Moving Target Defense for the cloud/edge Telco environments

Abstract

The Internet of Things (IoT) paradigm has been one of the main contributors, in recent years, to the growth in the number of connected equipment. This fact has predominantly contributed to IoT being constrained by the 5th Generation Mobile Network (5G) progress and the promises this technology brings. However, this can be a double-edged sword. On the one hand, it will benefit from those progresses, but on the other, it will also be impacted by any security risk associated with 5G. One of the more serious security problems associated with it is the new wave of virtualization and softwarization of networks and analogous appliances, brought to light by paradigms such as Network Functions Virtualization (NFV) and Multi-access Edge Computing (MEC). Considering these predicaments, we propose a state-of-the-art Moving Target Defense (MTD) approach that defends Cloud-based Network Functions (CNFs) launched within MEC and NFV environments. Furthermore, our mechanism follows the famous Everything as a Service (XaaS) ideology, allowing any CNF provider to use this protection system, working agonistically. In the end, we created a Proof of Concept (PoC) of our proposed methodology, which we then used to conduct an extensive practical security analysis against the multiple phases of the Intrusion Kill Chain. Our final results have proven that our MTD as a Service (MTDaaS) approach can effectively delay and, in some cases, stop an attacker from achieving its objectives when trying to attack a CNF, even if the related vulnerability is a zero-day.