SlideShare ist ein Scribd-Unternehmen logo

Towards a Security-aware Network Virtualization

Achim Friedland
Achim Friedland
Technologie
1 von 14
Downloaden Sie, um offline zu lesen
Towards a Security-aware Network Virtualization 3rd GI/ITG KuVS Workshop on The Future Internet Munich 05/2009 Achim Friedland SONES GmbH / TU Ilmenau achim.friedland@sones.de
Security Threats in Classical Networks
Security Threats in Virtual Networks
New Security Threats occure… • Sharing of networking ressources with untrusted parties (MalloryVIRTUAL) • Virtualized network equipment might run untrusted or not well understood networking code • Bitter lessons from practical security: Virtualization boundaries can not be guaranteed 100%
Basic Idea: • Reduce the gainable knowledge of an observer • Lower the impact of an attacker • Do not disclose end-to-end information • Do not try to fight an omni-potent attacker
Objectives for a Security-aware NetVirt • Network Virtualization and Abstraction • Flow Separation and Aggregation • Flow Confidentality and Integrity • Preventing Traffic Analysis • Preventing Denial-of-Service • Scalability
Our Approach… • Base protocol: Combination of label forwarding and security protocols (MPLS, IPSec) • Allow multiple recursive instances of the base protocol (ANA Project) (Replace classical network stacks; Enable network abstraction) • Key management protocol for providing traffic analysis resistance (Onion Routing)
Traffic Analysis Resistance: Onion Routing • Onion Routing uses multiple layers of encryption and authenticity • Suffers from a high transmission overhead • Comparable with Strict Source Routing • Not practicable in large!
Proposed Base Protocol: ELSSA Extended Label Stream Switching Architecture
Traffic Analysis Resistance: TASec (1) • Separate encryption of labels and paylaod • Path Encryption: Multiple encryption, but only a single integrity check!
Traffic Analysis Resistance: TASec (2) • Encryption mode based on Counter Mode • But using an entangled encryption scheme • Constant packet size, less encryption (50%) processes compared with Onion Routing
Conclusion • ELSSA provides a network virtualization based on a recursive label-swichting approach with encryption and authenticity • TASec further provides a low-overhead traffic analysis resistance • Combination of both meet the proposed requirements
Future Project Development • Secure the TASec against traffic analysis itself • Release a proof-of-concept implementation (ELSSA-over-UDP/RAWIP) • Defining more application specific (path management) protocols
Thank you… - Questions?

Empfohlen

EC Net Tech FI Cluster meeting October 23 2014 PRISTINE
EC Net Tech FI Cluster meeting October 23 2014 PRISTINEEC Net Tech FI Cluster meeting October 23 2014 PRISTINE
EC Net Tech FI Cluster meeting October 23 2014 PRISTINEICT PRISTINE
 
Week13
Week13Week13
Week13s1160123
 
Poster-A4
Poster-A4Poster-A4
Poster-A4Mohamed Saadawi
 
Cryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpCryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpNetwork Simulation Tools
 
Firewalls
FirewallsFirewalls
FirewallsVibhor Raut
 
Firewalls
FirewallsFirewalls
FirewallsShashwat Shriparv
 
Network security
Network securityNetwork security
Network securityChintan Gosai
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewallsSubi Mastermind
 

Empfohlen

EC Net Tech FI Cluster meeting October 23 2014 PRISTINE
EC Net Tech FI Cluster meeting October 23 2014 PRISTINEEC Net Tech FI Cluster meeting October 23 2014 PRISTINE
EC Net Tech FI Cluster meeting October 23 2014 PRISTINEICT PRISTINE
 
Week13
Week13Week13
Week13s1160123
 
Poster-A4
Poster-A4Poster-A4
Poster-A4Mohamed Saadawi
 
Cryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpCryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpNetwork Simulation Tools
 
Firewalls
FirewallsFirewalls
FirewallsVibhor Raut
 
Firewalls
FirewallsFirewalls
FirewallsShashwat Shriparv
 
Network security
Network securityNetwork security
Network securityChintan Gosai
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewallsSubi Mastermind
 
