UNIVERSIDADE DE LISBOA Faculdade de Ciências Departamento de Informática

Size: px
Start display at page:

Download "UNIVERSIDADE DE LISBOA Faculdade de Ciências Departamento de Informática"

Transcription

1 UNIVERSIDADE DE LISBOA Faculdade de Ciências Departamento de Informática TOWARDS SECURE SOFTWARE-DEFINED NETWORKS Cátia Alexandra Bimbo Magalhães Dissertação orientada pelo Prof. Doutor Fernando Manuel Valente Ramos e co-orientada pelo Mestre Diego Luís Kreutz DISSERTAÇÃO MESTRADO EM INFORMÁTICA 2015

2

3 Acknowledgments Firstly, I would like to thank my advisor, Professor Fernando Ramos, for accepting me as his student, for trusting me this interesting work and for believing in me, even at times when I stopped believing in myself. Also, I would like to thank Diego Kreutz for all the help and knowledge that you share. Both are responsible for all the knowledge acquired by myself during this year. Many of these skills will certainly be very important for my future. I also want to apologize for something that I could have done better or faster. Secondly, I would like to thank my friends. They were very important throughout this process. They were responsible to keep me focus, for cheer me up when I was down and for believing in me. Without them it would not have been able to advance. Thirdly, I would like to thank my mother and sister to have always been with me and believed in me. Last but not least, to my father. I truly believe that you have been always taking care of me. Wherever you are, I know you protect me and give me strength to achieve my goals. Even at this time not being here with me, I know that you are with me. i

4

5 To my family and friends.

6

7 Abstract Computer networks are complex, difficult to configure and manage. The number of devices and their diversity hampers the process of configuration and management. Besides these aspects, there are also other requirements to be fulfilled, e.g. introduction of security policies or intrusion detection. Issues related with security are particularly important. But makes network management harder. Software-Defined Networking (SDN) was to take the complexity and cost of managing network infrastructures. SDN offers flexibility, interoperability between devices and introduces programmability in the network. Besides addressing the limitations of existing network infrastructures, it allows their development and innovation. Security is still one of the major challenges of SDN. Given that security issues are a priority concern for the adoption of SDN, it is necessary to ensure the essential security mechanisms for the proper functioning of the infrastructure. In this sense, control plane communications represent the most crucial link between network devices and, at the same time, one of the weakest links from a security and dependability viewpoint. By compromising or controlling the control plane communications an attacker can easily take over the entire network. With this issue in mind, this work has as main goal the development of a new approach to improve and simplify traditional secure control plane communications using novel security techniques, with improved performance, and robustness. For the development of this approach, we make an in-depth study of existing security techniques. In particular, we analyze the impact of several cryptographic primitives and the overhead of secure control plane communications. Based on this assessment, we propose a new security architecture for SDN that offers the same level of security of traditional techniques with improved performance (2x better than OpenSSL) and robustness (8.5x less lines of code compared to TLS and PKI). Keywords: SDN, Security, Performance, Control Plane Communications

8

9 Resumo As redes de computadores são complexas, difíceis de configurar e gerir. O número de dispositivos e a sua diversidade dificulta o processo de configuração e gestão. Além destes aspetos, existem também outras exigências a serem cumpridas, como por exemplo, a introdução de políticas de segurança ou deteção de intrusões. Problemas relacionados com segurança são particularmente importantes. Mas torna a gestão da rede mais complexa. Redes Definidas por Software (SDN) nasceram tirar a complexidade e ao custo de gestão das infraestruturas de rede. SDN oferece flexibilidade, interoperabilidade entre dispositivos e introduz a programação na rede. Além de abordar as limitações das infraestruturas de rede, permite o seu desenvolvimento e inovação. A segurança é ainda um dos maiores desafios nas SDN. Uma vez que as questões de segurança são uma preocupação prioritária na adoção das mesmas, é necessário garantir os mecanismos de segurança necessários para o funcionamento adequado da infraestrutura. Neste sentido, as comunicações no plano de controlo representam uma ligação crucial entre dispositivos de rede e, ao mesmo tempo, uma das ligações mais fracas em relação à segurança e confiança. Ao comprometer ou controlar as comunicações no plano de controlo, um atacante pode facilmente assumir o controlo de toda a rede. Com isto em mente, este trabalho tem como principal objetivo desenvolver uma nova abordagem para melhor e simplificar as tradicionais comunicações seguras no plano de controlo, utilizando novas técnicas de segurança, com melhor performance, e robustez. Para o desenvolvimento desta proposta, fizemos um estudo aprofundado de técnicas de segurança já existentes. Em particular, analisamos o impacto de várias funções criptográficas e a sobrecarga das comunicações seguras no plano de controlo. Com base nesta avaliação, propomos uma nova arquitetura de segurança para as SDN que oferece os mesmos níveis de segurança das técnicas tradicionais com desempenho melhorado (2x melhor que o OpenSSL) e robustez (8.5x menos linhas de código comparando com o TLS e PKI). Palavras-chave: Redes definidas por software, Segurança, Desempenho, Comunicações Plano de Controlo

10

11 Resumo alargado As redes de computadores são complexas, difíceis de configurar e gerir. O elevado número de dispositivos e equipamentos necessários, bem como a diversidade dos mesmos, dificulta todo o processo de configuração e gestão. Cada fabricante utiliza as suas próprias especificações sendo necessário, a quem configura a rede, ter conhecimento prévio dessas mesmas especificações bem como de toda a arquitetura da rede. É necessário também que todos os dispositivos da rede sejam configurados individualmente, o que torna a tarefa penosa. Fora a complexidade inerente ao trabalho de configuração da rede, a mesma deverá se adaptar em caso de alterações ou faltas. Além da configuração em si, existem também outras exigências que necessitam ser satisfeitas, como é o caso da introdução de políticas de segurança ou deteção de intrusões. Problemas relacionados com segurança são particularmente importantes. Uma rede, independentemente da sua utilização, deverá ser segura para todos os seus utilizadores. Por outro lado, para complicar ainda mais, as redes tradicionais são verticalmente integradas, ou seja, o plano de controlo e de dados estão inseridos nos dispositivos da rede. Neste caso, o plano de controlo é responsável pela decisão de controlo do tráfego da rede e o plano de dados é responsável por encaminhar o tráfego, tendo em conta a decisão tomada pelo plano de controlo. Este tipo de abordagem, além de reduzir a flexibilidade da rede, torna-se um grande obstáculo para o crescimento, evolução e inovação das infraestruturas de rede. Para mitigar estes problemas surgiu um novo paradigma de redes: as SDN (Software-Defined Networking). Este novo paradigma promete oferecer, entre outras, maior flexibilidade, interoperabilidade entre dispositivos e introduzir a capacidade de programação da rede. As SDN combatem as limitações das infraestruturas de rede existentes hoje em dia e permitem a sua evolução e inovação. Com as SDN quebra-se a verticalidade das redes tradicionais, separando o plano de controlo do plano de dados. Neste sentido, as funcionalidades de controlo são removidas dos dispositivos de rede, tornando-se os mesmos apenas elementos que efetuam o encaminhamento dos pacotes na rede. A parte de controlo, anteriormente integrada nos dispositivos, passa agora para uma entidade externa: o controlador SDN. Esta entidade é, nada mais nada menos que software a correr num servidor e que fornece os recursos e abstrações necessárias para facilitar a programação dos dispositivos de encaminhamento. A rede torna-se assim programável, através de aplicações a correr por cima do controlador e que interagem com os dispositivos do plano de dados subjacentes. Nas redes

12 tradicionais, as decisões de encaminhamento são baseadas no endereço de destino para onde o pacote deveria ser encaminhado, nas SDN este mesmo processo é concretizado através de fluxos. Um fluxo é definido por um conjunto de cabeçalhos dos pacotes que descrevem a ação a efetuar. Através da programação dos fluxos é possível dar uma grande flexibilidade à rede. Estes quatro conceitos - separação dos planos de controlo e dados, controlador SDN, rede programável, encaminhamento através de fluxos - constituem os pilares de uma SDN. Apesar das suas inegáveis vantagens, as SDN ainda têm por resolver questões de segurança. A segurança é uma prioridade para a adoção das SDN nas infraestruturas de rede das empresas. Algumas das questões de segurança das SDN transitam das redes tradicionais, mas há novos vetores de ataque. Com as SDN vê-se aumentado o perigo de ataques, quando comparados com as redes tradicionais. Todo o tráfego que passa na rede pode ser falsificado ou mesmo alterado, podendo ser ou não malicioso. Este tipo de tráfego pode ser usado para atacar os dispositivos de encaminhamento ou os controladores. O atacante pode utilizar os elementos da rede para iniciar ataques DoS contra os dispositivos de encaminhamento ou contra o controlador, podendo se apoderar dos recursos do mesmo. O foco deste trabalho são os ataques às comunicações no plano de controlo. Estas comunicações representam a ligação mais importante entre controladores e dispositivos de encaminhamento e, simultaneamente, a ligação mais fraca a nível de segurança. Ao comprometer ou controlar as comunicações no plano de controlo, um atacante pode assumir o controlo de toda a rede. Neste momento, para assegurar a segurança nas comunicações no plano de controlo, o OpenFlow, standard base de uma SDN propõe o protocolo TLS/SSL. Este protocolo é muito conhecido e utilizado em diversos contextos. No entanto, o TLS/SSL, por si só, não garante segurança nas comunicações e isso pode comprometer as comunicações entre o controlador e os dispositivos da rede. Este mecanismo necessita de uma infraestrutura de confiança para a geração de chaves públicas bem como uma autoridade de certificação. Uma vez comprometida uma destas entidades, a comunicação deixa de ser de todo segura. Além disso, o modelo TLS/SSL não é suficiente para estabelecer uma comunicação, entre os controladores e os dispositivos, de confiança. Outra situação que não favorece a utilização deste protocolo é o facto de que nem todos os dispositivos de encaminhamento suportam este protocolo. Nestes equipamentos não é possível sequer garantir algum tipo de segurança. Sendo este protocolo bastante complexo requer alguma capacidade computacional. Sendo que os equipamentos geralmente utilizados, principalmente nos dispositivos de encaminhamento, têm uma capacidade computacional baixa leva-nos a questões relacionadas com desempenho. Tendo em vista a resolução das questões relacionadas com as comunicações no plano de controlo, este trabalho tem por objetivo o desenvolvimento de uma nova abordagem de segurança, com bom desempenho, alta robustez e os requisitos de segurança. Irá ser abordada uma alternativa à utilização do TLS/SSL tendo como maior preocupação asx

13 segurar comunicações seguras, seguindo o princípio de simplificação (redução de linhas de código) e tendo em conta o desempenho da solução. Para o desenvolvimento desta abordagem serão analisadas técnicas criptográficas existentes do ponto de vista da performance. Com base nesta avaliação, propomos uma nova arquitetura de segurança para as SDN que oferece os mesmos níveis de segurança das técnicas tradicionais com desempenho melhorado (2x melhor que o OpenSSL) e robustez (8.5x menos linhas de código comparando com o TLS e PKI). Palavras-chave: Redes definidas por software, Segurança, Desempenho, Comunicações Plano de Controlo xi

