Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes

Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hard-coded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has attracted significant attention from both the research community and the industry, permitting operators and programmers in general to run customized packet processing functions. This open-design paradigm is paving the way for an unprecedented wave of innovation and experimentation by reducing the time of designing, testing, and adopting new protocols; enabling a customized, top-down approach to develop network applications; providing granular visibility of packet events defined by the programmer; reducing complexity and enhancing resource utilization of the programmable switches; and drastically improving the performance of applications that are offloaded to the data plane. Despite the impressive advantages of programmable data plane switches and their importance in modern networks, the literature has been missing a comprehensive survey. To this end, this paper provides a background encompassing an overview of the evolution of networks from legacy to programmable, describing the essentials of programmable switches, and summarizing their advantages over Softwaredefined Networking (SDN) and legacy devices. The paper then presents a unique, comprehensive taxonomy of applications developed with P4 language; surveying, classifying, and analyzing more than 200 articles; discussing challenges and considerations; and presenting future perspectives and open research issues.

show abstract

“…Same ideas are applied to P4-MACsec by the same authors. Other works that rely on externs include [193,194].…”

Section: ) Cryptography Schemes Comparison Discussion and Limitationsmentioning

confidence: 99%

“…The goal of this work is to avoid coding cryptographic functions on hardware (VHDL), and thus enables rapid prototyping of in-network applications with security functions. Another work that relies on externs for cryptographic functions is P4NIS [194].…”

Section: ) External Cryptographymentioning

confidence: 99%

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

2021

View full text Add to dashboard Cite

show abstract

“…However, this encryption mechanism still imposes high computational costs in the data plane, due to the interaction process including multiple key agreements between nodes. Liu et al [17] proposed a P4based network immune scheme (P4NIS) against the eavesdropping attacks, which is equipped with three lines of defenses. In the third line, the scheme encrypts all packet payloads in the application layer using traditional cryptographic mechanisms.…”

Section: P4-basedmentioning

confidence: 99%

A Secure and Cached-Enabled NDN Forwarding Plane Based on Programmable Switches

Liu

Gao

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Recently, the rapid development of software-defined networking (SDN) and programming protocol-independent packet processors (P4) provides a potential possibility for the deployment of Named Data Networking (NDN), which has aroused tremendous attention in academia. Existing P4-based NDN solutions mainly focus on how to describe the stateful forwarding characteristics of NDN in a programmable switch environment. However, the existing solutions still face many challenges such as cache availability and data confidentiality and do not support retransmission of interest packets and multicast forwarding of data packets. In this paper, we propose a new NDN forwarding plane based on programmable switches to address the above challenges. We design a decoupled cache module to avoid a large impact on the data plane forwarding performance when the cache function is enabled. Also, we enhance the design of the existing P4-based NDN forwarding plane to support interest retransmission and multicast forwarding of data packets. In addition, with the advantage of network programmability of P4 technology, we extend the content permutation algorithm and integrate it into the NDN forwarding plane, which makes our scheme support lightweight secure forwarding. Finally, we evaluate our scheme in the prototype system and conduct comparative experiments with representative schemes. Experiment results show that our scheme outperforms it in terms of content retrieval latency and received throughput and can support lightweight secure forwarding with low cost.

show abstract

“…Cao et al [ 6 ] proposed an improved identity-based encryption algorithm that lies between the traditional public-key encryption and identity-based public tweezers’ encryption, effectively simplifying the key generation process. In [ 7 ], the scheme first forwards all traffic packets in a disordered manner, using different network paths and protocols, and then distributes the traffic packets from one stream to another based on different encryption schemes. Usually, these schemes that rely on traditional encryptions to secure data confidentiality still face the computational burden of encryption and decryption.…”

Section: Introductionmentioning

confidence: 99%

Lightweight Security Transmission in Wireless Sensor Networks through Information Hiding and Data Flipping

Zhou

Kang

Chen

2022

Sensors

View full text Add to dashboard Cite

Eavesdroppers can easily intercept the data transmitted in a wireless sensor network (WSN) because of the network’s open properties and constrained resources. Therefore, it is important to ensure data confidentiality in WSN with highly efficient security mechanisms. We proposed a lightweight security transmission method based on information hiding and random data flipping to ensure that the ally fusion center (AFC) can achieve confidential data transmission over insecure open links. First, the sensors’ local measurements are coded into a customized binary string, and then before data transmission, some parts of the string are flipped by the sensors according to the outputs of a pre-deployed pseudo-random function. The AFC can recover the flipped binaries using the same function and extract the measurement hidden in the string, while the enemy fusion center (EFC) cannot distinguish flipped and non-flipped data at all, and they cannot restore the measurement correctly as long as one bit in the string is not correctly recovered. We proved the security and anti-interference of the scheme through both simulations and physical experiments. Furthermore, the proposed method is more efficient such that it consumes less power than traditional digital encryptions through real power consumption tests.

show abstract

Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes

Cited by 24 publications

References 48 publications

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

A Secure and Cached-Enabled NDN Forwarding Plane Based on Programmable Switches

Lightweight Security Transmission in Wireless Sensor Networks through Information Hiding and Data Flipping

Contact Info

Product

Resources

About