A blockchain-based trust management system for 5G network slicing enabled C-RAN

Received Nov. 6, 2021 Revised Jan. 5, 2022 Accepted Jan. 27, 2022 Abstract The mobility nature of the wireless networks and the time-sensitive tasks make it necessary for the system to transfer the messages with a minimum delay. The Cloud Radio Access Network (C-RAN) reduces the latency problem. However, due to the trustlessness of 5G networks resulting from the heterogeneity nature of devices. In this article, for the edge devices, there is a need to maintain a trust level in the CRAN node by checking the rates of devices that are allowed to share data among other devices. The SDN controller is built into a macro-cell that plays the role of a cluster head. The blockchain-based automatically authenticates the edge devices by assigning a unique identification that is shared by the cluster head with all the C-RAN nodes connected to it. Simulation results demonstrate that compared with the benchmark, the proposed approach significantly advances the processing time of blocks, the detection accuracy of malicious nodes, and transaction transmission delay.


Introduction
Fifth-Generation (5G) networks will be very flexible, and they require sophisticated programmable software for cellular mobile users and other types of service networks. The 5G networks will serve many tenants depending on their characteristics and requirements. With the vast number of IoT and vehicles supplying improved communication capacity, lower transmission latency, and higher data rates, 5G mobile cellular networks are gradually taking over the 4G mobile network environment. Smaller cells, such as Micro, Femto, and Pico, can provide greater throughput and reduced latency in this environment. [1]. Besides, for the IoT and Intelligent Transportation System (ITS), Mobile Edge Computing (MEC) is presented to achieve similar goals [2]. 5G cellular networks are likely to be dense, with each device requiring significant bandwidth to enable multimedia applications with stringent quality of service (QoS) expectations [3]. The excellent physical properties of mmWave (up to 60 GHz) can help with short-range, high-data-rate communication. Because of the limited coverage of 5G cells. Clustering, on the other hand, is one of the approaches for improving wireless network handover, offloading, and energy efficiency by balancing load and energy consumption among cells [4] [5]. Software-defined networks (SDN) and the Cloud Radio Access Network (C-RAN) are emerging as promising technological solutions for next-generation communication with a large number of heterogeneous devices and applications. These technologies make effective network resource sharing and flexible task scheduling possible across a wide range of cells. [6]. As shown in Fig.1, the separation of the control plane and the data plane, which can improve system resilience and scalability, is a key feature of SDN. As a result of this strategy, networks become programmable, centrally controlled, adaptive, and optimized for maximum efficiency [7]. It can communicate with the Open Flow-Switches and a pool of Base Band Units (BBUs) in realtime to obtain RAN state information. As a result, the SDN controller can intelligently distribute resources for BBUs depending on their load state, as well as adjust the connections between Remote Radio Heads (RRHs) and BBUs to generate logic cells based on the device's mobility. As a result, the SDN network becomes more intelligent and flexible, allowing it to fulfill resource demands in various locations covered by RAN cells [8]. Figure 1. C-RAN enabled SDN architecture 5G devices are diverse, employing several different technologies for various purposes. As a result, maintaining their consistency and dependability is tough. On the other hand, using the clustering strategy can assist reduce base station (BS) overhead and delay. Each cluster has a single cluster head device; each BS cell's device serves as a cluster head or is served by a BS through the appropriate cluster head. Device-to-Device (D2D) transmissions are used for intra-cluster communication. In the uplink, the D2D connection is established from the cluster device to the cluster head. Consequently, the downlink traffic of a clustered device is first given downlink resources (from the BS to the cluster head) and then from the cluster head to the clustered device. Among all the clustered devices, the cluster head device should have the best link to the BS. As a result, downlink resources are conserved [9].
Using blockchain in wireless networks makes the exchange of information and the transfer of keys unnecessary [10]. To build public ledgers, the mined blocks are circulated around the network. Furthermore, depending on the sort of Artificial Intelligence (AI) algorithms employed, the transaction process could take a significant period of time [11]. To verify the authenticity of transactions, the blockchain employs asymmetric private/public key and hash cryptography algorithms. Each node's private key is used to sign transactions, while the public key is broadcast to all network nodes and serves as an identity. The network's mining nodes collect new transactions and attempt to resolve a consensus rule. When a node achieves mechanism consensus, it broadcasts the block to all other nodes.
As a result, every other node that receives the block will verify the transaction and acknowledge it by constructing the next block in the chain [12] [13]. In the same context, using edge computing with cellular networks improves the QoS of different industries and services for 5G application domains, which provide processing, computing, and storage capabilities near edge devices [14]. Besides, trust management is widely discussed, especially in wireless networks. Due to wireless and mobility nature, devices become open to many attacks throughout the communication. Blockchain's distributed nature makes it an intriguing piece of equipment for tackling many of the security and trust issues that arise in large-scale IoT networks with limited resources. Blockchain is used for decentralized applications that do not require interaction with a trusted third party [15]. Many authors focus on building trust in sensors and IoT with limited power and storage using blockchain technology to allow newly joined devices to set up trust instantly [16] as in Industrial IoT (IIot) [17], Wireless Sensor Network (WSN) [18] and wearable devices [19].
The development of a 5G communication system requires fast response, authorized power consumption, and secure communication between different devices connected to the heterogeneous networks. In this article, hierarchical architecture is proposed as a cluster to reduce energy consumption by building a trust zone for every cluster and connecting this zone with other clusters with the help of SDN and blockchain. The zone begins with a macro-cell Radio Access Technology (RAT) that contains the SDN controller; every macro-cell controls many C-RAN nodes. Therefore, the C-RAN node could use the blockchain's Delegated Proof of Stake algorithm (DPoS) to securely broadcast all devices' IDs automatically to every device in its coverage as used in [20]. As a result, the device can start D2D immediately without previous authentication. The contribution of this article can be summarized as: a) Macro-cell using the SDN controller to control all devices in its zone and working as a cluster head. b) Using public blockchain in C-RAN nodes is beneficial to dynamically distribute devices' IDs to the public ledger list to all devices under their control, so every device has a list of trusted entities. There is no need to reregister. c) C-RAN nodes perform automatic access control by assigning IDs to all connected devices via blockchain. d) Zones are connected to each other by using a private blockchain since the mobile operators verify the macro-cell.
The rest of this article is organized as Sec. 2 proposes a related work. Sec. 3 establishes blockchain-based trust for 5G networks.Sec.4 discusses the blockchain for trust and energy consumption. Sec. 4 provides the calculation of the proposed architecture. Sec. 5 provides the simulation results and evaluation. Sec.6 concludes this article.

