Biblio

The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory. 

Recent news have raised concern regarding the security on the IoT field. Vulnerabilities in devices are arising and honeypots are an excellent way to cope with this problem. In this work, current solutions for honeypots in the IoT context, and other solutions adaptable to it are analyzed in order to set the basis for a methodology that allows deployment of IoT honeypot.

Crowdsourcing can be a powerful weapon against cyberattacks in 5G networks. In this paper we analyse this idea in detail, starting from the use cases in crowdsourcing focused on security, and highlighting those areas of a 5G ecosystem where crowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and cybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of IoT objects coexist. The analysis is made considering the different participants in a 5G IoT ecosystem.

Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados dinámicamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aquí diseñados tomarán como base información de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, así como información de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento será empleado para configurar honeypots de manera dinámica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa. 

The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.

Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.