-
Secret Sharing in 5G-MEC: Applicability for joint Security and Dependability
Authors:
Thilina Pathirana,
Ruxandra F. Olimid
Abstract:
Multi-access Edge Computing (MEC), an enhancement of 5G, processes data closer to its generation point, reducing latency and network load. However, the distributed and edge-based nature of 5G-MEC presents privacy and security challenges, including data exposure risks. Ensuring efficient manipulation and security of sensitive data at the edge is crucial. To address these challenges, we investigate…
▽ More
Multi-access Edge Computing (MEC), an enhancement of 5G, processes data closer to its generation point, reducing latency and network load. However, the distributed and edge-based nature of 5G-MEC presents privacy and security challenges, including data exposure risks. Ensuring efficient manipulation and security of sensitive data at the edge is crucial. To address these challenges, we investigate the usage of threshold secret sharing in 5G-MEC storage, an approach that enhances both security and dependability. A (k,n) threshold secret sharing scheme splits and stores sensitive data among n nodes, requiring at least k nodes for reconstruction. The solution ensures confidentiality by protecting data against fewer than k colluding nodes and enhances availability by tolerating up to n-k failing nodes. This approach mitigates threats such as unauthorized access and node failures, whether accidental or intentional. We further discuss a method for selecting the convenient MEHs to store the shares, considering the MEHs' trustworthiness level as a main criterion. Although we define our proposal in the context of secret-shared data storage, it can be seen as an independent, standalone selection process for 5G-MEC trustworthy node selection in other scenarios too.
△ Less
Submitted 20 June, 2025;
originally announced June 2025.
-
Commitment Schemes for Multi-Party Computation
Authors:
Ioan Ionescu,
Ruxandra F. Olimid
Abstract:
The paper presents an analysis of Commitment Schemes (CSs) used in Multi-Party Computation (MPC) protocols. While the individual properties of CSs and the guarantees offered by MPC have been widely studied in isolation, their interrelation in concrete protocols and applications remains mostly underexplored. This paper presents the relation between the two, with an emphasis on (security) properties…
▽ More
The paper presents an analysis of Commitment Schemes (CSs) used in Multi-Party Computation (MPC) protocols. While the individual properties of CSs and the guarantees offered by MPC have been widely studied in isolation, their interrelation in concrete protocols and applications remains mostly underexplored. This paper presents the relation between the two, with an emphasis on (security) properties and their impact on the upper layer MPC. In particular, we investigate how different types of CSs contribute to various MPC constructions and their relation to real-life applications of MPC. The paper can also serve as a tutorial for understanding the cryptographic interplay between CS and MPC, making it accessible to both researchers and practitioners. Our findings emphasize the importance of carefully selecting CS to meet the adversarial and functional requirements of MPC, thereby aiming for more robust and privacy-preserving cryptographic applications
△ Less
Submitted 12 June, 2025;
originally announced June 2025.
-
Towards an identity management solution on Arweave
Authors:
Andreea Elena Dragnoiu,
Ruxandra F. Olimid
Abstract:
Traditional identity management systems, often centralized, face challenges around privacy, data security, and user control, leaving users vulnerable to data breaches and misuse. This paper explores the potential of using the Arweave network to develop an identity management solution. By harnessing Arweave's permanent storage, our solution offers the users a Self-Sovereign Identity (SSI) framework…
▽ More
Traditional identity management systems, often centralized, face challenges around privacy, data security, and user control, leaving users vulnerable to data breaches and misuse. This paper explores the potential of using the Arweave network to develop an identity management solution. By harnessing Arweave's permanent storage, our solution offers the users a Self-Sovereign Identity (SSI) framework, that uses Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to allow individuals and other entities to create, own, and manage their digital identities. Further, the solution integrates privacy-preserving technologies, including zero-knowledge proofs and the BBS(+) signature scheme, enabling selective disclosure. This approach ultimately enhances user privacy and supports compliance with European Union legislation and regulatory standards like the General Data Protection Regulation (GDPR) by design.
△ Less
Submitted 20 December, 2024; v1 submitted 18 December, 2024;
originally announced December 2024.
-
Security-Aware Availability Modeling of a 5G-MEC System
Authors:
Thilina Pathirana,
Gianfranco Nencioni,
Ruxandra F. Olimid
Abstract:
Multi-access Edge Computing (MEC) is an essential technology for the fifth generation (5G) of mobile networks. MEC enables low-latency services by bringing computing resources close to the end-users. The integration of 5G and MEC technologies provides a favorable platform for a wide range of applications, including various mission-critical applications, such as smart grids, industrial internet, an…
▽ More
Multi-access Edge Computing (MEC) is an essential technology for the fifth generation (5G) of mobile networks. MEC enables low-latency services by bringing computing resources close to the end-users. The integration of 5G and MEC technologies provides a favorable platform for a wide range of applications, including various mission-critical applications, such as smart grids, industrial internet, and telemedicine, which require high dependability and security. Ensuring both security and dependability is a complex and critical task, and not achieving the necessary goals can lead to severe consequences. Joint modeling can help to assess and achieve the necessary requirements. Under these motivations, we propose an extension of a two-level availability model for a 5G-MEC system. In comparison to the existing work, our extended model (i) includes the failure of the connectivity between the 5G-MEC elements and (ii) considers attacks against the 5G-MEC elements or their interconnection. We implement and run the model in Möbius. The results show that a three-element redundancy, especially of the management and core elements, is needed and still enough to reach around 4-nines availability even when connectivity and security are considered. Moreover, the evaluation shows that slow detection of attacks, slow recovery from attacks, and bad connectivity are the most significant factors that influence the overall system availability.
△ Less
Submitted 25 June, 2024;
originally announced June 2024.