14

15 Contents List of Figures List of Tables xv xvii 1 Introduction Context Motivation Goals Structure of the document Context and Related Work Software-Defined Networks The Historical Evolution of SDN SDN Architecture SDN Security Issues Threat Vectors Control Plane Communications Related SDN Security Work Rosemary FRESCO AVANT-GUARD Security Tools and Techniques Hash and MAC Primitives The Transport Layer Security Protocol icvv One-Time Password Networking and Cryptography Library (NaCl) Diffie-Hellman KDF xiii

16 3 The SDN KISS: An Architecture for Keeping It Simple and Secure Security and Performance Analysis Connection and Communication Costs The Impact of Cryptographic Primitives The Impact of Securing the Control Plane SDN KISS Architecture Anchor of Trust (AoT) Integrated Device Verification Value (idvv) Device-to-Device Communications Implementation idvv Generators idvv Synchronization Device-to-Device Communications Evaluation Environment idvv Generation Control Plane Communications Performance Robustness Conclusion 45 Bibliography 53 xiv

17 List of Figures 1.1 Layered view of networking functionality Simplified view of an SDN architecture Flow Table entry TLS/SSL Protocol Layers TLS Handshake Protocol (with mutual authentication) TCP and TLS connection setup times (in log scale) FLOW MOD latency (in log scale) Hashing Primitives Implementations of Hashing Primitives MAC Primitives General Architecture Latency of different idvv generators Latency of different idvv generators Control Plane Communications overhead (in log scale) xv

18

19 List of Tables 2.1 SDN specific vs non-specific threats Security Properties xvii

20

21 Chapter 1 Introduction Network infrastructures are everywhere and play a key role in our modern society. The Internet has even been classified as a basic human need, such as water and electricity, in some countries. However, network management remains still a rather complex, challenging and costly task. It is necessary to find a way to simplify these operations, without harming the services, the infrastructure, companies and users. But simplifying should not mean to neglect other important issues like security. 1.1 Context Computer networks are complex and very hard to manage and configure. Typically, they are stratified in three layers, the data, control and management planes, as shown Figure 1.1. The data plane corresponds to the networking devices, which are responsible for forwarding data. The control plane represents the protocols used to populate the forwarding tables of the data plane elements. The management plane includes the software services used to remotely monitor and configure the control functionality [27]. A traditional network is composed of many different kinds of equipment, from routers and switches to middleboxes such as firewalls, network address translators, server load balancers, and intrusion-detection systems. Routers and switches run complex, distributed control software that is typically closed and proprietary [41]. The management software varies not only among manufacturers, but also among different products of the same manufacturer. Moreover, network administrators need to configure each device individually, i.e., in an error prone and time consuming device-to-device manner. In fact, configuration errors still account for a large percentage of data center failures and are the number one security threat. In addition to the configuration complexity, network environments have to endure the dynamics of faults and adapt to load changes. However, reconfiguration and response mechanisms are virtually non-existent in current IP networks [27]. To complicate even more, traditional networks are vertically integrated. The control plane (that decides how to handle network traffic) and the data plane (that forwards traf- 1

22 Chapter 1. Introduction 2 fic according to the decisions made by the control plane) are bundled inside the same networking devices, reducing flexibility and hindering innovation and evolution of the networking infrastructure [27]. Management plane Control plane Data plane Figure 1.1: Layered view of networking functionality Software-Defined Networking (SDN) is an emerging networking paradigm that can help to change the landscape of network infrastructures. SDN is changing the way networks are designed and managed. We can define an SDN as a network architecture with four pillars: 1. The control and data plane are decoupled 2. Forwarding decisions are flow-based instead of destination-based 3. Control logic is moved to an external entity, the SDN controller or Network Operating System (NOS) 4. The network is programmable through software applications running on top of the NOS that interacts with the underlying data plane devices The first pillar is the responsible for breaking the vertical integration of the network. By separating the control plane from the data plane, network devices become simple forwarding devices and the control logic is implemented in a logically centralized controller. The second pillar concerns the behaviour of devices. Being flow-based, the behaviour of the devices are defined by flows. Flows are a set of packet field values acting as a match criterion and a set of actions. The NOS provides a logically-centralized view with the essential

23 Chapter 1. Introduction 3 resources and abstractions to facilitate the programming of forwarding devices. The capability of programming the network is a fundamental characteristic of SDN, considered as its main value. These aspects mentioned above are key factors to obtain the desired flexibility, break the network control problem into tractable pieces, and make it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution and innovation [27]. In spite of the benefits of this new paradigm, the security and dependability of the SDN itself is still an open issue. The network programmability and control logic centralization introduce new threats and attack surfaces [52]. The several security issues of SDN may be holding back its growth and wide spread adoption. 1.2 Motivation There are several threats vectors and attacks that can severely compromise the operation and reliability of the networks. Therefore, security and dependability are becoming first class priorities for enabling and fostering the deployment of SDN in enterprise and cloud infrastructures. One of the main concerns of SDN are the control plane communications. Being an important link between controllers and forwarding devices, we expected a high level of security. However, control plane communications still represent one of the weakest links from a security and dependability viewpoint [52, 53]. By compromising or controlling the control plane communications an attacker can easily take over the entire network. TLS is the recommended alternative to TCP for securing control plane communications in SDN. However, only a small number of forwarding devices and a few controllers support TLS. We speculate the slow adoption of TLS for secure control communications to have its root in at least three important concerns: low computing power of forwarding devices, performance penalty, and complexity of the support infrastructure. Additionally, TLS is not enough for ensuring the security requirements of SDN [63]. There are three fundamental principles regarding control plane communications: (a) latency matters; (b) security is critical; (c) the complexity of the supporting infrastructure should be kept as low as possible [63]. The latency experienced by control plane communications is particularly critical for SDN operation. Previous work has demonstrated that the use of cryptographic primitives has a perceivable impact on the latency of sensitive communications, such as VoIP [25] (e.g., 58% of overhead when compared to TCP) and network operations protocols like SNMP

24 Chapter 1. Introduction 4 [67]. Another recent work has also shown that the latency added by SSL/TLS protocols can be significant [28]. Interestingly, different cryptographic primitives, ciphers, or even implementations of protocols can significantly impact the performance of communications [25, 32]. The security of control plane communications and related services (such as device registration and association) should be carefully addressed [52, 53, 38, 63]. Faked or compromised devices can be used by attackers to eavesdrop data plane traffic, launch powerful attacks on the SDN architecture, impact the operation of services, and so forth. From a security perspective, one of the major strengths of a technology is its simplicity and simplified configurability, as is the case of Ethernet [47]. Similarly, SDN was born as an attempt to reduce network management complexity [36]. And, in fact, SDN is allowing operators and infrastructure owners to significantly reduce the complexity of manning networks. The more complex the system, the higher the probability of having vulnerabilities, and consequently the larger the attack surface. This seems indeed to be one of the major problems faced by the technology industry. Specialized security reports have recurrently highlighted the complexity and size of systems as one of the most important security challenges [14]. 1.3 Goals The main goal of this project is to design, implement and evaluate a mechanism to provide security to the control plane communications. The communications between the network devices and the controller can suffer several attacks that can be used to generate DoS attacks or for data theft. The approach currently used, TLS/SSL, has a high performance overhead and the support infrastructure is very complex (the PKI). Our contribution with this work is: 1. an analysis of the impact of cryptographic primitives and their different implementations on the control plane communications; 2. the blueprint of an security architecture for SDN; 3. improve the performance (vs TLS): 4. increase the robustness of SDN control communications by decreasing the complexity of the support infrastructure 1.4 Structure of the document This document is organised as follows:

25 Chapter 1. Introduction 5 Chapter 2 - Here we provide a discussion of the related work. We describe the SDN architecture, and the security problems of SDN. We also describe several security techniques that will be used for our proposal. Chapter 3 - This chapter describes the SDN architecture we propose. Chapter 4 - Here we evaluate the performance and robustness of our architecture. Chapter 5 - In the last chapter we present the conclusions we take from this work.

26

27 Chapter 2 Context and Related Work 2.1 Software-Defined Networks The Historical Evolution of SDN The history of SDN began 22 years ago, just as the Internet was taking off, at a time when the Internet s amazing success exacerbated the challenges of managing and evolving the network infrastructure. The focus was on innovations in the networking community, although these innovations were in some cases catalysed by progress in other areas, including distributed systems, operating systems, and programming languages. The efforts to create a programmable network infrastructure also clearly relate to the long thread of work on supporting programmable packet processing at high speeds. The history is divided in three stages. For the first stage, we have the idea of active networks (from the mid-1990s to the early 2000s), which introduced programmable functions in the network, leading to greater innovation. Second, the control and data plane separation (from around 2001 to 2007). Lastly, the emergence of OpenFlow as an open interface to make control and data plane separation practical. In addition to these concepts, the research on network virtualization also had an important role throughout the historical evolution of SDN [41]. Active Networks The role of computation within traditional packet networks is extremely limited. Active networks represent one of the early attempts on building new network architectures based on data plane programmability. The main idea behind this concept is for each node to have the capability to perform computations on, and modify packet contents [27]. Active networks propose two distinct models: capsules and programmable routers/switches. In the capsule model, packets are replaced by little programs that are encapsulated in transmission frames and executed at each node along their path. On the other hand, the programmable routers/switches model maintains the existing packet format, and provides a discrete mechanism that supports the downloading of programs [75]. Active networks were motivated by both a technology push and a user pull. The pull comes from network 7

28 Chapter 2. Context and Related Work 8 elements that perform user-driven computation at nodes within the network. The push was the reduction in the cost of computing, allowing more processing in the network. Another push were advances in programming languages, such as Java, that offered platform portability, some code execution safety, and virtual machines technology that protected the host machine and other processes from misbehaving programs [75, 41]. Separating Control and Data Planes The earliest initiatives on separating data and control signalling data back to the 80s and 90s. The network control point (NPC) is probably the first attempt to separate control and data plane. NPCs were introduced to improve the management and control of telephone networks [27]. In the early 2000s, increasing traffic volumes and a greater emphasis on network reliability, predictability, and performance led network operators to seek better approaches to certain network management functions. Debugging, configuration problems and predicting or controlling routing behaviour became a big challenge. The increasing size and scope of networks, as well as the demands for greater reliability and new services brought problems of management. Simultaneous with the rapid advances in commodity computing platforms meant that servers often had substantially more memory and processing resources than the control-plane processor of a router. With that two innovations emerged. First, open interfaces between the control and data planes, such as the ForCES (Forwarding and Control Element Separation) [20] interface standardized by the IETF or the Netlink interface to the kernel-level packet-forwarding functionality in Linux. Second, a logically centralized control of the network, as seen in the RCP (Routing Control Platform) [34] architectures, as well as the PCE (Path Computation Element) [72] protocol defined by IETF. Compared with active networking, these two innovations are focused on network management problems, programmability in the control plane and network-wide visibility and control. Moving control functionality off of the network equipment and into separate servers made sense because network management is a network-wide activity [41]. OpenFlow and Network Operating System Before the emergence of OpenFlow [59], the ideas underlying SDN faced a tension between the vision of fully programmable networks and pragmatism that would enable realworld deployment. OpenFlow appeared to balance both goals by enabling more functions than earlier route controllers while building on existing switches hardware. With the creation of the OpenFlow API, network controller platforms start to emerge, such as NOX [43], enabling the creation of new control applications. The initial OpenFlow protocol standardized a data-plane model and a control-plane API by building on technology that switches already supported. Specifically, because network switches already supported fine-grained access control and flow monitoring, enabling OpenFlow s initial

