5G
The area of 5G research covers multiple aspects related primarily with the integration and convergence of mobile and fixed networking infrastructures. The evolution toward 5G and 6G is considered in the light of the Smart Networks and Services, embracing the domains of User Applications, Cloud and Edge Computing, Network Softwarization and sharing of infrastructural resources.
Along the lines of the H2020 5G PPP MATILDA project, and building on the success of the previous H2020 INPUT project as regards user objects’ virtualization and mobility management in the Edge, the levels of Vertical Applications Orchestration (VAO) and Telecom Platform organization – including Operations Support System (OSS), Network Function Virtualization Orchestrator (NFVO), Virtual and Wide-area Infrastructure Managers (VIMs and WIMs) and Wide-area SDN Control (WSC) – are considered in all aspects regarding the creation of network-aware Vertical Application Graphs as chains of microservices, the instantiation and deployment of application-aware network slices, and the real-time management and control of all involved components. A major goal is to bridge the gap between the cloud computing and networking world, by making cloud-native applications fully 5G- and, in perspective, 6G-ready.
In a broader context of wireless networking, Internet of Things (IoT) integration is also considered and, regarding remote access to areas with scarce coverage, the role of satellite communications as a fully-fledged 5G component is investigated.
Another fundamental aspect of this research activity regards the development of models and algorithms for network resource allocation, control and optimization, by using queueing models, parametric optimization and advanced control techniques including game and team theory. All these tools are employed not only for performance optimization, but also with constant attention to the tradeoff between performance and energy efficiency, where green networking approaches that were developed, among others, in the context of the previous ECONET project play a major role.
Finally, the extensive playground offered by the 4G/5G, Cloud and Edge Computing testbed developed in the S2N Lab allows testing the developed solutions in the field.
- H2020 MATILDA (Coordinator), “A Holistic, Innovative Framework for Design, Development and Orchestration of 5G-ready Applications and Network Services over Sliced Programmable Infrastructure.” Call: H2020-ICT-2016-2, Project duration: 35 months (june 2017 – april 2020), Innovation Action (IA), 17 partners from 8 countries.
- H2020 SPIDER (Participant), “a cyberSecurity Platform for vIrtualiseD 5G cybEr Range services”. Call: H2020-SU-DS-2018. Project duration: 36 months (june 2019 – may 2022), Research and Innovation Action (RIA), 19 partners from 10 countries.
- H2020 FIRE TRIANGLE IA 2nd Open Call: “Extending the TRIANGLE testbed towards Mobile Edge Computing.” Period 2017-2018.
- H2020 INPUT (Coordinator), “In-Network Programmability for next-generation personal cloUd service support (INPUT)”.
Project duration: 36 months (January 2015 – January 2018), Research and Innovation Action (RIA), 9 partners from 5 countries.
- R. Bolla, R. Bruschi F. Davoli, J. F. Pajo, “A model-based approach towards real-time analytics in NFV infrastructures,” IEEE Trans. on Green Communications and Networking, to appear.
- R. Bruschi, R. Bolla, F. Davoli, A. Zafeiropoulos, P. Gouvas, “Mobile Edge Vertical Computing over 5G Network Sliced Infrastructures: An Insight into Integration Approaches,” IEEE Communications Magazine, vol. 57, no. 7, July 2019, DOI: 10.1109/MCOM.2019.1800425.
- R. Bruschi, F. Davoli, P. Lago, J. F. Pajo, “A Multi-Clustering Approach to Scale Distributed Tenant Networks for Mobile Edge Computing,” IEEE Journal on Selected Areas in Communications, vol. 37, no 3, pp. 499-514, article no. 8624501, Jan. 2019, DOI: 10.1109/JSAC.2019.2894236.
- L. Boero, R. Bruschi, F. Davoli, M. Marchese, F. Patrone, “Satellite Networking Integration in the 5G Ecosystem: Research Trends and Open Challenges,” IEEE Network Magazine, vol. 32, no. 5, article no. 8473415, pp. 9-15, Sept. 2018, DOI: 10.1109/MNET.2018.1800052.
- L. Atzori, J.L. Bellido, R. Bolla, G. Genovese, A. Iera, A. Jara, C. Lombardo, G. Morabito, “SDN&NFV contribution to IoT objects virtualization”, Computer Networks, vol. 149, Feb. 2019, pp. 200-212.
