Log in

Software-Defined Mobile Networks Security

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The future 5G wireless is triggered by the higher demand on wireless capacity. With Software Defined Network (SDN), the data layer can be separated from the control layer. The development of relevant studies about Network Function Virtualization (NFV) and cloud computing has the potential of offering a quicker and more reliable network access for growing data traffic. Under such circumstances, Software Defined Mobile Network (SDMN) is presented as a promising solution for meeting the wireless data demands. This paper provides a survey of SDMN and its related security problems. As SDMN integrates cloud computing, SDN, and NFV, and works on improving network functions, performance, flexibility, energy efficiency, and scalability, it is an important component of the next generation telecommunication networks. However, the SDMN concept also raises new security concerns. We explore relevant security threats and their corresponding countermeasures with respect to the data layer, control layer, application layer, and communication protocols. We also adopt the STRIDE method to classify various security threats to better reveal them in the context of SDMN. This survey is concluded with a list of open security challenges in SDMN.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Sama MR, Contreras LM, Kaippallimalil J, Akiyoshi I, Qian H, Ni H (2015) Software-defined control of the virtualized mobile packet core. IEEE Commun Mag 53(2):107–115

    Article  Google Scholar 

  2. Ge X, Yang B, Ye J, Mao G, Wang C-X, Han T (2015) Spatial Spectrum and Energy Efficiency of Random Cellular Networks. IEEE Trans Commun 63(3):1019–1030

    Article  Google Scholar 

  3. Bernardos C, La Oliva A, Serrano P, Banchs A, Contreras LM, Jin H, Zúñiga JC (2014) An architecture for software defined wireless networking. IEEE Wirel Commun 21(3):52–61

    Article  Google Scholar 

  4. Ge X, Huang K, Wang C-X, Hong X, Yang X (2011) Capacity Analysis of a Multi-Cell Multi-Antenna Cooperative Cellular Network with Co-Channel Interference. IEEE Trans Wirel Commun 10(10):3298–3309

    Article  Google Scholar 

  5. He J, Wen Y, Huang J, Wu D (2014) On the Cost–QoE Tradeoff for Cloud-Based Video Streaming Under Amazon EC2’s Pricing Models. IEEE Transactions on Circuits and Systems for Video Technology 24(4):669–680

    Article  Google Scholar 

  6. Chávez-Santiago R, Szydełko M, Kliks A, Foukalas F, Haddad Y, Nolan KE, Kelly MY, Masonta MT, Balasingham I (2015) 5G: The convergence of wireless communications. Wirel Pers Commun:1–26

  7. Naudts B, Kind M, Westphal F-J, Verbrugge S, Colle D, Pickavet M (2012) Techno-economic analysis of software defined networking as architecture for the virtualization of a mobile network. In: 2012 European Workshop on Software Defined Networking (EWSDN). IEEE, pp 67–72

  8. Nunes B, Mendonca M, Nguyen X-N, Obraczka K, Turletti T, et al. (2014) A survey of software-defined networking: past, present, and future of programmable networks. IEEE Communications Surveys & Tutorials 16(3):1617–1634

    Article  Google Scholar 

  9. Checko A, Christiansen HL, Yan Y, Scolari L, Kardaras G, Berger MS, Dittmann L (2014) Cloud RAN for mobile networks – a technology overview. IEEE Communications Surveys & Tutorials 17(1):405–426

    Article  Google Scholar 

  10. Xiao J, Hu R, Qian Y, Gong L, Wang B (2013) Expanding lte network spectrum with cognitive radios: From concept to implementation. IEEE Wirel Commun 20(2):12–19

    Article  Google Scholar 

  11. Manzalini A, Saracco R, Buyukkoc C, et al. (2014) Software-defined networks for future networks and services: main technical challenges and business implications, SDN4FNS. IEEE

  12. Kreutz D, Ramos F, Verissimo P (2013) Towards secure and dependable software-defined networks. In: Proceedings of the second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, pp 55–60

  13. Hakiri A, Gokhale A, Berthou P, Schmidt DC, Gayraud T (2014) Software-defined networking: Challenges and research opportunities for future internet. Comput Netw 75(24):453–471

    Article  Google Scholar 

  14. Shin S, Porras PA, Yegneswaran V, Fong MW, Gu G, Tyson M (2013) Fresco: Modular composable security services for software-defined networks. In: NDSS

  15. Kreutz D, Bessani A, Feitosa E, Cunha H (2014) Towards secure and dependable authentication and authorization infrastructures. In: 2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing (PRDC). IEEE, pp 43–52

