• Home

  • Documents

  • A Secure Computation Framework for SDNs · 2017. 11. 23. · • A novel approach for provably...
1
A Secure Computation Framework for SDNs Nachikethas A.J Ranjan Pal Kaushik N Yan Huang Elaine Shi Minlan Yu What: A novel approach for provably secure computation for multi- controller architecture in SDN. Techniques from Secure Multi- Party Computation (SMPC) are used to address security and fault-tolerance concerns of SDN applications. Provide a secure framework for SDN applications running on multiple controllers. Why: Controllers can become high-value and attractive targets for an adversary. Malicious insiders may leak sensitive information or sabotage network operations. Compromised controllers can affect the results of the computational task. How: Consider a network managed by two controllers C 1 and C 2 . Let x 1 and x 2 be their inputs. Our goal is to compute y = f(x 1 , x 2 ) such that each controller learns only y and is ignorant of the input of the other. SMPC provides solution to this problem and when applied to multi-controller architecture in SDN improves security: When a subset of the controllers are compromised, no sensitive information such as network topology is leaked. The network’s resilience to controller failure is improved. Switches send secret shares of sensitive data to the controllers. • Any coalition of t controllers or smaller learns no information about the sensitive data (other than the outcome of the secure computation). As a proof of concept, we implemented a secure randomized algorithm with low overhead, for identifying heavy hitters in a network. Case Study : Heavy Hitter Detection: We define heavy hitters as the top-k sources that send traffic to the network. At each switch the dealer splits the flow table entries into secret shares which are distributed among the controllers. Using these shares the controllers engage in a SMPC protocol to identify the heavy hitters. As a proof of concept we implement this application for a SDN consisting of two controllers. Future: Improve the security vs. performance tradeoff. Increase support for network operations. Architecture Results Heavy Hitter Detection Algorithm Heavy Hitter 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 delay in seconds flows Secret Sharing OVS1 Host3 Host2 Host1 Flow Collector Dealer Party Party OVS2 Host3 Host2 Host1 Flow Collector Dealer Secure HH detec9on Secure HH detec9on Inter controller communica9on Controller1 Controller2 Flow table secret shares Open flow channel Data between switches Switch host communica9on Top k flows

A Secure Computation Framework for SDNs · 2017. 11. 23. · • A novel approach for provably secure computation for multi-controller architecture in SDN." • Techniques from Secure

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

  • A Secure Computation Framework for SDNs

    Nachikethas A.J Ranjan Pal Kaushik N Yan Huang Elaine Shi Minlan Yu

    What: •  A novel approach for provably secure computation for multi-

    controller architecture in SDN."•  Techniques from Secure Multi- Party Computation (SMPC) are

    used to address security and fault-tolerance concerns of SDN applications."

    •  Provide a secure framework for SDN applications running on multiple controllers."

    Why: •  Controllers can become high-value and attractive targets for an

    adversary."•  Malicious insiders may leak sensitive information or sabotage

    network operations."•  Compromised controllers can affect the results of the

    computational task."

    How: •  Consider a network managed by two controllers C1 and C2. Let

    x1 and x2 be their inputs. Our goal is to compute y = f(x1, x2) such that each controller learns only y and is ignorant of the input of the other."

    •  SMPC provides solution to this problem and when applied to multi-controller architecture in SDN improves security:"

    ü  When a subset of the controllers are compromised, no sensitive information such as network topology is leaked. "

    ü  The network’s resilience to controller failure is improved."•  Switches send secret shares of sensitive data to the controllers. •  Any coalition of t controllers or smaller learns no information

    about the sensitive data (other than the outcome of the secure computation).

    •  As a proof of concept, we implemented a secure randomized algorithm with low overhead, for identifying heavy hitters in a network."

    Case Study : Heavy Hitter Detection: "•  We define heavy hitters as the top-k sources that send traffic to

    the network."•  At each switch the dealer splits the flow table entries into secret

    shares which are distributed among the controllers."•  Using these shares the controllers engage in a SMPC protocol

    to identify the heavy hitters."•  As a proof of concept we implement this application for a SDN

    consisting of two controllers."

    Future: •  Improve the security vs. performance tradeoff."•  Increase support for network operations."

    Architecture

    Results

    Heavy Hitter Detection Algorithm

    Heavy Hitter

    0

    0.2

    0.4

    0.6

    0.8

    1

    1.2

    1.4

    1.6

    1.8

    dela

    y in

    sec

    onds

    flows

    Secret Sharing

    OVS1%

    Host3%Host2%Host1%

    Flow%Collector% Dealer%

    Party%Party%

    OVS2%

    Host3%Host2%Host1%

    Flow%Collector% Dealer%

    Secure%HH%detec9on%

    Secure%HH%detec9on%

    Inter%controller%communica9on%

    Controller1% Controller2%

    Flow%table%secret%shares%Open%flow%channel%% Data%between%switches%

    %Switch%host%communica9on%

    Top%k%flows%


1 Making Computation Faster and Communication Secure ... · Making Computation Faster and Communication Secure: Quantum Solution The main stumbling block of quantum information, computation,

1 Making Computation Faster and Communication Secure ... · Making Computation Faster and Communication Secure: Quantum Solution The main stumbling block of quantum information, computation,

Documents
Secure Multi-Party Computation - KTHbuc/PPC/Slides/kreitz-pet-course-mpc.pdfTheclassicexamples(MentalPoker) Gunnar Kreitz Secure Multi-Party Computation Background Secure Computation

