Securing configuration management and migration of virtual network functions using blockchain

I. D. Alvarenga, G. Rebello, O. Duarte
{"title":"Securing configuration management and migration of virtual network functions using blockchain","authors":"I. D. Alvarenga, G. Rebello, O. Duarte","doi":"10.1109/NOMS.2018.8406249","DOIUrl":null,"url":null,"abstract":"The integration of network function visualization (NFV) and service function chaining (SFC) adds intelligence to the core of the network. The programmability of the network core, however, raises new vulnerabilities and increases the number of victims, since a simple modification in the core can affect multiple network users. Thus, the provision of secure virtual network service functions (VNFs) is mandatory to guarantee a correct chaining of network functions. This paper proposes a blockchain-based architecture for secure management, configuration and migration of VNFs, which ensures: (i) immutability, non-repudiation, and auditability of the configuration update history; (ii) integrity and consistency of stored information; and (iii) the anonymity of VNFs, tenants, and configuration information. Furthermore, the proposed architecture guarantees the secure update and migration of configurations at the core of the network. A prototype of the proposed architecture using the Open Platform for NFV (OPNFV) indicates parameter trade-offs and performance bottlenecks.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2018.8406249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 50

Abstract

The integration of network function visualization (NFV) and service function chaining (SFC) adds intelligence to the core of the network. The programmability of the network core, however, raises new vulnerabilities and increases the number of victims, since a simple modification in the core can affect multiple network users. Thus, the provision of secure virtual network service functions (VNFs) is mandatory to guarantee a correct chaining of network functions. This paper proposes a blockchain-based architecture for secure management, configuration and migration of VNFs, which ensures: (i) immutability, non-repudiation, and auditability of the configuration update history; (ii) integrity and consistency of stored information; and (iii) the anonymity of VNFs, tenants, and configuration information. Furthermore, the proposed architecture guarantees the secure update and migration of configurations at the core of the network. A prototype of the proposed architecture using the Open Platform for NFV (OPNFV) indicates parameter trade-offs and performance bottlenecks.
使用区块链保护虚拟网络功能的配置管理和迁移
网络功能可视化(NFV)和业务功能链(SFC)的融合为网络的核心增添了智能。然而,网络核心的可编程性引发了新的漏洞并增加了受害者的数量,因为对核心的简单修改可以影响多个网络用户。因此,必须提供安全的虚拟网络服务功能,以保证网络功能的正确链接。本文提出了一种基于区块链的VNFs安全管理、配置和迁移架构,可确保:(i)配置更新历史的不变性、不可否认性和可审计性;(ii)存储信息的完整性和一致性;(iii) VNFs、租户和配置信息的匿名性。此外,该架构保证了网络核心配置的安全更新和迁移。使用NFV开放平台(OPNFV)的拟议架构原型表明了参数权衡和性能瓶颈。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信