Cybersecurity
In view of the separation of concerns among the orchestration of vertical applications, networking and security functionalities, the latter are considered in the light of the evolution of the whole ICT ecosystem fostered by the advent of network softwarization, programmability and flexibility. As a matter of fact, the rise of virtualization technologies and edge computing is progressively widening the geographical area where valuable assets (servers, applications, virtual services, smart “things”) are deployed. As a result, more and more business processes are built on distributed, multi-domain, and heterogeneous environments, stretching well beyond the traditionally safer enterprise’s networks and equipment therein.
Unfortunately, cyber-security paradigms for network threats have not advanced at the same pace. New architectures and usage models, which leverage virtualization and the Internet of Things (IoT) paradigms, are now revealing the substantial inadequacy of legacy security appliances to effectively protect distributed and heterogeneous cyber-physical systems (including IoT, cloud, edge, and fog installations) against cyber-threats.
The prevalent paradigm in enterprise security is still the “security perimeter” model, which assumes safe isolation of ICT assets by physical or virtual network segmentation, hence concentrating protection at the perimeter only. Running virtual machines in public cloud/edge installations, as well as integration with third party’s devices and smart things, blur the boundary between public zones and private domains, hence making hard to apply the security perimeter model in a trustworthy and effective way. Since valuable ICT assets cannot be easily enclosed within a trusted physical sandbox any more, there is an increasing need for a new generation of pervasive and capillary cyber-security paradigms over distributed, multi-domain, and geographically-scattered systems.
We argue that, in relation to network threats, most of the rigidity of current security paradigms comes from two main factors: i) the need for physical isolation of enterprise’s assets from the outside world, and ii) the presence of multiple standalone appliances placed at exchange points, each dealing with specific security aspects (e.g., firewalling, intrusion detection/prevention, virtual private networking, antivirus, deep packet inspection). Current challenges and emerging trends are all suggesting that such paradigms should evolve from discrete appliances into pervasive and capillary systems, which decouple distributed con- text monitoring from (logically) centralized detection logic, somehow aligning to the same evolutionary path already undertaken by software-defined networking.
Along the lines of the H2020 ASTRID and GUARD projects, we believe that such evolution would be properly addressed by a multi-tier architecture that decouples a pervasive and shared context fabric, where the environment is monitored and security actions may be enforced in a capillary way, from centralized business logic, where detection and mitigation algorithms are implemented and leverage big data and other advanced techniques. In addition, a presentation layer facilitates the interaction with users and other security systems. In concrete terms, ASTRID pulls security functions out of service graphs, leaving just a thin data plane. Security metadata are added to the service graph and each software component, to drive the orchestration process. Finally, a control plane is created that programs the data plane and feeds the detection algorithms. Along a similar philosophy, the basic principle behind GUARD is a service-centric framework, with security capabilities embedded into each software element, and orchestrated by a common security manager that (logically) centralizes the detection processes.
These activities are complemented by those of the SPIDER project, which aims at implementing a 5G domain-specific cyber range as a service resting on three pillars:
- cybersecurity testing and assessment;
- cybersecurity teams training to defend against rudimentary and complex cyber-attacks including Advanced Persistent Threats (APTs);
- cybersecurity investment decision support.
- H2020 SPIDER (Participant), “a cyberSecurity Platform for vIrtualiseD 5G cybEr Range services”. Call: H2020-SU-DS-2018. Project duration: 36 months (june 2019 – may 2022), Research and Innovation Action (RIA), 19 partners from 10 countries.
- H2020 GUARD (Technical Coordinator), “A cyber-security framework to GUArantee Reliability and trust for Digital service chains”, Call H2020-SU-ICT-2018, Project duration 36 months (May 2019 – April 2022), Innovation Action (IA), 14 partners from 8 countries.
- H2020 ASTRID (Technical Coordinator), “AddreSsing ThReats for virtualIseD services”, Call H2020-DS-07-2017, Project duration 36 months (May 2018 – April 2021), Research and Innovation Action (RIA), 9 partners from 4 countries.
