1SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Security for Future Networks

SecFuNet

Diego Kreutzkreutz@lasige.di.fc.ul.pt

Navigators' team atLaSIGE - Large-Scale Informatics Systems Laboratory

2SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Outline

Context

Challenges

Goals

Specific Objectives

Work-packages

FCUL

3SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Context

● Framework Programme 7

● EC call: FP7-ICT-2011-EU-Brazil Date of publication: 28 September, 2010 Deadline: 18 January, 2011

● Funding Scheme: STREP Small or medium-scale focused research projects

● Objective: Future Internet – security

4SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Context

Project info

Name: Security for Future Networks

Acronym: SecFuNet

Duration: 1 May 2011- 1 November 2013 (30 months)

Coordinator: LIP6 - Guy Pujolle

Kickoff meeting: 11 Jully 2011, Paris

5SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Context

1

1

7

5

9

3

8

6

4

2

7

5

9

38

6

4

2

EU partnersSee also the online map at: http://g.co/maps/8zdxs

6SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Context

BR partners

10

15

11

12

13

14

16

16

14

10

12

13

11

15

See also the online map at: http://g.co/maps/8zdxs

7SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Context

Propose a framework providing:● secure identification and authentication● secure data transfer● secure virtualized infrastructure● privacy in virtual network and clouds

8SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Challenges

Main challenge: improve the degree of security on virtual networks and clouds➔ coherent and robust identification schemes

➔ algorithms robust to intrusions

➔ guarantee security in the virtualized infrastructure

9SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Goals

a)Use microcontroller as anchors of trust

b)Introduce an identification system, using pairs of associated microcontrollers

c)Design an open framework, free of proprietary technologies

d)Create a Radius SIM array to provide a unique strong authentication solution

10SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Goals

e)Develop a secure infrastructure for the virtualized networks and clouds

f) Implement mechanisms for robust provisioning of IP services

g)Develop cryptographic schemes adapted to virtual network and clouds

11SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Specific Objectives

Objective 1: design an extensible context framework for the security of the future networks

Objective 2: authentication with EAP-TLS and legacy solutions

Objective 3: develop a highly secure authentication server

Objective 4: develop a highly secure identification scheme based on AAIs

12SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Specific Objectives

Objective 5: provide a reliable and secure environment

Objective 6: achieve resilience of the communications and authentication / authorization

Objective 7: provide cryptographic algorithms for future networks

13SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Structure

Structure of SecFuNet as an integrated project.

14SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Structure

Overall project structure and components dependency.

15SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Work-packages

WP0: Project Management, Coordination and Dissemination

➔ Dissemination and website and video clip

➔ Standardization and Exploitation Plan

WP1: Requirement and Functional Architecture

➔ Virtual network architecture and secure micro-controller: use cases and first choices

➔ Limitations and requirements of the framework

16SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Work-packages

WP2: Authentication Server

➔ Infrastructure of the authentication server

➔ Array and software of the authentication server

➔ Development and deployment on the network

WP3: Secure Identity Management

➔ Identity management system limitations and requirements, and prospective AAIs

➔ Identity management system development

17SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Work-packages

WP4: Virtual Network Isolation

➔ State-of-the-art and isolation between virtual networks

➔ Profiling and virtual network migration

WP5: Infrastructure Resilience

➔ Architecture components for resilient networks

➔ Trustworthy authentication service architecture

18SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Work-packages

WP6: Cryptographic Schemes

➔ Cryptographic requirements

➔ Cryptographic schemes for virtual networks and cloud accesses

WP7: Testbed

➔ Testbed creation

➔ Test and evaluation experiments

19SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Work-packages

Overall WPs scheduling

Light Blue = milestones with deliverables

20SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Work-packages

MGT = ManagementRTD = Research and Technological Development

21SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

WP0: project management (tasks)

1.Dissemination

2.Website and video clip

3.Standardization

4.Exploitation Plan

Intermediate (M12) and final reports (M30)

Duration: 30 months Deliverables: end of each task (M12 and M30)

22SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

WP1: architecture requirements (tasks)

1.Virtual network architecture and secure microcontroller: use cases and first choices

2.Limitations and requirements of the framework

FCUL rule: help in defining the items to be studied in virtual networking environment and on the secure framework.

Duration: 7 months Deliverables: end of each task (M3 and M7)

23SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

WP5: infrastructure resilience (tasks)

1.Architecture components for resilient networks

2.Trustworthy authentication service architecture

FCUL rule: lead task 1 an help on task 2.

Duration: 22 months Deliverables: end of each task (M18 and M21)

24SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

WP6: cryptographic schemes (tasks)

1.Cryptographic requirements

2.Cryptographic schemes for virtual networks and cloud accesses

FCUL rule: participate in the definition of the main security requirements for future virtual networking environments.

Duration: 21 months Deliverables: end of each task (M14 and M27)

25SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCULSummary of staff effort.

26SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

On-going work (research)● State of art on security of network

management services (WP1, WP5 and WP6)

● State of art on future networks (WP1, WP5)

How they will be

How they will relate with clouds

27SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

On-going work (research)● Papers, surveys and projects like:

➔ TRONE (trone.di.fc.ul.pt)➔ MASSIF (www.massif-project.eu)➔ 4WARD (www.4ward-project.eu)➔ EFFECTS+ (www.effectsplus.eu)➔ PASSIVE (ict-passive.eu)➔ SWIFT (www.ist-swift.org)➔ WOMBAT (www.wombat-project.eu)

28SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

On-going work (hands-on)● TRONE

(Trustworthy and Resilient Operations in a Network Environment)

29SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

FCUL

On-going work (hands-on)● Typhon

30SecFuNet: STREP 288349 from FP7-ICT-2011-EU-Brazil

Security for Future Networks

SecFuNet

Diego Kreutzkreutz@lasige.di.fc.ul.pt

Navigators' team atLaSIGE - Large-Scale Informatics Systems Laboratory