Lightweight Authentication Mechanism for Software Defined Network Using Information Hiding

Abdullaziz, Osamah Ibrahiem; Chen, Yu-Jia; Wang, Li-Chun

doi:10.1109/glocom.2016.7841954

Cited by 18 publications

(14 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, almost no attention has been paid to the security requirements of control plane associations and communication between devices. For instance, only recently, the use of secrecy through obscurity has been proposed to protect SDN controllers from DoS attacks [41]. In this case, the switch authentication ID is hidden in a specific field in the IP protocol.…”

Section: Related Workmentioning

confidence: 99%

The KISS Principle in Software-Defined Networking: A Framework for Secure Communications

Kreutz

Esteves-Veríssimo

et al. 2018

IEEE Secur. Privacy

View full text Add to dashboard Cite

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN.We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms.

show abstract

Section: Related Workmentioning

confidence: 99%

The KISS Principle in Software-Defined Networking: A Framework for Secure Communications

Kreutz

Esteves-Veríssimo

et al. 2018

IEEE Secur. Privacy

View full text Add to dashboard Cite

show abstract

“…A globally recognized, resilient root-of-trust, could dramatically improve the global security of SDN, since current approaches to achieve trust are ad-hoc and partial [1]. Solving this gap would certainly assist in fostering global mechanisms to ensure trustworthy registration and association between devices, as discussed before, but the benefits would go beyond that.…”

Section: Resilient Roots-of-trustmentioning

confidence: 99%

“…Anchor Anchor The anchor needs two master recovery keys, namely the master recovery encryption key 𝐾𝑒𝑟𝑒𝑐 and master recovery MAC key 𝐾ℎ𝑟𝑒𝑐, fundamental for the post-compromise recovery steps described ahead. However, these two master recovery keys, in possession of the authority overseeing anchor (the system administrator), must never appear in the anchor server (if they are to recover from a possible full server compromise), being securely stored and used only in an offline manner 1 . Due to space constraints, we refer the reader to Appendix C of [74] for more information (including a visual representation) regarding the three phases of anchor, namely setup, normal operation, and recovery.…”

Section: System Roles and Setupmentioning

confidence: 99%

ANCHOR: logically-centralized security for Software-Defined Networks

Kreutz,

Yu,

Ramos

et al. 2017

Preprint

View full text Add to dashboard Cite

Software-defined networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems.We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the re-iteration of the successful formula behind SDN -'logical centralization'. As a general concept, we propose anchor, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices.We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.

show abstract

“…F UTURE wireless networks will soon provide ultra-reliable and low latency services, such as industrial automation, e-health, and entertainment applications. For a delaysensitive service, multi-access edge computing (MEC), network function virtualization (NFV) [1], and software defined networking (SDN) [2] [3] are three key network technologies. First, the MEC reduces end-to-end latency by bringing the services closer to the edge of the network.…”

Section: Introductionmentioning

confidence: 99%

Enabling Mobile Service Continuity Across Orchestrated Edge Networks

Abdullaziz

Wang

Chundrigar

et al. 2020

IEEE Trans. Netw. Sci. Eng.

Self Cite

View full text Add to dashboard Cite

Edge networking has become an important technology for providing low-latency services to end users. However, deploying an edge network does not guarantee continuous service for mobile users. Mobility can cause frequent interruptions and network delays as users leave the initial serving edge. In this paper, we propose a solution to provide transparent service continuity for mobile users in large-scale WiFi networks. The contribution of this work has three parts. First, we propose ARNAB architecture to achieve mobile service continuity. The term ARNAB means rabbit in Arabic, which represents an Architecture for Transparent Service Continuity via Double-tier Migration. The first tier migrates user connectivity, while the second tier migrates user containerized applications. ARNAB provides mobile services just like rabbits hop through the WiFi infrastructure. Second, we identify the root-causes for prolonged container migration downtime. Finally, we enhance the container migration scheme by improving system response time. Our experimental results show that the downtime of ARNAB container migration solution is 50% shorter than that of the state-of-the-art migration.

show abstract

Lightweight Authentication Mechanism for Software Defined Network Using Information Hiding

Cited by 18 publications

References 11 publications

The KISS Principle in Software-Defined Networking: A Framework for Secure Communications

The KISS Principle in Software-Defined Networking: A Framework for Secure Communications

ANCHOR: logically-centralized security for Software-Defined Networks

Enabling Mobile Service Continuity Across Orchestrated Edge Networks

Contact Info

Product

Resources

About