PhD Thesis NS2 Projects
PhD Thesis NS2 ProjectsPhD Thesis NS2 Projects
PhD Thesis NS2 ProjectsPhdtopiccom
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeOlle E Johansson
 
'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFVOPNFV
 
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...Marco De Benedictis
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentationUshnish Chowdhury
 
FY 2017 project version 2
FY 2017 project version 2FY 2017 project version 2
FY 2017 project version 2Ushnish Chowdhury
 
A secure scheme against power exhausting
A secure scheme against power exhaustingA secure scheme against power exhausting
A secure scheme against power exhaustingjpstudcorner
 
Java 2015 2016 ieee project list-(v)
Java 2015 2016 ieee project list-(v)Java 2015 2016 ieee project list-(v)
Java 2015 2016 ieee project list-(v)S3 Infotech IEEE Projects
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...Nexgen Technology
 
What is NetFlow?
What is NetFlow?What is NetFlow?
What is NetFlow?NetHound
 
Firewalls
FirewallsFirewalls
FirewallsMunesh Kumar
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networkingHNDE Labuduwa Galle
 
Falco docker barcelona
Falco docker barcelonaFalco docker barcelona
Falco docker barcelonamateobur
 
MITM attack demov2
MITM attack demov2MITM attack demov2
MITM attack demov2Scott Lukasek
 
Network Security Thesis Topics
Network Security Thesis TopicsNetwork Security Thesis Topics
Network Security Thesis TopicsPhdtopiccom
 
What Technology Lies Behind VPN
What Technology Lies Behind VPNWhat Technology Lies Behind VPN
What Technology Lies Behind VPNSovello Hildebrand
 
A Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNA Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNijtsrd
 
Blackhole Attack Network Project Topics
Blackhole Attack Network Project TopicsBlackhole Attack Network Project Topics
Blackhole Attack Network Project TopicsNetwork Simulation Tools
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
An Open Framework for Deploying Experimental SCADA Testbed Networks
An Open Framework for Deploying Experimental SCADA Testbed NetworksAn Open Framework for Deploying Experimental SCADA Testbed Networks
An Open Framework for Deploying Experimental SCADA Testbed Networkspgmaynard
 
Designing of SDN-Assisted Bandwidth and Latency Aware Route Allocation
Designing of SDN-Assisted Bandwidth and Latency Aware Route AllocationDesigning of SDN-Assisted Bandwidth and Latency Aware Route Allocation
Designing of SDN-Assisted Bandwidth and Latency Aware Route AllocationPongsakorn U-chupala
 
Qos aware routing protocol for wsn
Qos aware routing protocol for wsnQos aware routing protocol for wsn
Qos aware routing protocol for wsnKamal Patel
 

Weitere ähnliche Inhalte

Was ist angesagt?

PhD Thesis NS2 Projects
PhD Thesis NS2 ProjectsPhD Thesis NS2 Projects
PhD Thesis NS2 ProjectsPhdtopiccom
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeOlle E Johansson
 
'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFVOPNFV
 
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...Marco De Benedictis
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentationUshnish Chowdhury
 
A secure scheme against power exhausting
A secure scheme against power exhaustingA secure scheme against power exhausting
A secure scheme against power exhaustingjpstudcorner
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...Nexgen Technology
 
What is NetFlow?
What is NetFlow?What is NetFlow?
What is NetFlow?NetHound
 
Falco docker barcelona
Falco docker barcelonaFalco docker barcelona
Falco docker barcelonamateobur
 
Network Security Thesis Topics
Network Security Thesis TopicsNetwork Security Thesis Topics
Network Security Thesis TopicsPhdtopiccom
 
What Technology Lies Behind VPN
What Technology Lies Behind VPNWhat Technology Lies Behind VPN
What Technology Lies Behind VPNSovello Hildebrand
 
A Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNA Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNijtsrd
 
