PORTO @ Archivio Istituzionale della Ricerca

IEEE 802.1AE is a standard for Media Access Control security (MACsec), which enables data integrity, authentication, and confidentiality for traffic in a broadcast domain. This protects network communications against attacks at link layer, hence it provides a higher degree of security and flexibility compared to other security protocols, such as IPsec. Softwarised network infrastructures, based on Network Functions Virtualisation (NFV) and Software Defined Networking (SDN), provide higher flexibility than traditional networks. Nonetheless, these networks have a larger attack surface compared to legacy infrastructures based on hardware appliances. In this scenario, communication security is important to ensure that the traffic in a broadcast domain is not intercepted or manipulated. We propose an architecture for centralised management of MACsec-enabled switches in a NFV environment. Moreover, we present a PoC that integrates MACsec in the Open Source MANO NFV framework and we evaluate its performance.

Using MACsec to protect a Network Functions Virtualisation Infrastructure / Lioy, Antonio; Pedone, Ignazio; Sisinni, Silvia. - STAMPA. - (2022), pp. 1-3. (Intervento presentato al convegno 27th IEEE Symposium on Computers and Communications tenutosi a Rhodes (Greece) nel 30/6-3/7/2022) [10.1109/ISCC55528.2022.9912955].

Using MACsec to protect a Network Functions Virtualisation Infrastructure

Antonio Lioy;Ignazio Pedone;Silvia Sisinni
2022

Abstract

IEEE 802.1AE is a standard for Media Access Control security (MACsec), which enables data integrity, authentication, and confidentiality for traffic in a broadcast domain. This protects network communications against attacks at link layer, hence it provides a higher degree of security and flexibility compared to other security protocols, such as IPsec. Softwarised network infrastructures, based on Network Functions Virtualisation (NFV) and Software Defined Networking (SDN), provide higher flexibility than traditional networks. Nonetheless, these networks have a larger attack surface compared to legacy infrastructures based on hardware appliances. In this scenario, communication security is important to ensure that the traffic in a broadcast domain is not intercepted or manipulated. We propose an architecture for centralised management of MACsec-enabled switches in a NFV environment. Moreover, we present a PoC that integrates MACsec in the Open Source MANO NFV framework and we evaluate its performance.
2022
4.3 Poster
File in questo prodotto:
File Dimensione Formato  
2022108509.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 432.39 kB
Formato Adobe PDF
Visualizza/Apri
432.39 kB Adobe PDF Visualizza/Apri
POSTER_Using_MACsec_to_protect_a_Network_Functions_Virtualisation_infrastructure.pdf

non disponibili

Descrizione: Editor version
Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 448.07 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
448.07 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2971588