29 Chapter 2. Context and Related Work 9 set of capabilities on a switch was as easy as performing a firmware upgrade [41]. An OpenFlow switch has a table of packet-handling rules, a list of actions, a set of counters and a priority. Upon receiving a packet, an OpenFlow switch identifies the highest-priority matching rule, performs the associated actions, and increments the counters. The concept of a network operating system was reborn with the introduction of Open- Flow [27]. In the SDN context, a network operating system (also known as an SDN controller) is software used to abstract the installation of state in network switches from the logic and applications that control the behaviour of the network. With a network operating system, we can decompose network operation in three layers. First, a data plane with an open interface. Second, a state management layer that is responsible for maintaining a consistent view of network state. And third, a control logic that performs network operations. But separating the control and data planes introduces new challenges concerning state management. Running multiple controllers is crucial for scalability, reliability, and performance. However, these replicas should work together to act as a single, logically centralized controller [41]. Network Virtualization Network virtualization, the abstraction of a network that is decoupled from the underlying physical equipment, was a prominent early use case for SDN. It allows multiple virtual networks to run over a shared infrastructure, and each virtual network can have a much simpler topology than the underlying physical network. Network virtualization has evolved in parallel with programmable networking and both are connected in some aspects. Both had mechanisms for sharing the infrastructure and supporting logical network topologies that differ from the physical network. Before SDN, we already had network equipment with the ability to create virtual networks in the form of VLANs and virtual private networks. Despite this possibility, there are some limitations which made the development of new technologies difficult [41]. One of the first initiatives to introduce network virtualization was proposed by the Tempest Project [15]. Tempest introduced the concepts of switchlet and associated virtual network in ATM networks allowing the introduction of alternative control architectures into an operational network. With this, multiple independent ATM networks can share the same physical network [27]. Other of the earliest initiatives for the creation of virtual networks was MBone [56]. In this project, the virtual network topologies run on top of legacy networks. In an overlay network, the upgraded nodes run their own control-plane protocol and control-plane messages to each other by encapsulating packets, sending them through the legacy network, and de-encapsulating them at the other end. SDN and network virtualization do not need each other but they are related. For example, the ability to decouple an SDN control application from the underlying data plane makes it possible to test and evaluate SDN control applications in a virtual environment before they are deployed on an operational network [41].

30 Chapter 2. Context and Related Work SDN Architecture Similarly to a traditional network, a SDN is composed of network devices. The main difference between them is that in SDN, the network devices are simple forwarding elements without (or with limited) embedded control or software to take autonomous decisions. The network intelligence is removed from the data plane devices to a logically-centralized control system. To ensure the compatibility of communication and configuration and interoperability between different data and control plane devices, these new networks are built on top of open and standard interfaces, like OpenFlow [27]. In Figure 2.1 we can see a simplified view of an SDN architecture. Management Plane Control Plane Network Application(s) Controller Platform Open northbound API Open southbound API Data Plane Network Infrastructure Figure 2.1: Simplified view of an SDN architecture In this type of architecture, there are two main elements, the forwarding devices and the controllers. The first ones are specialized in packet forwarding and are part of the data plane. An OpenFlow-enabled forwarding device is based on a set of flow tables. Each entry of a flow table has three parts, a matching rule, actions to be executed on matching packets and counters to keep statistics of matching packets. When a packet arrives, the lookup process starts in the first table and ends with a match in one of the tables (or if a rule is not found). A flow rule can be defined by combining different matching fields, such as switch port, MAC source, MAC destination or VLAN ID. If a rule is not found and there is no default rule, the packet will be discarded. In respect of actions, we can have some actions as forward the packet to outgoing port(s), encapsulate it and forward it to the controller, drop it, send it to the normal processing pipeline or send it to the next flow table. The priority of the rules follows the natural sequence number of the tables and the row order in a flow table [27]. We can see the composition of a flow table in Figure 2.2.

31 Chapter 2. Context and Related Work 11 FLOW TABLE FLOW TABLES RULE ACTION STATS Packet + counters 1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline Switch port MAC src MAC dst Eth typ e VLAN ID IP src IP dst TCP psrc TCP pdst Figure 2.2: Flow Table entry Some of the goals of SDN is to facilitate network management and ease the burden of solving network problems through a logically-centralized control offered by a network operating system (NOS). The controller is a critical element in an SDN architecture and it is located in the control plane. It provides abstractions, essential services and common application programming interfaces to developers. Generic functionality as network state and network topology information, device discovery, and distribution of network configuration can be provided as services of the controller. There are a large number of controllers and control platforms with different characteristics. From an architectural point of view, one of the most relevant aspect is if they are centralized or distributed [27]. In a centralized controller, we have just a single entity that manages all forwarding devices of the network. Being a single entity brings some important limitations such as being a single point of failure, and may have scalability limitations. Some controllers are based on multi-threaded designs to explore the parallelism of multi-core computer architectures. With this kind of design, the controllers can achieve the throughput required by enterprises class networks and data centers. Some examples of controllers with these features are NOX-MT [21], Maestro [11] and Beacon [19]. On the other hand, a distributed controller can be a centralized cluster of nodes or a physically distributed set of elements. These controllers can be scaled up to meet the requirements of any environment, contrary to a centralized implementation. Some examples of distributed controllers are ONIX [48] or ONOS [40]. An important aspect about distributed controllers is consistency. When we have a centralized element, all information is concentrated in one place. Every read operation, after a write operation, returns an updated value. With distributed elements, it is important to de-

32 Chapter 2. Context and Related Work 12 fine strategies to guarantee the consistency of data updates. Some distributed controllers offer weak consistency semantics, which means that data updates on distinct nodes will eventually be updated on all controller nodes. On the other hand, we have strong consistency. Strong consistency ensures that all controller nodes will read an updated value after a write operation. Despite its impact on system performance, strong consistency offers a simpler interface to application developers, when compared with weak consistency [9]. Other important property is fault tolerance. Whereas a centralized controller represents a single point of failure, in a distributed controller, when a node fails, another node should take over the place and operation of the failed node. So far, despite some controllers tolerating crash failures, they do not tolerate arbitrary failures, which means that any node with an abnormal behaviour will not be replaced by a potentially well behaved node [27]. 2.2 SDN Security Issues As explained before, SDN brings more flexibility and the capability of programming the network. SDN provides new ways to solve age-old problems in networking while simultaneously enabling the introduction of new network policies, such as security and dependability. However, the security and dependability of the SDN itself has been neglected. Thinking about SDN characteristics, we verify that the main problems lie on the main benefit of SDN, i.e. the network programmability and control logic centralization. These capabilities introduce new fault and attack planes, which open the doors for new threats [52]. Next, we will describe potential threat vectors that may enable the exploit of SDN vulnerabilities Threat Vectors SDN have two properties that can be exploited by malicious users: the ability to control the network by means of software, and the centralization of the network control logic in the controller. Anyone with access to the servers that host the control software can potentially control the entire network. We can divide the SDN threats into two groups: the threats that are specific of SDN and are not present in traditional networks, and the threats that are not specific of SDN but their impact may be potentially augmented when compared with traditional networks. Table 2.1 summarizes the threats that we will describe [52]. Threats Non-Specific to SDN First, we will take a look at threats non-specific to SDN.

33 Chapter 2. Context and Related Work 13 Specific to SDN? No Yes Description Consequences in SDN Possible Solutions Forged or faked traffic flows Attacks on vulnerabilities in switches Attacks on and vulnerabilities in administrative stations Lack of trusted resources for forensics and remediation Attacks on and vulnerabilities in controllers Lack of mechanisms to ensure trust between the controller and management applications Attacks on control plane communications Can be a door for DoS attacks The impact is potencially augmented The impact is potencially augmented It is still critical to assure fast recovery and diagnosis when fault happens Controlling the controller may compromise the entire network Malicious applications can now be easily developed and deployed on controllers Communication with logically centralized controllers can be explored Intrusion Detection Systems Software attestation, monitor and detection of abnormal behavior Protocols with double credential verification and assured recovery mechanisms Logging and tracing data and control planes with logs stored in remote and secure environments Replication, diversity, recovery and security policies Autonomic trust management Oligarchic trust models with multiple trust-anchor certification authorities, threshold cryptography, and dynamic, automated and assured device association Table 2.1: SDN specific vs non-specific threats

34 Chapter 2. Context and Related Work 14 The first threat we describe is faking traffic flows. In a network, the traffic flows can be forged or faked by a faulty (non-malicious) device or by a malicious user that can be used to attack switches and controllers. An attacker can use network elements to launch a DoS attack against the switches and controller resources. A possible solution to this problem is the use of intrusion detection systems with support for run-time rootcause analysis to help identify abnormal flows. Second, all elements of a network can see their vulnerabilities explored and switches are no exception. One single switch could be used to drop or slow down packets in the network, clone or deviate network traffic, or even inject traffic or forged requests to overload the controller or other switches. A possible solution to this second threat is the use of mechanisms of software attestation or mechanisms to monitor and detect abnormal behavior of network devices. Besides the switches, the administrative stations may also see their vulnerabilities explored. These machines are already an exploitable target in current networks, the difference being that a single compromised machine increases dramatically the threat in SDNs. With this, an attacker can access the network controller and control or reprogram the entire network from a single location. A possible mitigation is the use of protocols requiring double credential verification. Assured recovery mechanisms may also be useful to guarantee a reliable state after reboot. When a problem is detected, it is important to understand the cause and perform a fast and secure recovery. For that purpose, we need reliable information from all components and domains of the network. The saved data can only be used if its trustworthiness can be assured, i.e. integrity, authenticity, etc. To guarantee a fast and correct recovery of the elements of network, we thus need secure and reliable system snapshots. Logging and tracing are the common mechanisms in use, and are needed both in the data and control planes. The created logs should be stored in a remote and secure environment [52]. Threats Specific to SDN All the threat vectors mentioned above exist in current networks. In an SDN, these same problems exist, but are exponentiated by the characteristics of this architecture (e.g. an attacker can easily control all the network if he has access to the controller). To make matters worse, there are other threats that are specific of SDN. First, in SDN the controller is a new element of the network and like the other elements, its vulnerabilities can be explored. An attack on a controller is probably the most severe threat to SDNs. A faulty or malicious controller could compromise an entire network. In this case, the use of a common intrusion detection system may not be enough, as it may be hard to find the exact combination of events that trigger a particular behavior and, more importantly, to label it as malicious. To try to solve this threat, several techniques can be used, such as replication, employing diversity of controller, protocols, or programming languages, and recovery. Replication allows to detect, remove or mask abnormal behavior and recovery

