Assessing Future Network Readiness for Malaysia

Javed I Khan, PhD Prof. and Director Networking and Media Communications Laboratiory, Kent State University, OH

Fulbright Senior Specialist Advisor to MCMC

Key Note, September 19, 2017 Marriot, Cyberjaya, Malaysia Background

• This is a unique time in history, The emerging innovations are poised to revolutionize our way of life. Starting from telegraph, fixed and mobile phone, internet eras- we will be entering into a new age of ubiquitous communication and computation and networked society..

• Smart citizen & community, augmented reality, bots, autonomous cars, smart home, cloud, bitcoin..

• A Future Network for Malaysia towards becoming a Smart Digital Nation.

MEDIANET, 2017 What is Future Network?

• Focused on 5 emergent components of Future Network

• Next Generation Mobile- 5G • Data Center/Cloud/Big Data • Software Defined Network (SDN) • Internet of Things (IOT) • Smart Cities & Communities (SCC)

MEDIANET, 2017 Objective of the Study

. Assess- Infrastructure and Readiness . Challenge & Opportunities- Where are the gaps, challenges as well new opportunities? . Marching Forward Ideas- What MCMC can do to help its stakeholders in this journey? . Vision- Identify Elements of Future Network for Malaysia to be a Smart Digital Nation.

MEDIANET, 2017 Select MCMC Focus Groups

• MMU Innov8 and Digital Home Lab • UTM-Innovation Center 5G • UPM-WiPNET • CELCOM • MAXIS • DIGI • TIME • TM • U-Mobile • MIMOS • MIGHT

MEDIANET, 2017 Data Center/Cloud/Big Data Cloud: Computing+Data is now Moving Into Core

• Content Delivery Network (CDN): Network provides content owners storage of data . So it can be placed closer to downloaders. Faster speed of access.

• Infrastructure as a Service (IaaS). Cloud provides processor, storage, and networks. The consumer has control over operating systems, storage, and deployed applications; Lower HW Capex!

• Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools and the processor, storage, and network provided by the Cloud Provider. Lowers HW+OS Capex!

• Software as a Service (SaaS): Cloud also provides full software service including the application running on a cloud infrastructure. The consumer does not manage network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings; Lower HW+OS+SW Capex!

MEDIANET, 2017 Impact on Network

MEDIANET, 2017 Growth of Software as a Service

MEDIANET, 2017 NAP of Americas: Miami

• The NAP of the Americas was huge before huge was cool. This massive Terremark Worldwide data fortress in downtown Miami was completed in June 2001, offering 750,000 square feet of data center footprint just as the dot-com bust was taking hold. The six-story facility not only survived the downturn, but has become a key connectivity hub for the Southeastern US and Latin America, providing critical infrastructure to the U.S. military and the global domain name system. The NAP of the Americas is built to withstand a Category 5 hurricane, with its exterior protected by 7-inch thick steel-reinforced concrete panels. Six Hitech rotary UPS systems support the power infrastructure. More than 160 networks converge at the building, creating a major connectivity ecosystem. The three large globes on the roof of the facility house two 16-meter satellite dishes and a 14-meter dish to provide backup connectivity for mission-critical customers should the facility ever lose its fiber feeds.

• 750 KSFT, Carrier Neutral, 80% of South America Traffic passes through 180 carries houses.

MEDIANET, 2017 MEDIANET, 2017 Strength of Malaysian Network Infrastructure in the Eye of Pinger

MEDIANET, 2017 Acknowledgement: Pinger Project Participants

MEDIANET, 2017 Take away #1

Design NCI for Future and Data is Big Part of It! Software Defined Network: Own a Slice of Networking! Protocol Stacks from Federated Controllers

Trusted Protocol Controller Server

MEDIANET, 2017 Software Defined Routing

Classical Routing INPUT ID INPUT PORT FORWARD TO 10 1 PORT 3 22 2 PORT 7 32 1 PORT 5

SDN Routing INPUT ID INPUT PORT ACTION 10 1 FORWARD TO PORT 3 22 2 FORWARD TO PORT 7 32 1 FORWARD TO PORT 5 11 1 EXE CODE 2011 33 2 EXE CODE 2022 32 1 FORWARD TO FLOW TABLE 3 32 3 FORWARD TO FLOW TABLE 5

MEDIANET, 2017 Slicing at Carrier Grade Speed

NGN Slice Exchange Controller

Bare Metal- Network Infrastructure

MEDIANET, 2017 NETRONOME NFP 4000: Scaleup: Massively parallel

60+ processors each capable of supporting multiple threads. 1 thread per packet

MEDIANET, 2017 Alternate Vision: Virtualization

MEDIANET, 2017 What new forms of Communications Possible?

