Working Student for Implementing and Maintaining a 5G Roaming Testbed
5G, Roaming, Core Network, Network Functions
Beschreibung
5G is the newest generation of mobile networks allowing for higher data-rates, lower latency and many new features like network slicing. Its central element is the 5G Core, which is a network of specialised Network Functions (NFs). Roaming allows subscribers to connect to the internet via other network operator’s networks if they have a roaming agreement. We are looking for a student to help implement and maintain a 5G Roaming testbed. At first, that is planned as an open source testbed leveraging Open5GS. Later, the plan is to connect this open source testbed to the LKN campus network.
This working student position may run parallel to Master Theses with more focused implementation and evaluation works. The working student is welcome to follow up on this work with his/ her own research internship or Master’s thesis.
Objectives
The primary objective of this work is to help implement and maintain a 5G Roaming testbed. This testbed shall then be used for investigation of security mechansims and performance measurements. Those are not the main job of the student, but the student is supposed to help.
1. Work into 5G Roaming
2. Implement missing Roaming functionalities into Open5GS
3. Maintain Roaming Testbed
4. Connect open source 5G Roaming testbed with Campus Network (once possible)
5. Aid in security investigations
6. Aid in performance measurements
7. Potentially add other NFs later
Voraussetzungen
• Motivation and team spirit
• Basic understanding of 5G networks advantageous; especially of the 5G core network
– interest and motivation to learn the system are sufficient
• Programming knowledge in C useful (for Open5GS)
• Interest in Roaming functionalities
• Interest in security
Kontakt
Oliver Zeidler (oliver.zeidler@tum.de)
Julian Sturm (Julian.Sturm@ZITiS.Bund.de)
Betreuer:
Implementing and Evaluating 5G Roaming Scenarios in an Open Source Testbed
5G, Roaming, Core Network, Network Functions
Beschreibung
5G is the newest generation of mobile networks allowing for higher data-rates, lower latency and many new features like network slicing. Its central element is the 5G Core, which is a network of specialised Network Functions (NFs). One of these NFs is responsible for Roaming connections. Roaming allows subscribers to connect to the internet via other network operators’ networks if they have a roaming agreement. Between two Public Land Mobile Networks (PLMNs) there are two standardised Roaming modes: Local Break Out and Home Routed Roaming. For Local Break Out Roaming only the control plane of the home network is accessed from the visited network, while the user data is directly transmitted to the Data Network (DN). For Home Routed Roaming the user data is routed through the home network to the DN. The goal of this thesis is to implement both Roaming versions in an open source core network and compare them regarding chosen KPIs, e.g. latency or throughput. Open5GS would be the primary choice for the open source core network, as it supports Local Break Out Roaming already. Home Routed Roaming is not yet supported.
A major part of 5G Roaming is the Security Edge Protection Proxy (SEPP), a 5G NF designed to establish and maintain a secure control plane connection between two PLMNs. Implementing it, or extending the existing implementation of Open5GS, will be an important part of this work. The SEPP is connected to other NFs in the same PLMN via Service Based Interfaces (SBIs) and to other PLMN’s SEPPs via the N32 interface.
The biggest difference between the two Roaming versions lies in the data plane routing, so implementing the connection between two User Plane Functions (UPFs), the N9 interface, is necessary to connect two PLMNs. The newly introduced Inter PLMN User Plane Security (IPUPS) used for additional security on this connection is initially considered out-of-scope for this work, but may be added later on.
