On Achieving Trustworthy Service Function Chaining

Pattaranantakul, Montida; Song, Q. Wang; Tian, Yanmei; Wang, Licheng; Zhang, Zonghua; Meddahi, Ahmed; Vorakulpipat, Chalee

doi:10.1109/tnsm.2021.3081014

Cited by 6 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For ensuring integrity of the SFC steering data in the SFCencapsulation and for verifying the correct order of traversal, Pattaranantakul et al [28] present a scheme based on the enforcement of a sequentially-created multisignature where each SF has to sign all received packets.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Secure Service Function Chaining in the Context of Zero Trust Security

Bradatsch

Haeberle

Steinert

et al. 2022

2022 IEEE 47th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

Service Function Chaining (SFC) enables dynamic steering of traffic through a set of service functions based on classification of packets, allowing network operators finegrained and flexible control of packet flows. New paradigms like Zero Trust (ZT) pose additional requirements to the security of network architectures. This includes client authentication, confidentiality, and integrity throughout the whole network, while also being able to perform operations on the unencrypted payload of packets. However, these requirements are only partially addressed in existing SFC literature. Therefore, we first present a comprehensive analysis of the security requirements for SFC architectures. Based on this analysis, we propose a concept towards the fulfillment of the requirements while maintaining the flexibility of SFC. In addition, we provide and evaluate a proof of concept implementation, and discuss the implications of the design choices.

show abstract

Section: Related Workmentioning

confidence: 99%

“…This is especially important when integrity of steering data cannot be ensured since it then provides the only way of verification. Proposals for such a scheme exist [4], [28] and may be integrated in the presented concept in future work.…”

Section: G General Sfc-specific Security Requirementsmentioning

confidence: 99%

Secure Service Function Chaining in the Context of Zero Trust Security

Bradatsch

Haeberle

Steinert

et al. 2022

2022 IEEE 47th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

show abstract

“…However, the author did not consider the problem of virtual resources and lacked consideration of parameters such as delay. In [14], authors improve the reliability and security of SFC by adding processes and signatures that enforce ordering. But in fact, in order to improve the reliability of SFC, it is often necessary to increase the number of infrastructures to increase the cost.…”

Section: ) Sfc Schedulingmentioning

confidence: 99%

“…s(u) represents the CPU computing resources of the node, and bw(i, j) is the link bandwidth between nodes i and j. Therefore, we use (14) (15) to denote the computational resource cost of physical nodes and the bandwidth resource cost of physical links.…”

Section: Sfc-homentioning

confidence: 99%

SFC-HO: Reliable Layered Service Function Chaining

2022

View full text Add to dashboard Cite

Network function virtualization (NFV) utilizes IT virtualization technology to realize the functions of various network devices and realize the decoupling of hardware and software functions. Typically, a service request specifies the virtual network functions (VNFs) it needs and the order between them. A network flow needs to traverse a set of sequential VNFs called a service function chain (SFC). Although SFC can increase the flexibility of service orchestration to meet the needs of different users, network providers face many challenges due to the need to ensure service reliability and some constraints. Therefore, how orchestrating SFC and designing a suitable network architecture is a critical issue in this field at present. We propose an efficient network layer-based SFC orchestration method, called SFC-hierarchical orchestration (SFC-HO). Our method separates virtual and physical networks into layers and computes the availability of resources in each layer. We filter the VNFs of each layer and deploy them to the physical layer that meets the greatest benefit. To this end, we formulate the problem as an integer linear programming (ILP) problem to minimize the total deployment cost. In order to further optimize the layering strategy, we innovatively use the Benders decomposition method to decompose the SFC-HO problem into two subproblems, which are the hierarchical mapping problem of VNFs and the routing problem between nodes. We propose two algorithms for the two problems respectively. The simulation results show that compared with the SFC orchestration process in the traditional network model. Our research can effectively improve the reliability of the SFC, reduce the delay of the routing process, and effectively reduce the cost consumption. Our research effectively solves the problem of difficult service orchestration for operators in the face of diverse service demands and a large number of service requests.

show abstract