35 Chapter 2. Context and Related Work 15 allows to periodically refresh the system to a clean and reliable state. Second, it is also important to secure all sensitive elements inside the controller. An important threat falls on the communications between the three planes. First, the communication between the controller and management applications. There are not many mechanisms to ensure trust between both controller and applications. It is required the applications to be certificated to guarantee that they are trusted during their lifetime. To that end, we need mechanisms for autonomic trust management. On the other side, we have the communications between the data and control planes. Attacks performed here can be used to generate DoS attacks or for data theft. TLS/SSL can be used for the communications between the controller and the forwarding devices, but it does not per se guarantee secure communication, and that compromises the controller-device link. This last threat will be the focus of study of this work Control Plane Communications Control plane communications represent the most crucial link between controllers and forwarding devices, allowing seamless and flexible on-the-fly remote configuration of the data plane. While this is a desirable and important feature of SDN, the control plane communications represent also a new threat vector and are one of the weakest links from a security and dependability viewpoint [52, 53]. By compromising or controlling the control plane communications an attacker can easily take over the entire network. As an example, a man-in-the-middle attack can be a challenging threat from the security perspective since there is no easy or simple way to detect it because the brain of the network is now in the controller. In fact, compromised OpenFlow-enabled forwarding devices can be used for man-in-the-middle attacks (both on in-band and out-of-band control plane channels) that are nearly impossible to detect [3]. In other words, the lack of strong security mechanisms (e.g., identification, authentication, authorization, integrity verification, and so forth) on control plane communications is an open avenue for maliciously reprogramming the data plane and, eventually, take over the real control of the network. Despite a few recent efforts on improving the security of SDN controllers, such as creating security domains to isolate applications, [69, 71, 70], the security of SDN is still reduced to the optional use of TLS [62] and principles and practices recently published by ONF 1 [63]. From a practical perspective, the number of SDN controllers and switching hardware that supports TLS is still reduced [27]. As in-band is a common mode of operation (using the same infrastructure for both data and control plane traffic), control plane communications are vulnerable to several attacks [52, 53]. With the current state of affairs, a single malicious forwarding device can easily intercept control traffic and become a dangerous threat to the SDN infrastructure. It is also worth emphasizing that the 1 The Open Networking Foundation (ONF) is a user-driven organization dedicated to the promotion and adoption of Software-Defined Networking (SDN) through open standards development.

36 Chapter 2. Context and Related Work 16 use of TLS and best principles and practices is a good start, yet insufficient for building secure and dependable SDN architectures by design. We estimate the slow rate of adoption of TLS to have three main causes. First, using secure communications has a non-negligible cost in terms of communications latency and scalability. Several studies have analyzed this overhead in some detail recently, in various contexts [25, 67, 28]. For example, a recent paper has examined the cost of the S in HTTPS and one of its conclusions was the perceptible impact of security in terms of latency [28]. Second, TLS relies on a Public Key Infrastructure (PKI) as an anchor of trust. Unfortunately, the PKI is complex [22], expensive [74], prone to failure, and a recurrent target of successful attacks [60]. In fact, the number of incidents related to PKI has been increasing at a fast pace and has no sign to stop [18, 8, 45]. Not surprisingly, recent findings show that the vast majority of large enterprises has already experienced at least one trust exploit [45]. Third, TLS itself is complex and implementations are recurrently a target of attacks and vulnerabilities [51, 35]. Different weaknesses of the TLS are related to the its own design, such as coupled and complicated interactions among distinct sub-protocols. Similarly, most of the network failures can be directly associated to the inherent complexity of managing them, leading to inevitable human errors [37]. As one would expect, one of the way of making is easier to identify and fix security issues is by reducing the complexity (e.g., by providing modular design and reducing the number of LOC) [51]. 2.3 Related SDN Security Work Next, we describe some related work about SDN security. We will briefly describe Rosemary [70], FRESCO [69] and AVANT-GUARD [71] Rosemary Rosemary is a controller that integrates key safeguards that extend the control layer and impose an independent sandbox around each network application. The main goal of Rosemary is to prevent applications from performing operations that will otherwise corrupt other widely used OpenFlow controllers. In addition, ROSEMARY also provides competitive performance, while supporting its robustness and security features [70] FRESCO FRESCO is an application development framework to assist researchers in prototyping new composable security services in OF-enabled networks. FRESCO is intended to address several key issues that can accelerate the composition of new OF-enabled security

37 Chapter 2. Context and Related Work 17 services and it exports a scripting API that enables security practitioners to code security monitoring and threat detection logic as modular libraries. With FRESCO is possible to replicate a range of essential security functions, such as firewalls, scan detectors, attack deflectors, or IDS detection logic. FRESCO modules can produce flow rules, and thus provide an efficient means to implement security directives. FRESCO is designed to address the issues of developing and deploying complex OF security services [69] AVANT-GUARD AVANT-GUARD is a security extension to the OpenFlow data plane. The extension is made by adding two modules, a connection migration module (to add intelligence to the data plane to differentiate those sources that will complete TCP connections from sources that will not) and an actuating trigger module (which enable the data plane to asynchronously report network status and payload information to the control plane). AVANT- GUARD also slightly modifies existing data plane modules to support other features. The goal of AVANT-GUARD is to make SDN security applications more scalable and responsive to dynamic network threats [71]. 2.4 Security Tools and Techniques This section is reserved to describe the security tools and techniques that will be used during this work. Initially we talk about hash and MAC primitives. These cryptographic primitives will be analysed, evaluated and used in our proposal. Next we describe the Transport Layer Security Protocol. This security protocol is optionally used by Open- Flow. We also describe other security tools and techniques, such as the icvv, one-time password, NaCl, Diffie-Hellman or KDF. These elements will be used later in the design of the solution or in our evaluation Hash and MAC Primitives Hash functions can be used to generate output data with fixed size from input data with arbitrary size. They are widely used in cryptography. Hash functions are useful to easily generate a hash value from arbitrary input data, whereas the opposite is difficult. That is, by knowing the hash value it is computationally very hard to obtain the original input data. The input data is often called message, and the hash value is often called digest. Hash functions can be used for digital signatures, message authentication codes (MAC) and other forms of authentication. The cryptographic hash functions should be strong enough to resist to all known types of cryptanalytic attack. A hash function h must have the following three properties [66]:

38 Chapter 2. Context and Related Work Preimage resistance: for all pre-specified outputs, it is computationally infeasible to find any input which hashes to that output, i.e., to find any preimage x such that h(x ) = y, when given any y for which a corresponding input is not known. 2. 2nd-preimage resistance: it is computationally infeasible to find any second input which has the same output as any specified input, i.e., given x, to find a 2ndpreimage x x such that h(x) = h(x ). 3. Collision Resistance: it is computationally infeasible to find any two distinct inputs x, x which hash to the same output, such that h(x) = h(x ). Some examples of cryptographic hash functions are MD5, SHA-1, SHA256, SHA-512, or RIPEMD-160 [49]. As mentioned above, cryptographic hash functions can be used for message authentication codes (MAC). A MAC is a value produced from a message and a secret key that is shared by the sender and the receiver. A MAC generated by one of these peers (say, the sender) can only be validated by this receiver, as she is the only one who knows the key. There are several ways to generate a MAC. A MAC mechanism based on cryptographic hash functions is called Hashed-based Message Authentication Code (HMAC). HMAC can be used in combination with any iterated cryptographic hash function and also uses a secret key for calculation and verification of the message authentication values. The key for HMAC can be of any length. However, less than the length of the digest is strongly discouraged. Keys need to be chosen at random (or using a cryptographically strong pseudo-random generator seeded with a random seed), and periodically refreshed [66]. The definition of HMAC requires a cryptographic hash function, which we denote by h, and a secret key K. We denote by B the byte-length of blocks of data used by a basic compression function and by L the byte-length of the digest. We define two fixed and different strings ipad and opad, where ipad is the byte 0x36 repeated B times and opad is the byte 0x5C repeated B times. To compute HMAC over the data text we perform [66] HMAC = h(k opad, h(k ipad, text)) (2.1) The security of the HMAC depends on the cryptographic properties of the hash function. These properties are the collision resistance (limited to the case where the initial value is secret and random, and where the output of the function is not explicitly available to the attacker), and the message authentication property of the compression function when applied to single blocks [66] The Transport Layer Security Protocol The Transport Layer Security Protocol is the security protocol optionally used by Open- Flow. The main goal of the TLS protocol is to provide privacy and data integrity between

39 Chapter 2. Context and Related Work 19 two communicating applications [17]. The TLS protocol also seeks interoperability (programmers should be able to develop applications with exchange of cryptographic parameters without knowing the code of the other programmer), extensibility (incorporate other elements without the need of create a new protocol and avoid the need of implement an entire new security library) and relative efficiency (incorporate an optional session caching scheme to reduce the number of connections that need to be established from scratch). TLS Record Protocol As shown in Figure 2.3, one of the layers of the protocol is the TLS Record Protocol. The TLS Record Protocol provides connection security with two basic properties. First, the connection is private. Symmetric cryptography is used for data encryption and the keys used for symmetric cryptography are generated uniquely for each connection and are based on a secret negotiated by another protocol. The Record Protocol can be used without encryption. The second property is the reliability of the connection. Message transport include a message integrity check using keyed MAC and secure hash functions are used for MAC computations. The Record Protocol can also operate without a MAC [17]. TLS Handshake Other layer of TLS, that we can observe in Figure 2.3, is the TLS Handshake. The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. The TLS Handshake protocol provides connection security with three basic properties. First, the identity of the elements of a communication can be authenticated using asymmetric, or public key, cryptography. This authentication can be made optional, but it is generally required for at least one of the elements. Second, the negotiation of a shared secret is secure. That means, in any authenticated connection, the negotiated secret cannot be obtained, even by an attacker who can place himself in the middle of the connection. Finally, the negotiation is reliable. That means no attacker can modify the negotiation communication without being detected by the parties to the communication [17]. During handshaking, for identification purposes, the server must send a certificate. Usually, a certificate contains the server name, the trusted certificate authority (CA) and the public encryption key of the server. These certificates are documents with expiration time limited. When the time expires, the certificate is no longer valid. The client only sends a certificate if he has a request from the server. In Figure 2.4, we can see the twelve steps of the TLS Handshake protocol. The client initiates the protocol by sending a Client Hello message. The server responds with a Server Hello message or a fatal error message. These two messages are used to establish

40 Chapter 2. Context and Related Work 20 Application Layer HTTP FTP IMAP Other Handshake Layer Handshake Protocol Cypher Change Protocol Alert Protocol TLS/SSL Record Layer Record Protocol Transport Layer TCP/IP Figure 2.3: TLS/SSL Protocol Layers security enhancement capabilities between both parts. Next, the server will send its certificate in a Certificate message and ask for the client certificate. To finish the handshake phase of the protocol, the server sends a Server Hello Done message. The server will then wait for a client response. The client sends its certificate and the Client Key Exchange message. The content of that message will depend on the public key algorithm selected between the ClientHello and the ServerHello. Next, the client sends a Change Cipher Spec message and the client copies the pending Cipher Spec into the current Cipher Spec. The client then immediately sends the Finished message under the new algorithms, keys, and secrets. In response, the server will send its own Change Cipher Spec message, transfer the pending to the current Cipher Spec, and send its Finished message under the new Cipher Spec. At this point, the handshake is complete, and the client and server may begin to exchange application layer data [17]. As stated above, a number of operations in the TLS record and handshake layer require a keyed MAC to protect message integrity or to construct key derivation functions. For all versions of TLS the construction used is an HMAC. However, in TLS 1.2 other cipher suites may define their own MAC constructions, if needed [17]. In the TLS handshake layer, the HMAC can be used with several hash algorithms. For handshaking, TLS 1.0 and TLS 1.1 can use two different algorithms, MD5 (HMAC MD5) and SHA-1 (HMAC SHA). Other hash algorithms can be defined by cipher suites and used to protect record data, but MD5 and SHA-1 are hard coded [16]. TLS 1.2 moved away from the hard coded MD5 and SHA-1. When TLS 1.2 is negotiated, the default hash function for all cipher suites defined is SHA-256. TLS 1.2 also advices the use of SHA-256 or a stronger standard hash function for new cipher suites [17]. Another important element

