Objectives

Objectives

  • NATWORK will fully specify a detailed 6G architecture, that is based on existing 6G architectural principles proposed by 5GPPP but is extended to provide holistic, End-to-End (E2E) security to the network. 
  • The specified NATWORK architecture will include net-zero, self-resilient componets and will be AI native, utilising a cross-layer decentralised approach based on secure federated learning. 
  • NATWORK will elaborate and interface a new form of software SECaaS to harden and continuously monitor all forms of software payload, irrespectively to the execution platform. 
  • NATWORK will provide secure information sharing as a service for the different distributed infrastructure elements and agents, ensuring secure configuration, state and other data sharing among infrastructure elements. 

  • Secure-by-design slice composition: NATWORK will enable automatic secure-by-design composition of 6G cloud-native slices (CNS), possibly operating over multiple domains of the access-to-core/edge-to-cloud continuums. This includes leveraging the security and privacy intents of a slice in the composition service(s), in addition to performance and cost. These will be considered alongside Net-Zero targets, such as green energy transition, to generate optimised slice functional and non-functional graphs utilised in orchestration and management. 
  • NATWORK will develop a platform-agnostic security-by-construction SECaaS, hardening software payloads of various formats (e.g., compiled executables and libraries, containers, web Assemblies WASM) against confidentiality, integrity and availability attacks prior deployment. NATWORK's SECaaS will bring by-default and best effort payload security, to preserve and maximise payload mobility and the reduction of security-related resource consumption (e.g., memory, PU cycles). Our research will be rooted on recent industry and opensource foundations progress on interoperable confidential computing leveraging VM-based TEEs (i.e., Intel's TDX, AMD's SEV and ARM's CCA), their known security gaps as well as the security pitfalls for WASM. 
  • NATWORK will develop end-to-end AIaaSecS for software payload, using the SECaaS features to intelligently guarantee security through (near) real-time monitoring and enforcement. AI will determine the ideal payload runtime for any combination of device and payload, in order to ensure security requirements while maintaining performance. Additionally, intelligent self- and remote attestation will be utilized to build a trust spectrum between nodes. The models will take advantage of algorithms for improved explainability, leading to reliable debugging and higher resilience. 
  • NATWORK will exploit payload mobility as an MTD action type and provide optimisation and automation of MTD in 6G environment entailing microservices and multiple network domains. AI-driven MTD policy optimisation will be developed to operate optimally regarding the MTD overhead versus security gain. Moreover, explainable techniques for AI will be integrated to provide insights to human security experts. 
  • NATWORK will exploit the capabilities of programmable data planes like P4 switches and smartNICs to support MTD action types implemented by the data plane of the network. Flexible reconfiguration of the data plane will support various low-level MTD actions like randomization, diversification and adaptation via a predefined API. Data plane actions will support multitenancy and isolate MTD policies between tenants. 
  • Existing in-network operations that are critical for the successful operation and attack detection of the 5G network will be migrated to the computing continuum– such services include the deep analysis of control and data plane network traces, allowing the identification of attacks/patterns leading to attacks. Lightweight ML models will be employed, along with high-speed switching fabrics enabling wire-speed detection. 
  • Security-by-design for ZSM (zero-touch network and service management of security) and ZTN (zero-trust networking) 

