Mais conteúdo relacionado Semelhante a Infrastructure Resilience against Attacks and Faults (20) Infrastructure Resilience against Attacks and Faults1. WP5
–
INFRASTRUCTURE
RESILIENCE
AGAINST
ATTACKS
AND
FAULTS
Diego
Kreutz
(FFCUL)
(joint
work:
FFCUL,
TUM,
UFAM
and
UFSC)
SECFUNET
Final
Meeting
Brussels,
11th
June
2014
SECFUNET – Security for Future Networks
FP7-ICT-2011-EU-Brazil – STREP number 288349"
2. Objectives
(1/2)
!
2!
Network Access
Service!
Network
Operating
System
Management
Applications
Network!
ControlPlane!
Network Data Plane!
FITS uses:
§ RADIUS for VMs AA
§ OpenID for user AA
§ OpenFlow controller
3. Objectives
(2/2)
!
3!
Virtual Network 2!
Virtual Network 3!
Physical Infrastructure!
Virtual Network 1!
VerticalandHorizontal!
Control,Managementand!
MonitoringSystems!
Assure&
Monitor&
Config&
Assure&
Monitor&
Config&
4. State
of
Affairs
(OpenID
&
RADIUS)
(current
scenario
and
our
goal)
!
4!
Fault
tolerance
Level
of
trust
C1
C2
C3
C4
C6
C5
6. Functional
Model
Ø Service-‐oriented
architecture
of
components
!
6!
Client / Secure
Component! AAI Replicas!
(mfR + 1)!
Service /
Application / Device!
(fS + 1)!
Gateway!
(AAI front-end)!
(fG + 1)!
AAI Secure !
Components (mfR + 1)!
Alternative Path!
Default Path! AAI Resilient Infra!
7. Functional
Model
Ø Fault
detection
mechanisms
!
7!
ClientCw!
Back-end!
ServiceBz!
Target
ServiceIx!
Service
GatewayGy!
Timeout A! Timeout B!
Corrupted response !
from replica Tx!
Corrupted response !
from replica Gy!
Byzantine behavior!
from replica Bz!
Timeout C (e.g., OpenID)!
8. Towards
Intrusion
Tolerance
1. BFT
tools/protocols
– BFT-‐SMaRt
(FCUL)
– IT-‐VM
(UFSC)
2. Additional
mechanisms:
– Diversity
– Proactive-‐reactive
recovery
3. Confidentiality:
a
limitation
of
BFT
systems
– Specific
components
are
required
to
ensure
this
property
!
8!
9. Diversity
in
the
OpenID
prototype
!
9!
VM1!
Gateway 1!
VM1!
OpenID
BFT R1!
VM2!
Gateway 2!
Pair-wised TCP/IP Communications!
VMn!
Gateway N!…"
Hypervisor!
!
Secure
Element!
V"V"V"
Reliable Communication Channels!
VM2!
OpenID
BFT R1!
Hypervisor!
!
Secure
Element!
VM3!
OpenID
BFT R1!
Hypervisor!
!
Secure
Element!
VM4!
OpenID
BFT R1!
Hypervisor!
!
Secure
Element!
10. A
Trusted
Component
for
RADIUS
&
OpenID
!
10!
TC#
PuCA#
KNAS# PrS#
KUser# ID#
USER Table!
!
<ID1> <…, Perm>MAC!
<ID2> <…, Perm>MAC!
<ID3> <…, Perm>MAC!
<ID4> <…, Perm>MAC!
…!
<IDn> <…, Perm>MAC!
DATA Table (NAS | Association)!
!
<NAS1 | Handler1> <…, EK1>!
<NAS2 | Handler2> <…, EK2>!
<NAS3 | Handler3> <…, EK3>!
<NAS4 | Handler4> <…, EK4>!
…!
<NASn | Handlern> <…, EKn>!
TLS#
EAP#
RADIUS#
Required methods:!
1. HMAC!
2. VerifySignRSA!
3. SymmCipher!
4. GenConfidential!
5. SignRSA!
6. GenAssocia;on#
7. GenNonce#
BFT?SMaRT#
Authentication Service Replica!
KAssoc#
OpenID#
HTTP/HTTPS#
11. Trusted
Components
!
11!
A trusted/secure component can be “any” device capable of ensuring !
the data and operation confidentiality of the target system/environment.!
Smart Cards! Tamper Resistant
a FPGA!
A Shielded!
Computer!
Virtual TPM!
(e.g. vTPM)!
Secure Hypervisor
(e.g. sHyper)!
Intel TXT & GSX
AMD SVM, …!
14. OpenID:
the
impact
of
faults
&
attacks
!
14!
Type of execution/fault/attack 20
clients
40
clients
Fault-free execution 867.73 984.59
Constantly crashing OpenID reps 1009.86 1145.98
Attacking OpenID replicas (DoS) 956.46 1005.54
Constantly crashing OpenID gws 633.44 718.75
15. !
15!
Remarks
(prototypes
&
evaluations
&
proposals)
VirtualMachineMonitor!
Agreement Service!
Authentication Server!
Share Memory!
VM1!
IdP Proxy!
VM2!
IdP Proxy!
API!
Trusted Computing !
Base (TCB)!
R-‐OpenID-‐PR
R-‐OpenID-‐VR
R-‐RADIUS
Resilient
Mon
Infra
Fault-‐tolerant
OF-‐C
RT
Kerberos
v5