{"title":"Securing configuration management and migration of virtual network functions using blockchain","authors":"I. D. Alvarenga, G. Rebello, O. Duarte","doi":"10.1109/NOMS.2018.8406249","DOIUrl":null,"url":null,"abstract":"The integration of network function visualization (NFV) and service function chaining (SFC) adds intelligence to the core of the network. The programmability of the network core, however, raises new vulnerabilities and increases the number of victims, since a simple modification in the core can affect multiple network users. Thus, the provision of secure virtual network service functions (VNFs) is mandatory to guarantee a correct chaining of network functions. This paper proposes a blockchain-based architecture for secure management, configuration and migration of VNFs, which ensures: (i) immutability, non-repudiation, and auditability of the configuration update history; (ii) integrity and consistency of stored information; and (iii) the anonymity of VNFs, tenants, and configuration information. Furthermore, the proposed architecture guarantees the secure update and migration of configurations at the core of the network. A prototype of the proposed architecture using the Open Platform for NFV (OPNFV) indicates parameter trade-offs and performance bottlenecks.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2018.8406249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 50
Abstract
The integration of network function visualization (NFV) and service function chaining (SFC) adds intelligence to the core of the network. The programmability of the network core, however, raises new vulnerabilities and increases the number of victims, since a simple modification in the core can affect multiple network users. Thus, the provision of secure virtual network service functions (VNFs) is mandatory to guarantee a correct chaining of network functions. This paper proposes a blockchain-based architecture for secure management, configuration and migration of VNFs, which ensures: (i) immutability, non-repudiation, and auditability of the configuration update history; (ii) integrity and consistency of stored information; and (iii) the anonymity of VNFs, tenants, and configuration information. Furthermore, the proposed architecture guarantees the secure update and migration of configurations at the core of the network. A prototype of the proposed architecture using the Open Platform for NFV (OPNFV) indicates parameter trade-offs and performance bottlenecks.