Objectives
1. Check Roaming functionalities of Open5GS
2. Implement missing Roaming functionalities into Open5GS
3. Run tests to investigate the differences between Home Routed and Local Break Out Roaming considering chosen KPIs
Voraussetzungen
• Basic understanding of 5G networks advantageous; especially of the 5G core network
- interest and motivation to learn the system are sufficient
• Programming knowledge in C useful (for Open5GS)
• Interest in Roaming functionalities
• Interest in security would be nice, but is not needed (not the main focus of the work
Kontakt
Oliver Zeidler (oliver.zeidler@tum.de)
Julian Sturm (Julian.Sturm@ZITiS.Bund.de)
Betreuer:
Experimental Evaluation of xApp-related Vulnerabilities in the O-RAN's RAN Intelligent Controller Implementation
O-RAN, Security, RAN Intelligent Controller
Beschreibung
In previous mobile network generations, Radio Access Networks (RAN) have been treated as a proprietary, closed network segment that is specific to every operator. To accelerate development and innovation, new initiatives such as the O-RAN ALLIANCE were born, aiming to split the RAN into different components and standardize the open interfaces that connect them.
Fundamentally, O-RAN leverages the concept of Software Defined RAN (SD-RAN) by decoupling the RAN data plane from the control plane and introducing several new RAN-controlling components. One of the central components is the near real-time RAN Intelligent Controller (nearRT-RIC), which manages the RAN (network slices, handovers, etc). The nearRT-RIC is designed to allow both the use of traditional, rule-based policies and Machine Learning or data-driven ones to optimize the RAN operation. The logic of these policies is encapsulated in applications called xApps that run on the nearRT-RIC platform and can read and modify different parameters of the RAN.
While providing opportunities for efficient resource management, the nearRT-RIC is also a prospective target for attackers, because of its control power over the RAN. Specifically, an attack vector is a malicious xApp that can interfere with other legitimate xApps running on the nearRT-RIC.
NearRT-RIC implementations are still in their infancy and suffer from bugs and security vulnerabilities. These vulnerabilities are also prevalent in open-source implementations such as O-RAN Software Community's (OSC) RIC [1], where malicious xApps may disrupt the nearRT-RIC operation. The H Release of the OSC nearRT-RIC suffers from two major vulnerabilities that can compromise the operation of the RIC and crash it [2]. Additionally, a crafted packet sent by an xApp can crash memcpy and implicitly the whole OSC nearRT-RIC [3]. Such vulnerabilities significantly hinder the wide-scale adoption and deployment of O-RAN.
Objectives
The goal of this student thesis is to reproduce the attacks discussed in [2] and [3] for the newer OSC nearRT-RIC I Release. Additionally, after reproducing the existing attacks and understanding the OSC RIC Platform, the student is expected to explore new attack attempts with the same goal of disrupting OSC nearRT-RIC. Special focus will be put on the critical components of the system, such as the Subscription Manager and Subscription Procedures, Routing Message Router, other xApps, and O1/A1/E2 Terminations.
---
[1] “O-RAN SC Projects,” https://docs.o-ran-sc.org/en/latest/projects.html#near-realtime-ran-intelligent-controller-ric, accessed: 2024-04-19.
[2] Hung, C.F., Chen, Y.R., Tseng, C.H., & Cheng, S.M. (2024). Security Threats to xApps Access Control and E2 Interface in O-RAN. IEEE Open Journal of the Communications Society, 5, 1197-1203.
[3] "Opening Critical Infrastructure: The Current State of Open RAN Security,” https://www.trendmicro.com/en us/research/23/l/the-current-state-of-open-ran-security.html, accessed: 2024-04-19.
Voraussetzungen
- Experience with Docker and Kubernetes
- Linux Knowledge
- C/C++ Knowledge is a plus
Kontakt
- Razvan-Mihai Ursu (razvan.ursu@tum.de)
- Dominik Brunke (Dominik.Brunke@ZITiS.bund.de)
Betreuer:
Dynamic Security Analysis in 5G RAN
5G, SDR, Security, RAN
Beschreibung
The mobile security sector has uncovered numerous vulnerabilities within link and session-establishment protocols. These vulnerabilities can be exploited using software-defined radios (SDRs) to interfere with, impersonate, or flood layer-3 (L3) messages, compromising security and privacy. These risks persist even within the latest 5G mobile network standard. With affordable SDRs and open-source cellular software stacks readily accessible, the economic and technical obstacles to practical cellular attacks are relatively minimal. In this work, we would like to investigate the resource depletion and Denial-of-Service (DoS) attacks, that are well known in LTE [1], within 5G RAN. The main focus will be regarding the RRC and NAS protocol vulnerabilities that are mentioned in [1]. The expected results would be to recreate these attacks experimentally in our 5G RAN with srsRAN [2]. If time allows, further tests can be performed over campus network with commercial 5G RAN.
