dh-aes-p4: criptografia oportunística entre dispositivos de rede programáveis

The Software-Defined Networking (SDN) paradigm has been widely employed in several ecosystems to manage heterogeneous administrative domains, extend programmable capabilities to intra-domain networks, or even compose cloud-native network architectures. On the other hand, while it can support the a...

ver descrição completa

Na minha lista:
Detalhes bibliográficos
Autor principal: Paiva Neto, Emídio de
Outros Autores: Venâncio Neto, Augusto José
Formato: Dissertação
Idioma:pt_BR
Publicado em: Universidade Federal do Rio Grande do Norte
Assuntos:
Computação
Segurança da rede
Privacidade
Redes definidas por software
Plano de dados programáveis
Endereço do item:https://repositorio.ufrn.br/handle/123456789/47518
Tags: Adicionar Tag
Sem tags, seja o primeiro a adicionar uma tag!
Descrição
Resumo:The Software-Defined Networking (SDN) paradigm has been widely employed in several ecosystems to manage heterogeneous administrative domains, extend programmable capabilities to intra-domain networks, or even compose cloud-native network architectures. On the other hand, while it can support the ability of next-generation networks to adapt to new protocols, SDN increases the scope of attack vectors to the network, resulting in several security issues related to issuance, storage, revocation of cryptographic keys and single point of failure. In light of this, this work explores the opportunistic encryption together with the paradigm of Programming Protocol-independent Packet Processors (P4) and proposes dh-aes-p4: a project to support opportunistic encryption in SDN networks through the key exchange, encryption, and authentication between network devices autonomously, enabling secure communication between P4-based disaggregated data planes. Although there are similar cases in the literature, this work presents itself as a new low-cost, granular (based on network flows) and opportunistic transparent alternative. The results obtained through a emulated testbed reveal that the disaggregation and abstraction of dh-aes-p4 introduces a shared secret key renewal time 17 times lower than the centralized solution Baseline and achieves an average encryption time 27.18% lower than the solution Baseline. Thus, the disaggregated and granular logic of dh-aes-p4, has proved to be an appropriate low-cost solution to ensure secure communication between P4-enabled programmable data planes by optimizing encryption time and latency during exchange of public keys.

Registros relacionados