- Alessandro Carrega and Matteo Repetto, “Data Log Management for Cyber-Security Programmability of Cloud Services and Applications,” in Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race 2019 (CYSARM’19), Association for Computing Machinery, New York, NY, USA, pp. 47–52, doi 10.1145/3338511.3357351.
- Matteo Repetto, Alessandro Carrega and Guerino Lamanna, “An architecture to manage security services for cloud applications,” 2019 4th International Conference on Computing, Communications and Security (ICCCS), Rome, Italy, 2019, pp. 1-8, doi 10.1109/CCCS.2019.8888061.
- Raffaele Bolla, Alessandro Carrega and Matteo Repetto, “An abstraction layer for cybersecurity context,” 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 2019, pp. 214-218, doi 10.1109/ICCNC.2019.8685665.
- Alessandro Carrega, Matteo Repetto, Fulvio Risso, Stafan Covaci, Anastasios Zafeiropoulos, Thanassis Giannetsos and Orazio Toscano, “Situational Awareness in Virtual Networks: The ASTRID Approach,” 2018 IEEE 7th International Conference on Cloud Networking (CloudNet), Tokyo, 2018, pp. 1-6, doi 10.1109/CloudNet.2018.8549540.
EDGE COMPUTING
A key 5G objective resides in the enablement of a new class of vApps with heterogeneous and extremely challenging requirements. To this end, the 5G community is embracing well-known technologies, like NFV and Mobile Edge Computing (MEC). Both these frameworks are based on the unrestrainable “softwarization” process, which is going to transform network operators’ infrastructures into distributed datacenters with advanced virtualization and software-driven capabilities.
MEC and NFV frameworks will have clear and well-separated objectives. As stated by the ETSI MEC working group (see “Mobile Edge Computing (MEC); Framework and Reference Architecture,” ETSI GS MEC 003, v. 1.1.1, March 2016), “MEC uses a virtualisation platform for running applications at the mobile network edge. NFV provides a virtualisation platform to network functions.” As the infrastructure requirements of both approaches are quite similar, the use of a converged virtualization infrastructure would be beneficial.
These frameworks will be key enablers for flexible customization of mobile network slices to the needs of vApps and their provision with full network-awareness and zero-perceived latency. Radically new applications can be made viable through the joint adoption of these technologies. As a logical end-to-end network providing specific 5G network services, a network slice should offer them as-a-Service on the part of a Telecom Service Provider (TSP) to Over-The-Top (OTT) players, such as Vertical Industries. The TSP should support multiple network slices from different OTT players at the same time, and dynamically realize each of them through the composition of shared/isolated 5G functions’ instances.
Notwithstanding the high complementarity between NFV and MEC, their integration and interplay in the 5G ecosystem is still largely unexplored. Our research activity here aims at:
- Identifying the possible approaches, highlighting their main advantages and drawbacks, as well as introducing relevant integration issues;
- Providing appropriate control strategies and algorithms to support the allocation of computational and networking resources to users on the move within the TSP access network;
- Coordinating the interaction of vApp components with their local and remote execution environments to ensure satisfaction of stringent delay requirements and other involved Key Performance Indicators (KPIs).
- H2020 FIRE TRIANGLE IA 2nd Open Call: “Extending the TRIANGLE testbed towards Mobile Edge Computing.” Period 2017-2018.
- H2020 INPUT (Coordinator), “In-Network Programmability for next-generation personal cloUd service support (INPUT)”.
Project duration: 36 months (January 2015 – January 2018), Research and Innovation Action (RIA), 9 partners from 5 countries.
- R. Bruschi, R. Bolla, F. Davoli, A. Zafeiropoulos, P. Gouvas, “Mobile Edge Vertical Computing over 5G Network Sliced Infrastructures: An Insight into Integration Approaches,” IEEE Communications Magazine, vol. 57, no. 7, July 2019, DOI: 10.1109/MCOM.2019.1800425.
- R. Bruschi, F. Davoli, P. Lago, J. F. Pajo, “A Multi-Clustering Approach to Scale Distributed Tenant Networks for Mobile Edge Computing,” IEEE Journal on Selected Areas in Communications, vol. 37, no 3, pp. 499-514, article no. 8624501, Jan. 2019, DOI: 10.1109/JSAC.2019.2894236.
