Community Research and Development Information Service - CORDIS


CHARISMA Report Summary

Project ID: 671704
Funded under: H2020-EU.

Periodic Reporting for period 1 - CHARISMA (Converged Heterogeneous Advanced 5G Cloud-RAN Architecture for Intelligent and Secure Media Access)

Reporting period: 2015-07-01 to 2016-06-30

Summary of the context and overall objectives of the project

5G networking is a swiftly evolving and broad concept, encompassing seamless fixed-mobile convergence with Gb/s connectivity speeds over an intelligent open access (multi-tenancy) infrastructure. Integrating such diverse technologies into a single architecture with attendant software-defined networking (SDN) and networking functions virtualization (NFV) presents key technology challenges, while making issues such as security, energy efficiency, and scalability ever more critical. CHARISMA (Converged Heterogeneous Advanced 5G Cloud-RAN Architecture for Intelligent and Secure Media Access) project objective is the development of an open access, converged 5G network, via virtualized slicing of network resources to different service providers (SPs), with network intelligence distributed out towards end-users over a self-similar hierarchical architecture. Such an approach offers a means to achieve important 5G key performance indicators (KPIs) related to low latency, high and scalable bandwidths, energy efficiency and virtualized security (v-security). CHARISMA’s ambitious approach for low latency and enhanced security builds upon present and future high-capacity developments that are currently being mooted for 5G deployment, such as 60 GHz/E-band, CPRI-over-Ethernet, cloud-RAN, distributed intelligence across the back-, front- and perimetric-haul, ad-hoc mobile device interconnects, content delivery networks (CDN), mobile distributed caching (MDC) and improved energy efficiency. CHARISMA’s architecture has been designed to satisfy key 5G drivers as well as make the architecture particularly applicable to variety of 5G related use case scenarios. In particular, CHARISMA has been designed to emphasise 3 specific important functionalities that are also considered to be key to many important vertical sectors and the provisioning of their supporting 5G services. These 3 functionalities are to be a low-latency network, featuring security and open access (multi-tenancy) operation.
End to end network latency is vital to support the wide range of new use cases promised by 5G networks, such as remote surgery, self-driving cars, and public safety communications systems. Apart from the necessity of low latency, 5G network security operations require automation, robustness and on-demand protection from attacks and threats. The softwarization and virtualization of networks and network functions have made security a complex challenge for 5G networks thus a comprehensive approach to end-to-end security for network resources, both physical and virtual is essential. A converged 5G infrastructure intrinsically possesses natural monopolistic characteristics, thus enabling its open access to multiple virtual network operators, has multiple social, economic and environmental benefits. The network sharing and multi-tenancy imply a single infrastructure provider (InP) serving several services providers, with physical infrastructure shared through the C&M systems, which becomes a fundamental enabler to provide required flexibility, elasticity, and programmability required for 5G access core networks.
In particular these three features, which CHARISMA has been specially designed to promote, are not necessarily compatible (or consistent) with each other (i.e. they can be somewhat self-contradictory, e.g. the desire for Open Access can potentially compromise security, if the architecture does not appropriately take this into account, e.g. via appropriate tenant isolation measures) and so impose their own additional constraints on how the architecture is best designed. Conversely, these particular features can also act to reinforce and help each other, e.g. the desire for end-to-end low latency can also act to assist in the secure operation of the network, e.g. by reducing the scope for interception or breakdown over long lengths of the topology, since low latency tends to require data to be processed (transmitted, etc.) as locally as possible to where it is required.

CHARISMA is looking to have an impact on the telecommunication market, which is a highly competitive environment that is characterized by continuous changes in terms of technology evolution and user preferences. The pure voice oriented mobile networks (2G) of the previous decades have evolved to data networks (3G & 4G). 5G is envisioned as the technology that will connect a huge number of end-devices in a fully connected future. 5G will be the backbone of the future digital society since it will interconnect almost every device, sensor, etc. leading to growth and impact not just on telecom sector but also creating new business opportunities.
The business model regarding mobile networking is evolving alongside: initially the Network Operator and the End Users were the main stakeholders of the value-chain. Nowadays, new actors such as Content Providers, Over-The-Top (OTT) players, are arising. One of the biggest changes of 5G will be the transformation of connectivity and this will lead to changes related to business models.
ore and more of the functionalities will be moved from the Central Exchange (CE) to other parts of the network. Virtualization will be present in most of the network elements. NFV will enable to use common hardware with ease of deployment, scalability and reduced costs to achieve required network elements functionalities. Additionally, NFV combined with SDN, will lead to a reduction of CAPEX and OPEX, and will optimize the operations and reduce the time to market for new actors. A new eco-system with new players alongside the traditional ones will arise. A huge amount of CAPEX will not be necessary in order to enter the market and most of the costs will be OPEX related. Competition will move to the SW domain: SMEs developing new functions will have an opportunity to enter the market, while HW vendors will move their business closer to SW development. In this sense, Open Access is an essential feature of CHARISMA ecosystem as it opens the market to multiple operators who will control their set of virtual resources by the appropriate interfaces.