An Open Framework for Deploying Experimental SCADA Testbed Networks
An Open Framework for Deploying Experimental SCADA Testbed NetworksAn Open Framework for Deploying Experimental SCADA Testbed Networks
An Open Framework for Deploying Experimental SCADA Testbed Networkspgmaynard
 

Was ist angesagt? (20)

PhD Thesis NS2 Projects
PhD Thesis NS2 ProjectsPhD Thesis NS2 Projects
PhD Thesis NS2 Projects
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the time
 
'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV
 
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
 
FY 2017 project version 2
FY 2017 project version 2FY 2017 project version 2
FY 2017 project version 2
 
A secure scheme against power exhausting
A secure scheme against power exhaustingA secure scheme against power exhausting
A secure scheme against power exhausting
 
Java 2015 2016 ieee project list-(v)
Java 2015 2016 ieee project list-(v)Java 2015 2016 ieee project list-(v)
Java 2015 2016 ieee project list-(v)
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...
 
What is NetFlow?
What is NetFlow?What is NetFlow?
What is NetFlow?
 
Firewalls
FirewallsFirewalls
Firewalls
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networking
 
Falco docker barcelona
Falco docker barcelonaFalco docker barcelona
Falco docker barcelona
 
MITM attack demov2
MITM attack demov2MITM attack demov2
MITM attack demov2
 
Network Security Thesis Topics
Network Security Thesis TopicsNetwork Security Thesis Topics
Network Security Thesis Topics
 
What Technology Lies Behind VPN
What Technology Lies Behind VPNWhat Technology Lies Behind VPN
What Technology Lies Behind VPN
 
A Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNA Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPN
 
Blackhole Attack Network Project Topics
Blackhole Attack Network Project TopicsBlackhole Attack Network Project Topics
Blackhole Attack Network Project Topics
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
An Open Framework for Deploying Experimental SCADA Testbed Networks
An Open Framework for Deploying Experimental SCADA Testbed NetworksAn Open Framework for Deploying Experimental SCADA Testbed Networks
An Open Framework for Deploying Experimental SCADA Testbed Networks
 

Andere mochten auch

Designing of SDN-Assisted Bandwidth and Latency Aware Route Allocation
Designing of SDN-Assisted Bandwidth and Latency Aware Route AllocationDesigning of SDN-Assisted Bandwidth and Latency Aware Route Allocation
Designing of SDN-Assisted Bandwidth and Latency Aware Route AllocationPongsakorn U-chupala
 
Qos aware routing protocol for wsn
Qos aware routing protocol for wsnQos aware routing protocol for wsn
Qos aware routing protocol for wsnKamal Patel
 
Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...
Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...
Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...Rakesh Behera
 
Interference Aware Multi-path Routing in Wireless Sensor Networks
Interference Aware Multi-path Routing in Wireless Sensor NetworksInterference Aware Multi-path Routing in Wireless Sensor Networks
Interference Aware Multi-path Routing in Wireless Sensor NetworksRakesh Behera
 
Jamming aware traffic allocation for multiple-path routing using portfolio se...
Jamming aware traffic allocation for multiple-path routing using portfolio se...Jamming aware traffic allocation for multiple-path routing using portfolio se...
Jamming aware traffic allocation for multiple-path routing using portfolio se...Saad Bare
 
CCNA Advanced Routing Protocols
CCNA Advanced Routing ProtocolsCCNA Advanced Routing Protocols
CCNA Advanced Routing ProtocolsDsunte Wilson
 

Andere mochten auch (6)

Designing of SDN-Assisted Bandwidth and Latency Aware Route Allocation
Designing of SDN-Assisted Bandwidth and Latency Aware Route AllocationDesigning of SDN-Assisted Bandwidth and Latency Aware Route Allocation
Designing of SDN-Assisted Bandwidth and Latency Aware Route Allocation
 
Qos aware routing protocol for wsn
Qos aware routing protocol for wsnQos aware routing protocol for wsn
Qos aware routing protocol for wsn
 
Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...
Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...
Interference-Aware Multipath Routing In Wireless Sensor NetworksMinor projr...
 