Novel SDN Transports from our Lab iTCP: MPEG2 Delay Guaranteed Communication

Reaction delay () (b) 250 FRAMES (704x480), ENCODING RATE 4Mbps, DT=1.6 sec, XCODE=ON

7

6 Relaxation period() 5

4 Critical delay period (d) 3 Generator Function g(t) 2

DATA DATA RATE (mbps) 1

0 Frugal state rate (h) Window Function w(t) 0 50 100 150 200 250 300 350 FRAME SEQUENCE LINE (FRAMES)

MPEG2-GEN TCP ENVELOP

Tloss Tactual Tequal Tcritical Trecovery time

MEDIANET, 2017 Fast NativeIP Handoff in WiFi Network MIP vs. IPMN

Handoff Latencies (in ms) of the first five handoffs Local Virginia Texas Handoff IPMN MIP IPMN MIP IPMN MIP 1 106 12654 114 58669 202 51359

Corresponding 2 107 7124 106 24975 193 33187 Node 3 111 1524 106 22672 195 29099 L2 Handoff 4 115 48945 111 77414 L3195 Handoff 63523 Backbone 5 109 1008 121 30772 200 41676 Network

IP-Subnet 1 IP-Subnet 2

Avrg. 110 14251 112 42900 197 43769 Router Router

AP1 AP2 AP3 AP4

Mobile Node Mobile Node Mobile Node

MEDIANET, 2017 Super Scaler Communication: Network Swarm

The more a file is on demand the faster it downloads! Example: Super Scaler File Download with Bit Torrent

MEDIANET, 2017 zqTCP: Zero Queue Delay Transport

31 /47 MEDIANET, 2017 Benefits of Agile NCI

• Major reduction in Capex equipment costs through consolidating equipment infrastructure and exploiting the economies of scale of the IT industry.

• Faster targeted service introduction based on geography or customer sets. Scaled up/down as required. In addition, improved service velocity by provisioning remotely in software without any site visits required to install new hardware.

• Supporting multi-tenancy thereby allowing network operators to provide tailored services and connectivity for multiple users, applications or other network operators, all co-existing on the same hardware with appropriate secure separation of administrative domains.

• Carrier grade resilience at low cost. Temporarily repair failures by automated re-configuration and moving network workloads onto spare capacity with remote orchestration. Reduce the cost of 24/7 operations by mitigating failures automatically.

MEDIANET, 2017 A New Eco System?

• Opens up the eco-systems. It opens the virtual appliance market to TELCOs eager to innovate service, academia, pure software entrants, small players encouraging more innovation to bring new services and new revenue streams quickly at much lower risk.

MEDIANET, 2017 Take away #2

Design NCI for Future and Data is Big Part of It!

Virtualize NCI for Affordably and also Agility! Emerging Applications: Smart Home

Smart Home:

Following parties will be involved in business:

• Device manufacturers • Communication service providers (Network Operators) • Smart home setup companies. • Smart home maintenance service providers • Mobile Operators (to provide remote access) • Application developers (Remote control) • Research firms • Cloud computing and storage providers • Multimedia content providers (News, movies, etc.)

MEDIANET, 2017 Emerging Applications: Smart Grids : Smart Grids: Following parties will be involved in business:

• Power generation companies • Power transmission and distribution companies • End device manufacturers • Data Communication and computing service provider. (Network Operators) • Data storage service provider • Research Firms • Software developers

MEDIANET, 2017 Emerging Applications: Smart City Corporations

Smart City Corporation:

Following parties will be involved in business:

• City corporation • End device and sensor manufacturers • Network operators • City service providers (Road, water, trash, waste managements) • Research firms Smart waste management • Data storage providers • Management and maintenance. • Software developers

If city corporation avail sensing data for third party service providers, many new private businesses will come in the market.

