A Clean-Slate Security Vision for Future Networks
A Clean-Slate Security Vision for Future Networks
The current network architecture has been designed in a way that it can provide connectivity and interoperability between a large number of heterogeneous end systems by deploying a single global network layer. However, this principle of a fixed network layer restricts the innovative development and integration of additional in-network services such as Quality of Service (QoS), Deep Packet Inspection (DPI), and traffic engineering. Therefore, there are approaches for a Future Network Architecture (FNA), which suggest that a network should be service-oriented, flexibly and dynamically orchestrated from atomic smart in-network services.
In these approaches, in-network services orchestrated in a network require certain control data to be signalled for their operability. Here, we can consider various kinds of control data signalling established so far. For example, control data can be put in front of the user data such as packet addresses. Additionally, control data can be signalled on a separate plane as is the case with routing information exchange. Furthermore, control data can be also signalled by coding it into user data such as transcoding multimedia data in the network. Thus, we can state that in-network services require access to various control data signalled in different ways to utilise the complete functionality of the orchestrated network and that the diversity and amount of control data required by in-network services rises progressively. Hence, the communication endpoints have to allow more and more access to information about them- selves in order to utilise the entire functionality of an orchestrated network. However, the in-network services gain the possibility to sniff or to spoof information. Furthermore, even third parties can sniff or spoof information while it is transferred in cleartext in order to operate the in-network services.
Beside these considerations for a FNA, ensuring information confidentiality and integrity for two communicating end points is one of the services that has to be provided on the end systems as well as to be ensured in the network. The de facto method applied so far is end-to-end encryption of information transferred between two end points. Cryptographic algorithms, e.g., AES and RSA are used in secure communication proto- cols such as SSH, TLS/SSL, and IPsec. However, in-network services have then no longer access to the encrypted control data and they cannot accomplish their tasks anymore. Thus, utilising the benefits of FNA approaches is not possible any- more, if the communicating endpoints perform end-to-end encryption. Furthermore, control data such as addresses for packet forwarding has been always transferred in cleartext so far.
The issues identified above reveal that realising only the one of the two goals is possible, but together they act against each other. We have therefore to decide either to establish smart in-network services or to ensure information confidentiality and integrity by applying end-to-end encryption.
Our vision is to simultaneously establish smart in-network services and to ensure information confidentiality and integrity. By applying a new kind of cryptographic algorithms such as Public key Encryption with Keyword Search (PEKS) and Fully Homomorphic Encryption (FHE) we can securely mask data so that we can blindly but still correctly perform operations such as comparing, adding and multiplying. By using these algorithms, our approach is to redesign the smart in-network services to blind but still smart ones that can still correctly process masked control data. Thus, confidentiality and integrity of the control data are ensured during trans- mission as well as during processing by the in-network services. The feasibility of our approach is demonstrated through a redesign of the packet forwarding service. We choose this in-network service as an example, because it is one of the basic services necessary for most network architectures. We demonstrate that blind packet forwarding allows us to correctly match masked packet addresses with masked routing table entries by means of PEKS so that confidentiality and integrity for packet addresses are ensured during transmission as well as during processing by network nodes. Here, we want to emphasize that we do not aim for realising more secure end- to-end communication. But rather we aim to shift the present unsatisfactory state “either ensuring information security or establishing smart in-network services” to a new state “ensuring information security as well as establishing smart in- network services”.
I. Simsek, M. Becke, Y. I. Jerschow, and E. P. Rathgeb, “A Clean- Slate Security Vision for Future Networks,” in Proceedings of the IEEE International Conference on Network of the Future (NoF’13), Pohang, South Korea, Oct. 2013 (Best Paper Award).
I. Simsek, M. Becke, Y. I. Jerschow, and E. P. Rathgeb, “Blind Packet Forwarding in a Hierarchical Architecture with Locator/Identifier Split,” in Proceedings of the IEEE International Conference on Network of the Future (NoF’14), Paris, France, Dec. 2014.