References of "Kreutz, Diego 50002138"
     in
Bookmark and Share    
Full Text
See detailLogically Centralized Security for Software-Defined Networking
Kreutz, Diego UL

Doctoral thesis (2020)

Software-Defined Networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this ... [more ▼]

Software-Defined Networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. Until now, SDN research has essentially been concerned with the functional side, despite some specific works relating to non-functional properties like ‘security’, ‘dependability’, or ‘quality of service’. Security is an essential non-functional property of SDN. The lack of reliable security-by-design mechanisms can quickly lead to the compromise of the entire network. For instance, most of the current security mechanisms in SDN controllers lead to exploitable vulnerabilities that allow adversaries to easily control or even shut down the entire control plane. The growing concern regarding insider threats substantially amplifies the problem. The reason lies in the fact that current Software-Defined Networks (SDNs) (e.g., OpenFlow-enabled networks) rely on weak protection mechanisms. To address these crucial security issues in the SDN control plane, it is necessary, though not sufficient, that we start by securely identifying, authenticating, and authorizing all devices before allowing them to become part of the network. Though SDN security is the central tenet of this thesis, we believe that the problem is much more generic. In essence, there is still a lack of a systematic approach to ensuring such relevant non-functional properties as security, dependability, or quality of service. Current approaches are mostly ad-hoc and piecemeal, which has led to efficiency and effectiveness problems. This reflection led us to claim that the successful enforcement of non-functional properties as a pillar of SDN robustness calls for a systematic approach. We further advocate, for its materialization, the re-iteration of the successful formula behind SDN– ‘logical centralization’. In consequence, we propose ANCHOR, a subsystem architecture for SDN that promotes the logical centralization of non-functional properties. We start by presenting the general concept and architectural principles, suggesting how they can satisfactorily enhance the current state of the art with regard to any non-functional property (security, dependability, performance, quality of service, etc.). We claim and justify that centralizing such mechanisms is vital for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and finally, better foster the resilience of the architecture itself. We focus on ‘security’ as a use case in the rest of the thesis, discussing the specialization of the ANCHOR architecture to logically-centralized enforcement of security properties. However, by presenting a principled solution to the main problem of the thesis (SDN security), we also show the effectiveness of the general ANCHOR concept, opening avenues for further research on its extension to other desirable non-functional properties, such as dependability and Quality of Service (QoS). We identify the current security gaps in SDNs, and investigate the adequate security mechanisms that should populate the architecture middleware, globally and consistently. ANCHOR sets out to provide — in a homogeneous manner to all controllers and forwarding devices — essential security mechanisms such as strong entropy, resilient pseudo-random generators, secure device registration, association and recommendation, amongst other crucial services. We present the design of those mechanisms and protocols. With the objective of promoting generalized use of encryption and authentication in the control plane, we additionally propose and describe a secure control plane communication infrastructure, Keep It Simple and Secure (KISS), based on a novel lightweight mechanism for generating cryptographic secrets — integrated Device Verification Value (iDVV). iDVV can be used in a number of ways, in a number of protocols, and outperforms widely used alternatives. In the context of this thesis, the KISS infrastructure is set up by ANCHOR and used to ensure the security of interactions amongst it, controllers and forwarding devices. Being conceptually logically-centralized, ANCHOR presents a single-point-of-failure (SPoF) challenge, which we address, through incremental measures, some of which can be selectively present in concrete designs. As a baseline, we harden the design, by endowing it with robust functions in the different modules. We increase assurance by discussing and informally proving correctness of all mechanisms and algorithms, and we also formally verify the main algorithms through a proof-assistant. By only using symmetric cryptography, we make the system Post-Quantum Secure (PQS). We also embed measures to achieve Perfect Forward Secrecy (PFS) in all algorithms, protecting pre-compromise communications in the presence of successful attacks. Finally, for higher criticality systems, we take additional algorithmic and architectural measures to mitigate the effects of possible security failures. We provide for Post-Compromise Security (PCS) through the semi-automatic restart of operation after a full compromise of ANCHOR. We present as well a design of resilience mechanisms — the continued prevention of failure/compromise by automatic means — through fail-fast recovery techniques. The prototypes’ implementation aspects and the evaluation of the two fundamental pieces of our work (ANCHOR and KISS) are performed in the respective chapters. The above-mentioned discussion and informal proof of correctness of all mechanisms and algorithms is given in appendices. We also formally machine- verified the main algorithms. [less ▲]

Detailed reference viewed: 65 (6 UL)
Full Text
See detailANCHOR: logically-centralized security for Software-Defined Networks
Kreutz, Diego UL; Yu, Jiangshan UL; Ramos, Fernando M. V. et al

E-print/Working paper (2019)

Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this ... [more ▼]

Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against di erent threats. The literature on SDN has mostly been concerned with the functional side, despite some speci c works concerning non-functional properties like ‘security’ or ‘dependability’. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to e ciency and e ectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the re-iteration of the successful formula behind SDN – ‘logical centralization’. As a general concept, we propose anchor, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the e ectiveness of the concept, we focus on ‘security’ in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. anchor sets to provide essential security mechanisms such as strong entropy, resilient pseudo-random generators, secure device registration and association, among other crucial services. We claim and justify in the paper that centralizing such mechanisms is key for their e ectiveness, by allowing us to: de ne and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and nally, better foster the resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms. [less ▲]

Detailed reference viewed: 157 (40 UL)
Full Text
Peer Reviewed
See detailThe KISS principle in Software-Defined Networking: a framework for secure communications
Kreutz, Diego UL; Yu, Jiangshan UL; Verissimo, Paulo UL et al

in IEEE Security & Privacy Magazine (2018), 16(05), 60-70

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the ... [more ▼]

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of their support infrastructure. To address these challenges we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support. Core to our contribution is the integrated device verification value (iDVV), a deterministic but indistinguishable-from-random secret code generation protocol that allows local but synchronized generation/verification of keys at both ends of the control channel, even on a per-message basis. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. [less ▲]

Detailed reference viewed: 171 (25 UL)
Full Text
See detailThe KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure
Kreutz, Diego UL; Verissimo, Paulo UL; Magalhaes, Catia et al

Report (2017)

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the ... [more ▼]

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms. [less ▲]

Detailed reference viewed: 103 (5 UL)
See detailOn the Road to the Softwarization of Networking
Ramos, Fernando M. V.; Kreutz, Diego UL; Verissimo, Paulo UL

in Cutter IT Journal (2015), 28

Traditional computer networks are complex and very hard to manage. To express the desired policies, network operators need to configure each individual network device, one by one, either manually or with ... [more ▼]

Traditional computer networks are complex and very hard to manage. To express the desired policies, network operators need to configure each individual network device, one by one, either manually or with the use of low-level scripts. In addition to configuration complexity, network environments have to endure the dynamics of faults and adapt to load changes. [less ▲]

Detailed reference viewed: 171 (9 UL)
Full Text
Peer Reviewed
See detailSoftware-Defined Networking: A Comprehensive Survey
Kreutz, Diego UL; Ramos, F. M. V.; Verissimo, Paulo UL et al

in Proceedings of the IEEE (2015), 103(1), 14-76

The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are ... [more ▼]

The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load, and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-defined networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns, introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper, we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this - ew paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms—with a focus on aspects such as resiliency, scalability, performance, security, and dependability—as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment. [less ▲]

Detailed reference viewed: 3820 (48 UL)