Reference : The KISS principle in Software-Defined Networking: An architecture for Keeping It Sim...
Reports : Expert report
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/34585
The KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure
English
Kreutz, Diego mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Verissimo, Paulo mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Magalhaes, Catia [> >]
Ramos, Fernando M. V. [> >]
2017
[en] software-defined networking ; SDN ; security ; system architecture ; control plane communications ; performance of cryptographic primitives ; integrated device verification value (iDVV) ; perfect forward secrecy
[en] Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN.
We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)
Fonds National de la Recherche - FnR
IIS&D - Information Infrastructure Security and Dependability
http://hdl.handle.net/10993/34585
http://arxiv.org/abs/1702.04294
H2020 ; 643964 - SUPERCLOUD - USER-CENTRIC MANAGEMENT OF SECURITY AND DEPENDABILITY IN CLOUDS OF CLOUDS
FnR ; FNR8149128 > Paulo Esteves-VerĂ­ssimo > IISD > Strategic Rtnd Program On Information Infrastructure Security And Dependability > 01/01/2015 > 31/12/2019 > 2014

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
the_sdn_kiss_arXiv_20171027.pdfPublisher postprint407.41 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.