A SDN Attestation Approach

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Live Migration of an Entire Network (and its Hosts) Eric Keller, Soudeh Ghorbani, Matthew Caesar, Jennifer Rexford HotNets 2012.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

Alan Shieh Cornell University Srikanth Kandula Microsoft Research Emin Gün Sirer Cornell University Sidecar: Building Programmable Datacenter Networks.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.

NFVRG Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Security Data Transmission and Authentication

Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

Software-Defined Networks Jennifer Rexford Princeton University.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

VeriFlow: Verifying Network-Wide Invariants in Real Time

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Active Security Ryan Hand, Michael Ton, Eric Keller.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

Software Defined Networks for Dynamic Datacenter and Cloud Environments.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.

Trusted Platform Module as Security Enabler for Cloud Infrastructure as a Service (IaaS). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

Security Vulnerabilities in A Virtual Environment

Introduction to Avaya’s SDN Architecture February 2015.

2014 Redefining the Data Center: White-Box Networking Jennifer Casella October 9, 2014 #GHC

Security Data Transmission and Authentication Lesson 9.

Outline PART 1: THEORY PART 2: HANDS ON

Basic Edge Core switch Training for Summit Communication.

Network Virtualization Ben Pfaff Nicira Networks, Inc.

Advanced Network Labs & Remote Network Agent

Xin Li, Chen Qian University of Kentucky

SDN challenges Deployment challenges

Problem: Internet diagnostics and forensics

University of Maryland College Park

Heitor Moraes, Marcos Vieira, Italo Cunha, Dorgival Guedes

Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014

Building a Trustworthy Computer

Virtual Local Area Networks (VLANs) Part I

VDP extension for SR-IOV

Computer Data Security & Privacy

Securing the Network Perimeter with ISA 2004

Outline What does the OS protect? Authentication for operating systems

Module 8: Securing Network Traffic by Using IPSec and Certificates

Overview of SDN Controller Design

TYPES OF SERVER. TYPES OF SERVER What is a server.

Outline What does the OS protect? Authentication for operating systems

Anna Giannakou Christine Morin, Jean-Louis Pazat, Louis Rilling

Software Defined Networking (SDN)

Software Defined Networking (SDN)

Bastion secure processor architecture

Cloud computing mechanisms

Module 8: Securing Network Traffic by Using IPSec and Certificates

Cloud-Enabling Technology

Sai Krishna Deepak Maram, CS 6410

Intel Active Management Technology

Presentation transcript:

A SDN Attestation Approach IETF 93 - SDNRG meeting, Prague Ludovic Jacquin <ludovic.jacquin@hp.com> / 22th July, 2015

“Softwarisation” of the infrastructure Empowering the application to change the network topology

Goals and Assumptions Attacker model Towards a trustworthy infrastructure Interception and alteration of SDN control plane packets. Rogue SDN controller that attempts to alter configurations of network elements. Flashing of network element firmware with customized software (malicious software, persistent bootkits). Downgrade of network element firmware to an old version (or simply out-of-date version). Attacker model An attacker can attack the Network Element An attacker can attack the control plane The SDN controller is considered secured

Automated and trustworthy monitoring for SDN Introducing a SDN verifier Goal: Assess that SDN configuration on devices match the controller expectations Out-of-band trusted challenge/response of each NE Retrieve the NE expected configuration from the controller Assess correctness of the enforced rules by any NE Meant for continual attestation Application SDN verifier VM VM SDN controlle r Sync vSwitch Challenge: build a trusted reporting mechanism for every network element - physical or virtual. Backend servers Control plane not shown Data plane Monitoring plane

Core Root of Trust for Reporting (CRTR) Monitoring the SDN rules in a network element SDN controlle r SDN verifier Introspection of the SDN context: Monitoring what is really enforced, not just the protocol Sync CRTR alone is not enough The SDN “switch” still needs to be attested Core Root of Trust for Measurement (CRTM) required too Remote Attestation (RA) must be possible by the SDN verifier Need an agent/proxy to communicate SDN context SDN switch RA agent Monitor Report CRTR CRTM Trusted Computing Base (TCB)

Remote Attestation requirements Quick primer on some Trusted Computing mechanism Hardware-based identity Root of Trust for the identities of the device Secure storage Can not be erased with by the software (unless reboot of the device) Can be signed by one of the identities without software intervention Measured boot Each bootstage measures the next stage software it launches Securely stores the measurement Recursively, a device needs a Core Root of Trust for Measurement (CRTM): Implicitly trusted by the user (e.g. verified/audited firmware residing in ROM) Verifier Remote Attestation of a device: Request a signed copy of the securely stored measurements Can assess: device identity and firmware/software stack state (except CRTM) TCG created a networking equipment subgroup (part of embedded systems WG).

SDN attestation report What does the switch need to report, and how? Based on the notion of flow: Filter based on L1/L2/L3/L4 headers Associated with a set of prioritised actions Challenge: SDN rule changes more often than a switch configuration. Traditional (PCR-based) TCG mechanism not fitted for that.

Remote Attestation-enabled Network Element SDN controlle r SDN verifier Sync Network Element SDN context Introspect Get SDN conf. RA agent SDN switch CRTR Report Get RA proof Measure CRTM Store Trusted Device Trusted Computing Base (TCB)

Early prototype Hardware Ethernet switch prototype SDN Verifier – RA agent channel Relies on SNMP for the moment One SET-able OID for a nonce One GET-able OID to retrieve the attestation proof The SDN verifier is in charge to implement a time-out Trusted Platform Module (TPM) as Trusted Device Industry standard Hardware identity Secure storage for measurements Slow device though Measurement storage: ~100ms Creation of the attestation proof: ~600ms RTT (SDN verifier p.o.v.) to retrieve the attestation proof: ~1s

Next step: closing the loop Acting on a misbehaving network elements Automated response Pass the information to the Application Layer App Layer has the visibility to handle the error, e.g. quarantining a faulty switch Forward errors to higher layer Sync SDN verifier

Next steps (2): SDN-wide property NFV software stack Outbound traffic OSS/BSS Assessing traffic isolation throughout the network VNF manager vSwitch VMM VNF NFV orchestrator Hardware Switch Virt. Infra. manager TrustedFW SDN controller vSwitch VMM VNF Hardware Switch Errors Sync TrustedFW SDN verifier Attest switch configurations Control plane not visualised Inbound traffic Dataplane Monitoring plane

Thank you