Interference Aware Multi-path Routing in Wireless Sensor Networks
Interference Aware Multi-path Routing in Wireless Sensor NetworksInterference Aware Multi-path Routing in Wireless Sensor Networks
Interference Aware Multi-path Routing in Wireless Sensor Networks
 
Jamming aware traffic allocation for multiple-path routing using portfolio se...
Jamming aware traffic allocation for multiple-path routing using portfolio se...Jamming aware traffic allocation for multiple-path routing using portfolio se...
Jamming aware traffic allocation for multiple-path routing using portfolio se...
 
CCNA Advanced Routing Protocols
CCNA Advanced Routing ProtocolsCCNA Advanced Routing Protocols
CCNA Advanced Routing Protocols
 

Ähnlich wie Towards a Security-aware Network Virtualization

Secure and efficient data transmission for cluster based wireless
Secure and efficient data transmission for cluster based wirelessSecure and efficient data transmission for cluster based wireless
Secure and efficient data transmission for cluster based wirelessSai Sirisha
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
 
Copy of IoT Module 4-Security and privacy in IoT.pdf
Copy of IoT Module 4-Security and privacy in IoT.pdfCopy of IoT Module 4-Security and privacy in IoT.pdf
Copy of IoT Module 4-Security and privacy in IoT.pdfSeynji
 
Novel secure communication protocol basepaper
Novel secure communication protocol basepaperNovel secure communication protocol basepaper
Novel secure communication protocol basepaperMumbai Academisc
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information TransparencyUsman Arshad
 
Enterprise campus networks
Enterprise campus networksEnterprise campus networks
Enterprise campus networksKishor Satpathy
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network securityFathima Rahaman
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Network traceability
Network traceabilityNetwork traceability
Network traceabilityslaprojectkn
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
TAM new report
TAM new reportTAM new report
TAM new reportSuzit Punk
 
Security in wireless sensor networks
Security in wireless sensor networksSecurity in wireless sensor networks
Security in wireless sensor networksPiyush Mittal
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...ADVA
 

Ähnlich wie Towards a Security-aware Network Virtualization (20)

Secure and efficient data transmission for cluster based wireless
Secure and efficient data transmission for cluster based wirelessSecure and efficient data transmission for cluster based wireless
Secure and efficient data transmission for cluster based wireless
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Copy of IoT Module 4-Security and privacy in IoT.pdf
Copy of IoT Module 4-Security and privacy in IoT.pdfCopy of IoT Module 4-Security and privacy in IoT.pdf
Copy of IoT Module 4-Security and privacy in IoT.pdf
 
Novel secure communication protocol basepaper
Novel secure communication protocol basepaperNovel secure communication protocol basepaper
Novel secure communication protocol basepaper
 
Seminar V2
Seminar V2Seminar V2
Seminar V2
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
Enterprise campus networks
Enterprise campus networksEnterprise campus networks
Enterprise campus networks
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Network traceability
Network traceabilityNetwork traceability
Network traceability
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Presentation1
Presentation1Presentation1
Presentation1
 
TAM new report
TAM new reportTAM new report
TAM new report
 
Security in wireless sensor networks
Security in wireless sensor networksSecurity in wireless sensor networks
Security in wireless sensor networks
 
Mobile slide
Mobile slideMobile slide
Mobile slide
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 

Mehr von Achim Friedland

Open Source Transparency Software for E-Mobility
Open Source Transparency Software for E-MobilityOpen Source Transparency Software for E-Mobility
Open Source Transparency Software for E-MobilityAchim Friedland
 
11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...
11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...
11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...Achim Friedland
 
Chargy - E-Mobility Transparency Software
Chargy - E-Mobility Transparency SoftwareChargy - E-Mobility Transparency Software
Chargy - E-Mobility Transparency SoftwareAchim Friedland
 
Öffentliche Daten nutzen! Nur wie bekommen?
Öffentliche Daten nutzen! Nur wie bekommen?Öffentliche Daten nutzen! Nur wie bekommen?
Öffentliche Daten nutzen! Nur wie bekommen?Achim Friedland
 
