Safeguarding VNF Credentials with Intel SGX

Paladi, Nicolae; Karlsson, Linus

doi:10.1145/3123878.3132016

Cited by 10 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IDS will perform deep packet inspection to confirm whether the packet is malicious. The network setup not only can process HTTP web traffic, when the NVF support TLS [23,40], it can also process HTTPS traffic. As most privacy preserving NFV platforms [23,27,54], we use TLS as secure transmission protocol between enterprise gateway and privacy-preserving NFV platform.…”

Section: Methodsmentioning

confidence: 99%

Interface-Based Side Channel Attack Against Intel SGX

Wang,

Cheng,

et al. 2018

Preprint

View full text Add to dashboard Cite

Intel has introduced a trusted computing technology, Intel Software Guard Extension (SGX), which provides an isolated and secure execution environment called enclave for a user program without trusting any privilege software (e.g., an operating system or a hypervisor) or firmware. Nevertheless, SGX is vulnerable to several side channel attacks (e.g. page-fault-based attack and cachebased attack). In this paper, we explore a new, yet critical side channel attack in SGX, interface-based side channel attack, which can infer the information of the enclave input data. The root cause of the interface-based side channel attack is the input dependent interface invocation information (e.g., interface information and invocation patterns) which can be observed by the untrusted privilege software can reveal the control flow in the enclave. We study the methodology which can be used to conduct the interface-based side channel attack. To illustrate the effectiveness of the interfacebased side-channel attacks, we use our methodology to infer whether tracked web pages have been processed by the SGX-assisted NFV platforms and achieve the accuracy of 87.6% and recall of 76.6%. We also identify the packets which belong to the tracked web pages, with the accuracy of 67.9%and recall of 71.1%. We finally propose some countermeasures to defense the interface-based side channel attack in SGX-assisted applications.

show abstract

Section: Methodsmentioning

confidence: 99%

Interface-Based Side Channel Attack Against Intel SGX

Wang,

Cheng,

et al. 2018

Preprint

View full text Add to dashboard Cite

show abstract

“…Applying TruSDN to virtual network functions (VNFs) A prototype applying the TruSDN approach to VNFs in an SDN deployment was described in [29]. Future challenges include designing an integrated prototype with component integrity attestation on the data plane, controller plane and management plane as well as leveraging TruSDN to secure communications throughout the deployment.…”

Section: Enabling Practical Deploymentsmentioning

confidence: 99%

Bootstrapping trust in software defined networks

Paladi¹,

Gehrmann²

2017

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

show abstract

“…Earlier research addressed SDN security through additional services [48,53,21], formal verification [6] and isolated execution using Intel Software Guard Extensions (SGX) [52,43,28,44], and most popular network element implementation support communication over transport layer security (TLS) [15]. Despite these efforts, the confidentiality and integrity of authentication credentials of network elements in SDN remain unaddressed.…”

Section: Introductionmentioning

confidence: 99%

“…Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage. arXiv:1806.07302v1 [cs.NI] 19 Jun 2018 directly (by intercepting or modifying traffic), or indirectly through horizontal attacks aimed to leak authentication credentials and encryption keys [54].Earlier research addressed SDN security through additional services [48,53,21], formal verification [6] and isolated execution using Intel Software Guard Extensions (SGX) [52,43,28,44], and most popular network element implementation support communication over transport layer security (TLS) [15]. Despite these efforts, the confidentiality and integrity of authentication credentials of network elements in SDN remain unaddressed.…”

mentioning

confidence: 99%

Trust Anchors in Software Defined Networks

2018

Self Cite

View full text Add to dashboard Cite

Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements -authentication credentials and cryptographic context -by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage. arXiv:1806.07302v1 [cs.NI] 19 Jun 2018 directly (by intercepting or modifying traffic), or indirectly through horizontal attacks aimed to leak authentication credentials and encryption keys [54].Earlier research addressed SDN security through additional services [48,53,21], formal verification [6] and isolated execution using Intel Software Guard Extensions (SGX) [52,43,28,44], and most popular network element implementation support communication over transport layer security (TLS) [15]. Despite these efforts, the confidentiality and integrity of authentication credentials of network elements in SDN remain unaddressed. In particular, the existing approaches to provision authentication credentials to network elements in SDN are either plain insecure or both insecure and unscalable, requiring manual steps 4 [38]. Moreover, credentials provisioned to network elements in virtualized environments are often stored in plaintext on the file system. Adversaries exploiting vulnerabilities in process and virtualization isolation can access authentication credentials to perform network attacks or impersonate network elements. In this paper, we address two complementary questions: (1) How can authentication credentials be securely provisioned to software network elements in SDN deployments? and (2) How can the TLS context of virtual switches be protected on compromised hosts? ContributionsIn this work, we present the following contributions:-A secure, practical, and scalable mechanism to provision authentication credentials and bootstrap communication between software network elements. -TLSonSGX 5 , a library allowing to maintain authentication credentials and the TLS context exclusively in isolated execution environments. -A novel approach to restricting the availability of authentication credentials for SDN components to hosts with an attested trusted computing base. -A first thorough analysis of the performance trade-offs of deploying components of network elements in SGX enclaves. StructureThe remainder of thi...

show abstract

Safeguarding VNF Credentials with Intel SGX

Cited by 10 publications

References 7 publications

Interface-Based Side Channel Attack Against Intel SGX

Interface-Based Side Channel Attack Against Intel SGX

Bootstrapping trust in software defined networks

Trust Anchors in Software Defined Networks

Contact Info

Product

Resources

About