5G

The area of 5G research covers multiple aspects related primarily with the integration and convergence of mobile and fixed networking infrastructures. The evolution toward 5G and 6G is considered in the light of the Smart Networks and Services, embracing the domains of User Applications, Cloud and Edge Computing, Network Softwarization and sharing of infrastructural resources.

Along the lines of the H2020 5G PPP MATILDA project, and building on the success of the previous H2020 INPUT project as regards user objects’ virtualization and mobility management in the Edge, the levels of Vertical Applications Orchestration (VAO) and Telecom Platform organization – including Operations Support System (OSS), Network Function Virtualization Orchestrator (NFVO), Virtual and Wide-area Infrastructure Managers (VIMs and WIMs) and Wide-area SDN Control (WSC) – are considered in all aspects regarding the creation of network-aware Vertical Application Graphs as chains of microservices, the instantiation and deployment of application-aware network slices, and the real-time management and control of all involved components. A major goal is to bridge the gap between the cloud computing and networking world, by making cloud-native applications fully 5G- and, in perspective, 6G-ready.

In a broader context of wireless networking, Internet of Things (IoT) integration is also considered and, regarding remote access to areas with scarce coverage, the role of satellite communications as a fully-fledged 5G component is investigated.

Another fundamental aspect of this research activity regards the development of models and algorithms for network resource allocation, control and optimization, by using queueing models, parametric optimization and advanced control techniques including game and team theory. All these tools are employed not only for performance optimization, but also with constant attention to the tradeoff between performance and energy efficiency, where green networking approaches that were developed, among others, in the context of the previous ECONET project play a major role.

Finally, the extensive playground offered by the 4G/5G, Cloud and Edge Computing testbed developed in the S2N Lab allows testing the developed solutions in the field.

Cybersecurity

In view of the separation of concerns among the orchestration of vertical applications, networking and security functionalities, the latter are considered in the light of the evolution of the whole ICT ecosystem fostered by the advent of network softwarization, programmability and flexibility. As a matter of fact, the rise of virtualization technologies and edge computing is progressively widening the geographical area where valuable assets (servers, applications, virtual services, smart “things”) are deployed. As a result, more and more business processes are built on distributed, multi-domain, and heterogeneous environments, stretching well beyond the traditionally safer enterprise’s networks and equipment therein.

Unfortunately, cyber-security paradigms for network threats have not advanced at the same pace. New architectures and usage models, which leverage virtualization and the Internet of Things (IoT) paradigms, are now revealing the substantial inadequacy of legacy security appliances to effectively protect distributed and heterogeneous cyber-physical systems (including IoT, cloud, edge, and fog installations) against cyber-threats.

The prevalent paradigm in enterprise security is still the “security perimeter” model, which assumes safe isolation of ICT assets by physical or virtual network segmentation, hence concentrating protection at the perimeter only. Running virtual machines in public cloud/edge installations, as well as integration with third party’s devices and smart things, blur the boundary between public zones and private domains, hence making hard to apply the security perimeter model in a trustworthy and effective way. Since valuable ICT assets cannot be easily enclosed within a trusted physical sandbox any more, there is an increasing need for a new generation of pervasive and capillary cyber-security paradigms over distributed, multi-domain, and geographically-scattered systems.

We argue that, in relation to network threats, most of the rigidity of current security paradigms comes from two main factors: i) the need for physical isolation of enterprise’s assets from the outside world, and ii) the presence of multiple standalone appliances placed at exchange points, each dealing with specific security aspects (e.g., firewalling, intrusion detection/prevention, virtual private networking, antivirus, deep packet inspection). Current challenges and emerging trends are all suggesting that such paradigms should evolve from discrete appliances into pervasive and capillary systems, which decouple distributed con- text monitoring from (logically) centralized detection logic, somehow aligning to the same evolutionary path already undertaken by software-defined networking.