Related work
The RAN is being developed to provide increased data speeds and capacity, as well as efficient spectrum utilization, low energy consumption, and widespread device connectivity [21]. Many new technologies are being merged to pave the way for 5G networks, including SDN, C-RAN, and NFV. The SDN controller, which is connected to a private blockchain [22] [23], administers and controls the entire C-RAN network. In [24], the integration of the SDN controller with the blockchain was introduced. The network information and the blockchain ledger are stored using data from OF-Switches and the BBU pool. As shown in Fig.2 [25], this data includes the load on BBUs, resource allocation, device information, handover information between adjacent cells, information about every block in the blockchain, and the entire network topology information, which is used to choose the closest paths between Edge-RRHs and BBUs. The Blockchain operates between two end-to-end peer servers in a distributed or centralized controller. Thus, this idea has advantageous effects on end-to-end security management by reducing the complexity of the system deployment and latency taken for the end-to-end secure session setup [26]. In addition, SDN controllers are expected to handle the control traffic coming from C-RANs. As a result, the SDN controller is positioned in a macro-cell closer to the edge of the network. This design adds scalability to the control plane by directly handling wireless specific functions as a distributed control for the edge 5G network as provided in [27]. Therefore, SDN controllers can still be distributed and perform centralized control for each cluster to decrease management complexity while keeping part of the centralization benefits. There is also the possibility to pool resources, such as radio frequencies and processing power, under the control of SDN controllers in C-RAN, as in [28] [29]. The controllers in the C-RAN network are interconnected in a distributed private blockchain network, allowing each device to easily and efficiently transport data across the network without disclosing private information or requiring reauthentication. Many studies have been conducted in the area of optimizing SDN clusters and C-RAN, which is characterized by functional redistribution.
In [12], SDN controllers are distributed as a series of slave and master controllers. In remote locations, master controllers managed a set of macro-cells and acted as coordinators for slave controllers. Slave Controllers operated as a management unit for a set of small cells, providing a short-time scale. Furthermore, as demonstrated in [30] [31], combining blockchain with an SDN clustering design lowered the susceptibility and energy spent by IoT devices in the Mobile Edge Computing (MEC) structure while also providing a better. Authors in [32] focused on using blockchain for distributed trust and preventing malicious devices that disturb ordinary traffic by broadcasting a lot of false information. Those devices will be traced back to the system and temporarily banned. Consequently, the privacy of legitimate devices will be safe and their information will be protected. In work [33], the blockchain nodes must solve the nonce. The other nodes in the network verify the winning node's result. If at least 51 percent of the nodes agree with the transaction, the winning node adds it to the block and receives the reward. A blockchain is created and maintained as a result of this procedure. Hackers find it difficult to breach the Proof of Work (PoW)-based blockchain because they must compromise 51 percent of the network nodes, which takes time & expense. In addition, the SDN controller made use of a Genetic Algorithm (GA) to discover the most efficient data transmission paths. A lightweight trust model based on blockchain technology was developed by [34], and it produced the bare minimum requirements for supply chain actors to have confidence in the data they are receiving. A trust evaluation is carried out when a client node launches a transaction and requests endorsements from nearby nodes. In order for a transaction to be fully entered into the ledger, the client node needs to transmit transaction proposals to all accessible endorsing peers. Using a chain code, the endorsing peer nodes examine the trust score of the beginning node. The benchmark for this work is [35]. The authors focused on security and privacy issues in the transportation system and the vehicular IoT environment. Due to the decentralized and immutable properties of blockchain, a blockchain-based security framework is being created to support vehicular IoT services such as real-time cloud-based video reports and trust management in vehicular messaging. The authors exhibited the SDN-enabled 5G-VANET paradigm as well as the scheduling algorithms of the blockchain-based architecture.