-
Improved security solutions for DDoS mitigation in 5G Multi-access Edge Computing
Authors:
Marian Gusatu,
Ruxandra F. Olimid
Abstract:
Multi-access Edge Computing (MEC) is a 5G-enabling solution that aims to bring cloud-computing capabilities closer to the end-users. This paper focuses on mitigation techniques against Distributed Denial-of-Service (DDoS) attacks in the context of 5G MEC, providing solutions that involve the virtualized environment and the management entities from the MEC architecture. The proposed solutions aim t…
▽ More
Multi-access Edge Computing (MEC) is a 5G-enabling solution that aims to bring cloud-computing capabilities closer to the end-users. This paper focuses on mitigation techniques against Distributed Denial-of-Service (DDoS) attacks in the context of 5G MEC, providing solutions that involve the virtualized environment and the management entities from the MEC architecture. The proposed solutions aim to reduce the risk of affecting legitimate traffic in the context of DDoS attacks. Our work supports the idea of using a network flow collector that sends the data to an anomaly detection system based on artificial intelligence techniques and, as an improvement over the previous work, it contributes to redirecting detected anomalies for isolation to a separate virtual machine. This virtual machine uses deep packet inspection tools to analyze the traffic and provides services until the final verdict. We decrease the risk of compromising the virtual machine that provides services to legitimate users by isolating the suspicious traffic. The management entities of the MEC architecture allow to re-instantiate or reconfigure the virtual machines. Hence, if the machine inspecting the isolated traffic crashes because of an attack, the damaged machine can be restored while the services provided to legitimate users are not affected.
△ Less
Submitted 10 November, 2021; v1 submitted 8 November, 2021;
originally announced November 2021.
-
5G Multi-access Edge Computing: a Survey on Security, Dependability, and Performance
Authors:
Gianfranco Nencioni,
Rosario G. Garroppo,
Ruxandra F. Olimid
Abstract:
The Fifth Generation (5G) of mobile networks offers new and advanced services with stricter requirements. Multi-access Edge Computing (MEC) is a key technology that enables these new services by deploying multiple devices with computing and storage capabilities at the edge of the network, close to end-users. MEC enhances network efficiency by reducing latency, enabling real-time awareness of the l…
▽ More
The Fifth Generation (5G) of mobile networks offers new and advanced services with stricter requirements. Multi-access Edge Computing (MEC) is a key technology that enables these new services by deploying multiple devices with computing and storage capabilities at the edge of the network, close to end-users. MEC enhances network efficiency by reducing latency, enabling real-time awareness of the local environment, allowing cloud offloading, and reducing traffic congestion. New mission-critical applications require high security and dependability, which are rarely addressed alongside performance. This survey paper fills this gap by presenting 5G MEC's three aspects: security, dependability, and performance. The paper provides an overview of MEC, introduces taxonomy, state-of-the-art, and challenges related to each aspect. Finally, the paper presents the challenges of jointly addressing these three aspects.
△ Less
Submitted 4 July, 2023; v1 submitted 28 July, 2021;
originally announced July 2021.
-
Identity Management on Blockchain -- Privacy and Security Aspects
Authors:
Andreea-Elena Panait,
Ruxandra F. Olimid,
Alin Stefanescu
Abstract:
In the last years, identity management solutions on blockchain were proposed as a possible solution to the digital identity management problem. However, they are still at an early stage and further research needs to be done to conclude whether identity systems could benefit from the use of blockchain or not. Motivated by this, we investigate identity management solutions on blockchain intending to…
▽ More
In the last years, identity management solutions on blockchain were proposed as a possible solution to the digital identity management problem. However, they are still at an early stage and further research needs to be done to conclude whether identity systems could benefit from the use of blockchain or not. Motivated by this, we investigate identity management solutions on blockchain intending to give the reader an overview of the current status and provide a better understanding of the pros and cons of using such solutions. We conduct an analysis on ten of the most known implementations, with a focus on privacy and security aspects. Finally, we identify existing challenges and give new directions for research.
△ Less
Submitted 27 April, 2020;
originally announced April 2020.
-
Experimental Analysis of Subscribers' Privacy Exposure by LTE Paging
Authors:
Christian Sørseth,
Xianyu Shelley Zhou,
Stig F. Mjølsnes,
Ruxandra F. Olimid
Abstract:
Over the last years, considerable attention has been given to the privacy of individuals in wireless environments. Although significantly improved over the previous generations of mobile networks, LTE still exposes vulnerabilities that attackers can exploit. This might be the case of paging messages, wake-up notifications that target specific subscribers, and that are broadcasted in clear over the…
▽ More
Over the last years, considerable attention has been given to the privacy of individuals in wireless environments. Although significantly improved over the previous generations of mobile networks, LTE still exposes vulnerabilities that attackers can exploit. This might be the case of paging messages, wake-up notifications that target specific subscribers, and that are broadcasted in clear over the radio interface. If they are not properly implemented, paging messages can expose the identity of subscribers and furthermore provide information about their location. It is therefore important that mobile network operators comply with the recommendations and implement the appropriate mechanisms to mitigate attacks. In this paper, we verify by experiment that paging messages can be captured and decoded by using minimal technical skills and publicly available tools. Moreover, we present a general experimental method to test privacy exposure by LTE paging messages, and we conduct a case study on three different LTE mobile operators.
△ Less
Submitted 30 July, 2018;
originally announced July 2018.
-
Easy 4G/LTE IMSI Catchers for Non-Programmers
Authors:
Stig F. Mjølsnes,
Ruxandra F. Olimid
Abstract:
IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities…
▽ More
IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software.
△ Less
Submitted 14 February, 2017;
originally announced February 2017.
