Annals of Telecommunications最新文献

With the centralization of the RAN control functionality, a very large number of near real-time network optimization use cases have emerged. Until now, each of them has been implemented and validated as isolated network management functions, named xApps in Open RAN terminology. To be able to progress towards realistic, commercially deployable functionality, comprehensive conflict mitigation is needed, because the complete isolation of these xApps would result in conflicting decisions and instability. In this article, we study how the majority of these use cases can be implemented harmoniously, to create an enhanced RAN control plane, underlining the functionality required from the central units of the RAN, the grouping, and the interaction of the network management decision. Analyzing the gap existing in the O-RAN architecture, we identify the functionality needed and propose a management framework. Furthermore, we present an implementation roadmap for the development of such functionality as part of the Fraunhofer FOKUS Open5GCore toolkit, as a reference for how such functionality can be prototyped, validated, and integrated with external algorithms easily, to benefit from the large body of academic research.

With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges.

Keystroke dynamics authentication is a method of authenticating a user and could be an alternative or addition to one-time codes, with minimal user inconvenience. In this study, a new data set was collected for 6 unique passwords, adding to the limited available data sets for keystroke dynamics available for researchers. Data was collected by emulating legitimate users familiar with the passwords and a wider range of attackers with limited login attempts. The data set is analyzed with the use of various methods, and the effects of password length and complexity are investigated. Two algorithms were employed, one achieving an average equal error rate varying between 10.2 and 18.1% depending on the password, and the other method achieving an average true accept rate of 98% and true reject rate of 90.4% by comparing across multiple individuals in the data set. These results provide a benchmark for further studies on this data set.

Radio Access Networks (RAN) management and orchestration are challenging due to the network’s complexity and dynamics. Management and orchestration rely on enforcing complex policies derived from mapping high-level intents, expressed as Service-Level Agreements (SLAs), into low-level actions to be deployed on the network. Such mapping is human-made and frequently leads to errors. This paper proposes the AGility in Intent-based management of service-level agreement Refinements (AGIR) system for implementing automated intent-based management in Open Radio Access Networks (Open RAN). The proposed system is modular and relies on Natural Language Processing (NLP) to allow operators to specify Service-Level Objectives (SLOs) for the RAN to fulfill without explicitly defining how to achieve these SLOs. It is possible because the AGIR system translates imprecise intents into configurable network instructions, detecting conflicts among the received intents. To develop the conflict detection module, we propose to use two deep neural network models, Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU). The deep neural network model determines whether intents and policies are conflicting. Our results reveal that the proposed system reaches more than 80% recall in detecting conflicting intents when deploying an LSTM model with 256 neurons.

Digital credentials are being issued by authorized entities to facilitate the digital identification of their users. Blockchain offers some inherent features that are highly advantageous for the management of credentials. Non-fungible tokens, or NFTs, might seem to be a perfect fit for the implementation of digital credentials. However, some crucial requirements for credentials are the non-transferability of the credential and that the authorized entity should receive explicit acceptance from the user who will own the new credential, which are features lacking in the current NFTs. This paper introduces a management system focused on issuing digital access credentials, enhancing traditional features by enabling the association of terms and conditions (T &C) during issuance and providing users with non-repudiation of reception evidence upon acceptance. Leveraging an enhanced version of the soulbound tokens (SBTs), called RejSBTs, introduced in our previous work, the new system guarantees non-repudiation of reception and origin proofs. Furthermore, we provide a detailed implementation of the system, including solidity smart contracts, accompanied by a comprehensive cost and security analysis.

Reconfigurable intelligent surface (RIS) is a promising solution to boost coverage sustainably by reflecting waves from a transmitter to a receiver and acting as a low-power and passive relay. In this paper, for the first time, we demonstrate experimentally that a reconfigurable intelligent surface designed for sub6GHz, and using varactor technology, can perform three-dimensional reflective beamforming and interference nulling. This result is achieved with a RIS prototype of 984 unit-cells, thanks to a compact control circuit individually addressing and configuring the voltage of each unit-cell, with a distinct voltage. To our knowledge, this prototype configures 17 to 70 times more distinct voltages than in the state-of-the-art. The experimental results in an indoor environment show a 10-dB gain. They also show, for the first time, that producing such a new prototype is feasible with minimal energy footprint and environmental impact, thanks to refurbishing. Indeed, a reflectarray antenna originally designed for three-dimensional beamforming has been turned into a RIS.

Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.

With the increase in hardware performance, the 5G mobile network architecture shifted from physical components to software-only micro-services. The very modular network functions can be deployed flexibly on commodity hardware. However, the extensive modularity of these network functions is increasing the number of managed entities, and the core network request latency. Also, it requires extensive procedures to be able to re-select the components for specific devices, a fundamental condition for a potential system scale-down. In this paper, we propose a new organic 6G network architecture that handles these challenges through a new functionality split based on the experience of IT software services. Furthermore, we provide an analysis based on main 5G procedures, showing that the newly proposed architecture is handling the re-selection of functionality significantly better, which is a cornerstone of high-speed scaling (especially scaling-out), as well as migration of functionality and users.