Trust in 5G networks powered by blockchain
All the edge devices are connected to C-RAN nodes, which are shared among macro-cell RATs in heterogeneous networks. The number of C-RAN nodes is much bigger than the number of macro-cell RATs in the proposed architecture, as shown in Fig.2. However, cryptographic techniques used in mining blocks prevent malicious devices from altering or deleting the blockchain [36]. The DPoS consensus is a mechanism to ensure trust in the wireless network, so C-RAN nodes in the network commonly agree on any block inserted into the chain. DPoS is the best well-known consensus algorithm that can be used in real-time voting to create a group of trusted delegate nodes that can verify the blocks. These C-RAN nodes have the authority to produce and contribute blocks to the blockchain network. Similarly, miner C-RAN nodes prevent rogue nodes from participating in block addition [37]. As a result, the number of nodes participating in voting will be reduced, resulting in a shorter creation block time and lower computing overhead in the PoW process, resulting in lower power consumption.
In general, network partners in DPoS are unpredictable when it comes to making negative judgments for the network. Through a distributed ledger that contains all of the transactions on the blockchain, the blockchain enables reliable and secure services. The transaction ledger is settled by multiple trusted C-RAN nodes in various places. The legitimacy of transactions can be monitored by all C-RAN nodes. The asymmetric encryption and certification technology stored on the blockchain is public, but it is deeply encrypted and can only be accessed with the permission of the data owner, unlike the public device identification (device ID). Furthermore, the effectiveness of a blockchain transaction is determined by the usage of a consensus method, which precludes tampering [38]. In heterogeneous cellular networks, DPoS is preferable because mobile network operators (MNOs) choose C-RAN nodes, which are employed as miners and validated by a public blockchain. In a DPoS blockchain, for example, a certified node (C-RAN node) verifies the transaction and the block without incurring the high computational costs of mining, as shown in Fig.3. The time it takes to add a new block to the blockchain is reduced because of this mining process. This C-RAN validator node needs to authenticate on the blockchain, which is difficult to come by. Even if there is a malicious C-RAN node, it will be stopped out by other C-RAN nodes' votes similar to [39]. On the other hand, cluster heads (macro-cells) connect with one another via a private blockchain maintained by a central SDN controller. The blockchain network's distributed nature ensures greater resilience in the event of a system failure. To reduce energy consumption, message transfer between wireless heterogeneous devices should have low latency and as few steps as possible [11]. To solve this problem, the blockchain in the proposed architecture might be distributed, i.e., many blockchains handling different tasks, one blockchain to serve only one task. It is better to have a separate blockchain for access control, another for D2D, and one for connecting clusters so that every process is faster and independent of others. The network's quality of service (QoS) is determined by the data received from edge devices. To overcome this challenge, Edge computing is used, which is closer to the edge device [40] [41] and can be shared among many MNOs. These C-RAN nodes can be designed as a trusted point that uses the public blockchain to permit any new device to connect. The message exchange in the wireless networks could be facilitated by using the blockchain mining process since the blockchain structure releases decentralized authentication. C-RAN nodes communicate with one another by mining blocks and broadcasting the results to all network cells. Transaction signatures are checked to see if the information in the transactions is reliable. Furthermore, ciphertext in transactions is secured from decryption until it reaches the destination because it is encrypted with the destination's public key [11], which is the device's ID in the proposed trusted system, and decrypted using the edge device's private key.