MEDIANET, 2017 Prepared CI Network ? Brand Wearable App Fitness Tracker Leak Apple Apple Watch 2.1 Watch Basis Basis Basis Peak 1.14.0 Peak Bellabeat Bellabeat LEAF 1.7.0 Leaf • CITIZEN LAB(Uni. of Toronto) Fitbit Fitbit Fitbit 2.10 examined 17 fitness trackers Charge HR • Almost all of them leaks data Garmin Garmin Garmin Connect • Sensor readings can be overridden Vivosmart 2.13.2.1 Jawbone Jawbone Jawbone UP 4.7.0 • Real life incident: Up 2 • Not reported yet Mio Mio Fuse Mio GO 2.4.4 • Possible Privacy threats Withings Withings Withings Health Pulse O2 Mate 2.09.00 • unwanted access to user workout Xiaomi Xiaomi Mi Mi Fit 1.6.122 schedule, Band Blood pressure, pulse rate etc. • Possible Safety threats • Assume • Fitness tracker of User with asthma is hacked • Tracker suggest higher pulse rate then actual • User takes inhaler

Full Report : https://openeffect.ca/reports/Every_Step_You_Fake.pdf MEDIANET, 2017 Cardiac Devices Control

Hackable Cardiac Devices from St. Jude Hospital • Sept, 1 2017: The FDA issued the recall Tuesday for 465,000 pacemakers created by health company Abbott Laboratories (formerly St. Jude Medical).

• FDA confirmed about vulnerabilities • Hackers can control pacemakers & defibrillators using its transmitter • Real life incident: Not reported yet • Possible Privacy threats • unwanted access to critical patients info • Possible Safety threats • False reading may lead to unwanted defibrillators shock to heart attack patient • Unnecessary defibrillators shock may kill patient

News Source : http://money.cnn.com/2017/01/09/technology/fda-st-jude-cardiac-hack/ MEDIANET, 2017 Multiple Wearable Hack: Password Cracker

• STEVENS Ins. Of Tech. developed Backward PIN- sequence Inference Algorithm. Uses accelerometers, gyroscopes & magnetometers and could crack PINS and passwords with 80% accuracy in just one try 90% after 3 try). • Real life incident • Not reported yet • Possible privacy & safety breach • Loosing all kind of secret credentials Source : https://www.stevens.edu/news/did-your-smart-watch-fitness-tracker-just-give-away-your-pin

MEDIANET, 2017 Smart DVD player & Coffee Machine: Mirai Botnet Attack Dyn Attack

• Most severe DDoS attack of recent time. Used IoT based Botnets • Stopped huge portion of USA internet system for long time • Twitter, the Guardian, Netflix, Reddit, and CNN was effected • Record 1 Terabit per second traffic • Traffic generated mainly from China & Vietnam • Used common username-password pair to attack • DVD player, web cam & Coffee machine was main target • After takeover one machine captured other machine • Source code is open sourced now • Origination time & source yet unknown • Newer versions of Mirai are coming • Possible privacy & safety breach • what if the camera’s start transferring video!!

MEDIANET, 2017 Smart Light : Philips Hue/ Drone Attack

• Researcher hacked Philips Hue bulb using drone • Using Touchlink aspect of ZigBee Light Link system • Bypassed built-in safeguards against remote access • Extracted global AES-CCM key for encrypt & authenticate new firmware • Hacked from 350 meters distance • Real life incident: • PoC by researchers • Possible Safety & Privacy threats • Hackers can put bulbs on SOS mode • Stop lights at weekday office time

News source : https://www.engadget.com/2016/11/03/hackers-hijack-a-philips-hue-lights-with-a-drone/

MEDIANET, 2017 Information Paths

DATA on the way

Sensing Sensing Path Path

Actuation Actuation Path Path

IoT Devices Hub / GW CLOUD

MEDIANET, 2017 Emerging Unlicensed Spectrum IoT Communication Standards

• For Short Range • Major standards are • Zigbee • Bluetooth • WiFi • Not own by any service provider • Low cost • Often compromise security for Summary for Zigbee, Wi Fi, BT Low energy

MEDIANET, 2017 Cellular IoT Standards

Image courtesy: 3GPP & Aricent technology MEDIANET, 2017 ZigBee : Security Risk

• Zigbee security depends on 2 Keys • 128-bit Network key : distributed & shared among every device in network to secure broadcast communication • 128-bit Link key: secure unicast communication on Application layer, & shared between 2 devices • No protocol support for dynamic key replacement • Once Key is compromised  whole network is compromised • Possible attacks: • Physical attacks • Connect to unsecured Zigbee device in the network & capture Network key • Sending noise on Zigbee channel  Jam signals • Key attacks: • Over the Air unencrypted key delivery & pre shared key  Key hacked from sniffed packet Any Zigbee mimicking device can get the key • Implementation in firmware