  16. Principles and practices for securing software-defined networks, 2015. www.opennetworking.org

  17. Kreutz D, Ramos FM, Esteves Verissimo P, Esteve Rothenberg C, Azodolmolky S, Uhlig S (2015) Software-defined networking: A comprehensive survey. proc IEEE 103(1):14–76

    Article  Google Scholar 

  18. Yap K-K, Sherwood R, Kobayashi M, Huang T-Y, Chan M, Handigol N, McKeown N, Parulkar G (2010) Blueprint for introducing innovation into wireless mobile networks. In: Proceedings of the second ACM SIGCOMM Workshop on Virtualized Infrastructure Systems and Architectures. ACM, pp 25–32

  19. Hernan S, Lambert S, Ostwald T, Shostack A (2006) Uncover security design flaws using the stride approach msdn. microsoft. com

  20. Wikipedia, Stride(security)–wikipedia, the free encyclopedia, 2015, [Online; accessed 20-July-2015]. [Online]. Available: https://en.wikipedia.org/wiki/STRIDE_(security)

  21. Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: Opportunities and challenges. Inf Sci 305(1):357–383

    Article  MathSciNet  Google Scholar 

  22. Yazıcı V, Kozat UC, Oguz Sunay M (2014) A new control plane for 5G network architecture with a case study on unified handoff, mobility, and routing management. IEEE Commun Mag 52(11):76–85

    Article  Google Scholar 

  23. Yang M, Li Y, Hu L, Li B, Jin D, Chen S, Yan Z (2014) Cross-layer software-defined 5G network. Mobile Networks and Applications 20(3):1–10

    Google Scholar 

  24. Jin X, Li LE, Vanbever L, Rexford J (2013) Softcell: Scalable and flexible cellular core network architecture. In: Proceedings of the ninth ACM Conference on Emerging Networking Experiments and Technologies. ACM, pp 163–174

  25. Costa-Requena J (2014) SDN integration in lte mobile backhaul networks. In: 2014 International Conference on Information Networking (ICOIN). IEEE, pp 264–269

  26. Kempf J, Johansson B, Pettersson S, Lüning H, Nilsson T (2012) Moving the mobile evolved packet core to the cloud. In: 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). IEEE, pp 784–791

  27. Sama MR, Ben Hadj Said S, Guillouard K, Suciu L (2014) Enabling network programmability in lte/epc architecture using OpenFlow. In: 2014 12th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt). IEEE, pp 389–396

  28. Nagy M, Kotuliak I (2014) Utilizing OpenFlow, SDN and NFV in GPRS core network, in Testbeds and Research Infrastructure: Development of Networks and Communities. Springer, pp 184–193

  29. Ge X, Cheng H, Guizani M, Han T (2014) 5G Wireless Backhaul Networks: Challenges and Research Advances. IEEE Netw 28(6):6–11

    Article  Google Scholar 

  30. He J, Xue Z, Wu D, Wu DO, Wen Y (2014) CBM: Online Strategies on Cost-aware Buffer Management for Mobile Video Streaming. IEEE Transactions on Multimedia 16(1): 242–252

    Article  Google Scholar 

  31. Lei L, Zhong Z, Zheng K, Chen J, Meng H (2013) Challenges on Wireless Heterogeneous Networks for Mobile Cloud Computing. IEEE Wirel Commun 20(3):34–44

    Article  Google Scholar 

  32. Zheng K, Wang Y, Wang W, Dohler M, Wang J (2011) Energy-efficient wireless in-home: the need for interference-controlled femtocells. IEEE Wirel Commun 18(6):36–44

    Article  Google Scholar 

  33. Liyanage M, Ylianttila M, Gurtov A (2014) Securing the control channel of software-defined mobile networks. In: 2014 IEEE 15th International Symposium on A World of Wireless Mobile and Multimedia Networks (WoWMoM). IEEE, pp 1–6

  34. Wu D, Xue Z, He J (2014) iCloudAccess: Cost-Effective Streaming of Video Games from the Cloud with Low Latency. IEEE Transactions on Circuits and Systems for Video Technology 24(8):1405–1416

    Article  Google Scholar 

  35. He J, Wu D, Zeng Y, Hei X, Wen Y (2013) Toward Optimal Deployment of Cloud-Assisted Video Distribution Services. IEEE Transactions on Circuits and Systems for Video Technology 23(10):1717–1728

    Article  Google Scholar 

  36. Network functions virtualisation (nfv), 2013. [Online]. Available: https://portal.etsi.org/nfv/nfv_white_paper2.pdf

  37. Bays LR, Oliveira RR, Barcellos MP, Gaspary LP, Madeira ERM (2015) Virtual network security: Threats, countermeasures, and challenges. Journal of Internet Services and Applications 6(1):1–19

