attestation of shield's network infrastructure and
TRANSCRIPT
Ludovic Jacquin, Hewlett Packard Labs (HPE).
ETSI Security Week, Hot Topics in Middlebox SecuritySophia Antipolis, France, 12 June 2018
Attestation of SHIELD's network infrastructure and middleboxes.
SHIELD’s mission & concept
Attestation in SHIELD's network and middleboxes. 2
SHIELD aims to deliver an open solution for dynamically establishing and deploying virtual Security
infrastructures in ISPs and corporate networks.
Big Data Analytics
Trusted Computing
Network Functions
Virtualisation
The SHIELD key components
3Attestation in SHIELD's network and middleboxes.
Service Catalogueand Front-End
vNSFs
DARE
vNSFO
• The middlebox alone cannot be verified, evaluated.– The state is remotely controlled by the orchestration.
• How to verify if a middlebox is working as intended?– Securely– Automatically
• Trusted Computing technologies and mechanisms!
The virtualisation and data/control separation gap
Attestation in SHIELD's network and middleboxes. 4
• Security chip/co-processor widely deployed.– Shielded execution of standardized commands.– Private keys never leave the chip (configurable).
• Enabler for high-level security features:
Trusted Platform Module (TPM) primer
Attestation in SHIELD's network and middleboxes. 5
BootROM(CRTM)
BIOS/UEFI
OS
App. Conf.
Load
Load
Load
Measure
Measure
Measure
Store in PCR0
Pro
tect Log w
ith P
CR
10
b83fac83fb9286
a34fc80fde83f1
a82057ac840d83f9392c876d55a8[…]
Store
in Log
f1d
e32
11
ff00
25
Measured boot
RemoteVerifier
1: Challenge (nonce)
2: Signed measurements
3: Validate signature and check measurements
PCR0: b83fac83fb9286PCR1: a34fc80fde83f1[…]PCR10: f1de3211ff0025
TPMID
Platform
21
3
Remote Attestation
The Trust Monitor
6
TRUSTED INFRASTRUCTURE
The trustworthiness of the SHIELD framework is implemented by relying on Trusted Computing technologies. The infrastructure attestation binds the vNSFs and the network configuration with the store and orchestration of the network.
The key components of the SHIELD framework are protected using Trusted Platform Modules (TPM), assuring the integrity of the software and the configuration.
KEY TECHNOLOGIES
Attestation in SHIELD's network and middleboxes.
Trust Monitor
Service Catalogue
and Front-End
vNSFs
DARE
vNSFO
SHIELD architecture
Attestation in SHIELD's network and middleboxes. 7
Enrollment of middleboxes
Attestation in SHIELD's network and middleboxes. 8
• Update of the Trust Monitor with new vNSF version.
• Verification of new middlebox before admission in the network.
Monitoring of the middleboxes
Attestation in SHIELD's network and middleboxes. 9
• Continual verification of the middleboxes of the network.
Key project milestones
Attestation in SHIELD's network and middleboxes. 10
Prototype of the SHIELD system (alpha
version):
September 2017
Open-source release of the SHIELD system
(beta version):
September 2018
System tested & validated – Final
release:
February 2019
• Detection of rogue SDN controller
• Detection of incorrect SDN rules
• Can handle 10k OpenFlow rules– Bottleneck between SDN controller & Trust Monitor
• Gap: no common (SDN controller-switch) identifier for rules
• Around 2 to 3 seconds RTT– 600ms for the TPM signature itself
SDN switches attestation
Attestation in SHIELD's network and middleboxes. 11
• Boot-time integrity verification of the servers firmware– Via Measured Boot for TPM 1.2
• Run-time integrity verification of binaries and configuration files in servers and middleboxes– Based on the Linux Integrity Measurement Architecture (IMA) kernel
module + custom Linux kernel– Tailored for the Docker lightweight virtualisation environment
• Automated generation/update of whitelist database– Including reference measurements from software repositories (limited
to CentOS Linux distribution)
Servers and middleboxes attestation (1/2)
Attestation in SHIELD's network and middleboxes. 12
• Takes around 5 to 6 seconds RTT w/ verification via whitelist database (up to 128 active containers)– Hard limit caused by the TPM signature over the integrity report
(around 2 seconds) + generation time of the integrity report– The verification process has a smaller influence on the overall time
• The total average time grows linearly with the number of active containers
• Gap: missing integration with NFV Virtual Infrastructure Manager
Servers and middleboxes attestation (2/2)
Attestation in SHIELD's network and middleboxes. 13
• Include recommended remediation– Exclude node, update configuration, reconfigure OpenFlow rules
• Whitelist nodes allowed to communicate with vNSFO– Based on being verified by the Trust Monitor
• Integration with the other components
Next steps
Attestation in SHIELD's network and middleboxes. 14
Follow us!
Attestation in SHIELD's network and middleboxes. 15
https://www.shield-h2020.eu/
@shield_h2020
SHIELD EU Project
SHIELD has received financial support from the European Commissionunder Grant Agreement No. 700199