Re-Using Open Data for Smart e-Mobility
Re-Using Open Data for Smart e-MobilityRe-Using Open Data for Smart e-Mobility
Re-Using Open Data for Smart e-MobilityAchim Friedland
 
Open Charging Cloud @ E-World 2017 in Essen
Open Charging Cloud @ E-World 2017 in EssenOpen Charging Cloud @ E-World 2017 in Essen
Open Charging Cloud @ E-World 2017 in EssenAchim Friedland
 
Security and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructureSecurity and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructureAchim Friedland
 
Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...
Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...
Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...Achim Friedland
 
Open Charging Cloud - Manage, Share and Incentivize Open Data
Open Charging Cloud - Manage, Share and Incentivize Open DataOpen Charging Cloud - Manage, Share and Incentivize Open Data
Open Charging Cloud - Manage, Share and Incentivize Open DataAchim Friedland
 
A Generalized Label-Forwarding Architecture for the Future Internet
A Generalized Label-Forwarding Architecture for the Future InternetA Generalized Label-Forwarding Architecture for the Future Internet
A Generalized Label-Forwarding Architecture for the Future InternetAchim Friedland
 
1st UIM-GDB - Connections to the Real World
1st UIM-GDB - Connections to the Real World1st UIM-GDB - Connections to the Real World
1st UIM-GDB - Connections to the Real WorldAchim Friedland
 
Fosdem 2011 - A Common Graph Database Access Layer for .Net and Mono
Fosdem 2011 - A Common Graph Database Access Layer for .Net and MonoFosdem 2011 - A Common Graph Database Access Layer for .Net and Mono
Fosdem 2011 - A Common Graph Database Access Layer for .Net and MonoAchim Friedland
 
Database Pro Power Days 2010 - Graph data in the cloud using .NET
Database Pro Power Days 2010 - Graph data in the cloud using .NETDatabase Pro Power Days 2010 - Graph data in the cloud using .NET
Database Pro Power Days 2010 - Graph data in the cloud using .NETAchim Friedland
 
NoSQL Frankfurt 2010 - The GraphDB Landscape and sones
NoSQL Frankfurt 2010 - The GraphDB Landscape and sonesNoSQL Frankfurt 2010 - The GraphDB Landscape and sones
NoSQL Frankfurt 2010 - The GraphDB Landscape and sonesAchim Friedland
 

Mehr von Achim Friedland (14)

Open Source Transparency Software for E-Mobility
Open Source Transparency Software for E-MobilityOpen Source Transparency Software for E-Mobility
Open Source Transparency Software for E-Mobility
 
11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...
11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...
11. Workshop der Fachgruppe Recht „IKT für Elektromobilität III“ - Chargy Ope...
 
Chargy - E-Mobility Transparency Software
Chargy - E-Mobility Transparency SoftwareChargy - E-Mobility Transparency Software
Chargy - E-Mobility Transparency Software
 
Öffentliche Daten nutzen! Nur wie bekommen?
Öffentliche Daten nutzen! Nur wie bekommen?Öffentliche Daten nutzen! Nur wie bekommen?
Öffentliche Daten nutzen! Nur wie bekommen?
 
Re-Using Open Data for Smart e-Mobility
Re-Using Open Data for Smart e-MobilityRe-Using Open Data for Smart e-Mobility
Re-Using Open Data for Smart e-Mobility
 
Open Charging Cloud @ E-World 2017 in Essen
Open Charging Cloud @ E-World 2017 in EssenOpen Charging Cloud @ E-World 2017 in Essen
Open Charging Cloud @ E-World 2017 in Essen
 
Security and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructureSecurity and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructure
 
Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...
Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...
Can the e-Mobility Charging Infrastructure be a Blueprint for other IoT Proje...
 