[1] H. Kim, J. Lee, E. Lee and Y. Kim, "Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane," 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2019, pp. 1153-1168, doi: 10.1109/SP.2019.00038.
[2] I. Gomez-Miguelez et al., “Srslte: An open-source platform for lte evolution and experimentation,” in Proc. of ACM WiNTECH, 2016.
Voraussetzungen
- C/C++ experience
- SDR experience is a plus
- 5G knowledge is a plus
Kontakt
- Serkut Ayvasik (serkut.ayvasik@tum.de)
- Nicolai Kroeger (nicolai.kroeger@tum.de)
- Dominik Brunke (Dominik.Brunke@ZITiS.bund.de)
Betreuer:
Working Student for Analysis, Modeling and Simulation of Communication Networks SS2024
Beschreibung
The primary responsibilities of a working student include assisting tutors in correcting programming assignments and answering questions in Moodle. Working time is 6-7 hours per week in the period from May to July.
Voraussetzungen
- Python knowledge
Kontakt
polina.kutsevol@tum.de
Betreuer:
Student Assistent for Wireless Sensor Networks Lab Summer Semester 2024
Beschreibung
The Wireless Sensor Networks lab offers the opportunity to develop software solutions for the wireless sensor networking system, targeting innovative applications. For the next semester, a position is available to assist the participants in learning the programming environment and during the project development phase. The lab is planned to be held on-site every Tuesday 15:00 to 17:00.
Voraussetzungen
- Solid knowledge in Wireless Communication: PHY, MAC, and network layers.
- Solid programming skills: C/C++.
- Linux knowledge.
- Experience with embedded systems and microcontroller programming knowledge is preferable.
Kontakt
yash.deshpande@tum.de
alexander.wietfeld@tum.de
Betreuer:
Demo Implementation: Network Planning For The Future Railway Communications
Demo, GUI, Web
This works consists on the implementation of a demo for the work on Network Planning For The Future Railway Communications
Beschreibung
This works consists on the implementation of a demo for the work on Network Planning For The Future Railway Communications.
The idea is to program a web GUI, where the users can plan the network and examine its performance under dynamic scenarios.
An example of the expected outcome can be found here.
Please send your CV and transcript of records.
Voraussetzungen
Basic knowledge on the following:
- Linux
- Python
- Web programming (GUI)
- GIT
Kontakt
Betreuer:
Development of a GUI for Monitoring and Debugging a Digital Twin of QKD Networks
GUI
Quantum key distribution (QKD) is a promising technology for providing secure communication also in the presence of powerful quantum computers. Due to its time-dependent behavior and multi-layer architecture, analysis of routing policies and network performance parameters can be done by emulation. Our implemented network emulator based on container and network function virtualization allows network performance parameters analysis and routing policy optimization.
Beschreibung
We search for a student to build a GUI, simplifying analysis and interaction with the network emulator. The emulator is based on Containernet and includes QKD-specific network function virtualization. Currently, distributed routing is supported but will be extended by centralized routing. Monitoring data from active QKD-links are fed in to mirror realistic circumstances.
- Build a front-end displaying performance and operational data
- Build a GUI for dynamically changing secret key rates
Voraussetzungen
- Programming skills in Python
- Experience in front-end web development
- Interest in security and practical concepts of guaranteed security
Kontakt
Mario Wenning mario.wenning@tum.de
Betreuer:
Sustainable Core Networks in 5G with Performance Guarantees
5G, 5G Edge, UPF, Optimization, Heuristic
Beschreibung
With the advent of 5G cellular networks, more stringent types of traffic, pertaining to applications like augmented reality, virtual reality, and online gaming, are being served nowadays. However, this comes with an increased energy consumption on both the user’s and network side, challenging this way the sustainability of cellular networks. Furthermore, the in-network computing aspect exacerbates things even further in that direction.
