SAFE-6G – SNS Horizon Europe

Discover SAFE-6G...

SAFE-6G is a European research project (HORIZON-JU-SNS-2023-STREAM-B-01-04), which pioneers a holistic research approach, situating a native trustworthiness framework atop the open and distributed USN/NSN-based 6G core, leveraging (X)AI/ML techniques to coordinate user-centric safety, security, privacy, resilience, and reliability functions, strategically optimizing the Level of Trust (LoT) as a pivotal Key Value Indicator (KVI) for 6G, while addressing specific trust requirements and data governance policies specified by each user/tenant/human-role throughout the entire 6G lifecycle, encompassing onboarding, deployment, operation, and decomposition.

Key Features

Metaverse

Artificial Intelligence

6G Network

ML Ops

Data Analysis & Collection

Ambitions

Slide

User-centric 6G Network System Redesign

The SAFE-6G moves beyond the current function-centric core network towards a user-centric evolution of the 6G system over the recently researched edge cloud continuum. Therefore, 6G in order to become the human-centric system of systems requires significant architectural redesign based on the use-centric (i.e. per-user perspective), given that the network intrinsically handles the state of each UE or user.

A user-centric design is specifically capable of providing a complete instance of the 6G system for each user, offering personal data management, policy control, session control, and mobility management per-user. Network services will be recentered on users thanks to the user- centric paradigm, which reimagines how they are delivered per-user. The architecture should allow users to have and self-manage their own networks while avoiding the "one-size-fits-all" philosophy in order to provide personalized services. End users will therefore have the option of selecting network resources for the construction of their own VPNs. The "my network" vision will need to be realized before the user-centric approach, which should transcend beyond network services, can be implemented. Each user will have a separate network that consolidates all necessary tasks for service delivery thanks to the user-centric architecture. According to this design approach, the UCN is in charge of managing mobility, policies, sessions, and personal data. The much lower exchanged signals and resulting decreased latency are one of UCN's selling advantages.

Thus, the proposed 6G Beyond Service Based Architecture (B-SBA) should allow the deployment of NSN components in one location while aggregating multiple instances of USN in different locations but as part of the same communication platform. The B-SBA would allow the creation of network slices tailored for the users where the resources might be distributed or provided by different network providers. The evolution of this B-SBA core architecture will be based on evolving and reforming current 3GPP interfaces and functions, as the figure envisages.

Slide

AI-driven 6G Services Mesh Networking

SAFE-6G fosters a human-centric architecture in which users can manage the underlying resources to “own” their
cellular network. To smooth and ease its further adoption, the project targets a zero-touch, AI-driven Cloud-Native
networking environment in which L3, L4 and L7 rules and policies are automatically applied by the system once
microservices (either from the core net or vertical-specific) are to be deployed, in a transparent manner to the user.
To that end, the project’s platform will incorporate two complementary networking tools, namely:

(a) an interface to define which features are desired for specific groups of microservices, or applications, related primarily to network
policies (i.e., which traffic is to be accepted, from which other microservices/applications, which HTTP calls are
allowed), encryption, service chaining and multi-cluster requirement levels;

(b) a set of Cloud-native mechanisms to implement such policies (VPP, eBPF-based) at deployment time, in coordination with the resource and service orchestrator, aiming at avoiding any kind of application code nor packaging metadata (e.g., K8s manifests, Helm templates, Juju charms, depending on the packaging format) modification.

This framework will respect the principles of human oversight (HITL) from the definition phase, allowing the possibility of changing its behavior when required. Overall, classical identity and authorization frameworks focus on securing access to services based on user or application-level authentication and authorization. Complementary, the proposed eBPF/VPP-based mechanisms take a more network-centric approach to securing services, using policies, encryption and chaining rules to secure traffic and protect services from unauthorized access.