41 Chapter 2. Context and Related Work 21 Client 1. ClientHello 2. Server Hello 3. Server Certificate 4.Client Certificate Request 5. Server Hello Done 6.Client Certificate 7. ClientKey Exchange 8. Certificate Verify 9. Change Cipher Spec 10. Finished 11. Change Cipher Spec 12. Finished Server Figure 2.4: TLS Handshake Protocol (with mutual authentication) in TLS handshaking is the Pseudo-Random Function (PRF). The PRF is used to calculate the master secret, calculate session keys, and verify the negotiated algorithms. For TLS, the definition of the PRF is based on HMAC. The PRF takes as input a secret, a seed, and an identifying label and produces an output of arbitrary length [17]. For TLS 1.0 and TLS 1.1, the PRF is created by splitting the secret into two halves and using one half to generate data with P SHA-1 and the other half to generate data with P SHA-1, then exclusive-or ing the outputs of these two expansion functions together [16]. The expression for PRF is the following, P RF (secret, label, seed) = P MD5(S1, label + seed) P SHA1(S2, label + seed) (2.2) where S1 and S2 are the two halves of the secret and + indicates a concatenation. PRF for TLS 1.2 is based on HMAC as well, but does not require spliting the secret. This way only one hash function is used [17]. The expression for PRF is the following, P RF (secret, label, seed) = P hash(secret, label + seed) (2.3) where + indicates a concatenation. In order to begin connection protection, the TLS Record Protocol requires specification of a suite of algorithms, a master secret, and the client and server random values. For all key exchanged methods, the same algorithm is used to convert the pre master secret into the master secret. The master secret is always exactly 48 bytes in length. The length of the pre master secret will vary depending on the key exchange method [17]. There are a few methods for key exchange, like RSA [65] and Diffie-Hellman [64]. When

42 Chapter 2. Context and Related Work 22 RSA is used for server authentication and key exchange, a 48-byte pre master secret is generated by the client, encrypted under the public key of the server, and sent to the server. The server uses its private key to decrypt the pre master secret. Both parties then convert the pre master secret into the master secret. In the Diffie-Hellman method, the negotiated key is used as the pre master secret, and is converted into the master secret. Diffie-Hellman parameters are specified by the server and may be ephemeral or contained within the certificate of the server [17]. A fundamental element for TLS is the Public Key Infrastructure (PKI). PKI is used to manage digital certificates and public-key encryption [2]. One popular implementation of a PKI is EJBCA icvv The icvv (integrated Circuit Card Verification Value) is used in credit cards to authenticate and authorize transactions in a secure and inexpensive way. There is a unique check value encoded on the magnetic strip of every card, which is validated during the authorization process for the transaction to detect counterfeit cards, protecting against the copying of magnetic-strip data. icvv is calculated from data encoded on the magnetic strip using a secure cryptographic process [77]. The main advantage of the icvvs is that they are not expensive (can be easily computed even by low power device such as smart cards) and a secure way of authorizing transactions One-Time Password A one-time password is a password that is valid for only one login session or operation. opass [73] is one such technique where the one-time password is generated by means of a secure one-way hash function. With a given input, the set of one-time passwords is established by a hash chain through multiple hashing. Assuming we wish to prepare N one-time passwords, the first of these passwords is produced by performing N hashes on input c. The next one-time password is obtained by performing N-1 hashes, and so on. So, the general formula that define these steps is δ i = h N 1 (c) (2.4) For security reasons [73], one-time passwords are used in reverse order. If an old one-time password is leaked, the attacker is unable to derive the next one. Besides, the input c is derived from a long-term password P, the identity of the server (ID), and a random seed (S) generated by the server, according the following expression c = h(p ID S) (2.5)

43 Chapter 2. Context and Related Work Networking and Cryptography Library (NaCl) NaCl [7] is a cryptographic library, designed and implemented to address and solve the problems created by other libraries, such as OpenSSL. NaCl is a clean slate implementation of primitives for authenticated public-key and authenticated shared-key encryption, public-key and shared-key signatures, hashing, keyed hashes for short messages, and secure pseudo-random numbers generation. It provides a simple and easy to use API. This, by itself, significantly reduces the likelihood of mistakes because developers do not need to worry about all the details for correctly setting up secure communications. NaCL is an attempt to provide a less complex, efficient, yet provably secure alternative to OpenSSLlike implementations. Its security has been thoroughly scrutinized. Moreover, researchers have already developed automated formal verification methods for NaCl, which prove the resistance against different classes of side-channel attacks, such as timing [31] Diffie-Hellman Diffie-Hellman is a method for key agreement that requires both the sender and the receiver of a message know a key pair. By combining one s private key and the other public key, both elements can compute the same shared secret number. This number can then be converted into cryptographic keying material. That keying material is typically used as a key-encryption key to encrypt a content-encryption key which is in turn used to encrypt the message data [64] KDF Key derivation functions (KDFs) are used to generate secure cryptographic keys, i.e., keys that can resist to different types of attacks such as brute force and exhaustive key search attacks [79, 50]. KDFs have common design characteristics, such as strong hash functions to compute digests for the raw key material. A secure KDF can be defined as H (c) (p s c) [79]. H is a strong hash function such as SHA256 or SHA512 [1]. The exponent c represents the number of iterations used to make the task of the attackers harder. A common value for c is This exponent is particularly necessary if the entropy of the input p (e.g., password, seed, key) is unknown. In practice, the input of the KDF is likely to be of low-entropy [79, 42]. While in some use cases a high exponent c might be necessary to increase the cost of an attack trying to recover the key, it also significantly increases the cost of the key derivation function latency-sensitive applications. Given the context and the introduction of the problems, in the next chapter we present a new security architecture for SDN that offers the same level of security of traditional techniques with improved performance and robustness.

44

45 Chapter 3 The SDN KISS: An Architecture for Keeping It Simple and Secure As explained in Section 2.2.2, control plane communications represent one of the the weakest link of SDN, from a security point of view. Attacks in the control plane communications can lead to critical security breaches. To address this issue, we make two contributions in this dissertation, which are motivated by the slow adoption of TLS and the principles and practices recommended by ONF. We estimate the slow adoption of security mechanisms to be due, to a good extent, to two problems: the performance impact of security mechanisms and the complexity of the supporting infrastructures (i.e., the PKI). First, we investigate the impact of essential security primitives on the performance and scalability of control plane communications. In particular, we investigate the impact of hashing and MAC primitives which are used by nearly all security protocols. Our goal is to understand how these primitives affect the control plane performance to allows us to select the ones that offer a good trade-off between security and performance. Second, we propose an innovative security architecture for SDN. The main goal of our architecture is to offer the same security guarantees as traditional infrastructures, TLS and the PKI, but increasing its robustness (by reducing the threat surface) and its performance (by using the security primitives and implementations that present lower overhead). The design of our solution includes a novel component, the integrated device verification value (idvv). Its idea was inspired by the icvvs (integrated card verification values) used in credit cards to authenticate and authorize transactions in a secure and inexpensive way. We develop the idea for SDN, proposing a flexible method of generating idvvs by adapting proven one-time password techniques and efficient cryptographic primitives. idvvs can safely replace existing key-exchange protocols and key derivation mechanisms, such as those used in TLS [16] and IKEv2bis [24], in the context of SDN. idvvs are simpler and faster to generate, making them a good choice for providing stronger security for communications (e.g., by ensuring one authentication code per packet). 25

46 Chapter 3. The SDN KISS: An Architecture for Keeping It Simple and Secure 26 The architecture relies on an anchor of trust that provides logically-centralized security services such as device registration and association. The anchor of trust is also responsible for providing strong security by means of a source of strong entropy and a resilient pseudorandom generator. This is particularly crucial to avoid the recurrent security incidents caused by weak sources of entropy, which compromise the strength of cryptographic keys [39, 30, 46] (this has been identified as a wide spread problem in networking devices) and are the cause of many security pitfalls of computer systems [76]. 3.1 Security and Performance Analysis In this section we provide an insight on the impact of cryptographic primitives on control plane communications. Hashing and MACs are the essential primitives for providing security properties such as authenticity and integrity in protocols used for securing communications. We compared the performance of several hashing and MAC primitives, including different implementations such as those provided by the OpenSSL (version 1.0.0) and PolarSSL (version 1.3.9) libraries, two of the most widely used SSL implementations. PolarSSL has been used for different applications, including post quantum SSL/TLS for embedded platforms [12]. The primitives were evaluated on an Intel Core i3-3217u 1.80GHz with 256KB L2 / 3MB L3 cache, 4GB SODIMM at 1600MHz, with hyper-threading enabled and running Ubuntu Desktop LTS. Before running the experiments we turned off overclocking and dynamic CPU frequency scaling. We fixed the frequency of each core to its highest value (e.g., 1800MHz). To measure the execution latency we used Linux s resource usage system call (getrusage()) to get only the user CPU execution time. This allowed us to obtain fine-grained measurements Connection and Communication Costs Our first experiments assess the performance of TCP and TLS on control plane communications. We analyze the latency of connection setup and latency of the communications. The controllers and forwarding devices are emulated and implemented in C, using OpenSSL and PolarSSL. We ran the standard configuration for both libraries, i.e., without any library-specific optimizations. The numbers we present in this section represent the median of 10 thousand executions. The standard deviation is very small and it is imperceptible in the graphs. The connection setup time (per forwarding device) is shown in Figure 3.1. The higher cost of TLS is a result of the handshake between the devices. While TCP uses a simple three-way handshake, TLS imposes a far more complex handshake of twelve messages for mutual authentication between the communicating entities. As expected, the overhead increases non-linearly (note the plot is log 10 in the y axis and log 2 in the x axis) with the number of forwarding devices. Interestingly, our results also suggest that the choice of

47 Chapter 3. The SDN KISS: An Architecture for Keeping It Simple and Secure PolarSSL OpenSSL TCP Setup time (ms) Number of forwarding devices Figure 3.1: TCP and TLS connection setup times (in log scale) implementation can play a key role on the performance. On average the overhead of PolarSSL (over TCP) is nearly 70x, whereas the overhead of OpenSSL is around 15x. Although important, for most cases the connection setup cost might not be critical, as its cost can be amortized by maintaining a persistent connection. More important (arguably) is the cost per control message. Figure 3.2 shows the communication cost (in terms of latency per message) considering a load of 10 thousand FLOW MOD messages (56 bytes, as specified in OpenFlow 1.4 [61]) per forwarding device. We have also evaluated the cost with 10 thousand PACKET IN messages (32 bytes) but, as the result was similar, we do not include it in the graphs for clarity sake. Similarly to the connection setup, the costs of TCP, OpenSSL and PolarSSL present a non linear growth with the number of devices. Due to the high overhead of cryptographic primitives (which will be explored in the next section) OpenSSL communications have an average latency approximately 4x higher than TCP. The PolarSSL implementation is significantly worse, increasing the latency to nearly 15x when compared with TCP. In summary, the cost introduced by cryptographic primitives is non-negligible for the control plane communications. It is worth mentioning that the overhead resulted from cryptographic primitives will be even more severe in commodity switching devices, as they have far less powerful CPUs than the ones we used in our analysis.

