![]() Kreutz, Diego ![]() ![]() E-print/Working paper (2019) Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this ... [more ▼] Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against di erent threats. The literature on SDN has mostly been concerned with the functional side, despite some speci c works concerning non-functional properties like ‘security’ or ‘dependability’. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to e ciency and e ectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the re-iteration of the successful formula behind SDN – ‘logical centralization’. As a general concept, we propose anchor, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the e ectiveness of the concept, we focus on ‘security’ in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. anchor sets to provide essential security mechanisms such as strong entropy, resilient pseudo-random generators, secure device registration and association, among other crucial services. We claim and justify in the paper that centralizing such mechanisms is key for their e ectiveness, by allowing us to: de ne and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and nally, better foster the resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms. [less ▲] Detailed reference viewed: 194 (40 UL)![]() Kreutz, Diego ![]() ![]() ![]() in IEEE Security & Privacy Magazine (2018), 16(05), 60-70 Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the ... [more ▼] Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of their support infrastructure. To address these challenges we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support. Core to our contribution is the integrated device verification value (iDVV), a deterministic but indistinguishable-from-random secret code generation protocol that allows local but synchronized generation/verification of keys at both ends of the control channel, even on a per-message basis. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. [less ▲] Detailed reference viewed: 218 (25 UL)![]() Cao, Tong ![]() ![]() ![]() Scientific Conference (2018, June 25) Many attacks presented on Bitcoin are facilitated by its real world implementation, which is rather centralized. In addition, communications between Bitcoin nodes are not encrypted, which can be explored ... [more ▼] Many attacks presented on Bitcoin are facilitated by its real world implementation, which is rather centralized. In addition, communications between Bitcoin nodes are not encrypted, which can be explored by an attacker to launch attacks. In this paper, we give a brief overview of possible routing attacks on Bitcoin. As future work, we will identify possible central points in the Bitcoin network, evaluate potential attacks on it, and propose solutions to mitigate the identified issues. [less ▲] Detailed reference viewed: 243 (19 UL)![]() Yu, Jiangshan ![]() in IEEE Transactions on Information Forensics and Security (2018) Detailed reference viewed: 391 (63 UL)![]() Volp, Marcus ![]() ![]() in Twenty-fifth International Workshop on Security Protocols (2017) Detailed reference viewed: 306 (25 UL)![]() ; ; Yu, Jiangshan ![]() in 30th IEEE Computer Security Foundations Symposium (2017) Detailed reference viewed: 147 (14 UL)![]() Yu, Jiangshan ![]() in The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2017) Detailed reference viewed: 117 (8 UL)![]() Yu, Jiangshan ![]() in Software Architecture for Big Data and the Cloud, 1st Edition, Chapter 7, June 2017. (2017) Detailed reference viewed: 71 (8 UL)![]() Yu, Jiangshan ![]() in Computer Journal (2016), 59(11), 1695--1713 Detailed reference viewed: 134 (14 UL)![]() Yu, Jiangshan ![]() in Security Protocols XXIII - 23rd International Workshop, Cambridge UK, March 31 - April 2, 2015, Revised Selected Papers (2015) Detailed reference viewed: 171 (13 UL)![]() Yu, Jiangshan ![]() in IEEE Transactions on Information Forensics and Security (2014), 9(12), 2302--2313 Detailed reference viewed: 136 (0 UL)![]() ; Yu, Jiangshan ![]() in IEEE Transactions on Industrial Informatics (2013), 9(1), 294--302 Detailed reference viewed: 149 (0 UL)![]() Yu, Jiangshan ![]() in 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2012, Liverpool, United Kingdom, June 25-27, 2012 (2012) Detailed reference viewed: 161 (0 UL) |
||