Slide

6G Security and Trustworthiness

SAFE-6G will combine the advantages of Federated Identity and Self-Sovereign Identity (SSI) management schemes, along with the use of smart contracts for consent management, providing a more secure and efficient approach to identity management. This approach will also allow for more flexibility in access policies and rules, enabling stakeholders to adapt to evolving requirements and changing business needs. The combination of both schemes provides the benefits of centralized identity management, such as scalability and ease of use, along with the benefits of decentralized identity management, such as increased privacy and security. Moreover, in the context of SAFE-6G the use of verifiable credentials-based zero-knowledge proof protocol will help to ensure that user privacy is preserved while still maintaining secure and efficient identity verification. This is crucial in scenarios where users' sensitive information needs to be protected, such as in healthcare and financial applications. The zero-knowledge proof protocol allows the user to prove their identity without revealing any sensitive information. This approach ensures that the user's privacy is protected while still allowing for secure identity verification. The combination of Proofs of Retrievability and Verifiable credentials ensures the integrity of data stored remotely by verifying that the data has not been tampered with and is still intact. This is achieved through the use of cryptographic proofs that allow the client to verify that the data has not been modified or deleted.

This approach is particularly useful in scenarios where data needs to be stored remotely, such as in cloud environments, and needs to be accessed frequently. By incorporating these innovative features, SAFE-6G aims to provide a more robust and secure 6G core architecture over the edge-cloud continuum, going beyond the state-of-the-art in terms of security, privacy, and resilience.

Slide

User-centric 6G Privacy

SAFE-6G will innovate by addressing the 6G network as a whole (integrated continuum) rather than a patchwork of independent technologies and delivering a holistic privacy solution for user-centric services. To that end, it will introduce a novel concept, i.e. the “privacy score” of each user-centric service, combining metrics and factors from the entire 6G stack, the nature of the data, as well as the security mechanisms already in place (e.g. attestation). An innovative aspect will also be the investigation of the trade-off between privacy preservation and Quality of Service, always depending on the user intent. Finally, a novelty of SAFE-6G will be the introduction of a Privacy Preservation Decision Support System (PP-DSS), closely integrated with the management and orchestration components. Via this approach, SAFE-6G attempts to embed the privacy aspect in the core of 6G operations, as an essential pillar of 6G trustworthiness.

Slide

Differential Privacy in MLOps

The SAFE-6G project aims to assess the influence of Differential Privacy on the effectiveness of AI algorithms for 6G networks. They plan to conduct experiments using Gaussian Naive Bayes, Logistic Regression, Support Vector Machines, and Random Forest Classifier. Each algorithm will be trained in both a differentially private and a non-private version, with performance evaluated using the F1 score metric and 5-fold cross-validation. The choice of the F1 score aims to balance precision and recall for 6G lifecycle management data. By comparing F1 scores, the project seeks to determine the impact of Differential Privacy on accuracy and generalization in the user-centric 6G instance paradigm. The baseline classifiers (non-private) will be implemented using the scikit-learn library, with privacy loss ε varying from 0.01 to 1 in steps of 0.02 for baseline hyperparameters.

Slide

AI-enabled Orchestration towards Zero-touch Cognitive Coordination

In SAFE-6G, we will move the ambition of the resource orchestration beyond the current SoTA, considering intelligent resource orchestration and cognitive coordination. The capabilities of 6G networks may be used in novel business models to supply services with an unparalleled degree of efficiency thanks to autonomously run and self- adapting networks. To realize this zero-touch vision, intents—the method that officially states what the autonomous system is anticipated to do—will be essential. In order to achieve the zero-touch operation paradigm, which is the ultimate aim of cognitive networks, artificial intelligence must match that of humans in terms of its capacity to reason and make decisions across a wide range of complicated connections.

Even if AI is not currently capable of providing that level of sophistication, SAFE-6G shows that it is now feasible to achieve a high level of useful autonomous operation in networks by fusing already-existing AI approaches with adaptable design to produce what we refer to as a cognitive coordinator. In this framework, the project will address some of the above challenges by providing a set of novel network management mechanisms extensively exploiting AI/ML techniques.

AI-based network management algorithms will be used to: i) support predictive orchestration (which covers dynamic management of resource capacity, data-driven optimisation, and intent-based mechanisms, supporting the goals of perceived zero latency and seemingly infinite capacity), ii) increase automation (zero-touch), iii) solve Security and Privacy aspects related to inter-domain management aspects (relying on Distributed Ledger Technologies (DLTs), and iv) improve resiliency enabling more secure and private exchanges between the participating domains.

Slide

Explainable AI for enabling a Human-centric 6G system

On this basis, in the project, we will investigate post-hoc methods of interpretability that can be used on ML trained on 5G and 6G data. By extending and connecting original (training, validation, and test) data with entities in knowledge graphs, (i) context is encoded, (ii) connections and relations are revealed, and (iii) inference and causation are natively enabled. Knowledge graphs will be used to encode a better representation of data, structure an ML model in a more interpretable fashion, and employ semantic similarity for local (instance-based) and global (model-based) explanation.

