WP5  –  INFRASTRUCTURE  RESILIENCE  AGAINST  ATTACKS  AND  FAULTS  

Diego  Kreutz  (FFCUL)    (joint  work:  FFCUL,  TUM,  UFAM  and  UFSC)  

 

SECFUNET  Final  Meeting  Brussels,  11th  June  2014  

SECFUNET – Security for Future Networks FP7-ICT-2011-EU-Brazil – STREP number 288349"

Objectives  (1/2)  

!2!

Network Access Service!

Network Operating

System

Management Applications

Net

wor

k !

Con

trol

Pla

ne!

Network Data

Plane!

FITS uses: §  RADIUS for VMs AA §  OpenID for user AA §  OpenFlow controller

Objectives  (2/2)  

!3!

Virtual Netw

ork 2!

Virtual Netw

ork 3!

Physical Inf

rastructure!

Virtual Netw

ork 1!

Vert

ical

and

Hor

izon

tal!

Con

trol

, Man

agem

ent a

nd !

Mon

itorin

g Sy

stem

s!

Assure&

Monitor&

Config&

Assure&

Monitor&

Config&

State  of  Affairs  (OpenID  &  RADIUS)  (current  scenario  and  our  goal)  

!4!

Fault  tolerance  

Leve

l  of  trust  

C1  

C2  

C3   C4  

C6  

C5  

Use  cases:  OpenID  &  RADIUS  

!5!

Functional  Model  

Ø  Service-­‐oriented  architecture  of  components  

!6!

Client / Secure Component! AAI Replicas!

(mfR + 1)!

Service / Application / Device!

(fS + 1)!

Gateway!(AAI front-end)!

(fG + 1)!AAI Secure !

Components (mfR + 1)!

Alternative Path!Default Path! AAI Resilient Infra!

Functional  Model  

Ø  Fault  detection  mechanisms  

!7!

Clie

nt C

w!

Back

-end!

Serv

ice B

z!

Targ

et

Serv

ice I

x!

Serv

ice

Gat

eway

Gy !

Timeout A! Timeout B!

Corrupted response !from replica Tx!

Corrupted response !from replica Gy!

Byzantine behavior!from replica Bz!

Timeout C (e.g., OpenID)!

Towards  Intrusion  Tolerance  

1.  BFT  tools/protocols  – BFT-­‐SMaRt  (FCUL)  –  IT-­‐VM  (UFSC)  

2.  Additional  mechanisms:  –  Diversity  –  Proactive-­‐reactive  recovery  

3.  Confidentiality:  a  limitation  of  BFT  systems  –  Specific  components  are  required  to  ensure  

this  property  !

8!

Diversity  in  the  OpenID  prototype  

!9!

VM1!

Gateway 1!

VM1!

OpenID BFT R1!

VM2!

Gateway 2!

Pair-wised TCP/IP Communications!

VMn!

Gateway N!…"

Hypervisor!!

Secure Element!

V"V"V"

Reliable Communication Channels!

VM2!

OpenID BFT R1!

Hypervisor!!

Secure Element!

VM3!

OpenID BFT R1!

Hypervisor!!

Secure Element!

VM4!

OpenID BFT R1!

Hypervisor!!

Secure Element!

A  Trusted  Component  for  RADIUS  &  OpenID  

!10!

TC#

PuCA#

KNAS# PrS#

KUser# ID#

USER Table!!

<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!

…!<IDn> <…, Perm>MAC!

DATA Table (NAS | Association)!!

<NAS1 | Handler1> <…, EK1>!<NAS2 | Handler2> <…, EK2>!<NAS3 | Handler3> <…, EK3>!<NAS4 | Handler4> <…, EK4>!

…!<NASn | Handlern> <…, EKn>!

TLS#

EAP#

RADIUS#

Required methods:!1. HMAC!2. VerifySignRSA!3. SymmCipher!4. GenConfidential!5. SignRSA!6.  GenAssocia;on#7.  GenNonce#

BFT?SMaRT#

Authentication Service Replica!KAssoc#

OpenID#

HTTP/HTTPS#

Trusted  Components  

!11!

A trusted/secure component can be “any” device capable of ensuring !the data and operation confidentiality of the target system/environment.!

Smart Cards! Tamper Resistant a FPGA!

A Shielded! Computer!

Virtual TPM!(e.g. vTPM)!

Secure Hypervisor (e.g. sHyper)!

Intel TXT & GSX AMD SVM, …!

Deployment  trade-­‐offs  

!12!

OpenID:  performance  

!13!

Average Latency: 78.360ms!

Average Latency: 87.343ms!

Average Latency: 32.103ms!

OpenID:  the  impact  of  faults  &  attacks  

!14!

Type of execution/fault/attack 20 clients

40 clients

Fault-free execution 867.73 984.59 Constantly crashing OpenID reps 1009.86 1145.98

Attacking OpenID replicas (DoS) 956.46 1005.54 Constantly crashing OpenID gws 633.44 718.75

!15!

Remarks  (prototypes  &  evaluations  &  proposals)  

Virt

ual M

achi

ne M

onito

r!

Agreement Service!

Authentication Server!

Share Memory!

VM1!

IdP Proxy!

VM2!

IdP Proxy!

API!

Trusted Computing !Base (TCB)!

R-­‐OpenID-­‐PR   R-­‐OpenID-­‐VR  R-­‐RADIUS  

Resilient  Mon  Infra  

Fault-­‐tolerant  OF-­‐C  

RT  Kerberos  v5  

!16!

Remarks  (linking  our  tools  to  the  FITS  arch)  

End user

Physical Network

Virtual Network

!17!

Remarks  (on-­‐going/future  work)  Cloud-­‐of-­‐Clouds  Security  Services  (e.g.,  IdPaaS)  

!18!

Remarks  (on-­‐going/future  work)  Cloud-­‐of-­‐Clouds  Security  Services  (e.g.,  IdPaaS)  

!19!

Diffusion  

0!

2!

4!

6!

8!

10!

CORE A*! CORE A! CORE B! OTHER!

Num

ber o

f pub

s/w

ork!

Venue Rank!

4 2

7 9

0!5!

10!15!20!25!30!35!40!

Presential! Online! Tech/Other!

Num

ber o

f mee

tings!

Type of meeting!

6

34 ~30

!20!

Meetings,  on-­‐demand  tech  mini-­‐confs,  etc.  (challenge:  technology  transfer  &  tech  sync)