dh-aes-p4: criptografia oportunística entre dispositivos de rede programáveis
| Ano de defesa: | 2022 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal do Rio Grande do Norte
Brasil UFRN PROGRAMA DE PÓS-GRADUAÇÃO EM SISTEMAS E COMPUTAÇÃO |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://repositorio.ufrn.br/handle/123456789/47518 |
Resumo: | The Software-Defined Networking (SDN) paradigm has been widely employed in several ecosystems to manage heterogeneous administrative domains, extend programmable capabilities to intra-domain networks, or even compose cloud-native network architectures. On the other hand, while it can support the ability of next-generation networks to adapt to new protocols, SDN increases the scope of attack vectors to the network, resulting in several security issues related to issuance, storage, revocation of cryptographic keys and single point of failure. In light of this, this work explores the opportunistic encryption together with the paradigm of Programming Protocol-independent Packet Processors (P4) and proposes dh-aes-p4: a project to support opportunistic encryption in SDN networks through the key exchange, encryption, and authentication between network devices autonomously, enabling secure communication between P4-based disaggregated data planes. Although there are similar cases in the literature, this work presents itself as a new low-cost, granular (based on network flows) and opportunistic transparent alternative. The results obtained through a emulated testbed reveal that the disaggregation and abstraction of dh-aes-p4 introduces a shared secret key renewal time 17 times lower than the centralized solution Baseline and achieves an average encryption time 27.18% lower than the solution Baseline. Thus, the disaggregated and granular logic of dh-aes-p4, has proved to be an appropriate low-cost solution to ensure secure communication between P4-enabled programmable data planes by optimizing encryption time and latency during exchange of public keys. |