Rahamatullah Khondoker

Network functional composition: State of the art

Network Functional Composition is an approach for a flexible Internet architecture which decomposes the layered network stack in functional building blocks which can be loosely coupled. Functional Composition therefore enables a customized composition of functionality at the edges and in the network in respect to application specific requirements. Functional Composition is an architecture for a Future Internet which provides solutions for many of the challenges that have been identified in the Future Internet debate. Several early and current projects have addressed Functional Composition with different aspects, which have been reviewed here as part of a state-of-the-art analysis. This review shall give an overview about the different projects and categorizes the different approaches.

Security Analysis of Security Applications for Software Defined Networks

Software Defined Networking (SDN) is a novel approach to allow configuration of networks in real time and a centralized manner. Likewise to legacy network architectures, security mechanisms are used to protect the network and the end-hosts within the network against attacks. While the properties of SDN allow to implement sophisticated security mechanism as extension of the centralized controllers, they also make the controllers and any extensions of its functionality a valuable target for attackers. This motivates to analyze the security of security applications for SDN. In this paper, two security applications namely, OpenFlow-Random Host Mutation and Resonance, are analyzed using STRIDE. It is shown that most threats for the two security applications can be mitigated by using existing security mechanisms. Furthermore, general suggestions that should be considered when designing security applications for SDN are derived.

Security Analysis of Software Defined Networking Architectures: PCE, 4D and SANE

Todays data networks are steadily growing in size and complexity. Especially in enterprise networks, these development lead to the requirement of a central network administration. With Software Defined Networking (SDN), this requirement can be fulfilled. However, new security considerations such as the protection of the central component must be taken into account. Motivated by the new security requirements that security should play a key role in SDN architectures. This paper chooses some architectures, namely, the Path Computation Element (PCE), 4D, and the Secure Architecture for the Networked Enterprise (SANE). These architectures are analyzed with respect to its security capabilities using Microsofts threat modeling technique, STRIDE. The analysis shows that architectures such as PCE and 4D are vulnerable to tampering and information disclosure as well as Denial of Service attacks. The detected threats can be mitigated by using standard technologies such as TLS and IPsec for securing the communication between interactors.

Service Orientation Paradigm in Future Network Architectures

The Internet can not keep up with changing application requirements and new network technologies as its network architecture makes it hard to introduce new functionality because existing functionalities in the Architecture are inherently tightly coupled. This article describes how the principles of Service Oriented Architecture (SOA) can help to develop more flexible network architecture. We argue that the SOA paradigm can be applied to networks by utilizing the concepts of self-contained building blocks, dynamic protocol graphs and selection and composition methods. In order to make use of flexible networks, applications must be decoupled from the protocols they use. We give a brief overview, of how some of these concepts are already implemented, by presenting few approaches. Finally we describe some challenges of service oriented network architecture.

A description language for communication services of future network architectures

For selecting and composing communication services to create a networking stack in a flexible future network architecture, service descriptions are required. In this paper, we propose a language for describing communication services. The language has been implemented by using the Resource Description Framework (RDF) and evaluated by describing a set of dependencies and a complete service. Irrespective of the selection and composition methods at design time, deployment time and runtime, the language can be used any place where a networking service description is required.

Requirement driven prospects for realizing user-centric network orchestration

The Internet’s infrastructure shows severe limitations when an optimal end user experience for multimedia applications should be achieved in a resource-efficiently way. In order to realize truly user-centric networking, an information exchange between applications and networks is required. To this end, network-application interfaces need to be deployed that enable a better mediation of application data through the Internet. For smart multimedia applications and services, the application and the network should directly communicate with each other and exchange information in order to ensure an optimal Quality of Experience (QoE). In this article, we follow a use-case driven approach towards user-centric network orchestration. We derive user, application, and network requirements for three complementary use cases: HD live TV streaming, video-on-demand streaming and user authentication with high security and privacy demands, as typically required for payed multimedia services. We provide practical guidelines for achieving an optimal QoE efficiently in the context of these use cases. Based on these results, we demonstrate how to overcome one of the main limitations of today’s Internet by introducing the major steps required for user-centric network orchestration. Finally, we show conceptual prospects for realizing these steps by discussing a possible implementation with an inter-network architecture based on functional blocks.

Functional Composition and Its Challenges

Functional composition is an approach for a flexible network architecture which enables a customized combination of functionality with respect to application requirements. Functional composition overcomes the inflexibility of the current Internet architecture and facilitates the management of functionality within the network. Several projects have addressed this topic with different aspects, in this paper several main challenges of network functional composition are identified and discussed.

AutoSecSDNDemo: Demonstration of automated end-to-end security in software-defined networks

The complexity of modern communication networks and innovative cyber-attacking methods make it difficult to automatically detect and prevent attacks. Software-Defined Networking (SDN) separates the forwarding of network traffic from the decision plane of the network and offers a central and programmable interface for the configuration of the network. In this paper, a novel approach to integrate end-to-end security into an SDN is developed which improves the security of a network through automated defense mechanisms and reduces the time needed for a response to a threat.

Security of Selected Future Internet Architectures: A Survey

The Internet faces many challenges in terms of flexibility (so called IP bottleneck) as well as host-centric addressing, mobility, self-configuration, self-monitoring, and security. Several Future Internet (FI) architectures have been proposed to address these challenges including expressive Internet Architecture (XIA), Mobility First, Named Data Networking (NDN), NEBULA, and Recursive Inter Network Architecture (RINA). This paper surveys the security solutions of the FIarchitectures based on literatures, prototypes, and demonstrations. It has been found that none of the architectures can fulfill all of the security goals: confidentiality, authentication, integrity and availability. The results of the survey have been verified by the domain experts.

A mutual key agreement protocol to mitigate replaying attack in eXpressive Internet Architecture (XIA)

Several Future Internet (FI) architectures have been proposed to address the problems of the Internet including flexibility (so called IP bottleneck), host-based addressing (addressing a host rather than the content itself), and security. In this paper, we focus on eXpressive Internet Architecture (XIA) as it is the most secure and open-source Content-Centric Network (CCN). CCN is claimed by the Future Content Networks (FCN) Group to be the Future Internet (FI). However, XIA does not have any mechanisms to mitigate the replaying attack, thus, this paper proposes and implements a solution to mitigate it. Several existing solutions have been analyzed to derive the requirements for the proposed solution. By implementing the proposed protocol, XIA is now able to mitigate all of the reviewed network attacks. The evaluation shows that the proposed solution is more secure and less complex over the existing solutions.