48 Chapter 3. The SDN KISS: An Architecture for Keeping It Simple and Secure Latency of control communications (ms) FLOW-MOD.PolarSSL FLOW-MOD.OpenSSL FLOW-MOD.TCP Number of forwarding devices Figure 3.2: FLOW MOD latency (in log scale) The Impact of Cryptographic Primitives In this section, we explore a bit further the impact of using cryptographic techniques by evaluating essencial security primitives such as hashing and MAC. To measure the impact of these cryptographic primitives we turned off hyper-threading. This removes eventual noise and randomness introduced by scheduling more than one process at the same time to a single core. To remove the bias that would occur in measuring the performance of the different cryptographic primitives using the CPU caches, we artificially turned them off. For this purpose, we randomly generated an input two times larger than the largest cache (L3) and used it (in a circular fashion) to force cache misses. The numbers we present in the following graphs represent the median of 15 million executions (again, the standard deviation was too small to be perceptible). We analyzed the performance of nine hashing primitives. The results are presented in Figure 3.3. The orange bars represent primitives that are provided by OpenSSL, while the blue bars (BLAKE and KECCAK) represent their original implementations (as they are not part of OpenSSL). From this figure it is clear that the primitives with smaller digest sizes (SHA-1 and MD5) achieve better performance, as expected. Interestingly, the stronger versions of the SHA and BLAKE families achieve comparable performance (slightly slower) with higher security guarantees. In the case of KEC- CAK and BLAKE, the difference in performance is due to the additional computational

49 Chapter 3. The SDN KISS: An Architecture for Keeping It Simple and Secure Latency for messages of 56 bytes Time (in ms) KECCAK256 BLAKE256 SHA256 SHA512 BLAKE512 KECCAK512 RIPEMD160 SHA1 MD5 Figure 3.3: Hashing Primitives complexity of the mechanisms employed: the former requires 24 rounds of permutation on each compression step, while the later requires up to 16 rounds. To understand the impact of using different implementations, in Figure 3.4 we present five hashing primitives that have different implementations available. Besides primitives provided by OpenSSL and PolarSSL, we also include EVP, a library that provides a high level interface to cryptographic functions. Its main purpose is the ability to replace cryptographic algorithms without having to modify applications. However, it comes with a price and this can be observed in our results. The same OpenSSL primitives used through an EVP interface experience a penalty between 2% and 7%. Interestingly, OpenSSL implementations are the ones showing the best performance for hashing primitives. In addition, with the exception of the RIPEMD160 case, the implementation that results in higher message latency is PolarSSL. We further analyzed the latency of six MAC primitives, and shown in Figure 3.5. Poly1305-AES outperformed all MAC primitives. This primitive is designed to provide security with high speed and low per-message overhead [6]. Our results confirm that it fulfills its objective. It is approximately 3.9x times faster than the OpenSSL s HMAC- SHA1, and 6.9x faster than HMAC-SHA512, for instance. For the MAC primitives the choice of specific implementations is again relevant. Curiously, in this case the PolarSSL implementation always outperforms the equivalent OpenSSL one. The reason may lie on

50 Chapter 3. The SDN KISS: An Architecture for Keeping It Simple and Secure Latency for messages of 56 bytes PolarSSL EVP OpenSSL Time (in ms) SHA256 RIPEMD160 SHA512 SHA1 MD5 Figure 3.4: Implementations of Hashing Primitives the fact that OpenSSL does not provide native HMAC implementations, but rather highly configurable HMACs through EVP interfaces. These primitives thus carry the overhead of EVP and the extra cost of configurability The Impact of Securing the Control Plane SDN controllers have to be capable of dealing with the challenging workloads of largescale data centers. In these environments new flows can arrive at a given forwarding device every 10 µs and last less than 100ms [5]. This means that even a data center with as few as 100 switches can result in a peak load of 10M new flows/s. Current controllers are capable of achieving this throughput using TCP, as is the case of Beacon (12M flows/s) and Merlin (20M flows/s) [27]. However, what happens if we add even the most basic security primitives to provide security properties such as authenticity and integrity? Considering Poly1305-AES at least 11 dedicated cores are needed to compute a MAC, in order to meet a goal of 12M flows/s. To understand the importance of judiciously selecting the security primitive implementation, the HMAC-SHA512 OpenSSL (worst case performance in the analysis), requires up to 39 cores to compute MACs for 12M messages/s. In summary, our findings indicate that the inclusion of cryptographic primitives results in a non-negligible impact on the latency and throughput of the control plane. Im-

51 Chapter 3. The SDN KISS: An Architecture for Keeping It Simple and Secure Latency for messages of 56 bytes PolarSSL OpenSSL AES Time (in ms) HMAC-SHA512 HMAC-SHA256 HMAC-RIPEMD160 HMAC-SHA1 HMAC-MD5 POLY1305 Figure 3.5: MAC Primitives portantly, a careful choice of the primitives used and their respective implementations can significantly contribute to reduce the performance penalty and enable feasible solutions in particular scenarios. Taking this into consideration, in the architecture we propose next we have chosen Poly1305-AES and SHA512 OpenSSL as cryptographic primitives. Together they provide a good trade-off between security and performance for control plane communications. 3.2 SDN KISS Architecture We propose a modular architecture composed of three main components, as illustrated in Figure 3.6: controllers, forwarding devices and an anchor of trust (AoT). The anchor of trust is the component responsible for providing logically-centralized security services. The logical centralization of these services in the AoT allows reducing the complexity of forwarding devices and controllers.

52 Chapter 3. The SDN KISS: An Architecture for Keeping It Simple and Secure 32 SDN CONTROLLER Net Net App App Net App Net App Net App Net App Network Operating System CryptoT idvv ANCHOR OF TRUST Device Registration SDN DEVICE FLOW TABLES idvv Device Association Strong Entropy CryptoT Figure 3.6: General Architecture Anchor of Trust (AoT) The anchor of trust 2 provides three security related services: device registration, device association and strong entropy, as shown in Figure 3.6. Strong entropy is an important service to ensure stronger security. To avoid the weaknesses of traditional sources of entropy, as those provided in networking devices, the AoT provides a source of strong entropy, which can be used by all devices. This source of entropy ensures the strong randomness required to generate seeds, pseudorandom numbers, secrets, among other cryptographic material. All devices have to be first registered within the AoT. The device registration can be done by the network administrator. Each device is uniquely identified in the network by the AoT using information such as the MAC address, CPU serial number and process ID. The resulting ID is a 16-byte MAC resulted from the information of the device plus a random value associated by the AoT. During registration the anchor of trust generates two secret and indistinguishable from random values, a seed and an associationid. These two secrets are generated using the strong source of entropy, which is essential to ensure strong security. The association module is used to establish authorized and secure communications between two network devices (typically between a switch and a controller). This service includes a secure protocol that installs the two secret values - seed and associationid - in both devices. These secret values will be used to secure the communications between the two devices as we will explain next. 2 The work performed on this specific component was done jointly with Diego Kreutz.

CSC 401 Data and Computer Communications Networks

CSC 401 Data and Computer Communications Networks CSC 401 Data and Computer Communications Networks Network Layer ICMP (5.6), Network Management(5.7) & SDN (5.1, 5.5, 4.4) Prof. Lina Battestilli Fall 2017 Outline 5.6 ICMP: The Internet Control Message

More information

UNIVERSITY OF CAGLIARI

UNIVERSITY OF CAGLIARI UNIVERSITY OF CAGLIARI DIEE - Department of Electrical and Electronic Engineering Infrastrutture ed Applicazioni Avanzate nell Internet SDN: Control Plane ACK: content taken from Foundations of Modern

More information

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT Mestrado em Engenharia Informática e de Computadores PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT 2010-2011 Metodologia de Projecto 4 - Project Methodology 4 1 Hierarchical

More information

Software-Defined Networking (SDN) Overview

Software-Defined Networking (SDN) Overview Reti di Telecomunicazione a.y. 2015-2016 Software-Defined Networking (SDN) Overview Ing. Luca Davoli Ph.D. Student Network Security (NetSec) Laboratory davoli@ce.unipr.it Luca Davoli davoli@ce.unipr.it

More information

Chapter 5 Network Layer: The Control Plane

Chapter 5 Network Layer: The Control Plane Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you

More information

CS 4226: Internet Architecture

CS 4226: Internet Architecture Software Defined Networking Richard T. B. Ma School of Computing National University of Singapore Material from: Scott Shenker (UC Berkeley), Nick McKeown (Stanford), Jennifer Rexford (Princeton) CS 4226:

More information

Implementing and Managing Windows 10 ( )

Implementing and Managing Windows 10 ( ) Implementing and Managing Windows 10 (20697-1) Formato do curso: Presencial Com certificação: Microsoft Certified Solutions Associate (MCSA) Preço: 1630 Nível: Intermédio Duração: 35 horas Este curso permite

More information

Software Defined Networking

Software Defined Networking Software Defined Networking Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 http://www.cs.princeton.edu/courses/archive/spr12/cos461/ The Internet: A Remarkable

More information

Querying Microsoft SQL Server 2014 (20461)

Querying Microsoft SQL Server 2014 (20461) Querying Microsoft SQL Server 2014 (20461) Formato do curso: Presencial e Live Training Localidade: Lisboa Com certificação: MCSA: SQL Server Data: 14 Nov. 2016 a 25 Nov. 2016 Preço: 1630 Promoção: -760

More information

Cloud Security Gaps. Cloud-Native Security.

Cloud Security Gaps. Cloud-Native Security. Cloud Security Gaps Cloud-Native Security www.aporeto.com Why Network Segmentation is Failing Your Cloud Application Security How to Achieve Effective Application Segmentation By now it s obvious to security-minded

More information

Deploying and Managing Windows 10 Using Enterprise Services ( )

Deploying and Managing Windows 10 Using Enterprise Services ( ) Deploying and Managing Windows 10 Using Enterprise Services (20697-2) Formato do curso: Presencial Com certificação: Microsoft Certified Solutions Associate (MCSA) Preço: 1670 Nível: Intermédio Duração:

More information

CORBA Based Architecture for Large Scale Workflow. Master thesis defended in August 21 st, Institute of Computing UNICAMP Campinas - SP

CORBA Based Architecture for Large Scale Workflow. Master thesis defended in August 21 st, Institute of Computing UNICAMP Campinas - SP CORBA Based Architecture for Large Scale Workflow. Master thesis defended in August 21 st, 2000. Institute of Computing UNICAMP Campinas - SP Autor: Roberto Silveira Silva Filho, Jacques Wainer, Edmundo

More information

Real-time Communications Security and SDN

Real-time Communications Security and SDN Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,

More information

Securing Mobile Devices

Securing Mobile Devices Impacts of Mobile Devices Securing Mobile Devices Mobile devices are changing the business landscape. As enterprises have moved toward global business operations, these devices have become indispensable.