CHARISMA characteristics will lead also to the creation of new business innovation by involving vertical sectors such as Health, Factories of the Future, Energy, Automotive etc. that require low latency, high security and open access. For example, low latency will lead to new applications that require almost real time control and information flow (remote surgery, ITS/collision avoidance); Security will lead to new use cases regarding Factories of the Future such as internet based manufacturing and will lead closer towards Industry 4.0.; Open access provides the basis for multi-tenancy. The different topics that will be researched regarding the business perspectives of CHARISMA among others include: new tariff and pricing models, charging mechanisms, demand forecasting for services. Finally, a detailed techno-economic analysis of the CHARISMA solution will be performed and guidelines will be extracted.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

A key architectural innovation of CHARISMA is the adoption of a self-similar hierarchical approach, with active nodes intermediate to the central office (CO) and end-users. The CHARISMA 5G architecture has been designed to exhibit low-latency (towards the 1-msec KPI of the 5G-PPP programme) as well as security and open access. Achieving low latency requires data to be handled (i.e. routed and/or processed) as close to where it is required (i.e. either at the receiving end, and/or at the source end). Indeed, this implies that a low-latency architecture requires network intelligence to be located as close to the edge as possible, such that traffic which is expected to remain local never needs to travel towards the core of the network; minimizing transmission latency. Likewise, in cases where data is frequently required (e.g. from a popular video streaming source) it makes sense to store that video data at a location close to where it is frequently accessed; in such a way, access time latency can also be minimized. Overall, this requires the CHARISMA architecture to be much more distributed in nature, as compared to more centralized 5G architectures, e.g. as typically exemplified by the purely C-RAN architecture, where intelligence is almost completely located in the Central Office (or Central Node). The legacy C-RAN network might also have had some limited storage at the RRH (equivalent to CAL2 in Fig.3), CHARISMA’s much more distributed and hierarchical approach sees such intelligence, processing and caching (i.e. in the IMU at each CAL node) pushed out also to the small cell (CAL1 at the rear of the bus) and at CAL0.
Thus, the CHARISMA architecture is therefore also anticipating developments in cloudlet and fog computing. To that end, we have designed the CHARISMA architecture to be hierarchical, with a set of self-similar intelligent aggregation nodes located between the CO and end-users. Each node is labelled a Converged Aggregation Level (CAL) and is designated with a number, to signify its level in the hierarchy. Each active node (i.e. CAL) has its own scalable intelligent management unit (IMU) performing data storage/caching, processing and routing functionalities.

Regarding the physical layer, CHARISMA consists of a multiple number of diverse and innovative hardware technologies, whose functionalities are key to enabling the low-latency, open access, and secure data transmission required in future 5G networking. These device elements include the TrustNode router for low-latency and secure routing; accelerated network interface card (NIC); device-to-device (D2D) communications, for low latency featuring local (distributed) security; offloading and hierarchical caching, to enable low-latency video distribution and network load balancing; mobile cloud for low latency and scalable (virtualized, as required) networking functions; Ethernet fronthaul based on OFDM-PON and NG-PON2 technologies, for low latency, low cost and resilient RRH connectivities; and reliable low-latency backhaul providing open access connectivity between the RAN and the core network. Together, these technologies comprise an important aspect to the CHARISMA data plane architecture and depending on the requirements of the VNO, may or may not be part of its respective network slice. These CHARISMA network elements, physical or virtual, are managed and controlled by a centralized CHARISMA control plane which first functionalities have already been designed and implemented.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

CHARISMA has adopted a policy-driven approach to orchestration and support for intelligent security management capabilities as designed in the first year. The orchestrator can receive security rules and policies set by a SP, and based upon monitoring information collected from the already deployed services, it can detect possible security threats. Depending on the security policy selected, the orchestrator creates security profiles that differentiate on the decisions taken for required counter measures appropriate to address a particular threat. Examples of such decisions are: the configuration, termination, scaling or migration of an already deployed service; and the deployment of new security services, which through proper placement of VNFs, will attempt to prevent, neutralize or respond to a specific attack.
Moreover, the security-related VNFs developed in CHARISMA are designed to implement or assist virtualized security functions (i.e. VNFs) such as: intrusion detection, firewalls, and deep packet inspection (DPI). That is, a network service may be composed of one or more security VNFs according to the differing virtual network operators (VNO) specifications, ensuring the individual v-security requirements. CHARISMA foresees authentication and authorization at infrastructure level, both virtualized and physical, i.e., every virtual and hardware component has to be authenticated. The VNOs need to be authenticated and allowed access to authorized virtual network resources only. In this regard, CHARISMA has designed a comprehensive authorization and authentication solution facilitated with a trust framework. Furthermore, CHARISMA also exploits MACsec for authentication and encryption for MAC layer security. Other VNFs implemented in CHARISMA are directed towards vCPE, SDN control, and content caching. Security of ICN-based architectures is still relatively immature; however some directions have been proposed to extend protocols (i.e. OpenFlow) where content can be encrypted through a digital signature with the private key of the content originator, thus enforcing confidentiality, traceability and content access feedbacks. Here we envision distributed caching security as a virtualization of the network layer and cluster encryption at the physical layer in order to also greatly reduce content access latency for both mobile and fixed networks.

The security framework is supported by the CHARISMA open access solution, that allows infrastructure providers to share resources among multiple VNOs, thereby leveraging down CAPEX and OPEX, as well as achieving more efficient operation of the network using a centralized control and management system for all resources involved. It supports different network instances, called network slices that share a common pool of resources but have different characteristics in order to support the different network service needs. Motivated by its open access virtualization platform through the use of Software Defined Networks (SDN), Network Functional Virtualization (NFV), and network slicing, concepts that enables a new SP to propose new services, without the need to negotiate with the operator for a slice of physical infrastructure, therefore opening the market to multiple VNOs in a secured and segregated manner. More specifically, the VNFs consist of software components running on top of the CHARISMA virtualized infrastructure, with the VNFs implementing common network functions traditionally carried out by specialized hardware devices, and are deployed on top of commodity (i.e. off-the-shelf) IT infrastructure equipment. The CHARISMA open access solution ensures that the VNFs operated by a particular VNO are deployed on virtual resource belonging to the network slice of the respective VNO while maintaining isolation among the different tenants of the CHARISMA network.

Related information

Record Number: 192947 / Last updated on: 2016-12-16
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top