    Article  Google Scholar 

  38. Wolinsky DI, Agrawal A, Boykin PO, Davis JR, Ganguly A, Paramygin V, Sheng YP, Figueiredo RJ (2006) On the design of virtual machine sandboxes for distributed computing in wide-area overlays of virtual workstations. In: 2006 First International Workshop on Virtualization Technology in Distributed Computing, 2006 VTDC. IEEE, pp 8–8

  39. Wu H, Ding Y, Winer C, Yao L (2010) Network security for virtual machine in cloud computing. In: 2010 5th International Conference on Computer Sciences and Convergence Information Technology (ICCIT). IEEE, pp 18–21

  40. de Oliveira DAS, Wu FS (2009) Protecting kernel code and data with a virtualization-aware collaborative operating system. In: 2009 Annual Computer Security Applications Conference, ACSAC’09. IEEE, pp 451–460

  41. Zhang L, Shetty S, Liu P, Jing J (2014) Rootkitdet: Practical end-to-end defense against kernel rootkits in a cloud environment. In: Computer Security-ESORICS 2014. Springer, pp 475– 493

  42. Baliga A, Kamat P, Iftode L (2007) Lurking in the shadows: Identifying systemic threats to kernel data. In: IEEE Symposium on Security and Privacy, 2007. SP’07. IEEE, pp 246–251

  43. Fernandes DA, Soares LF, Gomes JV, Freire MM, Inácio PR (2014) Security issues in cloud environments: A survey. Int J Inf Secur 13(2):113–170

    Article  Google Scholar 

  44. Nguyen M-D, Chau N-T, Jung S, Jung S (2014) A demonstration of malicious insider attacks inside cloud iaas vendor. International journal of Information and Education Teachnology 4(6)

  45. Rocha F, Correia M (2011) Lucy in the sky without diamonds: Stealing confidential data in the cloud. In: 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, pp 129–134

  46. Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Futur Gener Comput Syst 28 (3):583–592

    Article  Google Scholar 

  47. Yan Q, Yu F (2015) Distributed denial of service attacks in software-defined networking with cloud computing. EEE Commun Mag 53(4):52–59

    Article  Google Scholar 

  48. Szefer J, Keller E, Lee RB, Rexford J (2011) Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, pp 401–412

  49. Liang C, Yu FR (2015) Wireless virtualization for next generation mobile cellular networks. IEEE Wirel Commun 22(1):61–69

    Article  Google Scholar 

  50. Costa-Requena J, Santos JL, Guasch VF, Ahokas K, Premsankar G, Luukkainen S, Pérez OL, Itzazelaia MU, Ahmad I, Liyanage M, et al. (2015) SDN and NFV integration in generalized mobile network architecture. In: 2015 European Conference on Networks and Communications (EuCNC). IEEE, pp 154–158

  51. Yang M, Li Y, Li B, Jin D, Chen S (2015) Service-oriented 5G network architecture: an end-to-end software defining approach. Int J Commun Syst

  52. Kloti R, Kotronis V, Smith P (2013) OpenFlow: A security analysis. In: 2013 21st IEEE International Conference on Network Protocols (ICNP). IEEE, pp 1–6

  53. Hong S, Xu L, Wang H, Gu G (2015) Poisoning network visibility in software-defined networks: New attacks and countermeasures. In: Network and Distributed System Security (NDSS) Symposium 2015. NDSS, pp 8–11

  54. Benton K, Camp LJ, Small C (2013) OpenFlow vulnerability assessment. In: Proceedings of the second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, pp 151–152

  55. Shin S, Gu G (2013) Attacking software-defined networks: A first feasibility study. In: Proceedings of the second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, pp 165–166

  56. Shin S, Song Y, Lee T, Lee S, Chung J, Porras P, Yegneswaran V, Noh J, Kang BB (2014) Rosemary: A robust, secure, and high-performance network operating system . ACM

  57. Schehlmann L, Abt S, Baier H (2014) Blessing or curse? revisiting security aspects of software-defined networking. In: 2014 10th International Conference on Network and Service Management (CNSM). IEEE, pp 382–387

  58. Marinho J, Granjal J, Monteiro E (2015) A survey on security attacks and countermeasures with primary user detection in cognitive radio networks. EURASIP Journal on Information Security 2015(1):1–14

