software-defined networking; SDN; security; cryptographic primitives; integrated device verification value (iDVV); perfect forward secrecy; performance; system architecture
Résumé :
[en] Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of their support infrastructure.
To address these challenges we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support. Core to our contribution is the integrated device verification value (iDVV), a deterministic but indistinguishable-from-random secret code generation protocol that allows local but synchronized generation/verification of keys at both ends of the control channel, even on a per-message basis.
We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)
Disciplines :
Sciences informatiques
Auteur, co-auteur :
KREUTZ, Diego ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