Thus, in SAFE-6G we will explore features attribution methods and counterfactual examples both for local and global explanations. Moreover, we will explore methods that allow to highlight more important training data for a prediction like in [61]. We will seek to provide Python modules that can be used by ML engineer and a simple dashboard that uses the methods implemented and some existing Open Source Python modules.

Slide

Data driven analysis & Collection, Outputs and evaluation and security detection

To preserve privacy various FL techniques will be examined and the deployed ML methods will be optimized to detect security attacks via extending currently available methods which are mainly focused on anomaly detection caused by intrusion detection methods, false alarms and attacks that can cause high latency; e.g. they will be extended to also address data poisoning in control/management, cooperative and adaptative attacks as well as consider services serving a significant number of users.

Moreover, the two-stage framework will be able to handle a diversity of 6G scenarios (cell, cell-less, 3D/NTN, private, public environments) providing end to end security across heterogeneous and dynamic technologies and environments. Using the two stage routine, will also allow to understand the cause behind each threat and security alarm and its impact on the various elements/functions of the infrastructure, as key performance metrics will be monitored e.g. CPU, memory, network bandwidth, service time ensuring the overall Quality of Service.

Slide

User-Centric, Software Defined Perimeter for 6G System

SAFE-6G aims to develop and implement, for the first time, the SDP concept in a telecommunications Software Defined Network (SDN), featuring high network security and safety, customized to operate seamlessly with the proposed, user-centric, 6G Packet Core. Although SDP has been successfully implemented in other networks with impressive performance, in terms of safety and security, it has never been implemented in telecommunications networks. In a multi-tenant infrastructure, where multiple users and organizations share the same network resources, SDP provides a user-centric approach to network security, which fits perfectly with the zero-trust, user-centric approach of SAFE-6G.

This approach secures each user's access to network resources based on their specific needs and permissions. SDP provides a flexible, scalable, and extensible security solution. It enables the deployment of partitioned network perimeters that are invisible to outsiders, in any location where IT assets need to be protected, including in the cloud, at a hosting center, or across multiple locations. SDP helps mitigate a broad set of security risks and vulnerabilities by ensuring secure network connections and adopting the assumption that there is no trust between potential participants. A key component and target of SDP use in SAFE-6G is rendering the telecommunications network’s ICT infrastructure "invisible" or "dark," meaning no DNS or IP address information is visible, and protected ICT resources cannot be detected from the network.

In SAFE-6G, SDP will be implemented from the control plane to the Packet Core taking into account the zero-trust, user-centric and microservices approach of SAFE-6G. The SDP stack developed by SAFE-6G will incorporate within the perimeter of the User Plane Function (UPF). SDP will be implemented so that AMF will initiate a virtual SDP controller, which will establish a VPN connection for mutual authentication with the UE. This approach will protect the AMF's location and make it impervious to a variety of attacks but more specifically to DDoS attacks. Once the UE is authenticated with the controller and the authentication host, a perimeter will be created for the user, containing all the components they need. On the User Plane, microservices will be authenticated independently before being deployed to the network and added to individual perimeters. The perimeter created for the user at the User Plane Function (UPF), which includes any requested microservices from the user. This will create a perimeter within a perimeter, effectively increasing network security.

Slide

Trusted Metaverse Services

At 3GPP meetings, 3GPP WG agreed on SIDs (Study Item Description) for Rel-19, since core enabler technologies of Metaverse services call for user-centric designs (XR+AI) and decentralization (ex, Blockchain) while keeping a key focus on data safety. The evolution of network systems, and in particular the new capabilities that 6G could provide is thus crucial for the development and acceptance of future XR+AI and metaverses applications. For example, the 3GPP Rel-19 on metaverse services (FS_Metaverse) will address requirements arising when 3GPP-based systems carry traffic for the application implementing metaverse scenario.Within SAFE-6G, our goal is to validate the 6G trustworthiness framework for Metaverse applications through the lens of two Metaverse use-cases, whose Level of Trust (LoT) is of highest importance for their reliable service provision, namely:

Use-case 1: Industrial Metaverse of a production line and
Use-case 2: Metaverse for Education.