Securing Virtual Architecture of Smartphones based on Network Function Virtualization

One of the most difficult parts of Network Function Virtualization (NFV) installations is security. The NFV environment is a large-scale, software-driven one with a variety of components. Network topologies and traffic flows are continuously and managed to change. Such complexity necessitates a comprehensive security framework that permits automatic and to manage changeable network conditions, a quick response is required with the least amount of manual involvement. This paper introduced many solutions for securing the NFV environment from attacks such as (Specter and DoS) that attack parts of this architecture based on some experiments. Applied NFV on an operating system of smartphones (Android). We tested some attacks on the device and then on some of the layers in the architecture. We obtain new and obvious results, by comparison, to traditional and updated NFV architecture. Also, update the NFV architecture using vCenter/ ESX and Hyper-V being two important terms in security After adding the necessary algorithms to protect the NFV architecture, we noticed about 128 hours to hack a 1,4 megabyte (WinRAR) file, while the same file and the same size needed 126 hours to reach the root without the algorithms used to protect the architecture.


INTRODUCTION
Telecommunications service providers (TSPs) today must proportionately and continuously buy, store, and run new existing hardware due to the growing variety and data rates via consumers. For TSPs, it results in substantial expenditure costs. By separating the functions that run on physical networking devices from the device itself, NFV (1,2,3,4) has been presented as a modern technology to develop, implement, and control network infrastructure at significantly lower costs. Further particularly, NFV makes use of virtualization technologies to deliver network functions (NFs) by executing software on large volume servers, gateways, and memory that are industry standards. (3) The primary benefit of NFV is the realization of software-based NFs rather of hardware appliances, such as virtualized firewalls in addition to gateways.
The benefits of NFV over conventional network architectures are numerous, (5) a more effective network architecture and resource allocation, cheaper equipment costs, higher operating performance and operational efficiency, more scalable function deployment and dynamic implementation, and lower energy usage. But NFV might have a number of security problems. For instance, elements of the NFV framework such hypervisors and orchestrators might be exposed to security from the risks. New security flaws could be introduced via shared storage and networking. (1) Additionally, multiple suppliers are likely to offer different hypervisors, hardware, and VNFs, which complicates integration and creates security gaps. (5) The security issues with NFV have been addressed using a variety of strategies. (6,7,8,9) For instance, the NFV ISG proposes associated technologies to provide security and trust for NFV as well as guidelines for ensuring security in the NFV's exterior operating context. (10,11) Alcatel-Lucent discussed the corresponding mitigating techniques and described the security threats that now exist in NFV. Huawei emphasized the importance of offering efficient security monitoring to find risks and prevent attacks. (12) The main of the key features of cloud computing is virtualization, that permits companies to expand or virtualize the activities of their resources in order to increase a reliability of the system work. In other aspects, virtualization enables the use of several users or even multiple businesses to share one physical instance of a resource as a virtual machine. (13) Hypervisor, meanwhile, is used to separate and manage the various virtual machines from the actual computing devices in order to manage the use of shared resources. (14) Through a straightforward programmable plug-in and broker interface, the Management and Network Orchestration (MANO) platform implements VNF and application awareness. (15) It is an expandable, scalable solution. It offers a complete solution for managing network and service functions across various infrastructure platforms.
A new strategy for interactive computing is known as "software-defined networking" (SDN), which describes the ability to establish, manage, modify, and administer network activities automatically over open interfaces. Through the establishment of an abstraction for the data forwarding plane and the subsequent separation of it from the control plane, SDN highlights the importance of software in managing networks. (16) Virtual network functions (VNFs) are software-based versions of network operations that were previously carried out by specialized and proprietary hardware devices. VNFs are designed to replace such devices by running on cost-effective hardware while performing specific network and network security functions. Routers, firewalls, the Domain Name System (DNS), load balancing, caching, and network address translation are some of the tools that are utilized for these activities by both businesses and network service providers. (17) This paper particularly concentrates on the security part of NFV. Extra precisely, the goals of this paper are to provide results of attacking parts of NFV architecture, then re-attacked after securing these parts by many algorithms. We generated two attacks are spectre and DoS the first one tested on the hardware devices and second one on the hypervisor layer.

