The goal of the SecFuNet project is to design and develop a coherent security architecture for virtual networks and cloud accesses. The proposed architecture will provide solutions allowing the management of the security of communications for all machines connected to a public cloud using virtual networks. Hence, we need a coherent and robust identification scheme as well as a strong authentication system. Algorithms robust to intrusions are also needed for creating a secure environment. Besides, the proposed architecture must guarantee security in the virtualized infrastructure, through isolation of virtual networks and access control for users and managers. The identification of authorized users, however, must not compromise their privacy. Moreover, it is necessary to bring an ergonomic security scheme that is acceptable for all users, even those unknowledgeable in computer science. And finally, the proposed scheme must take into account the heterogeneity of equipment (wireless and wired) to preserve interoperability.
1. 1SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Security for Future Networks
SecFuNet
Diego Kreutz
kreutz@lasige.di.fc.ul.pt
Navigators' team at
LaSIGE - Large-Scale Informatics Systems Laboratory
2. 2SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Outline
Context
Challenges
Goals
Specific Objectives
Work-packages
FCUL
3. 3SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
●
Framework Programme 7
●
EC call: FP7-ICT-2011-EU-Brazil
Date of publication: 28 September, 2010
Deadline: 18 January, 2011
●
Funding Scheme: STREP
Small or medium-scale focused research projects
●
Objective: Future Internet – security
4. 4SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
Project info
Name: Security for Future Networks
Acronym: SecFuNet
Duration: 1 May 2011- 1 November 2013
(30 months)
Coordinator: LIP6 - Guy Pujolle
Kickoff meeting: 11 Jully 2011, Paris
5. 5SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
1
1
7
5
9
3
8
6
4
2
7
5
9
3
8
6
4
2
EU partners
See also the online map at: http://g.co/maps/8zdxs
6. 6SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
BR partners
10
15
11
12
13
14
16
16
14
10
12
13
11
15
See also the online map at: http://g.co/maps/8zdxs
7. 7SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
Propose a framework providing:
●
secure identification and authentication
●
secure data transfer
●
secure virtualized infrastructure
●
privacy in virtual network and clouds
8. 8SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Challenges
Main challenge: improve the degree of
security on virtual networks and clouds
➔
coherent and robust identification schemes
➔
algorithms robust to intrusions
➔
guarantee security in the virtualized
infrastructure
9. 9SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Goals
a)Use microcontroller as anchors of trust
b)Introduce an identification system, using
pairs of associated microcontrollers
c)Design an open framework, free of
proprietary technologies
d)Create a Radius SIM array to provide a
unique strong authentication solution
10. 10SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Goals
e)Develop a secure infrastructure for the
virtualized networks and clouds
f) Implement mechanisms for robust
provisioning of IP services
g)Develop cryptographic schemes adapted to
virtual network and clouds
11. 11SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Specific Objectives
Objective 1: design an extensible context
framework for the security of the future networks
Objective 2: authentication with EAP-TLS and
legacy solutions
Objective 3: develop a highly secure
authentication server
Objective 4: develop a highly secure
identification scheme based on AAIs
12. 12SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Specific Objectives
Objective 5: provide a reliable and secure
environment
Objective 6: achieve resilience of the
communications and authentication /
authorization
Objective 7: provide cryptographic algorithms
for future networks
13. 13SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Structure
Structure of SecFuNet as an integrated project.
14. 14SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Structure
Overall project structure and components dependency.
15. 15SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP0: Project Management, Coordination and
Dissemination
➔
Dissemination and website and video clip
➔
Standardization and Exploitation Plan
WP1: Requirement and Functional Architecture
➔
Virtual network architecture and secure micro-
controller: use cases and first choices
➔
Limitations and requirements of the framework
16. 16SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP2: Authentication Server
➔
Infrastructure of the authentication server
➔
Array and software of the authentication server
➔
Development and deployment on the network
WP3: Secure Identity Management
➔
Identity management system limitations and
requirements, and prospective AAIs
➔
Identity management system development
17. 17SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP4: Virtual Network Isolation
➔
State-of-the-art and isolation between virtual
networks
➔
Profiling and virtual network migration
WP5: Infrastructure Resilience
➔
Architecture components for resilient networks
➔
Trustworthy authentication service architecture
18. 18SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP6: Cryptographic Schemes
➔
Cryptographic requirements
➔
Cryptographic schemes for virtual networks
and cloud accesses
WP7: Testbed
➔
Testbed creation
➔
Test and evaluation experiments
19. 19SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
Overall WPs scheduling
Light Blue = milestones with deliverables
20. 20SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
MGT = Management
RTD = Research and Technological Development
21. 21SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP0: project management (tasks)
1.Dissemination
2.Website and video clip
3.Standardization
4.Exploitation Plan
Intermediate (M12) and final reports (M30)
Duration: 30 months
Deliverables: end of each task (M12 and M30)
22. 22SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP1: architecture requirements (tasks)
1.Virtual network architecture and secure
microcontroller: use cases and first choices
2.Limitations and requirements of the framework
FCUL rule: help in defining the items to be
studied in virtual networking environment and on
the secure framework.
Duration: 7 months
Deliverables: end of each task (M3 and M7)
23. 23SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP5: infrastructure resilience (tasks)
1.Architecture components for resilient
networks
2.Trustworthy authentication service
architecture
FCUL rule: lead task 1 an help on task 2.
Duration: 22 months
Deliverables: end of each task (M18 and M21)
24. 24SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP6: cryptographic schemes (tasks)
1.Cryptographic requirements
2.Cryptographic schemes for virtual networks and
cloud accesses
FCUL rule: participate in the definition of the main
security requirements for future virtual networking
environments.
Duration: 21 months
Deliverables: end of each task (M14 and M27)
26. 26SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
On-going work (research)
●
State of art on security of network
management services
(WP1, WP5 and WP6)
●
State of art on future networks
(WP1, WP5)
How they will be
How they will relate with clouds
27. 27SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
On-going work (research)
●
Papers, surveys and projects like:
➔
TRONE (trone.di.fc.ul.pt)
➔
MASSIF (www.massif-project.eu)
➔
4WARD (www.4ward-project.eu)
➔
EFFECTS+ (www.effectsplus.eu)
➔
PASSIVE (ict-passive.eu)
➔
SWIFT (www.ist-swift.org)
➔
WOMBAT (www.wombat-project.eu)
28. 28SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
On-going work (hands-on)
●
TRONE
(Trustworthy and Resilient Operations in a Network Environment)
30. 30SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Security for Future Networks
SecFuNet
Diego Kreutz
kreutz@lasige.di.fc.ul.pt
Navigators' team at
LaSIGE - Large-Scale Informatics Systems Laboratory