Hence, it is very important to provide end-to-end sustainability, i.e., minimize the energy consumption in the network while maintaining performance guarantees, such as the maximum latency each flow should experience. This can be done, for example, depending on the traffic load in the network, and in order to keep the energy usage at low levels, the operator can decide to shut off certain network components, like User Plane Functions (UPFs) or edge clouds, and reassign the tasks to other entities.
In this thesis, the focus will be on the core network. The aforementioned decisions will come up as solutions to optimization problems. To that end, the student will formulate optimization problems and solve them either analytically or using an optimization solver (e.g., Gurobi). The other part would be conducting realistic simulations and showing the improvements with our approach.
Voraussetzungen
- Basic understanding of 5G Core Networks and Mobile Edge Computing (MEC).
- Experience with mathematical formulation of optimization problems.
- Programming experience with Python and Gurobi.
Betreuer:
Distributed Deep Learning for Video Analytics
Distributed Deep Learning, Distributed Computing, Video Analytics, Edge Computing, Edge AI
Beschreibung
In recent years, deep learning-based algorithms have demonstrated superior accuracy in video analysis tasks, and scaling up such models; i.e., designing and training larger models with more parameters, can improve their accuracy even more.
On the other hand, due to strict latency requirements as well as privacy concerns, there is a tendency towards deploying video analysis tasks close to data sources; i.e., at the edge. However, compared to dedicated cloud infrastructures, edge devices (e.g., smartphones and IoT devices) as well as edge clouds are constrained in terms of compute, memory and storage resources, which consequently leads to a trade-off between response time and accuracy.
Considering video analysis tasks such as image classification and object detection as the application at the heart of this project, the goal is to evaluate different deep learning model distribution techniques for a scenario of interest.
Betreuer:
Edge AI in Adversarial Environment: A Simplistic Byzantine Scenario
Distributed Deep Learning, Distributed Computing, Byzantine Attack, Adversarial Inference
Beschreibung
This project considers an environment consisting of several low performance machines which are connected together across a network.
Edge AI has drawn the attention of both academia and industry as a way to bring intelligence to edge devices to enhance data privacy as well as latency.
Prior works investigated on improving accuracy-latency trade-off of Edge AI by distributing a model into multiple available and idle machines. Building on top of those works, this project adds one more dimension: a scenario where $f$ out of $n$ contributing nodes are adversary.
Therefore, for each data sample an adversary (1) may not provide an output (can also be considered as a faulty node.) or (2) may provide an arbitrary (i.e., randomly generated) output.
The goal is to evaluate robustness of different parallelism techniques in terms of achievable accuracy in presence of malicious contributors and/or faulty nodes.
Note that contrary to the mainstream existing literature, this project mainly focuses on the inference (i.e., serving) phase of deep learning algorithms, and although robustness of the training phase can be considered as well, it has a much lower priority.
Betreuer:
On the Efficiency of Deep Learning Parallelism Schemes
Distributed Deep Learning, Parallel Computing, Inference, AI Serving
Beschreibung
Deep Learning models are becoming increasingly larger so that most of the state-of-the-art model architectures are either too big to be deployed on a single machine or cause performance issues such as undesired delays.
This is not only true for the largest models being deployed in high performance cloud infrastructures but also for smaller and more efficient models that are designed to have fewer parameters (and hence, lower accuracy) to be deployed on edge devices.
That said, this project considers the second environment where there are multiple resource constrained machines connected through a network.
Continuing the research towards distributing deep learning models into multiple machines, the objective is to generate more efficient variants/submodels compared to existing deep learning parallelism algorithms.
Note that this project mainly focuses on the inference (i.e., serving) phase of deep learning algorithms, and although efficiency of the training phase can be considered as well, it has a much lower priority.
