Presentation is loading. Please wait.

Presentation is loading. Please wait.

A SDN Attestation Approach

Published byAugustus Pope Modified over 5 years ago

Similar presentations

Presentation on theme: "A SDN Attestation Approach"— Presentation transcript:

1 A SDN Attestation Approach
IETF 93 - SDNRG meeting, Prague Ludovic Jacquin / 22th July, 2015

2 “Softwarisation” of the infrastructure
Empowering the application to change the network topology

3 Goals and Assumptions Attacker model
Towards a trustworthy infrastructure Interception and alteration of SDN control plane packets. Rogue SDN controller that attempts to alter configurations of network elements. Flashing of network element firmware with customized software (malicious software, persistent bootkits). Downgrade of network element firmware to an old version (or simply out-of-date version). Attacker model An attacker can attack the Network Element An attacker can attack the control plane The SDN controller is considered secured

4 Automated and trustworthy monitoring for SDN
Introducing a SDN verifier Goal: Assess that SDN configuration on devices match the controller expectations Out-of-band trusted challenge/response of each NE Retrieve the NE expected configuration from the controller Assess correctness of the enforced rules by any NE Meant for continual attestation Application SDN verifier VM VM SDN controlle r Sync vSwitch Challenge: build a trusted reporting mechanism for every network element - physical or virtual. Backend servers Control plane not shown Data plane Monitoring plane

5 Core Root of Trust for Reporting (CRTR)
Monitoring the SDN rules in a network element SDN controlle r SDN verifier Introspection of the SDN context: Monitoring what is really enforced, not just the protocol Sync CRTR alone is not enough The SDN “switch” still needs to be attested Core Root of Trust for Measurement (CRTM) required too Remote Attestation (RA) must be possible by the SDN verifier Need an agent/proxy to communicate SDN context SDN switch RA agent Monitor Report CRTR CRTM Trusted Computing Base (TCB)

6 Remote Attestation requirements
Quick primer on some Trusted Computing mechanism Hardware-based identity Root of Trust for the identities of the device Secure storage Can not be erased with by the software (unless reboot of the device) Can be signed by one of the identities without software intervention Measured boot Each bootstage measures the next stage software it launches Securely stores the measurement Recursively, a device needs a Core Root of Trust for Measurement (CRTM): Implicitly trusted by the user (e.g. verified/audited firmware residing in ROM) Verifier Remote Attestation of a device: Request a signed copy of the securely stored measurements Can assess: device identity and firmware/software stack state (except CRTM) TCG created a networking equipment subgroup (part of embedded systems WG).

7 SDN attestation report
What does the switch need to report, and how? Based on the notion of flow: Filter based on L1/L2/L3/L4 headers Associated with a set of prioritised actions Challenge: SDN rule changes more often than a switch configuration. Traditional (PCR-based) TCG mechanism not fitted for that.

8 Remote Attestation-enabled Network Element
SDN controlle r SDN verifier Sync Network Element SDN context Introspect Get SDN conf. RA agent SDN switch CRTR Report Get RA proof Measure CRTM Store Trusted Device Trusted Computing Base (TCB)

9 Early prototype Hardware Ethernet switch prototype
SDN Verifier – RA agent channel Relies on SNMP for the moment One SET-able OID for a nonce One GET-able OID to retrieve the attestation proof The SDN verifier is in charge to implement a time-out Trusted Platform Module (TPM) as Trusted Device Industry standard Hardware identity Secure storage for measurements Slow device though Measurement storage: ~100ms Creation of the attestation proof: ~600ms RTT (SDN verifier p.o.v.) to retrieve the attestation proof: ~1s

10 Next step: closing the loop
Acting on a misbehaving network elements Automated response Pass the information to the Application Layer App Layer has the visibility to handle the error, e.g. quarantining a faulty switch Forward errors to higher layer Sync SDN verifier

11 Next steps (2): SDN-wide property
NFV software stack Outbound traffic OSS/BSS Assessing traffic isolation throughout the network VNF manager vSwitch VMM VNF NFV orchestrator Hardware Switch Virt. Infra. manager TrustedFW SDN controller vSwitch VMM VNF Hardware Switch Errors Sync TrustedFW SDN verifier Attest switch configurations Control plane not visualised Inbound traffic Dataplane Monitoring plane

12 Thank you

Download ppt "A SDN Attestation Approach"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Live Migration of an Entire Network (and its Hosts) Eric Keller, Soudeh Ghorbani, Matthew Caesar, Jennifer Rexford HotNets 2012.

Live Migration of an Entire Network (and its Hosts) Eric Keller, Soudeh Ghorbani, Matthew Caesar, Jennifer Rexford HotNets 2012.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Alan Shieh Cornell University Srikanth Kandula Microsoft Research Emin Gün Sirer Cornell University Sidecar: Building Programmable Datacenter Networks.

Alan Shieh Cornell University Srikanth Kandula Microsoft Research Emin Gün Sirer Cornell University Sidecar: Building Programmable Datacenter Networks.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/6.857 17 October 2002.

Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.
NFVRG Meeting@IETF92, Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.

NFVRG Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Security Data Transmission and Authentication

Security Data Transmission and Authentication
Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Similar presentations

Ads by Google