WP5 – INFRASTRUCTURE RESILIENCE AGAINST ATTACKS AND FAULTS
Diego Kreutz (FFCUL) (joint work: FFCUL, TUM, UFAM and UFSC)
SECFUNET Final Meeting Brussels, 11th June 2014
SECFUNET – Security for Future Networks FP7-ICT-2011-EU-Brazil – STREP number 288349"
Objectives (1/2)
!2!
Network Access Service!
Network Operating
System
Management Applications
Net
wor
k !
Con
trol
Pla
ne!
Network Data
Plane!
FITS uses: § RADIUS for VMs AA § OpenID for user AA § OpenFlow controller
Objectives (2/2)
!3!
Virtual Netw
ork 2!
Virtual Netw
ork 3!
Physical Inf
rastructure!
Virtual Netw
ork 1!
Vert
ical
and
Hor
izon
tal!
Con
trol
, Man
agem
ent a
nd !
Mon
itorin
g Sy
stem
s!
Assure&
Monitor&
Config&
Assure&
Monitor&
Config&
State of Affairs (OpenID & RADIUS) (current scenario and our goal)
!4!
Fault tolerance
Leve
l of trust
C1
C2
C3 C4
C6
C5
Functional Model
Ø Service-‐oriented architecture of components
!6!
Client / Secure Component! AAI Replicas!
(mfR + 1)!
Service / Application / Device!
(fS + 1)!
Gateway!(AAI front-end)!
(fG + 1)!AAI Secure !
Components (mfR + 1)!
Alternative Path!Default Path! AAI Resilient Infra!
Functional Model
Ø Fault detection mechanisms
!7!
Clie
nt C
w!
Back
-end!
Serv
ice B
z!
Targ
et
Serv
ice I
x!
Serv
ice
Gat
eway
Gy !
Timeout A! Timeout B!
Corrupted response !from replica Tx!
Corrupted response !from replica Gy!
Byzantine behavior!from replica Bz!
Timeout C (e.g., OpenID)!
Towards Intrusion Tolerance
1. BFT tools/protocols – BFT-‐SMaRt (FCUL) – IT-‐VM (UFSC)
2. Additional mechanisms: – Diversity – Proactive-‐reactive recovery
3. Confidentiality: a limitation of BFT systems – Specific components are required to ensure
this property !
8!
Diversity in the OpenID prototype
!9!
VM1!
Gateway 1!
VM1!
OpenID BFT R1!
VM2!
Gateway 2!
Pair-wised TCP/IP Communications!
VMn!
Gateway N!…"
Hypervisor!!
Secure Element!
V"V"V"
Reliable Communication Channels!
VM2!
OpenID BFT R1!
Hypervisor!!
Secure Element!
VM3!
OpenID BFT R1!
Hypervisor!!
Secure Element!
VM4!
OpenID BFT R1!
Hypervisor!!
Secure Element!
A Trusted Component for RADIUS & OpenID
!10!
TC#
PuCA#
KNAS# PrS#
KUser# ID#
USER Table!!
<ID1> <…, Perm>MAC!<ID2> <…, Perm>MAC!<ID3> <…, Perm>MAC!<ID4> <…, Perm>MAC!
…!<IDn> <…, Perm>MAC!
DATA Table (NAS | Association)!!
<NAS1 | Handler1> <…, EK1>!<NAS2 | Handler2> <…, EK2>!<NAS3 | Handler3> <…, EK3>!<NAS4 | Handler4> <…, EK4>!
…!<NASn | Handlern> <…, EKn>!
TLS#
EAP#
RADIUS#
Required methods:!1. HMAC!2. VerifySignRSA!3. SymmCipher!4. GenConfidential!5. SignRSA!6. GenAssocia;on#7. GenNonce#
BFT?SMaRT#
Authentication Service Replica!KAssoc#
OpenID#
HTTP/HTTPS#
Trusted Components
!11!
A trusted/secure component can be “any” device capable of ensuring !the data and operation confidentiality of the target system/environment.!
Smart Cards! Tamper Resistant a FPGA!
A Shielded! Computer!
Virtual TPM!(e.g. vTPM)!
Secure Hypervisor (e.g. sHyper)!
Intel TXT & GSX AMD SVM, …!
OpenID: performance
!13!
Average Latency: 78.360ms!
Average Latency: 87.343ms!
Average Latency: 32.103ms!
OpenID: the impact of faults & attacks
!14!
Type of execution/fault/attack 20 clients
40 clients
Fault-free execution 867.73 984.59 Constantly crashing OpenID reps 1009.86 1145.98
Attacking OpenID replicas (DoS) 956.46 1005.54 Constantly crashing OpenID gws 633.44 718.75
!15!
Remarks (prototypes & evaluations & proposals)
Virt
ual M
achi
ne M
onito
r!
Agreement Service!
Authentication Server!
Share Memory!
VM1!
IdP Proxy!
VM2!
IdP Proxy!
API!
Trusted Computing !Base (TCB)!
R-‐OpenID-‐PR R-‐OpenID-‐VR R-‐RADIUS
Resilient Mon Infra
Fault-‐tolerant OF-‐C
RT Kerberos v5
!19!
Diffusion
0!
2!
4!
6!
8!
10!
CORE A*! CORE A! CORE B! OTHER!
Num
ber o
f pub
s/w
ork!
Venue Rank!
4 2
7 9
Top Related