The proposed approach's calculation
Blockchain allows devices to communicate with each other and with C-RAN nodes without sharing personal information [42] [43]. The C-RAN node is used as a gateway to allow new devices to access the system and monitor its trustworthiness. The central trust point (cluster head) is used for authenticating devices and having IDs as registered numbers. These IDs are provided to build trust and communicate safely with C-RAN nodes and between devices themselves. In this way, any device that asks for a service for the first time will be authenticated by a public blockchain. This authentication will be accomplished through the use of a smart contract and several blockchain transactions. Similar to [44], as a first step, edge devices have to be registered, then the edge device will be able to request any service. When the edge device with no ID forwards the request to the C-RAN node, the MNO immediately accesses the server data of the related tenant to get the data requested. When the C-RAN node gives the response to the edge device, it will legitimize the service first with the help of smart contracts to ensure whether this service is secure or not. Then, the device will be registered on the public blockchain with the lowest possible trust value. After that, whenever a device sends a request to the C-RAN node for the services, it will be in an encrypted form. While some devices will always misuse information or offer false information to the network, the blockchain method can assess the trustworthiness of data and alert the relevant device several times. The blockchain restricts the device if it continues to submit misleading data [45]. However, when the edge devices communicate with each other (like in D2D communication), they validate messages received from the neighboring devices. Through this validation, the edge device generates a trust rate for the device that sends the correct information. The rate is then uploaded to the C-RAN node, which calculates the trust value of that device from all other devices that are communicated with it. Then the C-RAN node sends the device's trust value to the macro-cell, which stores this rate in the private blockchain that connects all macro-cell RAT in heterogeneous networks. For the establishment of trust throughout many layers in clustering architecture, the C-RAN nodes act as mediators. When a service transaction starts, the devices and MNO agree on the service contents and keep the service parameters in the C-RAN node [46]. The edge device is identified by a unique ID provided by the public blockchain in the same cluster controlled by its SDN controller. This ID is unique universally as a MAC address In simple words, an edge device starts a connection with the C-RAN node to get a unique identification for trust evaluation from the blockchain. After authentication is done between the edge device and the cluster head (macro-cell) by validating the data received from the edge device. The edge device collects its data and forwards it to the MEC with its public key (device ID) which in this case is assumed as (node identification) with its (Reputation Values given by a specific device to rate other devices that have a previous interaction with). On the other hand, s is the list of devices' reputations in the C-RAN node database that is collected from the devices, which had communicated with the device . The trust rate of any device can be expressed as a real number between -1 (showing untrusted) and 1 (fully trusted) [48]. When a device receives an invite from another device (row 2 in algorithm 1), it determines whether that device has a trust value stored (row 6) or not. Since the C-RAN nodes send the list of trusted devices periodically, all devices have a list of legitimate devices to avoid any connection with a malicious device and reduce the energy consumed in validating the connection with any other device. If the new device is not in the list of this C-RAN node, it will search for it in surrounding C-RAN nodes (rows 8 to 13).

Algorithm 1 Trust among devices
Input: Received Req ≠ ∅ output: RD Nid ≠∅ // reputation database for specific device 1: while true do 2: req ⇐ receive(); 3: req id ⇐ req.id; 4: if trust RD Nid s list.find(req id) ≠ ∅ then // the requested id is stored in device's list 5: {trust} ⇐ if trust RD Nid s list.take(req id); 6: req id ⇐ req.id; 7: end if 8: if trust RD Nid s list.find(req id) = ∅ then // the requested id is not stored in the device's trust RD Nid s list, so the device will ask C-RAN node 9: send ⇐ {TRUST REQ, req new id}; // C-RAN node investigates a new device in surrounding C-RAN nodes 10: trust RD Nid s list.put(req id, trust); // put the new RD Nid in trust RD Nid s list 11:msg ⇐ {UPDATE trust RD Nid s list} // C-RAN node sends the updated list to device 12: else 13: send(ERROR, req reject); // trusted device rejects request from suspicious device 14: end if 15: end while On the other hand, when the new device communicates with the C-RAN node for the first time, i.e., it is not registered anywhere. In this way, the pre-registration is used as proactive access control to permit or restrict interaction with new devices. For the new device, the C-RAN node gives it a value depending on both provided service and device feedback, but this value should not be more than zero. The C-RAN node broadcasts the list of IDs of all connected devices only. When a device requests contact with the C-RAN cell, the C-RAN cell will verify its own database for the current trust status. If C-RAN discovers a previous (trusted value), otherwise it will use Eq.1 to generate the new trust value for a specific device based on the experiences of other devices.
In the equation.1 is the trust value on the Edge server database for a device . is a Reputed device ( ) value from other devices, whereas is the number of devices controlled by a specific C-RAN node. The ⍵1 and ⍵2 are the weight factors where ⍵1+⍵2 =1. After providing, the new , a new block will be added to the blockchain, which will be sent to all C-RAN cells for verification.

