SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch....
Transcript of SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch....
||
SDN-basedNetwork Obfuscation
Master ThesisRoland Meier
Tutor: Dr. David GugelmannSupervisor: Prof. Dr. Laurent Vanbever
17. Juni 2016Masterfeier 1
|| 17. Juni 2016Masterfeier 2
||
A story about Alice and Bob…
17. Juni 2016Masterfeier 3
|| 17. Juni 2016Masterfeier 4
Alice writes a letter to Bob…
Hi Bob,
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 5
BobAlice
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 6
BobAlice
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 7
BobAlice
||
Alice writes a letter to Bob… … and Eve reads it
17. Juni 2016Masterfeier 8
BobAlice
Hi Bob,
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 9
BobAlice
Hi Bob,
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 10
BobAlice
Hi Bob,
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 11
Hi Bob,
Hi Bob,
||
Alice encrypts the message…
17. Juni 2016Masterfeier 12
Hi Bob,
Hi Bob,
||
Alice encrypts the message…
17. Juni 2016Masterfeier 13
Hi Bob,
||
Alice encrypts the message…
17. Juni 2016Masterfeier 14
ǾǼōĦ
||
Alice encrypts the message…
17. Juni 2016Masterfeier 15
ǾǼōĦ
||
Alice encrypts the message…
17. Juni 2016Masterfeier 16
ǾǼōĦ
ǾǼōĦ
||
Alice encrypts the message…… only Bob can decrypt
17. Juni 2016Masterfeier 17
ǾǼōĦ
Hi Bob,
||
Alice encrypts the message…… but not the addresses
17. Juni 2016Masterfeier 18
ǾǼōĦ
Hi Bob,
BobAlice
||
Alice encrypts the message & the addresses…
17. Juni 2016Masterfeier 19
||
Alice encrypts the message & the addresses…
17. Juni 2016Masterfeier 20
ǾǼōĦ
ʡƥȵƵǝŝ
||
Alice encrypts the message & the addresses…
17. Juni 2016Masterfeier 21
ǾǼōĦ
ʡƥȵƵǝŝ
||
Alice encrypts the message & the addresses…… but Bob won’t receive it
17. Juni 2016Masterfeier 22
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 23
||
Alice writes a letter to Bob…… in the digital age
17. Juni 2016Masterfeier 24
||
Alice writes a letter to Bob…… in the digital age
17. Juni 2016Masterfeier 25
||
Alice writes a electronic letter to Bob…… and Eve is still there
17. Juni 2016Masterfeier 26
|| 17. Juni 2016Masterfeier 27
Packets are the letters in computer networks
packet
|| 17. Juni 2016Masterfeier 28
Packets consist of headers and payloads
source addressheader
message
destination address
payload
|| 17. Juni 2016Masterfeier 29
Packets consist of headers and payloads
source: Alice
Hi Bob,
BobAlice header
Hi Bob,…
destination: Bob
payload
||
Payload encryptionSSL/TLS, IPsec, MACsec
Metadata obfuscationNo existing solution
17. Juni 2016Masterfeier 30
Existing solutions only protect the payload
ǾǼōĦ
ʡƥȵƵǝŝ
||
Rewrite source and destination adressesMAC, IP, TCP/UDP port
At ingress and egress switchAgnostic for end-hosts
17. Juni 2016Masterfeier 31
Network obfuscationby rewriting addresses
What?
Where?
||
Rewrite source and destination adressesMAC, IP, TCP/UDP port
At ingress and egress switchAgnostic for end-hosts
ScalabilityAnonymity vs. scalability
17. Juni 2016Masterfeier 32
Network obfuscationby rewriting addresses
What?
Where?
Challenge
||
Communication anonymityWho is talking to whom?
Volume anonymityHow often are A and B talking to each other?
Topology anonymityHow many clients are in the network?
17. Juni 2016Masterfeier 33
Network obfuscationcan provide multiple kinds of anonymity
|| 17. Juni 2016Masterfeier 34
SDN-based Network Obfuscation
||
SDN-based Network Obfuscation
17. Juni 2016Masterfeier 35
||
SDN-based Network ObfuscationSoftware-Defined Network
17. Juni 2016Masterfeier 36
|| 17. Juni 2016Masterfeier 37
Networking infrastructurebefore SDN
closed software
closed hardware
[Cisco]
|| 17. Juni 2016Masterfeier 38
Networking infrastructurebefore SDN
closed software
closed hardware
[Cisco]
standardized hardware
open software
standardized interface
[HP]
after SDN
|| 17. Juni 2016Masterfeier 39
Software-Defined Networks
|| 17. Juni 2016Masterfeier 40
Software-Defined Networks: Central controller
SDN Controller
||
SDN-basedNetwork Obfuscation
Master ThesisRoland Meier
Thanks for your attention
17. Juni 2016Masterfeier 41