NFV Architecture Security Challenges with Solutions
Many advantages like lower costs and less operational influence are made possible with NFV. However, advantages do come with problems. (18,19) Authentication and authorisation of users and tenants are fundamental issues with NFV security. (10) The security aspect is discusses in (11) via three scenarios for NFV security: security within VNFs, security across VNFs, and security external to VNFs. NFV's biggest challenges are security and software management. (12) A barrier for implementing NFV in telecommunication networks and mobile networks is how to solve the security issues posed by hypervisors, data communication, and APIs. (5) As shown in figure 1, NFV architectural framework includes many functional parts.

Physical Layer
The Hardware is at the bottom. For CSPs, any vulnerability that damages this layer-such as those from Spectre and Meltdown flaws-and exposes data privacy issues might be disastrous. The source of trust function a collection of hardware and software security modules ought to be turned on the server in order to secure this. A better solution for the operating system to be executed is established by this base of trust.

Hypervisor Layer
The software called a hypervisor enables numerous guest virtual computers to run in parallel on the same host. Virtualization security is strongly reliant on the individual security within each part, including the hypervisor, host operating system, guest operating system, applications, and storage. Attackers may use NFVI or hypervisor vulnerabilities to their advantage. For instance, an attacker might be able to compromise confidentiality and integrity.
In addition to exploiting the availability of VNF resources, attackers may attempt to escape from the virtual computing, network, or storage environment in order to gain access to the host's physical compute, network, or storage resources. A secure boot system that offers some type of integrity protection can be enabled as a solution to this problem, giving users confidence that the hypervisor has not been tampered with.

VNF and Application layer
Relate to the virtualization of network functions. In NFV systems, the entire framework is supported by a network graph that combines all of the software packages that represent the various network services. NFs could be the source of an assault or its victim. As a VNF is a vendor-provided component that is generally independent of the infrastructure provider, it may include security holes or even malicious software that is intended to launch attacks. In order to provide secure management, this layer solutions must have appropriate identity and access management as well as certificate management. Application-specific best practices for application security should enable automated security policy, VNF scanning, and continuous security monitoring.

Spectre Attacks
There are two ways to provoke and sway incorrect speculative execution.

Exploiting Conditional Branches (Variant 1(V1))
During a Spectre attack of this nature, the attacker trains the CPU's branch predictor to follow an incorrect path, thereby enabling the CPU to execute code that should not have been executed, and temporarily breaking the program's semantics. As a result of this improper speculative execution, an intruder can gain access to confidential data stored in the program's primary memory. Consider the below subcode as an illustration: Consider that the parameter z in the previous example has information that the attacker has full control over. The aforementioned procedure contain an if statement, the aim of that to ensure z value that an acceptable domain and thus to get guaranteed legitimacy of the main memory of ary1. Bypassing this if statement, an attacker potentially obtains possibly confidential information based on the process' address space.
An attacker initially runs the aforementioned code with genuine arguments even during preliminary mistraining step, teaching the predictor branch to foresee that the condition that would be right. The attacker then executes the code during the exploit step with a value of z outside of the boundaries of ary1. The CPU starts speculatively executing instructions that compute ary2[ary1[z]*4096] that used the erroneous z before knowing the branch outcome because it expects that the bounds check will be successful. Be aware that the call from ary2 puts data into the cache at a location which depends on ary1[z] using the malicious z, scaled to https://doi.org/10.56294/mr202337 3 Nahi HA, et al ensure that authenticates travel to separate cache lines and prevent the impacts of equipment prefetching. Once the results of the boundary check are obtained, the CPU detects its mistake and reverts any modifications made to its original microarchitectural state. Nevertheless, modifications to the cache state cannot be reversed, and an intruder can examine the cache contents to determine the value of any potentially sensitive bytes obtained through an out-of-bounds read from the victim's memory.