- R. Bruschi, F. Davoli, P. Lago, A. Lombardo, C. Lombardo, C. Rametta, G. Schembra, “An SDN/NFV platform for personal cloud services,” IEEE Trans. on Network and Service Management, vol. 14, no. 4, Dec. 2017, pp. 1143-1156.
Internet of Things (IoT)
The research activity concerning the Internet of Things are mainly related to the development, standardization and application of signal and information processing methods and technologies targeting unique challenges from emerging Internet of Things and Industry 4.0 scenarios that require analysing, summarizing, and protecting of real-time signals and information exchanged or shared by massive data generating devices such as sensors, machines, robots, cars, drones, wearables and other kind of objects and their corresponding data processing nodes. Examples of unique signal processing challenges in the Internet of Things faced in the developed research activities include: robust information sensing from complex and adverse environments using massive connected sensors and distributed signal processing, low-power situation-aware data transmission and processing, privacy preserved processing of information shared by connected things.
In more details, the activities are driven by the concept of context awareness and the main topics of interest concern the framework of the intelligent sensing in the Internet of Things and are multiple: research works include audio sensing, wireless awareness including indoor and outdoor localization, object detection and tracking (including drones) for safety and security purposes, and mobile health applications.
From the methodological viewpoint, all research activities aim at employing both traditional and advanced signal processing techniques (e.g., from filtering, feature extraction, feature selection to machine and deep learning) in order to perform intelligent sensing: starting from raw signals acquired by environmental sensors, gaining increasing contextual awareness and ambitiously aspiring to wisdom.
- FRACTAL, “A Cognitive Fractal and Secure EDGE based on an unique Open-Safe-Reliable-Low Power Hardware Platform Node”, European Project related to the Call H2020-ECSEL-2019-2-RI funded by European Commission and “Ministero dell’Istruzione, Università e Ricerca” (MIUR), years 2020-2022.
- MIE, “Mobilità Intelligente Ecosostenibile” funded by “Ministero dell’Istruzione dell’Università e della Ricerca” (MIUR) and developed within the framework of the “Distretto Tecnologico Ligure per i Sistemi Intelligenti Integrati” (SIIT), years 2014-2016.
- IANUS, “Integrated AssistaNce on Unguarded Systems”, funded by Regione Liguria in the framework of the Development and Cohesion Fund 2007-2013 (FSC), years 2013-2015 Call PAR FAS 2007/2013 granted with DGR 899 20/07/2012).
- “Ansaldo Energia – Light House Plant”, funded by Ansaldo Energia S.p.A. and “Ministero dello Sviluppo Economico” (MiSE).
- “SmartSpeakers: Dynamic Audio Processing through Multiple Receivers for Smart Ambients” research contract with Telecom Italia S.p.A..
- Bisio, I., Garibotto, C., Lavagetto, F., Sciarrone, A., “Outdoor Places of Interest Recognition Using WiFi Fingerprints”, (2019) IEEE Transactions on Vehicular Technology, 68 (5), pp. 5076-5086. DOI: 10.1109/TVT.2019.2905363
- Bisio, I., Garibotto, C., Lavagetto, F., Sciarrone, A., Zappatore, S., “Blind detection: Advanced techniques for WiFi-based drone surveillance”, (2019) IEEE Transactions on Vehicular Technology, 68 (1), pp. 938-946. DOI: 10.1109/TVT.2018.2884767
- Bisio, I., Delfino, A., Lavagetto, F., Sciarrone, A., “Enabling IoT for In-Home Rehabilitation: Accelerometer Signals Classification Methods for Activity and Movement Recognition”, (2017) IEEE Internet of Things Journal, 4 (1), pp. 135-146. DOI: 10.1109/JIOT.2016.2628938;
- Bisio, I., Garibotto, C., Grattarola, A., Lavagetto, F., Sciarrone, A., “Exploiting context-aware capabilities over the internet of things for industry 4.0 applications”, (2018) IEEE Network, 32 (3), pp. 108-114. DOI: 10.1109/MNET.2018.1700355
- De Sanctis, M., Cianca, E., Araniti, G., Bisio, I., Prasad, R., “Satellite communications supporting internet of remote things”, (2016) IEEE Internet of Things Journal, 3 (1), pp. 113-123. DOI: 10.1109/JIOT.2015.2487046.