    Article  Google Scholar 

  59. Naseef M (2014) Vulnerabilities of LTE and LTE-Advanced Communication White Paper

  60. Qi F, Sun S, Rong B, Hu RQ, Qian Y Cognitive radio based adaptive SON for LTE-a heterogeneous networks. In: 2014 IEEE Global Communications Conference (GLOBECOM), vol 2014. IEEE, pp 4412–4417

  61. Lien S-Y, Chen K-C, Liang Y-C, Lin Y (2014) Cognitive radio resource management for future cellular networks. IEEE Wirel Commun 21(1):70–79

    Article  Google Scholar 

  62. Baldini G, Sturman T, Biswas AR, Leschhorn R, Gódor G, Street M (2012) Security aspects in software defined radio and cognitive radio networks: a survey and a way ahead. IEEE Communications Surveys & Tutorials 14(2):355–379

    Article  Google Scholar 

  63. Park J-M, Reed JH, Beex A, Clancy TC, Kumar V, Bahrak B (2014) Security and enforcement in spectrum sharing. Proc IEEE 102(3):270–281

    Article  Google Scholar 

  64. Sethi A, Brown TX (2008) Hammer model threat assessment of cognitive radio denial of service attacks. In: 3rd IEEE Symposium on New Frontiers in Dynamic Spectrum Access Networks 2008, DySPAN 2008. IEEE, pp 1–12

  65. Hlavacek D, Chang JM (2014) A layered approach to cognitive radio network security: A survey. Comput Netw 75(24):414– 436

    Article  Google Scholar 

  66. Zhang L, Ding G, Wu Q, Zou Y, Han Z, Wang J (2015) Byzantine attack and defense in cognitive radio networks: A survey. IEEE Communication Surveys & Tutorials 17(3):1342– 1363

    Article  Google Scholar 

  67. Jermyn J, Salles-Loustau G, Zonouz S (2014) An analysis of dos attack strategies against the LTE RAN. Journal of Cyber Security 3(2):159–180

    Article  Google Scholar 

  68. Golde N, Redon K, Borgaonkar R (2012) Weaponizing femtocells: The effect of rogue devices on mobile telecommunications. In: NDSS

  69. Lichtman M, Reed JH, Clancy TC, Norton M (2013) Vulnerability of lte to hostile interference. In: 2013 IEEE Global Conference on Signal and Information Processing (GlobalSIP). IEEE, pp 285–288

  70. Liyanage M, Ahmad I, Ylianttila M, Santos JL, Kantola R, Perez OL, Itzazelaia MU, de Oca EM, Valtierra A, Jimenez C (2015) Security for future software defined mobile networks. In: 9th International Conference on Next Generation Mobile Applications Services and Technologies (NGMAST). IEEE, pp 1–9

  71. Zhou H, Wu C, Jiang M, Zhou B, Gao W, Pan T, Huang M (2015) Evolving defense mechanism for future network security. IEEE Commun Mag 53(4):45–51

    Article  Google Scholar 

  72. Gonzales D, Kaplan J, Saltzman E, Winkelman Z, Woods D (2015) Cloud-trust-a security assessment model for infrastructure as a service (IaaS) clouds, IEEE Transactions on Cloud Computing

  73. Hu F, Hao Q, Bao K (2014) A survey on software-defined network and OpenFlow: from concept to implementation. IEEE Communications Surveys & Tutorials 16(4):2181–2206

    Article  Google Scholar 

  74. Hu H, Ahn G-J, Han W, Zhao Z (2014) Towards a reliable SDN firewall, Presented as part of the Open Networking Summit 2014 (ONS 2014)

  75. Matias J, Garay J, Toledo N, Unzilla J, Jacob E (2015) Toward an SDN-enabled NFV architecture. IEEE Commun Mag 53(4):187–193

    Article  Google Scholar 

  76. Alzahrani AJ, Ghorbani AA (2015) A multi-agent system for smartphone intrusion detection framework. In: Proceedings of the 18th Asia Pacific Symposium on Intelligent and Evolutionary Systems, Vol 1. Springer, pp 101–113

  77. El-Gaml EF, ElAttar H, El-Badawy HM (2014) Evaluation of intrusion prevention technique in lte based network. Int J Sci Eng Res 5:1395–1400

    Google Scholar 

  78. Liebergeld S, Lange M, Borgaonkar R (2014) Cellpot: A concept for next generation cellular network honeypots. In: Workshop on Security Emergence Network Technology. NDSS

  79. Yan Z, Zhang P, Vasilakos AV (2015) A security and trust framework for virtualized networks and software-defined networking. Security and Communication Networks

  80. Franċois J, Festor O (2015) Anomaly traceback using software defined networking. In: 2015 National Conference on Parallel Computing Technologies (PARCOMPTECH). IEEE, pp 203–208