Along the lines of the H2020 ASTRID and GUARD projects, we believe that such evolution would be properly addressed by a multi-tier architecture that decouples a pervasive and shared context fabric, where the environment is monitored and security actions may be enforced in a capillary way, from centralized business logic, where detection and mitigation algorithms are implemented and leverage big data and other advanced techniques. In addition, a presentation layer facilitates the interaction with users and other security systems. In concrete terms, ASTRID pulls security functions out of service graphs, leaving just a thin data plane.  Security metadata are added to the service graph and each software component, to drive the orchestration process. Finally, a control plane is created that programs the data plane and feeds the detection algorithms. Along a similar philosophy, the basic principle behind GUARD is a service-centric framework, with security capabilities embedded into each software element, and orchestrated by a common security manager that (logically) centralizes the detection processes.

These activities are complemented by those of the SPIDER project, which aims at implementing a 5G domain-specific cyber range as a service resting on three pillars: 

  1. cybersecurity testing and assessment;
  2. cybersecurity teams training to defend against rudimentary and complex cyber-attacks including Advanced Persistent Threats (APTs);
  3. cybersecurity investment decision support.

EDGE COMPUTING

A key 5G objective resides in the enablement of a new class of vApps with heterogeneous and extremely challenging requirements. To this end, the 5G community is embracing well-known technologies, like NFV and Mobile Edge Computing (MEC). Both these frameworks are based on the unrestrainable “softwarization” process, which is going to transform network operators’ infrastructures into distributed datacenters with advanced virtualization and software-driven capabilities.

MEC and NFV frameworks will have clear and well-separated objectives. As stated by the ETSI MEC working group (see “Mobile Edge Computing (MEC); Framework and Reference Architecture,” ETSI GS MEC 003, v. 1.1.1, March 2016), “MEC uses a virtualisation platform for running applications at the mobile network edge. NFV provides a virtualisation platform to network functions.” As the infrastructure requirements of both approaches are quite similar, the use of a converged virtualization infrastructure would be beneficial.

These frameworks will be key enablers for flexible customization of mobile network slices to the needs of vApps and their provision with full network-awareness and zero-perceived latency. Radically new applications can be made viable through the joint adoption of these technologies. As a logical end-to-end network providing specific 5G network services, a network slice should offer them as-a-Service on the part of a Telecom Service Provider (TSP) to Over-The-Top (OTT) players, such as Vertical Industries. The TSP should support multiple network slices from different OTT players at the same time, and dynamically realize each of them through the composition of shared/isolated 5G functions’ instances.

Notwithstanding the high complementarity between NFV and MEC, their integration and interplay in the 5G ecosystem is still largely unexplored. Our research activity here aims at:

  • Identifying the possible approaches, highlighting their main advantages and drawbacks, as well as introducing relevant integration issues;
  • Providing appropriate control strategies and algorithms to support the allocation of computational and networking resources to users on the move within the TSP access network;
  • Coordinating the interaction of vApp components with their local and remote execution environments to ensure satisfaction of stringent delay requirements and other involved Key Performance Indicators (KPIs).

Internet of Things (IoT)

The research activity concerning the Internet of Things are mainly related to the development, standardization and application of signal and information processing methods and technologies targeting unique challenges from emerging Internet of Things and Industry 4.0 scenarios that require analysing, summarizing, and protecting of real-time signals and information exchanged or shared by massive data generating devices such as sensors, machines, robots, cars, drones, wearables and other kind of objects and their corresponding data processing nodes. Examples of unique signal processing challenges in the Internet of Things faced in the developed research activities include: robust information sensing from complex and adverse environments using massive connected sensors and distributed signal processing, low-power situation-aware data transmission and processing, privacy preserved processing of information shared by connected things.

In more details, the activities are driven by the concept of context awareness and the main topics of interest concern the framework of the intelligent sensing in the Internet of Things and are multiple: research works include audio sensing, wireless awareness including indoor and outdoor localization, object detection and tracking (including drones) for safety and security purposes, and mobile health applications.
From the methodological viewpoint, all research activities aim at employing both traditional and advanced signal processing techniques (e.g., from filtering, feature extraction, feature selection to machine and deep learning) in order to perform intelligent sensing: starting from raw signals acquired by environmental sensors, gaining increasing contextual awareness and ambitiously aspiring to wisdom.