Reference : The KISS principle in Software-Defined Networking: a framework for secure communications
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/33915
The KISS principle in Software-Defined Networking: a framework for secure communications
English
Kreutz, Diego mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Yu, Jiangshan mailto [> >]
Verissimo, Paulo mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Ramos, Fernando mailto [> >]
Magalhaes, Catia mailto [> >]
Oct-2018
IEEE Security & Privacy Magazine
IEEE
16
05
60-70
Yes (verified by ORBilu)
International
1540-7993
[en] software-defined networking ; SDN ; security ; cryptographic primitives ; integrated device verification value (iDVV) ; perfect forward secrecy ; performance ; system architecture
[en] Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of their support infrastructure.
To address these challenges we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support. Core to our contribution is the integrated device verification value (iDVV), a deterministic but indistinguishable-from-random secret code generation protocol that allows local but synchronized generation/verification of keys at both ends of the control channel, even on a per-message basis.
We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)
Fonds National de la Recherche - FnR
IIS&D - Information Infrastructure Security and Dependability
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/33915
10.1109/MSP.2018.3761717
https://www.computer.org/csdl/mags/sp/2018/05/msp2018050060.html
H2020 ; 643964 - SUPERCLOUD - USER-CENTRIC MANAGEMENT OF SECURITY AND DEPENDABILITY IN CLOUDS OF CLOUDS
FnR ; FNR8149128 > Paulo Esteves-VerĂ­ssimo > IISD > Strategic Rtnd Program On Information Infrastructure Security And Dependability > 01/01/2015 > 31/12/2019 > 2014

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
KISS_IEEE_CS_08490167.pdfPublisher postprint598.08 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.