Betreuer:
Optimizing Communication Efficiency of Deep Learning Parallelism Techniques in the Inference Phase
Distributed Deep Learning, Parallel Computing, Inference, Communication Efficiency
Beschreibung
Deep Learning models are becoming increasingly larger so that most of the state-of-the-art model architectures are either too big to be deployed on a single machine or cause performance issues such as undesired delays.
This is not only true for the largest models being deployed in high performance cloud infrastructures but also for smaller and more efficient models that are designed to have fewer parameters (and hence, lower accuracy) to be deployed on edge devices.
That said, this project considers the second environment where there are multiple resource constrained machines connected through a network.
When distributing deep learning models across multiple compute nodes, trying to realize parallelism, certain algorithms (e.g., Model Parallelism) are not able to achieve the desired performance in terms of latency, mainly due to (1) communication cost of intermediate tensors; and (2) inter-operator blocking.
This project consists of multiple sub-projects each can be taken separately.
In the context of Model Parallelism, two potential modifications can be considered:
- Pipeline parallelism by delaying the inference of the first few data samples assuming a live stream of input data.
- Finding certain points in deep learning architectures or modifying the architecture itself so that for each data sample, it becomes possible to filter out some sub-parts of the model, and therefore reducing the transmitted data, and still achieve comparable accuracy.
Class and Variant Parallelism improve inter-node communication significantly. However, the input data needs to be shared between contributing nodes. The goal is to propose a technique to transmit less data, and to find a good trade-off between computation and communication.
Note that this project mainly focuses on the inference (i.e., serving) phase of deep learning algorithms, and although efficiency of the training phase can be considered as well, it has a much lower priority.
Betreuer:
Load Generation for Benchmarking Kubernetes Autoscaler
Horizontal Pod Autoscaler (HPA), Kubernetes (K8s), Benchmarking
Beschreibung
Kubernetes (K8s) has become the de facto standard for orchestrating containerized applications. K8s is an open-source framework which among many features, provides automated scaling and management of services.
Considering a microservice-based architecture, where each application is composed of multiple independent services (usually each service provides a single functionality), K8s' Horizontal Pod Autoscaler (HPA) can be leveraged to dynamically change the number of instances (also known as Pods) based on workload and incoming request pattern.
The main focus of this project is to benchmark the HPA behavior of a Kubernetes cluster running a microservice-based application having multiple services chained together. That means, there is a dependency between multiple services, and by sending a request to a certain service, other services might be called once or multiple times.
This project aims to generate incoming request load patterns that lead to an increase in either the operational cost of the Kubernetes cluster or response time of the requests. This potentially helps to identify corner cases of the algorithm and/or weak spots of the system; hence called adversarial benchmarking.
The applications can be selected from commonly used benchmarks such as DeathStarBench*. The objective is to investigate on the dependencies between services and how different sequences of incoming request patterns can affect each service as well as the whole system.
* https://github.com/delimitrou/DeathStarBench/blob/master/hotelReservation/README.md
Betreuer:
Demo implementation: Multi-domain redundant network routing
multi-domain, SDN
This works consists on the implementation of a multi-domain SDN network.
Beschreibung
Software-Defined Networking (SDN) is a network paradigm where control and data planes are decoupled. The control plane consists on a controller, which manages network functionality and can be deployed in one or multiple servers. The data plane consists on forwarding entities which are instructed by the controller on how to forward traffic.
A network can be divided in multiple domains in order to ease its management or limit ownership. In multi-domain SDN, each domain has a controller which is responsible for the management. Controllers in different domains cooperate which each other aiming at providing multi-domain end-to-end connectivity.
In this work, the student will receive an abstract topology representing the multi-domain network. This information has to be used to build a virtual network, that can be used in the testing of different algorithms. The implementation should include a GUI, in order to visualize the topology and interact with the different elements in the network.
Please send your CV and transcript of records.
Voraussetzungen
Basic knowledge on the following:
- Linux
- Networking/SDN
- Python
- Object-Oriented Programming
- Web programming (GUI)