MEDIANET, 2017 Bluetooth: Security Risk

• A wireless communication standard for short distance • Uses Low Energy • 4 Versions 1.x, 2.x, 3.x, 4.x • Possible attacks: • General software vulnerabilities : each implementation has some kind of problem • Weak encryption, plain text password transmission etc • Eavesdropping : Older versions(1.x to 3.x) are not secured enough • Without key pairing or pass key, weak encryption • Hackers can continuously send packets  quick battery discharge • Device can be found even when hidden using Hydra tool • Bluetooth LE & older generation has these problem • https://arstechnica.com/information-technology/2016/09/hands-on-blue-hydra-can-expose-the- all-too-unhidden-world-of-bluetooth/ • BT 4 broadcasts packets with universally unique identifier (UUID) • User location can be identified with received signal strength indicator (RSSI)

MEDIANET, 2017 WiFi: Security Risk

• WiFi long range than BT & Zigbee • Power requirement is also high • Strong encryption support • Possible attacks: • Dictionary attack : Brute force attempt to break weak passwords • DDoS attack: Exhaust router buffer with large number of packet • General software vulnerabilities : each implementation has some kind of problem • Example : • Broadpwn : Security researcher at “Nitay Artenstein of Exodus Intelligence” found it • Broadcom’s Wi-Fi chipsets contains bug • Hackers can compromise the device • Can “execute arbitrary code on the Wi-Fi chip.” • https://www.usatoday.com/story/tech/talkingtech/2017/07/21/apple-issues-security- updates-mac-and-ios-stop-potential-attack-through-wi-fi/500689001/

MEDIANET, 2017 EU Agency for Network & Information Security – Possible Threat Surfaces

Source : Threat Landscape for Smart Homes - Enisa - Europa EU MEDIANET, 2017 Smart Wearable : Possible Attack Surfaces

Source : https://www.welivesecurity.com/2015/12/08/wearables-wheres-the-risk/ MEDIANET, 2017 • Data Network = Information Network ??

We may have highly capable data network but quite unprepared Information Network Infrastrcture. The Three Takeaways of Today

Design NCI for Future and Data is Big Part of It!

Virtualize NCI for Affordably and also Agility!!

Ready NCI for Information Networking!!! Publications

• Iftekharul Islam, & J. I. Khan, A Network Centric TCP for Video Delivery Networks, (Accepted), IEEE ICNP 2017, October 10, 2017. Toronto, Canada • Javed I. Khan and Raid Y. Zaghal, Interactive Transparent Networking—Modeling Examples of Snoop and WTCP Protocols, Computer Communications, Vol. 28, Issue 6, pp. 702 – 711. • Sandeep Davu, Raid Zaghal, and Javed Khan, An Infrastructureless End-to-End High Performance Mobility Protocol for Connection Oriented Applications. IEEE International Conference on Electro Information Technology – EIT'05, Lincoln, NE, May 2005. • Raid Zaghal, Sandeep Davu, and Javed Khan. An Interactive Transparent Protocol for Connection Oriented Mobility - Performance Analysis with Voice Traffic. Third International Symposium on Modeling and Optimization in Mobile, Ad- hoc and Wireless Networks – WiOpt'05, Riva Del Garda, Trentino, Italy. April 2005. • Javed Khan and Raid Zaghal. Protocol Modeling with Transparent Networking. International Conference on Computing, Communications and Control Technologies - CCCT'04, Austin, TX, USA. August 2004. pp. 66 – 71, Vol. 7. • Javed Khan and Raid Zaghal. Jitter and Delay Reduction for Time Sensitive Elastic Traffic for TCP-Interactive Based World Wide Video Streaming Over ABone. Proceedings of the 12th International Conference on Computer Communications and Networks 2003 - ICCCN'03, Dallas, TX, USA. October 2003. pp. 311 – 316. • Javed Khan, Raid Zaghal, and Q. Gu. Dynamic QoS Adaptation for Time Sensitive Traffic with Transientware. Proceedings of the IASTED International Conference on Wireless and Optical Communications 2003 – WOC'03, Banff, Canada. July 2003. pp. 225 – 229. • Javed Khan and Raid Zaghal. Symbiotic Streaming of Elastic Traffic on Interactive Transport. IEEE International Symposium on Computers and Communications - ISCC'03, Antalya, Turkey. July 2003. pp. 1435 – 1440, Vol. 2. • Javed Khan, Raid Zaghal, and Q. Gu. Rate Control in an MPEG-2 Video Rate Transcoder. International Packetvideo Workshop - PV 2002, Pittsburgh, PA, USA. April 24 – 26, 2002.

MEDIANET, 2017 Thanks

Ideas? Suggestions? Question?

[email protected] Skype: forjaved