Exploiting Indirect Branches (Variant 2 (V2))
In this variation, which is based on return-oriented programming (ROP). (20,21,22) In this attack scenario, the attacker chooses a device from the victim's address space and convinces the victim to hypothetically execute it. Unlike in a ROP attack, the attacker does not rely on a vulnerability in the victim's code. Instead, the attacker manipulates the Branch Target Buffer (BTB) to predict a branch from an indirect branch instruction to the gadget's location, leading to the gadget being executed speculatively. As previously, erroneous speculative execution has an effect on the nominal state of the CPU but has no effect on the cache, allowing the device to leak private data through a cache side channel.
The attacker locates the gadget's virtual address in the address space of victim's, (23,24) subsequently conducts indirect branches for mentioned address in order to confuse the BTB. The address space of the attacker is used for this training. It is not important what is located All that is required during a training session is for the virtual addresses of the attacker and victim to coincide at the gadget address in the attacker's address space.
In reality, The attack can be successful even if the attacker's address space does not contain any code assigned to the device's virtual address, provided that the attacker can handle exceptions appropriately.
Changing the methods for obtaining speculative execution and unauthorized disclosure can result in the creation of new attacks. For instance, by improperly training return instructions, exposing timing fluctuations that reveal information, or creating conflicts on arithmetic units, (25) attackers can develop new methods of attack.

METHODS
In this section we will show how we directed the attacks on the architecture proposed in below figure (figure 2).

Attacks of the Hardware
In this aspect, we generated a specter attack on a mobile that contains the system (figure 3), based on execution of speculative and prediction of a branch. After that, we could run code on the intended system.
Take into account the scenario where the following code (conditional branch) is a component of a function that receives a dubious source's unsigned integer z. The running the code can access There are two arrays: the first one is called ary1 and has a size of "ary1 size", while the second one is called ary2 and has a size of 2 MB.

Hypervisor Attack (DoS)
An attempt to take over the hypervisor that oversees the virtual environment is known as a hyperjacking attack. This is feasible if an attacker inserts a hypervisor directly below the existing one or gains access to the existing hypervisor. We generated a hypervisor DoS (in below steps) as a test attack to the hypervisor in the proposed architecture via a virtual machine's rootkit installation (figure 4).
. Now, we listed many steps for hypervisor DDoS generation based on many servers: • Firstly, we will have to deploy Mc-word file on a virtual device as we'll use it as an example program and hijack its updating.
• Then, install evilgrade, a modular gap that enables the attacker to profit from subpar upgrade performances by sneaking "bad" upgrades past an unsuspecting victim. •

RESULTS AND DISCUSSIONS
Regarding the lower layer and the results that appeared after the two experiments, which we mean before and after the attacks The result of the hardware device was: • Accessing the root of the system. • Access to the memory of a target or victim process executing on the system. • Furthermore, the attack is executed in a scenario affecting a virtualized medium.
Then the solutions we add it to the architecture to prevent or reduce the impact of these attacks are: • Software secures e.g. browsers. Bios (EFS filesystem, bootloader ) or KNOX version updates as shown in figure 5.  Table 1 shows the outcomes for the detection of Spectre attack before solutions. There is a clear difference in the table 2, which was obtained and analysed for its time after the solutions that were developed and gave protection to the hardware device. Also, in the figures 6 and 7 we notice a clear difference in the tainted conditional branches, Specter Variant 1 (V1) condition and Specter Variant 2 (V2), which were tested before and after the update. All three are clearly increased by increasing the security of the proposed architecture. https://doi.org/10.56294/mr202337  With regard to the important layer the hypervisor layer through which it is possible to fully operate on the network in addition to its services. Each hack that occurs at the hypervisor level has a major detrimental impact, as it grants attackers complete control over the virtualized environment and enables them to conceal their malicious actions. We did several procedures through which the attacks were monitored or gave a great opportunity to the network administrator to secure the architecture. As shown in the table 3 and figure 8, below refer the network before the updated the hypervisor and execute procedures. The first procedure, as soon as the vendor provides an update, install it on the hypervisor. Most hypervisors include capabilities that will automatically look for modifications and install them if any are detected. In addition to that sending an alternation for manager about the attacks. As shown in below table 4 and figure 9, that indicated to the attacks time after hypervisor updated. https://doi.org/10.56294/mr202337 7 Nahi HA, et al   The second procedure, if they are not needed, it is recommended to disable all hypervisor services such as file and clipboard sharing between the guest and host operating systems.
The last procedure, utilize introspection tools to keep an eye on the privacy of interactions among host kernels.

CONCLUSION
This paper discusses the many fields of IT, Firstly the work of NFV in the smartphone and how employed with complex services of these mobiles. Secondly, the security field of NFV tools and smartphones used attacks like Specter and DoS. We are finally merging these two fields to secure the virtual smartphone based on NFV. We obtained different time before/ after hypervisor layer updated that indicates the effectiveness and strength of the updates used.