Thomas Kemmerich scite author profile

This article presents an architecture for encryption automation in interconnected Network Function Virtualization (NFV) domains. Current NFV implementations are designed for deployment within trusted domains, where overlay networks with static trusted links are utilized for enabling network security. Nevertheless, within a Service Function Chain (SFC), Virtual Network Function (VNF) flows cannot be isolated and end-to-end encrypted because each VNF requires direct access to the overall SFC data-flow. This restricts both end-users and Service Providers from enabling end-to-end security, and in extended VNF isolation within the SFC data traffic. Encrypting data flows on a per-flow basis results in an extensive amount of secure tunnels, which cannot scale efficiently in manual configurations. Additionally, creating secure data plane tunnels between NFV providers requires secure exchange of key parameters, and the establishment of an east-west control plane protocol. In this article, we present an architecture focusing on these two problems, investigating how overlay networks can be created, isolated, and secured dynamically. Accordingly, we propose an architecture for automated establishment of encrypted tunnels in NFV, which introduces a novel, tiered east-west communication channel between network controllers in a multi-domain environment.

show abstract

Security requirements for service function chaining isolation and encryption

Gunleifsen

Kemmerich

2017

View full text Add to dashboard Cite

Dynamic setup of IPsec VPNs in service function chaining

2019

View full text Add to dashboard Cite

This article describes a novel mechanism for the automated establishment of dynamic Virtual Private Networks (VPN) in the application domain of Network Function Virtualization (NFV). Each hop in an NFV Service Function Chain (SFC) lacks the capability of perflow encryption, that makes the traffic flow in federated NFV environments vulnerable for eavesdropping. Due to the possible lack of bidirectional data plane communication channels between VNFs in an SFC, the Internet Security Key Exchange protocol (IPsec-IKE) is not applicable inside a VNF. Hence, this article introduces an alternative to IPsec-IKE that is specifically designed for NFV environments. This component is named Software Defined Security Associations (SD-SA), which is shown through a proof of concept evaluation to perform better than IPsec-IKE with respect to bandwidth and resource consumption.

show abstract

Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance

Daneshgadeh

Ahmed

Kemmerich

et al. 2019

View full text Add to dashboard Cite

An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined

Daneshgadeh

Kemmerich

Ahmed

et al. 2019

View full text Add to dashboard Cite

Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm

Çakmakçı

Kemmerich

Ahmed

et al. 2020

Journal of Network and Computer Applications

View full text Add to dashboard Cite

External Coordination Media in Capacity-Constrained Multiagent Systems

Kemmerich

Büning

2010

View full text Add to dashboard Cite

Our goal is to understand limitations of simplicity of knowledge structures and reasoning processes in Multiagent Systems. Therefore, we propose a framework that integrates external storage media and a capacity-constrained Multiagent System. Agents can store knowledge internally and on external storage media located in an environment. In some cases, agents either have to forget or to store knowledge externally due to limited internal memory. We define notions of suitable knowledge and let agents learn in the context of an iterative partitioning task problem. Using basic knowledge structures and a simple k-Nearest-Neighbor approach, we evaluate the role of limited internal memory in conjunction with strategic positioning of storage media and knowledge items. We also investigate dependencies between communication, internal memory size, frequently changing settings, and externally stored items. The results show that externally and strategically stored simple knowledge can support agents' reasoning processes. The approach is robust even in highly dynamic settings with small memory and without inter-agent communication.

show abstract

On the Creation of Reliable Digital Evidence

Kuntze

Rudolph

Alva

et al. 2012

View full text Add to dashboard Cite

Traditional approaches to digital forensics deal with the reconstruction of events within digital devices that were often not built for the creation of evidence. This paper focuses on incorporating requirements for forensic readiness-designing in features and characteristics that support the use of the data produced by digital devices as evidence. The legal requirements that such evidence must meet are explored in developing technical requirements for the design of digital devices. The resulting approach can be used to develop digital devices and establish processes for creating digital evidence. Incorporating the legal view early in device design and implementation can help ensure the probative value of the evidence produced the devices.

show abstract

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.