Open Charging Cloud - Manage, Share and Incentivize Open Data
Open Charging Cloud - Manage, Share and Incentivize Open DataOpen Charging Cloud - Manage, Share and Incentivize Open Data
Open Charging Cloud - Manage, Share and Incentivize Open Data
 
A Generalized Label-Forwarding Architecture for the Future Internet
A Generalized Label-Forwarding Architecture for the Future InternetA Generalized Label-Forwarding Architecture for the Future Internet
A Generalized Label-Forwarding Architecture for the Future Internet
 
1st UIM-GDB - Connections to the Real World
1st UIM-GDB - Connections to the Real World1st UIM-GDB - Connections to the Real World
1st UIM-GDB - Connections to the Real World
 
Fosdem 2011 - A Common Graph Database Access Layer for .Net and Mono
Fosdem 2011 - A Common Graph Database Access Layer for .Net and MonoFosdem 2011 - A Common Graph Database Access Layer for .Net and Mono
Fosdem 2011 - A Common Graph Database Access Layer for .Net and Mono
 
Database Pro Power Days 2010 - Graph data in the cloud using .NET
Database Pro Power Days 2010 - Graph data in the cloud using .NETDatabase Pro Power Days 2010 - Graph data in the cloud using .NET
Database Pro Power Days 2010 - Graph data in the cloud using .NET
 
NoSQL Frankfurt 2010 - The GraphDB Landscape and sones
NoSQL Frankfurt 2010 - The GraphDB Landscape and sonesNoSQL Frankfurt 2010 - The GraphDB Landscape and sones
NoSQL Frankfurt 2010 - The GraphDB Landscape and sones
 

Kürzlich hochgeladen

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Kürzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Towards a Security-aware Network Virtualization

  • 1. Towards a Security-aware Network Virtualization 3rd GI/ITG KuVS Workshop on The Future Internet Munich 05/2009 Achim Friedland SONES GmbH / TU Ilmenau achim.friedland@sones.de
  • 2. Security Threats in Classical Networks
  • 3. Security Threats in Virtual Networks
  • 4. New Security Threats occure… • Sharing of networking ressources with untrusted parties (MalloryVIRTUAL) • Virtualized network equipment might run untrusted or not well understood networking code • Bitter lessons from practical security: Virtualization boundaries can not be guaranteed 100%
  • 5. Basic Idea: • Reduce the gainable knowledge of an observer • Lower the impact of an attacker • Do not disclose end-to-end information • Do not try to fight an omni-potent attacker
  • 6. Objectives for a Security-aware NetVirt • Network Virtualization and Abstraction • Flow Separation and Aggregation • Flow Confidentality and Integrity • Preventing Traffic Analysis • Preventing Denial-of-Service • Scalability
  • 7. Our Approach… • Base protocol: Combination of label forwarding and security protocols (MPLS, IPSec) • Allow multiple recursive instances of the base protocol (ANA Project) (Replace classical network stacks; Enable network abstraction) • Key management protocol for providing traffic analysis resistance (Onion Routing)
  • 8. Traffic Analysis Resistance: Onion Routing • Onion Routing uses multiple layers of encryption and authenticity • Suffers from a high transmission overhead • Comparable with Strict Source Routing • Not practicable in large!
  • 9. Proposed Base Protocol: ELSSA Extended Label Stream Switching Architecture
  • 10. Traffic Analysis Resistance: TASec (1) • Separate encryption of labels and paylaod • Path Encryption: Multiple encryption, but only a single integrity check!
  • 11. Traffic Analysis Resistance: TASec (2) • Encryption mode based on Counter Mode • But using an entangled encryption scheme • Constant packet size, less encryption (50%) processes compared with Onion Routing
  • 12. Conclusion • ELSSA provides a network virtualization based on a recursive label-swichting approach with encryption and authenticity • TASec further provides a low-overhead traffic analysis resistance • Combination of both meet the proposed requirements
  • 13. Future Project Development • Secure the TASec against traffic analysis itself • Release a proof-of-concept implementation (ELSSA-over-UDP/RAWIP) • Defining more application specific (path management) protocols
  • 14. Thank you… - Questions?