Upload File

towards a security-aware network virtualization

14

Click here to load reader

Upload: achim-friedland

Post on 29-Jun-2015

601 views

Category:

Technology


2 download

Report

TRANSCRIPT

Page 1: Towards a Security-aware Network Virtualization

Towards a Security-aware Network Virtualization

3rd GI/ITG KuVS Workshop on

The Future Internet

Achim Friedland

SONES GmbH / TU Ilmenau

[email protected]

Munich 05/2009

Page 2: Towards a Security-aware Network Virtualization

Security Threats in Classical Networks

Page 3: Towards a Security-aware Network Virtualization

Security Threats in Virtual Networks

Page 4: Towards a Security-aware Network Virtualization

New Security Threats occure…

• Sharing of networking ressources with untrusted parties (MalloryVIRTUAL)

• Virtualized network equipment might run untrusted or not well understood networking code

• Bitter lessons from practical security: Virtualization boundaries can not be guaranteed 100%

Page 5: Towards a Security-aware Network Virtualization

Basic Idea:

• Reduce the gainable knowledge of an observer

• Lower the impact of an attacker

• Do not disclose end-to-end information

• Do not try to fight an omni-potent attacker

Page 6: Towards a Security-aware Network Virtualization

Objectives for a Security-aware NetVirt

• Network Virtualization and Abstraction

• Flow Separation and Aggregation

• Flow Confidentality and Integrity

• Preventing Traffic Analysis

• Preventing Denial-of-Service

• Scalability

Page 7: Towards a Security-aware Network Virtualization

Our Approach…

• Base protocol: Combination of label forwarding and security protocols (MPLS, IPSec)

• Allow multiple recursive instances of the base protocol (ANA Project)

(Replace classical network stacks; Enable network abstraction)

• Key management protocol for providing traffic analysis resistance (Onion Routing)

Page 8: Towards a Security-aware Network Virtualization

Traffic Analysis Resistance: Onion Routing

• Onion Routing uses multiple layers of encryption and authenticity

• Suffers from a high transmission overhead

• Comparable with Strict Source Routing

• Not practicable in large!

Page 9: Towards a Security-aware Network Virtualization

Proposed Base Protocol: ELSSA

Extended Label Stream Switching Architecture

Page 10: Towards a Security-aware Network Virtualization

Traffic Analysis Resistance: TASec (1)

• Separate encryption of labels and paylaod

• Path Encryption: Multiple encryption, but only a single integrity check!

Page 11: Towards a Security-aware Network Virtualization

Traffic Analysis Resistance: TASec (2)

• Encryption mode based on Counter Mode

• But using an entangled encryption scheme

• Constant packet size, less encryption (50%) processes compared with Onion Routing

Page 12: Towards a Security-aware Network Virtualization

Conclusion

• ELSSA provides a network virtualization based on a recursive label-swichting approach with encryption and authenticity

• TASec further provides a low-overhead traffic analysis resistance

• Combination of both meet the proposed requirements

Page 13: Towards a Security-aware Network Virtualization

Future Project Development

• Secure the TASec against traffic analysis itself

• Release a proof-of-concept implementation(ELSSA-over-UDP/RAWIP)

• Defining more application specific (path management) protocols

Page 14: Towards a Security-aware Network Virtualization

Thank you…- Questions?


Trace-driven Context-Aware Mobile Networks: Towards Mobile

Towards a Network-aware Middleware for Wireless Sensor Networks

Towards the Next Generation of Location-Aware Communications · Towards the Next Generation of Location-Aware Communications Zohair M. Abu-Shaban M.Sc. (Imperial College London),

towards a modern approach to privacy- aware government data

02/09/2010 Industrial Project Course (234313) Virtualization-aware database engine Final Presentation Industrial Project Course (234313) Virtualization-aware

Towards Security-Aware Aggregate Computing · Towards Security-Aware Aggregate Computing Tesi in Ingegneria dei Sistemi Software Adattativi Complessi ... Figure 4.1 Trust levels.....21

Towards trust-aware recommender systems

Towards Data-Aware Cost-Driven Adaptation for Service

QoS-Aware Virtualization-Enabled Routing in Software ... · QoS-Aware Virtualization-Enabled Routing in Software-Defined Networks Alba Xifra Porxas , Shih-Chun Liny, and Min Luoz

Towards Vagueness-Aware Semantic Data

Moving Towards Privacy-aware Security

Towards MIMO-Aware 802.11n Rate Adaptation

Trend Micro Cloud Protectionvn.trendmicro.com/cloud-content/us/pdfs/business/... · Virtualization is the foundation of cloud infrastructure, requiring virtualization-aware security

Towards automated procurement via agent-aware negotiation support

Towards Realizing Dynamic QoS-aware Web Service Composition

Towards Context-Aware Product-Family Architectures

Towards a Person-Centric Context Aware System

Towards a Redundancy -Aware Network Stack for Data Centersmusa/uploads/hotnets_2016_talk.pdf · Towards a Redundancy -Aware Network Stack for Data Centers Ali Musa Iftikhar (Tufts)

Towards the Policy- Aware Web: The Real Web 3.0? · Towards the Policy-Aware Web: The Real Web 3.0? Renato Iannella Principal Scientist Policy-Aware Web

AWARE PROJECT – AGEING WORKFORCE TOWARDS AN ACTIVE RETIREMENT

Towards Hybrid and Diversity‐Aware Collective Adaptive Systems

Virtualization aware Java VM

Towards Power-Efficient Smartphones by Energy-Aware

Towards Virtualization-Agnostic Latency for Time-Sensitive

Towards a user-aware virtual museum · 2019-11-06 · Towards a user-aware virtual museum Christos Zigkolis, Vassiliki Koutsonikola, Despoina Chatzakou, Savvas Karagiannidis, Maria

Towards an Energy Aware DBMS – Energy Consumptions of ...rosdok.uni-rostock.de/file/rosdok_derivate... · Towards an Energy Aware DBMS – Energy Consumptions of Sorting and Join

EyeMote - Towards Context-Aware Gaming Using Eye ... - Towards Context-Aware Gaming Using Eye Movements Recorded From Wearable Electrooculography Andreas Bulling, Daniel Roggen and

DigiArt: towards a virtualization of Cultural · PDF fileDigiArt: towards a virtualization of Cultural ... , 36 / 2016 : 131-14 2 DigiArt: towards a virtualization of Cultural Heritage

HyperFlex: Towards Reliable and Dynamic SDN Virtualization ... Virtualization for Next Generation Mobile ... reliable and dynamic SDN virtualization 10 ... Survey on Network Virtualization

TOWARDS PROGRAMMABLE CONTEXT- AWARE VOICE SERVICES … · TOWARDS PROGRAMMABLE CONTEXT-AWARE VOICE SERVICES Kerry Jean, Nikolaos Vardalachos, Alex Galis Department of Electronic Engineering,

Linked Data Reactor: Towards Data-aware User Interfaces

Towards Hardware Embedded Virtualization Technology:

Towards a Taxonomy of Context-Aware Software Variabilty Approaches

Towards Virtualization of So˝ware-Defined Networks

Conceptual Framework for Internet of Things Virtualization via OpenFlow in Context-Aware Networking