secfunet - security for future networks
TRANSCRIPT
1SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Security for Future Networks
SecFuNet
Diego [email protected]
Navigators' team atLaSIGE - Large-Scale Informatics Systems Laboratory
2SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Outline
Context
Challenges
Goals
Specific Objectives
Work-packages
FCUL
3SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
● Framework Programme 7
● EC call: FP7-ICT-2011-EU-Brazil Date of publication: 28 September, 2010 Deadline: 18 January, 2011
● Funding Scheme: STREP Small or medium-scale focused research projects
● Objective: Future Internet – security
4SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
Project info
Name: Security for Future Networks
Acronym: SecFuNet
Duration: 1 May 2011- 1 November 2013 (30 months)
Coordinator: LIP6 - Guy Pujolle
Kickoff meeting: 11 Jully 2011, Paris
5SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
1
1
7
5
9
3
8
6
4
2
7
5
9
38
6
4
2
EU partnersSee also the online map at: http://g.co/maps/8zdxs
6SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
BR partners
10
15
11
12
13
14
16
16
14
10
12
13
11
15
See also the online map at: http://g.co/maps/8zdxs
7SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Context
Propose a framework providing:● secure identification and authentication● secure data transfer● secure virtualized infrastructure● privacy in virtual network and clouds
8SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Challenges
Main challenge: improve the degree of security on virtual networks and clouds➔ coherent and robust identification schemes
➔ algorithms robust to intrusions
➔ guarantee security in the virtualized infrastructure
9SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Goals
a)Use microcontroller as anchors of trust
b)Introduce an identification system, using pairs of associated microcontrollers
c)Design an open framework, free of proprietary technologies
d)Create a Radius SIM array to provide a unique strong authentication solution
10SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Goals
e)Develop a secure infrastructure for the virtualized networks and clouds
f) Implement mechanisms for robust provisioning of IP services
g)Develop cryptographic schemes adapted to virtual network and clouds
11SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Specific Objectives
Objective 1: design an extensible context framework for the security of the future networks
Objective 2: authentication with EAP-TLS and legacy solutions
Objective 3: develop a highly secure authentication server
Objective 4: develop a highly secure identification scheme based on AAIs
12SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Specific Objectives
Objective 5: provide a reliable and secure environment
Objective 6: achieve resilience of the communications and authentication / authorization
Objective 7: provide cryptographic algorithms for future networks
13SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Structure
Structure of SecFuNet as an integrated project.
14SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Structure
Overall project structure and components dependency.
15SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP0: Project Management, Coordination and Dissemination
➔ Dissemination and website and video clip
➔ Standardization and Exploitation Plan
WP1: Requirement and Functional Architecture
➔ Virtual network architecture and secure micro-controller: use cases and first choices
➔ Limitations and requirements of the framework
16SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP2: Authentication Server
➔ Infrastructure of the authentication server
➔ Array and software of the authentication server
➔ Development and deployment on the network
WP3: Secure Identity Management
➔ Identity management system limitations and requirements, and prospective AAIs
➔ Identity management system development
17SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP4: Virtual Network Isolation
➔ State-of-the-art and isolation between virtual networks
➔ Profiling and virtual network migration
WP5: Infrastructure Resilience
➔ Architecture components for resilient networks
➔ Trustworthy authentication service architecture
18SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
WP6: Cryptographic Schemes
➔ Cryptographic requirements
➔ Cryptographic schemes for virtual networks and cloud accesses
WP7: Testbed
➔ Testbed creation
➔ Test and evaluation experiments
19SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
Overall WPs scheduling
Light Blue = milestones with deliverables
20SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Work-packages
MGT = ManagementRTD = Research and Technological Development
21SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP0: project management (tasks)
1.Dissemination
2.Website and video clip
3.Standardization
4.Exploitation Plan
Intermediate (M12) and final reports (M30)
Duration: 30 months Deliverables: end of each task (M12 and M30)
22SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP1: architecture requirements (tasks)
1.Virtual network architecture and secure microcontroller: use cases and first choices
2.Limitations and requirements of the framework
FCUL rule: help in defining the items to be studied in virtual networking environment and on the secure framework.
Duration: 7 months Deliverables: end of each task (M3 and M7)
23SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP5: infrastructure resilience (tasks)
1.Architecture components for resilient networks
2.Trustworthy authentication service architecture
FCUL rule: lead task 1 an help on task 2.
Duration: 22 months Deliverables: end of each task (M18 and M21)
24SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
WP6: cryptographic schemes (tasks)
1.Cryptographic requirements
2.Cryptographic schemes for virtual networks and cloud accesses
FCUL rule: participate in the definition of the main security requirements for future virtual networking environments.
Duration: 21 months Deliverables: end of each task (M14 and M27)
25SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCULSummary of staff effort.
26SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
On-going work (research)● State of art on security of network
management services (WP1, WP5 and WP6)
● State of art on future networks (WP1, WP5)
How they will be
How they will relate with clouds
27SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
On-going work (research)● Papers, surveys and projects like:
➔ TRONE (trone.di.fc.ul.pt)➔ MASSIF (www.massif-project.eu)➔ 4WARD (www.4ward-project.eu)➔ EFFECTS+ (www.effectsplus.eu)➔ PASSIVE (ict-passive.eu)➔ SWIFT (www.ist-swift.org)➔ WOMBAT (www.wombat-project.eu)
28SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
On-going work (hands-on)● TRONE
(Trustworthy and Resilient Operations in a Network Environment)
29SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
FCUL
On-going work (hands-on)● Typhon
30SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil
Security for Future Networks
SecFuNet
Diego [email protected]
Navigators' team atLaSIGE - Large-Scale Informatics Systems Laboratory