dh-aes-p4: criptografia oportunística entre dispositivos de rede programáveis
The Software-Defined Networking (SDN) paradigm has been widely employed in several ecosystems to manage heterogeneous administrative domains, extend programmable capabilities to intra-domain networks, or even compose cloud-native network architectures. On the other hand, while it can support the a...
Na minha lista:
Autor principal: | |
---|---|
Outros Autores: | |
Formato: | Dissertação |
Idioma: | pt_BR |
Publicado em: |
Universidade Federal do Rio Grande do Norte
|
Assuntos: | |
Endereço do item: | https://repositorio.ufrn.br/handle/123456789/47518 |
Tags: |
Adicionar Tag
Sem tags, seja o primeiro a adicionar uma tag!
|
Resumo: | The Software-Defined Networking (SDN) paradigm has been widely employed in several
ecosystems to manage heterogeneous administrative domains, extend programmable capabilities to intra-domain networks, or even compose cloud-native network architectures.
On the other hand, while it can support the ability of next-generation networks to adapt
to new protocols, SDN increases the scope of attack vectors to the network, resulting in
several security issues related to issuance, storage, revocation of cryptographic keys and
single point of failure. In light of this, this work explores the opportunistic encryption together with the paradigm of Programming Protocol-independent Packet Processors (P4)
and proposes dh-aes-p4: a project to support opportunistic encryption in SDN networks
through the key exchange, encryption, and authentication between network devices autonomously, enabling secure communication between P4-based disaggregated data planes.
Although there are similar cases in the literature, this work presents itself as a new
low-cost, granular (based on network flows) and opportunistic transparent alternative.
The results obtained through a emulated testbed reveal that the disaggregation and abstraction of dh-aes-p4 introduces a shared secret key renewal time 17 times lower than
the centralized solution Baseline and achieves an average encryption time 27.18% lower
than the solution Baseline. Thus, the disaggregated and granular logic of dh-aes-p4, has
proved to be an appropriate low-cost solution to ensure secure communication between
P4-enabled programmable data planes by optimizing encryption time and latency during
exchange of public keys. |
---|