More information

An Architecture For Computational Grids Based On Proxy Servers

An Architecture For Computational Grids Based On Proxy Servers An Architecture For Computational Grids Based On Proxy Servers P. V. C. Costa, S. D. Zorzo, H. C. Guardia {paulocosta,zorzo,helio}@dc.ufscar.br UFSCar Federal University of São Carlos, Brazil Abstract

More information

Web-Based User Interface for the Floodlight SDN Controller

Web-Based User Interface for the Floodlight SDN Controller 3175 Web-Based User Interface for the Floodlight SDN Controller Hakan Akcay Department of Computer Engineering, Istanbul University, Istanbul Email: hknakcay@gmail.com Derya Yiltas-Kaplan Department of

More information

Service Mesh and Microservices Networking

Service Mesh and Microservices Networking Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards

More information

Research on Firewall in Software Defined Network

Research on Firewall in Software Defined Network Advances in Computer, Signals and Systems (2018) 2: 1-7 Clausius Scientific Press, Canada Research on Firewall in Software Defined Cunqun Fan a, Manyun Lin, Xiangang Zhao, Lizi Xie, Xi Zhang b,* National

More information

Cisco Extensible Network Controller

Cisco Extensible Network Controller Data Sheet Cisco Extensible Network Controller Product Overview Today s resource intensive applications are making the network traffic grow exponentially putting high demands on the existing network. Companies

More information

Securing BGP. Geoff Huston November 2007

Securing BGP. Geoff Huston November 2007 Securing BGP Geoff Huston November 2007 Agenda An Introduction to BGP BGP Security Questions Current Work Research Questions An Introduction to BGP Background to Internet Routing The routing architecture

More information

From Zero Touch Provisioning to Secure Business Intent

From Zero Touch Provisioning to Secure Business Intent From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration with Silver Peak s EdgeConnect SD-WAN Solution From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration

More information

Chapter 5 Network Layer: The Control Plane

Chapter 5 Network Layer: The Control Plane Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you

More information

A NEW CONSTRUCTIVE HEURISTIC METHOD FOR MINIMIZING MAKESPAN IN PERMUTATION FLOW SHOP SCHEDULING

A NEW CONSTRUCTIVE HEURISTIC METHOD FOR MINIMIZING MAKESPAN IN PERMUTATION FLOW SHOP SCHEDULING A NEW CONSTRUCTIVE HEURISTIC METHOD FOR MINIMIZING MAKESPAN IN PERMUTATION FLOW SHOP SCHEDULING Marcelo Seido Nagano Faculdade de Economia, Administração e Contabilidade, Universidade de São Paulo Av.

More information

Migration and Building of Data Centers in IBM SoftLayer

Migration and Building of Data Centers in IBM SoftLayer Migration and Building of Data Centers in IBM SoftLayer Advantages of IBM SoftLayer and RackWare Together IBM SoftLayer offers customers the advantage of migrating and building complex environments into

More information

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment Paper Delivering Strong Security in a Hyperconverged Data Center Environment Introduction A new trend is emerging in data center technology that could dramatically change the way enterprises manage and

More information

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,

More information

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks. MOBILE COMMUNICATION AND INTERNET TECHNOLOGIES Software Defined Networks and Courtesy of: AT&T Tech Talks http://web.uettaxila.edu.pk/cms/2017/spr2017/temcitms/ MODULE OVERVIEW Motivation behind Software

More information

CIP Security Pull Model from the Implementation Standpoint

CIP Security Pull Model from the Implementation Standpoint CIP Security Pull Model from the Implementation Standpoint Jack Visoky Security Architect and Sr. Project Engineer Rockwell Automation Joakim Wiberg Team Manager Technology and Platforms HMS Industrial

More information

Enabling Efficient and Scalable Zero-Trust Security

Enabling Efficient and Scalable Zero-Trust Security WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support

More information

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud PRESENTED BY How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud BIG-IP enables the enterprise to efficiently address security and performance when migrating to

More information

Lecture 10.1 A real SDN implementation: the Google B4 case. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

Lecture 10.1 A real SDN implementation: the Google B4 case. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Lecture 10.1 A real SDN implementation: the Google B4 case Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it WAN WAN = Wide Area Network WAN features: Very expensive (specialized high-end

More information

Multi-Dimensional Service Aware Management for End-to-End Carrier Ethernet Services By Peter Chahal

Multi-Dimensional Service Aware Management for End-to-End Carrier Ethernet Services By Peter Chahal Multi-Dimensional Service Aware Management for End-to-End Carrier Ethernet Services By Peter Chahal We all know Ethernet based on its long history as the LAN connectivity technology of choice. Recently,

More information

Network Layer: The Control Plane

Network Layer: The Control Plane Network Layer: The Control Plane 7 th Edition, Global Edition Jim Kurose, Keith Ross Pearson April 06 5- Software defined networking (SDN) Internet network layer: historically has been implemented via

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

Man in the Middle Attacks and Secured Communications

Man in the Middle Attacks and Secured Communications FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow

More information

Storage Access Network Design Using the Cisco MDS 9124 Multilayer Fabric Switch

Storage Access Network Design Using the Cisco MDS 9124 Multilayer Fabric Switch Storage Access Network Design Using the Cisco MDS 9124 Multilayer Fabric Switch Executive Summary Commercial customers are experiencing rapid storage growth which is primarily being fuelled by E- Mail,

More information

Enable Infrastructure Beyond Cloud

Enable Infrastructure Beyond Cloud Enable Infrastructure Beyond Cloud Tim Ti Senior Vice President R&D July 24, 2013 The Ways of Communication Evolve Operator s challenges Challenge 1 Revenue Growth Slow Down Expense rate device platform

More information

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data An Efficient Privacy-Preserving Ranked Keyword Search Method Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy preserving. Therefore it is essential to develop

More information

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect

More information

Local Area Networks) and priority with the Ethernet technology.

Local Area Networks) and priority with the Ethernet technology. The objective of this module is to introduce the concept of VLANs (Virtual Local Area Networks). VLANs are important to improve performance and security of IP networks. VLAs affects the form that IP addresses

More information

Taxonomy of SDN. Vara Varavithya 17 January 2018

Taxonomy of SDN. Vara Varavithya 17 January 2018 Taxonomy of SDN Vara Varavithya 17 January 2018 Modern Data Center Environmentally protected warehouses Large number of computers for compute and storage Blades Computer- Top-of-Rack (TOR) Switches Full

More information

Investigating. Flow Networks. Focusing on the control-data plane communications M.L. Pors

Investigating. Flow Networks. Focusing on the control-data plane communications M.L. Pors Investigating current state Security of Open- Flow Networks Focusing on the control-data plane communications M.L. Pors Investigating current state Security of OpenFlow Networks Focusing on the control-data

More information

IP Mobility vs. Session Mobility

IP Mobility vs. Session Mobility IP Mobility vs. Session Mobility Securing wireless communication is a formidable task, something that many companies are rapidly learning the hard way. IP level solutions become extremely cumbersome when

More information

Network protocols and. network systems INTRODUCTION CHAPTER

Network protocols and. network systems INTRODUCTION CHAPTER CHAPTER Network protocols and 2 network systems INTRODUCTION The technical area of telecommunications and networking is a mature area of engineering that has experienced significant contributions for more

More information

Enabling and Managing Office 365 (20347)

Enabling and Managing Office 365 (20347) Enabling and Managing Office 365 (20347) Formato do curso: Presencial Preço: 1670 Nível: Iniciado Duração: 35 horas Este curso permite aos formandos adquirir conhecimentos na avaliação, planificação, implementação

More information

Configuration and Management of Networks

Configuration and Management of Networks Configuration and Management of Networks 2013/2014 tele1.dee.fct.unl/cgr Programa Arquitecturas de Redes empresariais: Revisão dos principais tipos de rede e tecnologia associada Comutação: Domínios de

More information

Control-M and Payment Card Industry Data Security Standard (PCI DSS)

Control-M and Payment Card Industry Data Security Standard (PCI DSS) Control-M and Payment Card Industry Data Security Standard (PCI DSS) White paper PAGE 1 OF 16 Copyright BMC Software, Inc. 2016 Contents Introduction...3 The Need...3 PCI DSS Related to Control-M...4 Control-M

More information

White paper: Agentless Backup is Not a Myth. Agentless Backup is Not a Myth

White paper: Agentless Backup is Not a Myth. Agentless Backup is Not a Myth White paper: less Backup is Not a Myth less Backup is Not a Myth White paper: less Backup is Not a Myth Executive Summary Backup and recovery software typically requires agents that are installed onto

More information

IX: A Protected Dataplane Operating System for High Throughput and Low Latency

IX: A Protected Dataplane Operating System for High Throughput and Low Latency IX: A Protected Dataplane Operating System for High Throughput and Low Latency Belay, A. et al. Proc. of the 11th USENIX Symp. on OSDI, pp. 49-65, 2014. Reviewed by Chun-Yu and Xinghao Li Summary In this

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

ProgrammableFlow White Paper. March 24, 2016 NEC Corporation

ProgrammableFlow White Paper. March 24, 2016 NEC Corporation March 24, 2016 NEC Corporation Contents Preface 3 OpenFlow and ProgrammableFlow 5 Seven Functions and Techniques in ProgrammableFlow 6 Conclusion 19 2 NEC Corporation 2016 Preface SDN (Software-Defined

More information

Electrical and Computer Engineering

Electrical and Computer Engineering Centroid A Remote Desktop With Multi-OS Interoperability Support André Pimenta Alves Thesis to obtain the Master of Science Degree in Electrical and Computer Engineering Supervisors: Prof. Nuno Miguel

More information

MAGIC OF SDN IN NETWORKING

MAGIC OF SDN IN NETWORKING Innovate, Integrate, Transform MAGIC OF SDN IN NETWORKING www.altencalsoftlabs.com Executive Summary Software Defined Networking (SDN) brings a transformational paradigm shift from traditional vendor-locked

More information

The Hardware Abstraction Layer: Enabling FTOS to Span the Switching and Routing Infrastructure with a Consistent Feature Set and Unified Management

The Hardware Abstraction Layer: Enabling FTOS to Span the Switching and Routing Infrastructure with a Consistent Feature Set and Unified Management White PAPER The Hardware Abstraction Layer: Enabling FTOS to Span the Switching and Routing Infrastructure with a Consistent Feature Set and Unified Management Introduction A generally acknowledged "best

More information

Cybersecurity was nonexistent for most network data exchanges until around 1994.