Secure Multi-Party Computation - KTHbuc/PPC/Slides/kreitz-pet-course-mpc.pdfTheclassicexamples(MentalPoker) Gunnar Kreitz Secure Multi-Party Computation Background Secure Computation

Documents
Introduction to Secure Multi-Party Computation

Introduction to Secure Multi-Party Computation

Documents
Faster Secure Two-Party Computation Using …...Yan Huang David Evans Jonathan Katz Lior Malka Faster Secure Two-Party Computation Using Garbled Circuits Secure Two-Party Computation

Faster Secure Two-Party Computation Using …...Yan Huang David Evans Jonathan Katz Lior Malka Faster Secure Two-Party Computation Using Garbled Circuits Secure Two-Party Computation

Documents
Secure Computation EWSCS, Lecture 1

Secure Computation EWSCS, Lecture 1

Documents
Secure Multiparty Computation – Basic Cryptographic Methods

Secure Multiparty Computation – Basic Cryptographic Methods

Documents
Secure Computation

Secure Computation

Documents
Secure Multiparty Computation and its Applications

Secure Multiparty Computation and its Applications

Documents
Sdns with toxicity

Sdns with toxicity

Healthcare
Practical Secure Computation Outsourcing: A Survey

Practical Secure Computation Outsourcing: A Survey

Documents
On Homomorphic Encryption and Secure Computation

On Homomorphic Encryption and Secure Computation

Documents
Introduction to Secure Multi-Party Computation

Introduction to Secure Multi-Party Computation

Documents
Limits of Practical Sublinear Secure Computation · Limits of Practical Sublinear Secure Computation Elette Boyle? Yuval Ishai?? Antigoni Polychroniadou? ? ? Abstract. Secure computations

Limits of Practical Sublinear Secure Computation · Limits of Practical Sublinear Secure Computation Elette Boyle? Yuval Ishai?? Antigoni Polychroniadou? ? ? Abstract. Secure computations

Documents
Secure Data Network System (SDNS) key management …NISTIR90-4262 SECUREDATA NETWORKSYSTEM (SDNS)KEY MANAGEMENT DOCUMENTS CharlesDinkel Editor U.S.DEPARTMENTOFCOMMERCE NationalInstituteofStandards

Secure Data Network System (SDNS) key management …NISTIR90-4262 SECUREDATA NETWORKSYSTEM (SDNS)KEY MANAGEMENT DOCUMENTS CharlesDinkel Editor U.S.DEPARTMENTOFCOMMERCE NationalInstituteofStandards

Documents
Zero-Knowledge Proofs for Secure Computation

Zero-Knowledge Proofs for Secure Computation

Documents
Secure Multi-party Computation

Secure Multi-party Computation

Documents
Application-Scale Secure Multiparty Computation

Application-Scale Secure Multiparty Computation

Documents
Secure Computation Over Encrypted Data

Secure Computation Over Encrypted Data

Documents
Secure Computation ORAM - Rutgers Universityarchive.dimacs.rutgers.edu/Workshops/RAM/Slides/jarecki.pdf · Secure Computation ORAM The Case of 3-Party Computation AC’15: Sky Faber,

Secure Computation ORAM - Rutgers Universityarchive.dimacs.rutgers.edu/Workshops/RAM/Slides/jarecki.pdf · Secure Computation ORAM The Case of 3-Party Computation AC’15: Sky Faber,

Documents
A Secure Computation Framework for SDNs

A Secure Computation Framework for SDNs

Documents
Secure Computation for Business Data

Secure Computation for Business Data

Documents
Oram And Secure Computation

Oram And Secure Computation

Engineering
Automating Efficient RAM-Model Secure Computation · using some secure computation subprotocol. In particular, SC-U is a secure computation protocol that securely evaluates the universal

Automating Efficient RAM-Model Secure Computation · using some secure computation subprotocol. In particular, SC-U is a secure computation protocol that securely evaluates the universal

Documents
Secure Computation Against Adaptive Auxiliary Informationabhishek/papers/AAI.pdf · Secure Computation Against Adaptive Auxiliary Information Elette Boyle1 ?, Sanjam Garg2, Abhishek

Secure Computation Against Adaptive Auxiliary Informationabhishek/papers/AAI.pdf · Secure Computation Against Adaptive Auxiliary Information Elette Boyle1 ?, Sanjam Garg2, Abhishek

Documents
LevioSA: Lightweight Secure Arithmetic Computation · In this work, we design, optimize, and implement an actively secure protocol for secure two-party arithmetic computation. A distinctive

LevioSA: Lightweight Secure Arithmetic Computation · In this work, we design, optimize, and implement an actively secure protocol for secure two-party arithmetic computation. A distinctive

Documents
The Round Complexity of Secure Computation Against Covert ...The Round Complexity of Secure Computation Against Covert Adversaries ... secure computation. Roughly, the ideal world

The Round Complexity of Secure Computation Against Covert ...The Round Complexity of Secure Computation Against Covert Adversaries ... secure computation. Roughly, the ideal world

Documents
Programando SDNs

Programando SDNs

Technology
Secure Cloud Database using Multiparty Computation

Secure Cloud Database using Multiparty Computation

Documents
APPLICATIONS OF SECURE MULTIPARTY COMPUTATION

APPLICATIONS OF SECURE MULTIPARTY COMPUTATION

Documents
gabaritos sdns

gabaritos sdns

Documents