  • NATWORK will enable AI-empowered decentralised orchestration and management services for optimised scheduling and migration of 6G cloud-native slices, over access-to-core/edge-to-cloud continuums. Optimality will consider meeting the security requirements provided from the composition phase, while maximising Net- Zero targets in energy efficiency - e.g. transitioning to green operations. NATWORK will further enable adaptive management of running slices in the presence or anticipation of a cyber threat or a change-of-state in the 6G continuum. The optimisation algorithms here (including federated machine learning) will address the trade-offs between security, privacy, performance and sustainability. 
  • NATWORK will focus on providing Net-Zero AI models and methods, for fortifying the network against different types of attacks (both addressing Control and Data Plane components). The Net-Zero approach will be backed through the execution of the security framework as cloud-native functions, and the scheduling and orchestration of the cloud-native functions in the most energy efficient manner possible. 
  • Explainable management will be enabled on top of the AI models, through the application of neuro-symbolic modelling, and allowing the human-in-the-loop interaction with the system. Representing and reasoning with abstract knowledge using knowledge graphs and deep graph neural networks and establishing causal relations between different entities, reasoning about counterfactuals and unseen scenarios for the AI models will be considered. 
  • NATWORK will develop and exemplify a novel AI-powered payload monitoring, with the generation of control flow time-frequency per code bloc series for the detection of DoS attack of any forms, targeting the payload, its running execution environment or a co-resident payload. 
  • NATWORK will develop federated learning driven and autonomic MTD schemes and optimise them in a 6G edge-to-cloud continuum for energy efficiency. These enablers will operate in a closed-loop setting following ETSI ZSM paradigm, where energy resources and security related telemetry from the 6G network will be fused for optimal control of MTD operation towards net zero operation. 
  • Development of AI-based anti-jamming for vRANs 
  • New AI models for security (intrusion detection, behavioural analysis, Network Function traffic and load) by considering parameters of network performance (security-performance balancer). Explainable/trustworthy AI. 
  • Threats vs. Performance (or Risks vs Costs). New approach to threat analysis considering costs of security controls in terms of risks and performance, as well as Root cause analysis for zero-touch response. 
  • The goal is to develop a framework that seamlessly integrates diverse data sources, including private and public, as well as structured and unstructured information, for the analysis of Cyber Threat Intelligence (CTI). This framework will enhance security experts' ability to interact with external data, enabling them to better prepare and respond to cyber threats.  

  • NATWORK specifically focuses on providing physical layer security through a twofold approach:  
    • through employing AI driven antijamming technologies, and  
    • via dedicated components for MIMO and RIS surface defense.  
  • Such components will build upon other contributions of the project (e.g. net-zero explainable AI) towards maximising the benefits of the approach and create tangible outcomes on the wireless radio physical layer security. 
  • NATWORK will limit the complexity of physical layer attack detection in RAN and decisively increase the flexibility, by AI-driven detection agents that move across the RAN and check traffic features at different layers of the RAN. Thanks to this it will maintain detecting advanced, distributed attacks and, specially, helps to limit the false positives. 
  • NATWORK will introduce defense-in-depth thanks to the double effect of the detection in the agents and the correlation of the alerts from different agents. The FRS agents will work autonomously across different modules of the Radio Access Network and identify the anomalies in traffic arriving to the RAN thus increasing the attack detection rate. 
  • Protection of the air interface in the new 6G sub-THz bands based on Physical layer key generation (PKG). 
  • Investigate novel anti-jamming AI-based methods that reduce the time to respond the attack. 

  • To provide experimental verification results for this objective, the following 4 Use Cases will be deployed by NATWORK: UC #1: Sustainability and reliability of 6G Slices and services, UC #2: Anti-jamming technologies for AVs, UC #3: IoT security, UC #4: Improving variability of network with continuous security 
  • Every Use Case will be centered on presenting a complete proof of concept of the proposed solutions and gaining measurable results that will be reflected in a number of KPIs, defined in the project 

  • NATWORK will define a methodology to evaluate, validate the suitability and functional improvements provided by the proposed innovations. Input from the defined use cases will be used to determine architectural requirements and to perform the analysis and planning for evaluation. 
  • The platform will be deployed on premises and different testbeds (e.g., CERTH operates the NITOS testbed offering cutting-edge 5G RAN, Edge and central cloud components). Specific attack automation scenarios will be developed to test the resiliency and detection of security breaches in the overall NATWORK framework. 
  • Resiliency testing of 5G/6G components based on attack injection and fuzz testing.

  • Develop and validate business models for cybersecurity-related use cases that can complement existing services and establish appropriate business models and IPR procedures to promote commercially viable products/solutions in the network operator market. These solutions aim to improve cybersecurity, QoS/resilience performance of b5G networks, and create secure information systems offering a wide range of tailored information security services. 
  • Identify and validate relevant standards, contributing to key standardisation bodies to support 6G standardisation, particularly in security-related areas. Monitor ongoing 6G standardisation and pre- standardisation studies conducted by multiple SDOs and forums, identify gaps in standardisation, and provide input to guide 6G standardisation efforts.