Cybersecurity was nonexistent for most network data exchanges until around 1994. 1 The Advanced Research Projects Agency Network (ARPANET) started with the Stanford Research Institute (now SRI International) and the University of California, Los Angeles (UCLA) in 1960. In 1970, ARPANET

More information

Achieving End-to-End Security in the Internet of Things (IoT)

Achieving End-to-End Security in the Internet of Things (IoT) Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of

More information

Cisco APIC Enterprise Module Simplifies Network Operations

Cisco APIC Enterprise Module Simplifies Network Operations Cisco APIC Enterprise Module Simplifies Network Operations October 2015 Prepared by: Zeus Kerravala Cisco APIC Enterprise Module Simplifies Network Operations by Zeus Kerravala October 2015 º º º º º º

More information

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the

More information

Analysis of OpenFlow Networks.

Analysis of OpenFlow Networks. Analysis of OpenFlow Networks. Vikram Kulkarni Jayesh Kawli Introduction: Enterprise data center networks are rapidly reaching a breaking point, because of the data center network scale and complexity

More information

SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE

SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 8 9 10 11 12 14 15 16 INTRODUCTION THREATS RISK MITIGATION REFERENCE ARCHITECTURE

More information

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council Use of SSL/Early TLS for POS POI Terminal Connections Date: Author: PCI Security Standards Council Table of Contents Introduction...1 Executive Summary...1 What is the risk?...1 What is meant by Early

More information

Rastreamento de objetos do vpc

Rastreamento de objetos do vpc Rastreamento de objetos do vpc Índice Introdução Rastreamento de objetos do vpc Diagrama de Rede Comandos show da linha de base Introdução Este documento descreve o Rastreamento de objetos do vpc, porque

More information

Lecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

Lecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Lecture 14 SDN and NFV Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Traditional network vs SDN TRADITIONAL Closed equipment Software + hardware Cost Vendor-specific management.

More information

SharePoint 2013 Site Collection and Site Administration (55033)

SharePoint 2013 Site Collection and Site Administration (55033) SharePoint 2013 Site Collection and Site Administration (55033) Formato do curso: Presencial Preço: 1740 Nível: Intermédio Duração: 35 horas Este curso de 5 dias, É destinado a utilizadores avançados de

More information

ARC BRIEF. Software-defined Industrial Networks Deliver Cybersecurity Breakthroughs. Keywords. Summary. By Harry Forbes

ARC BRIEF. Software-defined Industrial Networks Deliver Cybersecurity Breakthroughs. Keywords. Summary. By Harry Forbes ARC BRIEF JUNE 8, 2017 Software-defined Industrial Networks Deliver Cybersecurity Breakthroughs By Harry Forbes Keywords Critical Infrastructure, Cybersecurity, OpenFlow, SDN, Security, SEL, Software-defined

More information

Test Automation in Enterprise Application Development

Test Automation in Enterprise Application Development FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Test Automation in Enterprise Application Development Ana Clara Fernandes Castro Mestrado Integrado em Engenharia Informática e Computação Supervisor: João

More information

THE EMERGING CONTROL HIERARCHY

THE EMERGING CONTROL HIERARCHY THE EMERGING CONTROL HIERARCHY For Service Provider SDN-Enabled Networks White Paper Contents The Emerging Control Hierachy for Service Provider SDN-Enabled Networks... 3 The Three-tier Control Model for

More information

IQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.

IQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song.   HUAWEI TECHNOLOGIES Co., Ltd. IQ for DNA Interactive Query for Dynamic Network Analytics Haoyu Song www.huawei.com Motivation Service Provider s pain point Lack of real-time and full visibility of networks, so the network monitoring

More information

White Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.

White Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic. White Paper February 2005 McAfee Network Protection Solutions Encrypted Threat Protection Network IPS for SSL Encrypted Traffic Network IPS for SSL Encrypted Traffic 2 Introduction SSL Encryption Overview

More information

Application Delivery Using Software Defined Networking

Application Delivery Using Software Defined Networking Application Delivery Using Software Defined Networking Project Leader: Subharthi Paul Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu GITPro World 2013, Palo Alto, CA, April

More information

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud W H I T E P A P E R : O P E N. V P N C L O U D Implementing A Secure OpenVPN Cloud Platform White Paper: OpenVPN Cloud Platform Implementing OpenVPN Cloud Platform Content Introduction... 3 The Problems...

More information

SOFTWARE ARCHITECTURE & DESIGN INTRODUCTION

SOFTWARE ARCHITECTURE & DESIGN INTRODUCTION SOFTWARE ARCHITECTURE & DESIGN INTRODUCTION http://www.tutorialspoint.com/software_architecture_design/introduction.htm Copyright tutorialspoint.com The architecture of a system describes its major components,

More information

Designing and debugging real-time distributed systems

Designing and debugging real-time distributed systems Designing and debugging real-time distributed systems By Geoff Revill, RTI This article identifies the issues of real-time distributed system development and discusses how development platforms and tools

More information

Software Defined Networking(SDN) Wireless application

Software Defined Networking(SDN) Wireless application Software Defined Networking(SDN) Wireless application CMPE257 Wireless Mobile Networks Presented By: Alan Lin 1 Overview SDN Background SWDN Mobile Application 2 Traditional Networks Components: Routers

More information

Innovation policy for Industry 4.0

Innovation policy for Industry 4.0 Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda

More information

IP ALL THE WAY TO THE BEDHEAD

IP ALL THE WAY TO THE BEDHEAD IP ALL THE WAY TO THE BEDHEAD THE BENEFITS OF FULLY IP NURSE CALL SYSTEMS A S F E A T U R E D I N B U I L D I N G B E T T E R H E A L T H C A R E IP all the way - to the bedhead Wandsworth Healthcare were

More information

MCSD Azure Solutions Architect. Sobre o curso. Metodologia. Microsoft. Com certificação. Nível: Avançado Duração: 60h

MCSD Azure Solutions Architect. Sobre o curso. Metodologia. Microsoft. Com certificação. Nível: Avançado Duração: 60h MCSD Azure Solutions Architect Microsoft Com certificação Nível: Avançado Duração: 60h Sobre o curso A GALILEU integrou na sua oferta formativa, o Percurso de Formação e Certificação MCSD Azure Solutions

More information

Partition magic 10 portable. Partition magic 10 portable.zip

Partition magic 10 portable. Partition magic 10 portable.zip Partition magic 10 portable Partition magic 10 portable.zip Norton Partition Magic Windows 10 solidworks premium buy buy camtasia 3ds max 2010 portablepartition magic for portable Windows 7 computer is

More information

PCI DSS Compliance. White Paper Parallels Remote Application Server

PCI DSS Compliance. White Paper Parallels Remote Application Server PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3

More information

A Real-world Demonstration of NetSocket Cloud Experience Manager for Microsoft Lync

A Real-world Demonstration of NetSocket Cloud Experience Manager for Microsoft Lync A Real-world Demonstration of NetSocket Cloud Experience Manager for Microsoft Lync Introduction Microsoft Lync connects people everywhere as part of their everyday productivity experience. When issues

More information

Part III: Evaluating the Business Value of the Hybrid Cloud

Part III: Evaluating the Business Value of the Hybrid Cloud Contents at a Glance Introduction... 1 Part I: Understanding Concepts and Construction... 7 Chapter 1: Discovering the Fundamentals of Your Computing Environment...9 Chapter 2: The Hybrid Cloud Continuum...25

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

Improving ns-3 Emulation Performance for Fast Prototyping of Network Protocols

Improving ns-3 Emulation Performance for Fast Prototyping of Network Protocols FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Improving ns-3 Emulation Performance for Fast Prototyping of Network Protocols Tiago Bluemel Cardoso Mestrado Integrado em Engenharia Informática e Computação

More information

What can the OnBase Cloud do for you? lbmctech.com

What can the OnBase Cloud do for you? lbmctech.com What can the OnBase Cloud do for you? lbmctech.com The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, long tracks of outstanding

More information

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

CYBER ATTACKS EXPLAINED: PACKET SPOOFING CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service

More information

Speculative Execution by using Software Transactional Memory

Speculative Execution by using Software Transactional Memory Universidade Nova de Lisboa Faculdade de Ciências e Tecnologia Departamento de Informática Dissertação de Mestrado Mestrado em Engenharia Informática Speculative Execution by using Software Transactional

More information

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system

More information

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored the onbase cloud ONBASE CLOUD // Experience Matters The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, an established history of

More information

Security Statement Revision Date: 23 April 2009

Security Statement Revision Date: 23 April 2009 Security Statement Revision Date: 23 April 2009 ISL Online, ISL Light, ISL AlwaysOn, ISL Pronto, and ISL Groop are registered trademarks of XLAB d.o.o. Copyright (c) 2003-2009 XLAB d.o.o. Ljubljana. All

More information

TSHOOT (TROUBLESHOOTING AND MAINTAINING CISCO IP NETWORKS) 2.0

TSHOOT (TROUBLESHOOTING AND MAINTAINING CISCO IP NETWORKS) 2.0 TSHOOT (TROUBLESHOOTING AND MAINTAINING CISCO IP NETWORKS) 2.0 Objetivo O treinamento TSHOOT (Troubleshooting and Maintaining Cisco IP Networks) v2.0 apresenta teoria focada e intensivo uso de laboratório,

More information

Key-value store with eventual consistency without trusting individual nodes

Key-value store with eventual consistency without trusting individual nodes basementdb Key-value store with eventual consistency without trusting individual nodes https://github.com/spferical/basementdb 1. Abstract basementdb is an eventually-consistent key-value store, composed

More information

Grid Computing with Voyager

Grid Computing with Voyager Grid Computing with Voyager By Saikumar Dubugunta Recursion Software, Inc. September 28, 2005 TABLE OF CONTENTS Introduction... 1 Using Voyager for Grid Computing... 2 Voyager Core Components... 3 Code

More information

Security: The Key to Affordable Unmanned Aircraft Systems

Security: The Key to Affordable Unmanned Aircraft Systems AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY

More information

A Software-Defined Networking Security Controller Architecture. Fengjun Shang, Qiang Fu

A Software-Defined Networking Security Controller Architecture. Fengjun Shang, Qiang Fu 4th International Conference on Machinery, Materials and Computing Technology (ICMMCT 2016) A Software-Defined Networking Security Controller Architecture Fengjun Shang, Qiang Fu College of Computer Science

More information

Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall

Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall comnet.informatik.uni-wuerzburg.de SarDiNe

More information

ONUG SDN Federation/Operability

ONUG SDN Federation/Operability ONUG SDN Federation/Operability Orchestration A white paper from the ONUG SDN Federation/Operability Working Group May, 2016 Definition of Open Networking Open networking is a suite of interoperable software

More information

A POX Controller Module to Collect Web Traffic Statistics in SDN Environment

A POX Controller Module to Collect Web Traffic Statistics in SDN Environment A POX Controller Module to Collect Web Traffic Statistics in SDN Environment Wisam H. Muragaa, Kamaruzzaman Seman, Mohd Fadzli Marhusin Abstract Software Defined Networking (SDN) is a new norm of networks.

More information

iscsi Technology: A Convergence of Networking and Storage

iscsi Technology: A Convergence of Networking and Storage HP Industry Standard Servers April 2003 iscsi Technology: A Convergence of Networking and Storage technology brief TC030402TB Table of Contents Abstract... 2 Introduction... 2 The Changing Storage Environment...

More information

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology 364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by

More information

2. INTRUDER DETECTION SYSTEMS

2. INTRUDER DETECTION SYSTEMS 1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding

More information