secfunet - security for future networks

1SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Security for Future Networks

SecFuNet

Diego [email protected]

Navigators' team atLaSIGE - Large-Scale Informatics Systems Laboratory

mailto:[email protected]


Outline

Context

Challenges

Goals

Specific Objectives

Work-packages

FCUL


Context

● Framework Programme 7

● EC call: FP7-ICT-2011-EU-Brazil Date of publication: 28 September, 2010 Deadline: 18 January, 2011

● Funding Scheme: STREP Small or medium-scale focused research projects

● Objective: Future Internet – security


Context

Project info

Name: Security for Future Networks

Acronym: SecFuNet

Duration: 1 May 2011- 1 November 2013 (30 months)

Coordinator: LIP6 - Guy Pujolle

Kickoff meeting: 11 Jully 2011, Paris


Context

1

1

7

5

9

3

8

6

4

2

7

5

9

38

6

4

2

EU partnersSee also the online map at: http://g.co/maps/8zdxs

http://g.co/maps/8zdxs


Context

BR partners

10

15

11

12

13

14

16

16

14

10

12

13

11

15

See also the online map at: http://g.co/maps/8zdxs

http://g.co/maps/8zdxs


Context

Propose a framework providing:● secure identification and authentication● secure data transfer● secure virtualized infrastructure● privacy in virtual network and clouds


Challenges

Main challenge: improve the degree of security on virtual networks and clouds➔ coherent and robust identification schemes

➔ algorithms robust to intrusions

➔ guarantee security in the virtualized infrastructure


Goals

a)Use microcontroller as anchors of trust

b)Introduce an identification system, using pairs of associated microcontrollers

c)Design an open framework, free of proprietary technologies

d)Create a Radius SIM array to provide a unique strong authentication solution


Goals

e)Develop a secure infrastructure for the virtualized networks and clouds

f) Implement mechanisms for robust provisioning of IP services

g)Develop cryptographic schemes adapted to virtual network and clouds


Specific Objectives

Objective 1: design an extensible context framework for the security of the future networks

Objective 2: authentication with EAP-TLS and legacy solutions

Objective 3: develop a highly secure authentication server

Objective 4: develop a highly secure identification scheme based on AAIs


Specific Objectives

Objective 5: provide a reliable and secure environment

Objective 6: achieve resilience of the communications and authentication / authorization

Objective 7: provide cryptographic algorithms for future networks


Structure

Structure of SecFuNet as an integrated project.


Structure

Overall project structure and components dependency.


Work-packages

WP0: Project Management, Coordination and Dissemination

➔ Dissemination and website and video clip

➔ Standardization and Exploitation Plan

WP1: Requirement and Functional Architecture

➔ Virtual network architecture and secure micro-controller: use cases and first choices

➔ Limitations and requirements of the framework


Work-packages

WP2: Authentication Server

➔ Infrastructure of the authentication server

➔ Array and software of the authentication server

➔ Development and deployment on the network

WP3: Secure Identity Management

➔ Identity management system limitations and requirements, and prospective AAIs

➔ Identity management system development


Work-packages

WP4: Virtual Network Isolation

➔ State-of-the-art and isolation between virtual networks

➔ Profiling and virtual network migration

WP5: Infrastructure Resilience

➔ Architecture components for resilient networks

➔ Trustworthy authentication service architecture


Work-packages

WP6: Cryptographic Schemes

➔ Cryptographic requirements

➔ Cryptographic schemes for virtual networks and cloud accesses

WP7: Testbed

➔ Testbed creation

➔ Test and evaluation experiments


Work-packages

Overall WPs scheduling

Light Blue = milestones with deliverables


Work-packages

MGT = ManagementRTD = Research and Technological Development


FCUL

WP0: project management (tasks)

1.Dissemination

2.Website and video clip

3.Standardization

4.Exploitation Plan

Intermediate (M12) and final reports (M30)

Duration: 30 months Deliverables: end of each task (M12 and M30)


FCUL

WP1: architecture requirements (tasks)

1.Virtual network architecture and secure microcontroller: use cases and first choices

2.Limitations and requirements of the framework

FCUL rule: help in defining the items to be studied in virtual networking environment and on the secure framework.



FCUL

WP5: infrastructure resilience (tasks)

1.Architecture components for resilient networks

2.Trustworthy authentication service architecture

FCUL rule: lead task 1 an help on task 2.



FCUL

WP6: cryptographic schemes (tasks)

1.Cryptographic requirements

2.Cryptographic schemes for virtual networks and cloud accesses

FCUL rule: participate in the definition of the main security requirements for future virtual networking environments.



FCULSummary of staff effort.


FCUL

On-going work (research)● State of art on security of network

management services (WP1, WP5 and WP6)

● State of art on future networks (WP1, WP5)

How they will be

How they will relate with clouds


FCUL

On-going work (research)● Papers, surveys and projects like:

➔ TRONE (trone.di.fc.ul.pt)➔ MASSIF (www.massif-project.eu)➔ 4WARD (www.4ward-project.eu)➔ EFFECTS+ (www.effectsplus.eu)➔ PASSIVE (ict-passive.eu)➔ SWIFT (www.ist-swift.org)➔ WOMBAT (www.wombat-project.eu)

http://trone.di.fc.ul.pt/

http://www.massif-project.eu/

http://www.4ward-project.eu/

http://www.effectsplus.eu/

http://ict-passive.eu/

http://www.ist-swift.org/

http://www.wombat-project.eu/


FCUL

On-going work (hands-on)● TRONE

(Trustworthy and Resilient Operations in a Network Environment)


FCUL

On-going work (hands-on)● Typhon


Security for Future Networks

SecFuNet

Diego [email protected]

Navigators' team atLaSIGE - Large-Scale Informatics Systems Laboratory

mailto:[email protected]

secfunet - security for future networks

Technology