In this talk I present an overview of SecFuNet project. It is a STREP from EC (European Comission) call FP7-ICT-2011-EU-Brazil targeting the objective Future Internet - security.
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Â
SecFutNet project - Secutiry for Future Network
1. Security for Future Networks
SecFuNet
Diego Kreutz
kreutz@lasige.di.fc.ul.pt
Navigators' team at
LaSIGE - Large-Scale Informatics Systems Laboratory
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 1
2. Outline
Context
Challenges
Goals
Specific Objectives
Work-packages
FCUL
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 2
3. Context
â
Framework Programme 7
â
EC call: FP7-ICT-2011-EU-Brazil
Date of publication: 28 September, 2010
Deadline: 18 January, 2011
â
Funding Scheme: STREP
Small or medium-scale focused research projects
â
Objective: Future Internet â security
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 3
4. Context
Project info
Name: Security for Future Networks
Acronym: SecFuNet
Duration: 1 May 2011- 1 November 2013
(30 months)
Coordinator: LIP6 - Guy Pujolle
Kickoff meeting: 11 Jully 2011, Paris
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 4
5. Context
1 3
6 2
8
4
7
3 5
8
6 1
7
5
4
2 9
9
EU partners
See also the online map at: http://g.co/maps/8zdxs
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 5
6. Context
12
13
10 12
10
15 13
16 11
11 14
14
15 16
BR partners
See also the online map at: http://g.co/maps/8zdxs
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 6
7. Context
Propose a framework providing:
â
secure identification and authentication
â
secure data transfer
â
secure virtualized infrastructure
â
privacy in virtual network and clouds
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 7
8. Challenges
Main challenge: improve the degree of
security on virtual networks and clouds
â
coherent and robust identification schemes
â
algorithms robust to intrusions
â
guarantee security in the virtualized
infrastructure
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 8
9. Goals
a)Use microcontroller as anchors of trust
b)Introduce an identification system, using
pairs of associated microcontrollers
c)Design an open framework, free of
proprietary technologies
d)Create a Radius SIM array to provide a
unique strong authentication solution
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 9
10. Goals
e)Develop a secure infrastructure for the
virtualized networks and clouds
f) Implement mechanisms for robust
provisioning of IP services
g)Develop cryptographic schemes adapted to
virtual network and clouds
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 10
11. Specific Objectives
Objective 1: design an extensible context
framework for the security of the future networks
Objective 2: authentication with EAP-TLS and
legacy solutions
Objective 3: develop a highly secure
authentication server
Objective 4: develop a highly secure
identification scheme based on AAIs
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 11
12. Specific Objectives
Objective 5: provide a reliable and secure
environment
Objective 6: achieve resilience of the
communications and authentication /
authorization
Objective 7: provide cryptographic algorithms
for future networks
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 12
13. Structure
Structure of SecFuNet as an integrated project.
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 13
14. Structure
Overall project structure and components dependency.
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 14
15. Work-packages
WP0: Project Management, Coordination and
Dissemination
â
Dissemination and website and video clip
â
Standardization and Exploitation Plan
WP1: Requirement and Functional Architecture
â
Virtual network architecture and secure micro-
controller: use cases and first choices
â
Limitations and requirements of the framework
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 15
16. Work-packages
WP2: Authentication Server
â
Infrastructure of the authentication server
â
Array and software of the authentication server
â
Development and deployment on the network
WP3: Secure Identity Management
â
Identity management system limitations and
requirements, and prospective AAIs
â
Identity management system development
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 16
17. Work-packages
WP4: Virtual Network Isolation
â
State-of-the-art and isolation between virtual
networks
â
Profiling and virtual network migration
WP5: Infrastructure Resilience
â
Architecture components for resilient networks
â
Trustworthy authentication service architecture
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 17
18. Work-packages
WP6: Cryptographic Schemes
â
Cryptographic requirements
â
Cryptographic schemes for virtual networks
and cloud accesses
WP7: Testbed
â
Testbed creation
â
Test and evaluation experiments
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 18
19. Work-packages
Overall WPs scheduling
Light Blue = milestones with deliverables
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 19
20. Work-packages
MGT = Management
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
RTD = Research and Technological Development
20
21. FCUL
WP0: project management (tasks)
1.Dissemination
2.Website and video clip
3.Standardization
4.Exploitation Plan
Intermediate (M12) and final reports (M30)
Duration: 30 months
Deliverables: end of each task (M12 and M30)
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 21
22. FCUL
WP1: architecture requirements (tasks)
1.Virtual network architecture and secure
microcontroller: use cases and first choices
2.Limitations and requirements of the framework
FCUL rule: help in defining the items to be
studied in virtual networking environment and on
the secure framework.
Duration: 7 months
Deliverables: end of each task (M3 and M7)
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 22
23. FCUL
WP5: infrastructure resilience (tasks)
1.Architecture components for resilient
networks
2.Trustworthy authentication service
architecture
FCUL rule: lead task 1 an help on task 2.
Duration: 22 months
Deliverables: end of each task (M18 and M21)
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 23
24. FCUL
WP6: cryptographic schemes (tasks)
1.Cryptographic requirements
2.Cryptographic schemes for virtual networks and
cloud accesses
FCUL rule: participate in the definition of the main
security requirements for future virtual networking
environments.
Duration: 21 months
Deliverables: end of each task (M14 and M27)
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 24
25. FCUL
Summary of staff effort.
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 25
26. FCUL
On-going work (research)
â
State of art on security of network
management services
(WP1, WP5 and WP6)
â
State of art on future networks
(WP1, WP5)
î
How they will be
î
How they will relate with clouds
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 26
27. FCUL
On-going work (research)
â
Papers, surveys and projects like:
â
TRONE (trone.di.fc.ul.pt)
â
MASSIF (www.massif-project.eu)
â
4WARD (www.4ward-project.eu)
â
EFFECTS+ (www.effectsplus.eu)
â
PASSIVE (ict-passive.eu)
â
SWIFT (www.ist-swift.org)
â
WOMBAT (www.wombat-project.eu)
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 27
28. FCUL
On-going work (hands-on)
â
TRONE
(Trustworthy and Resilient Operations in a Network Environment)
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 28
29. FCUL
On-going work (hands-on)
â
Typhon
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 29
30. Security for Future Networks
SecFuNet
Diego Kreutz
kreutz@lasige.di.fc.ul.pt
Navigators' team at
LaSIGE - Large-Scale Informatics Systems Laboratory
SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil 30