Evaluation and Results
In this section, we analyze the proposed blockchain-enabled trust for 5G networks in terms of three metrics: processing time of blocks, detection accuracy of malicious nodes, and transaction transmission delay. Moreover, we also compare our results with those of benchmark (Blockchain-Based Secure and Trustworthy-SDN5G) BBST-SDN5G [35], which offers the SDN-enabled 5G-VANET model. We accomplish the simulation of our proposed method through the OMNeT ++ 5.4.1 framework within the INET 4.1.2. The function of blockchain during simulation is implemented in the INET framework as in [49]. The proposed method offers a blockchain in the 5G network, which applies the consensus-updated DPOS algorithm to all C-RAN nodes in each SDN cluster. To assess the comparability of the proposed architecture, the size of the 5G network is considered 1000m x 1000m. The bandwidth is set at 10Mbps, and the number of edge devices is between 200 and 500. We want to see how well the network performs at different network densities. Table 1 shows the details of the simulation parameters.

Number of Transactions
Processing time: The time is taken to produce the block in the proposed architecture. In other words, it is the time that the C-RAN node needs to generate the block. Moreover, we also implement an efficient method, which provides low overhead during the simulation. All edge devices are automatically registered in the proposed architecture and join the network with no need to identify each other. As it has been illustrated in Fig.4, our proposed architecture has a lower processing time for generating blocks in comparison with the BBST-SDN5G [35], owing to the fact that the C-RAN node could apply a DPoS algorithm that has a direct effect on reducing the time during generating blocks. Figure 4. Impact of the number of blocks on process time • Detection accuracy: We want to see how accurate it is to detect hostile nodes that want to connect to the network using a fake or stolen ID. When a few malicious nodes are present, as shown in fig.5, the network's message transmissions can be trusted. In comparison to BBST-SDN5G [35]. The suggested architecture has a higher detection rate because it is C-RAN enabled, and all nodes have lower speeds. Indeed, our approach is capable of detecting all rogue nodes with ease. Figure 5. Detection accuracy of malicious nodes.
• Transaction transmission delay: To demonstrate the scalability and utility of blockchain for trust management in 5G SDN network-enabled C-RAN, we examine the transmission delay of blockchain transactions with a variety of message flows and different numbers of edge devices. Usually, when the device has to communicate with others, the message rate is increased to build trust, then agreed upon to secure messages between nodes. As a result, the whole 5G network will suffer from a heavy load. However, the proposed architecture has less transmission delay in comparison with the BBST-SDN5G [35] because, as shown in Fig.6, the proposed architecture verifies and prepares all connected nodes to interact without any prior agreement. Furthermore, the proposed architecture verifies transaction authentication using asymmetric private/public key and hash cryptography algorithms. Each node's private key is used to sign transactions, while the public key is broadcast to all network nodes and serves as an identity.

Conclusion
Blockchain is a technology used to share the registry concepts for a distributed system over a wireless network. Different types of application domains exist in 5G heterogeneous networks, ranging from broadband mobile applications to potentially any industrial system requiring decentralized, trusted, and automated decision making in multi-tenant companies. Due to the heterogeneity of edge devices and service requirements, trust management is critical for 5G networks. Indeed, trust management enables dynamic access restrictions, which is essential to resist internal attacks carried out by malicious nodes. It cuts down on the amount of time spent communicating between the device and the MNO, which is something that is likely to happen in the real world. The suggested trust management reduces the number of messages exchanged to establish trust with other devices and the MNO, resulting in lower network latency. The result is an improvement in the detection of malicious devices and a reduced time to create a block, which leads to improved network latency. For future work, trust management is required to focus on how the cloud calculates the trust degree of every MNO and how the devices in 5G heterogeneous networks can appropriately choose the optimal MNO to handle their requests depending on the operator's reputation.