The document proposes two conceptual models for improving security in next generation networks (NGNs):
1) A "serum injection model" which identifies vulnerabilities and risks in NGN applications and injects security solutions in two phases: identification and planning/implementation.
2) An "elliptical model" which defines flexible security policies across NGN layers connected by information sharing links. The serum injection model can be applied at the border of the application and control layers in this elliptical model.
3) Together these models form an intelligent security system that monitors networks for intrusions and prepares an environment for security research, while also coordinating international security policies and identifying internal attacks early.
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Conceptual model for security in next generation network.pptx
1. Conceptual model for security in next
generation network
Masoud Hayeri Khyavi, Mina Rahimi
ICT Security Department
Research Institute for ICT (Iran Telecommunication Research Center)
Tehran, IRAN
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
1
2. Application
• Application is the program that is used to perform a specific task.
• Separate applications are running from the hard disk independently.
• To run the application program, they need a proper and prepared
platform auditable design which always involves hardware and an
operating system
But :
• Due to the growing threats of internet and computer networks, we
need more application security
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
2
3. Next generation networks (NGN)
• One of the most important concerns in development and integration
of the network would be the problem of incidence and new threats,
risks and the methods for preventing and dealing them. In this
context, we introduce the security model for applications in Next
Generation Networks.
• The next generation network services according to the following three
characteristics and based on Figure 1 have the beneficial capabilities
of different designs:
• Service Awareness
• Service Richness
• Service Flexibility
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
3
4. NGN and Applications
• The convergence of these services on a broadband infrastructure brings a large potential
for applications based on these services.
• Service Awareness
• Service Richness
• Service Flexibility
• Application programs can be defined in these areas:
• field data with regards of capacity and extent of the internet
• Cable area according to the available video services in cable networks
• Ethernet area considering the flexibility of Ethernet networks
• Private networks considering network security (VPN)
• Broadband area by considering the bandwidth of the optical network
• Lined telephone according to availability (anywhere and anytime) and the reliability of PSTN network
• The range of application programs is too wide that each of them based on network
infrastructure, services and software establishment, location and type of use, has special
usage and importance in its own.
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
4
5. NGN and Security
• One of the most important problems in the next generation is related
to network security.
• In NGN, Each network Due to its structure has weaknesses and
security vulnerabilities.
• one of the most important section harmed of security problems, is
application.
• Vulnerability happens due to poor software design, incorrect settings
of users because of misunderstanding, abuse of the program and
attack to the network and weaknesses of protocols.
• Threat exploit vulnerability and leads to risk.
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
5
6. Security Consideration Of Next Generation Network
• Vulnerabilities of NGN are analyzed from the aspects of
• Network architecture,
• Network elements,
• Protocols and
• Security management
• According to the recommendation of X.805, three layers and three
security plans are considered. The security layers include:
• Infrastructure security plan
• Services security plan
• Applications security plan
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
6
7. Proposed Plan
• For making the next generation network more secure with focusing
on practical applications, solution is proposed in 2 phases:
• Phase I – Identification
• Phase II - Plan and Solution
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
7
8. Proposed Plan:
Phase I-Identification
• In this phase, the project is investigated, especially from a security
perspective as well as the weaknesses, risks, and threats and potential
threats in application programs in three areas: management, control and
end users, are identified and studied. One of the most important issues at
this stage which is essential is having an information security management
system for network communication and service provider.
• The importance and benefit of this result returns to dynamic capability of
information security management system, and after completion of each
step from the output the new experience and new prevention or
reactivation would be considered. In this system, weaknesses, threats and
risks of each scheme can be identified and from the results of them and
their study, it is possible to identify the threats and the risks in the
network.
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
8
9. Proposed Plan:
Phase II-Plan and Solution
This phase would be done during two steps:
Step 1 - Design and Planning
In this phase, using documents, outputs and outcomes in the previous phase, for security application programs based on
network comprehensive policy, the following policies must be provided:
• security policy for management and administrational and executive application
• security policy for control application
• security policy for end user application program
• security policy for confronting digital crimes and forensics
Step 2 - Presenting a solution and making implementation
In this stage with regards of selected policy and with usage of related standards, recommendations, logistical and needed
tools, best solution would be presented and with two timely plan, implementation would be established. These two
programs would be presented in short term and long-term plans.
• In short- term plan provided security solution as a package of proposals (serum system) is injected to the next generation
network application layer and with testing and feedback, the proposed plan for long term implementation - will be
implemented.
• Outputs of short-term program and feedback results make the long-term plan, configured. In the specified time
appropriate framework and policy in this area should be prepared and examined and goal of this program include inserting
new technology, its security considerations, the optimal risk management and eliminating security gaps which exist.
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
9
10. Serum injected model
With use of Proposed plane, similar to the
injection to a patient, we can define a new model
so it can be called a serum injected model.
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
10
11. NGN Security
• The security architecture in the NGN must protect interconnection and
interoperability strategies between NGN and existing networks,
• the communication must be secure even with little trust networks like the
internet.
• NGN inherits the security problems of traditional networks, the mechanisms used
to protect these networks, especially in mobile networks and the Internet, can be
used in the NGN to provide security independently from technology access and
the terminal user, suitably extended and optimized.
• NGN then inherits the security problems in networks based on IP protocol as the
Internet, and must also deal with new attacks, threats and intrusions caused by
the interconnection between different networks and domains
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
11
12. Elliptically model
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
• Elliptically model just discuss the whole view of security policies in
NGN and we named it elliptical because is highly flexible and
security policies can be changed due to new conditions,
furthermore the process of updating is completely simple.
• In border watcher which is the connection point between internal
network and external one not only alarmed about actual risks but
also announced about any threats and suspicious incidents which
distributed by security team around the globe. This job is
responsibility of SOC and CERT/CSIRT.
• In each layer there is a security plan which based on the layer
located there has special duties. Security plans are connected
together via links which share information.
12
13. Using serum injection model in elliptically model
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
• Injection model can be asserted in the border of application layer
and control layer in elliptically model.
• In border watcher which is the connection point between internal
network and external one not only alarmed about actual risks but
also announced about any threats and suspicious incidents which
distributed by security team around the globe. This job is
responsibility of SOC and CERT/CSIRT.
• When an incident occurs, that has been showed in figure, the
incident reporter due to method which defined for that, alarms to
network. In this risk warning and in the path opposite of clock
direction which is clear in the figure, warning with certain protocol
is being distribute through other layers. Each layer based on its
security plan does its duties.
• In covering problems term(downside arrow), application layer
which has been updated in security plan and every necessities
injected on that, the results of such as reaction will share with
other layers, so every new policy will dictate to all elliptical, in this
part it seems that elliptical is going to be stretched.
13
14. Conclusion
• This component of two suggested models can produce an intelligence
system which include software, hardware, security and their
interconnection with human. This model put the security system of
network in the stand-by position and cause to be ready against network
intruders and cyber incidents. All malwares are monitored from the first
step of entrance to NGN and prepare a specific and technical environment
for security research.
• With this new model a worthwhile interconnection is put on with external
networks which correlates the international policies against incidents and
malwares and clears new approaches. Furthermore distinguishing the
internal attacks as soon as possible brings this opportunity to solve the
fault in internal network before distribution in other networks. This Model
will be used for cloud computing.
•
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
14
15. Thank you for your attention
&
Any question?
m.hayery@itrc.ac.ir rahimi7@itrc.ac.ir
The 30th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2016)
15