  81. Duan X, Wang X (2015) Authentication handover and privacy protection in 5G hetnets using software-defined networking. IEEE Commun Mag 53(4):28–35

    Article  Google Scholar 

  82. Yang N, Wang L, Geraci G, Elkashlan M, Yuan J, Renzo MD (2015) Safeguarding 5G wireless communication networks using physical layer security. IEEE Commun Mag 53(4):20–27

    Article  Google Scholar 

  83. Montero D, Yannuzzi M, Shaw A, Jacquin L, Pastor A, Serral-Gracia R, Lioy A, Risso F, Basile C, Sassu R et al (2015) Virtualized security at the network edge: A user-centric approach. IEEE Commun Mag 53(4):176–186

    Article  Google Scholar 

  84. Ding AY, Crowcroft J, Tarkoma S, Flinck H (2014) Software defined networking for security enhancement in wireless mobile networks. Comput Netw 66:94–101

    Article  Google Scholar 

  85. Dhawan M, Poddar R, Mahajan K, Mann V (2015) SPHINX: Detecting security attacks in software-defined networks. In: Proceedings of the 2015 Network and Distributed System Security (NDSS) Symposium

  86. Leng J, Zhou Y, Zhang J, Hu C (2015) An inference attack model for flow table capacity and usage: Exploiting the vulnerability of flow table overflow in software-defined network, arXiv:1504.03095

  87. Tri N, Hiep T, Kim K (2015) Assessing the impact of resource attack in software defined network. In: 2015 International Conference on Information Networking (ICOIN). IEEE, pp 420–425

  88. Dinh HT, Lee C, Niyato D, Wang P (2013) A survey of mobile cloud computing: architecture, applications, and approaches. Wirel Commun Mob Comput 13(18):1587–1611

    Article  Google Scholar 

  89. Mobile device security in the workplace: 6 key risks & challenges, 2015. [Online]. Available: http://focus.forsythe.com/articles/55/Mobile-Device-Security-in-the-Workplace-6-Key-Risks-and-Challenges

  90. Khan AN, Kiah MM, Madani SA, Ali M et al (2013) Enhanced dynamic credential generation scheme for protection of user identity in mobile-cloud computing. J Supercomput 66(3):1687–1706

    Article  Google Scholar 

  91. SDN and security, 2015. [Online]. Available: http://onosproject.org/2015/04/03/sdn-and-security-david-jorm/

  92. Gudipati A, Perry D, Li LE, Katti S (2013) SoftRAN: Software defined radio access network. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, pp 25–30

  93. Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM, pp 121–126

  94. Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sflow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62:122–136

    Article  Google Scholar 

  95. Yang M, Li Y, Jin D, Zeng L, Wu X, Vasilakos AV (2014) Software-defined and virtualized future mobile and wireless networks: a survey. Mobile Networks and Applications 20(1):4–18

    Article  Google Scholar 

  96. Li G, Wu D, Shen J, Li T (2015) Deciphering Privacy Leakage in Microblogging Social Networks: A Measurement Study, Security and Communication Networks

  97. Akhunzada A, Ahmed E, Gani A, Khan M, Imran M, Guizani S (2015) Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun Mag 53(4):36–44

    Article  Google Scholar 

  98. Tasch M, Khondoker R, Marx R, Bayarou K (2014) Security analysis of security applications for software defined networks. In: Proceedings of the AINTEC 2014 on Asian Internet Engineering Conference. ACM, pp 23–30

Download references

Acknowledgments

This work was supported by the Program of International S&T Cooperation of MOST (No.2013DFA11140, No. 2013CFA051), the National Natural Science Foundation of China (grant No.61210010, No.61300231, 61572220). Mao’s work is supported in part by the US NSF (Grant CNS-0953513) and by the Wireless Engineering Research and Education Center at Auburn University.

Author information

Authors and Affiliations

  1. Embedded and Pervasive Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China

    Min Chen & Yongfeng Qian

  2. Department of Electrical & Computer Engineering, Auburn University, 200 Broun Hall, Auburn, AL, 36849-5201, USA

    Shiwen Mao

  3. College of Computer Science, South-Central University for Nationalities, Wuhan, 430074, China

    Wan Tang & Ximin Yang

Authors
  1. Min Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yongfeng Qian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shiwen Mao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wan Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ximin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Min Chen or Yongfeng Qian.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, M., Qian, Y., Mao, S. et al. Software-Defined Mobile Networks Security. Mobile Netw Appl 21, 729–743 (2016). https://doi.org/10.1007/s11036-015-0665-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-015-0665-5

Keywords

Search

Navigation