June 2024
Project Highlights
The RIGOUROUS project continues to evolve and is nearing major deliverable checkpoints. Learn about our latest completed implementations, and preliminary results in various areas, right below!
In this recent phase, the major deliverable D3.2 is nearing completion, presenting an initial implementation and preliminary result for each of the following tasks:
Task 1: Human-Centric Security, Privacy Modeling, and Onboarding:
A comprehensive system model was developed, aiming to provide a detailed understanding of the system and its functionalities and interactions. Security policy models were defined to process Medium-level Security Policy Language (MSPL) policies, ensuring the security of the RIGOUROUS infrastructure.
The RIGOUROUS architecture for privacy modeling and quantification in data management involves a systematic method to quantify service privacy levels using a declarative, service-specific privacy manifest. This manifest is analyzed by a privacy quantification model employing predefined metrics and algorithms, customizable according to user preferences or regulatory standards. The architecture accommodates service updates, maintaining a privacy benchmark as the service evolves and empowering users to manage their privacy.
The onboarding process, based on OpenSlice, focuses on security, privacy, and human-centric design. It contains several components, such as:
The Service Composition UI (SCUI) offers end-users privacy-focused secure network applications, and the Human Controllable Privacy UI (PUI) helps developers understand service privacy scores during design.
The Privacy Quantifier component computes the privacy score of entities.
The Enhanced Human-Centric Virtual Network Function (VNF) Catalog Management WEB UI allows users to design Network Functions Virtualization (NFV) artifacts with privacy quantification and enhanced security controls.
Tele Management Forum (TMF) APIs and 3rd party VNF/Network Service Descriptor (NSD) Management API service provide APIs for onboarding and managing descriptors.
The Application Onboarding UI (AOUI) configures the Policy Control Function (PCF) of the network core.
The Intent-Based Security Management component refines security policies, while the AI-Driven Security Orchestrator translates and enforces them.
The Threat Risk Assessor (TRA) handles risk model onboarding, and the service registry enables automatic registration and discovery of services.
The network applications allow dynamic mutation of network services using moving target defense (MTD) techniques to increase resilience and reduce the attack surface.
Task 2: AI-Driven Cross-Domain Security and Privacy Orchestration in IoT-Edge-Cloud Continuum:
UMU-developed security orchestrator, enhanced in the RIGOUROUS project to utilize AI for decision-making across various network layers (…) A policy-based approach standardizes security management in complex 5G infrastructures by defining security requirements clearly and enhancing system consistency. This comprehensive process ensures effective orchestration and enforcement of security policies across different network segments.
The IoT device bootstrapping specification outlines how IoT devices connect to a network for authentication and secure connection setup, as well as how they obtain long-term credentials securely
Trusted Application Onboarding: Applications disclose how they handle data, especially private data, allowing for the creation of different versions of the same application with varying privacy features or different applications providing the same function with different privacy characteristics.
Task 3: Zero Trust and Smart Security Management:
Trust Evaluation and Trust Enabler Service Framework (TESF) for the Beyond 5G (B5G) and 6G Systems: A standalone system is developed to perform security/trust evaluations and assign trust scores based on security evaluation results (related to deviations from expected/specified standard behaviors. These trust scores help network and management entities make timely decisions during network operations and orchestration to mitigate network risks and threats.
Task 4: End-to-End Multidomain Multi-Tenant 6G Slicing:
To secure network slices across different domains, security agents and slice controllers are essential. Security agents monitor and manage network elements, collect data from devices for security decisions, and enforce security measures from the orchestrator. Security slice controllers create and implement channel protection policies for network slices as directed by the security orchestrator.
What happened recently:
- RIGOUROUS was present with its booth at EuCNC 2024, which focused on all aspects of telecommunications ranging from 5G deployment and mobile IoT to 6G exploration and future communications systems and networks, including experimentation and testbeds, applications, and services. The four Use Cases were on display, each with an individual demo.
- RIGOUROUS co-organized the 2nd International Workshop on Intelligent Cloud Continuum for B5G Services, co-located with IEEE ICC 2024. This event addressed the challenges and opportunities in the realm of cross-domain cloud continuum scenarios and Beyond 5G applications & services and featured an Interactive Session with paper presentations.
- Antonio Matencio Escolar, Qi Wang, and Jose Maria Alcaraz Calero published the work Enhancing Honeynet-based Protection with Network Slicing for Massive Pre-6G IoT Smart Cities Deployments in the Elsevier Journal of Network and Computer Applications
- Pablo Fernández Saura, JosĂ© M. BernabĂ© Murcia, Emilio GarcĂa de la Calera Molina, Alejandro Molina Zarca, Jorge Bernal BernabĂ© and Antonio F. Skarmeta GĂłmez published the work Federated Network Intelligence Orchestration for Scalable and Automated FL-based Anomaly Detection in B5G Networks in the IEEE Future Networks World Forum (FNWF) Conference
- Somayeh Kianpisheh and Tarik Taleb published the work Collaborative Federated Learning for 6G with a Deep Reinforcement Learning based Controlling Mechanism: A DDoS Attack Detection Scenario in the IEEE Transactions on Network and Service Management Journal
- Chafika Benzaid, Fahim Muhtasim Hossain, Tarik Taleb, Pedro Merino Gomez, and Michael Dieudonne presented the work A Federated Continual Learning Framework for Sustainable Network Anomaly Detection in O-RAN at the IEEE Wireless Communications and Networking Conference (WCNC 2024)
- Ioan Constantin highlighted the project in a talk presented at DefCamp Cluj-Napoca