Multilevel Security Framework for NFV Based on Software Defined Perimeter (SDP)
The rapid increase in global IP traffic and the adoption of mobile devices have challenged network service providers to scale and improve infrastructure to meet this new demand. To improve return on investment for scaling networking infrastructure and capitalize on advancements in virtualization technologies, Network Function Virtualization (NFV) has been proposed. Software Defined Perimeter (SDP) is proposed as a framework to provide logical perimeters around these services, restricting network access and connections to the SDP-enabled Virtual Network Functions (VNFs) to trusted clients only. Several security benefits present themselves as a result of a combined NFV-SDP architecture.
Performance Analysis of SDP For Secure Internal Enterprises
Security has become of paramount importance in recent times, especially due to the advent of cloud computing and Internet of Things. With so many devices in the mix, users have the choice of working from anywhere they want. But it also raises the possibility of being able to multiply the impact of any attack by using all devices at hand. Another important aspect to consider is the prevention of access to sensitive data by unauthorized users using authorized machines. Software Defined Perimeter (SDP) provides one such solution.
On IoT applications: a proposed SDP Framework for MQTT
In this work, the Software-Defined Perimeter (SDP) is considered for the Message Queuing Telemetry Transport (MQTT) protocol framework in the IoT applications. In fact, the SDP provides an additional layer of security with or without SSL/TLS by replacing the traditional login method (username/password) with a Single-Packet Authorization (SPA) process. This will blacken the end devices, by cloaking and causing them to be inaccessible by attackers. Consequently, this prevents the login information from being compromised in the absence of encryption. Eventually, the framework is evaluated through an implementation testbed and system proved to be secure against DOS active and off-line dictionary types of attacks, even with the use of weak login credentials. All the while, achieving measurable efficiency over the traditional use of MQTT.
On the Security of SDN: A Completed Secure and Scalable Framework Using the Software-Defined Perimeter
The widespread adoption and evolution of Software Defined Networking (SDN) have enabled the service providers to successfully simplify network management. Along with the traffic explosion, there is decreasing CAPEX and OPEX as well as an increase in the average revenue per user. However, this wide adoption of SDNs is posing real challenges and concerns in terms of security aspects. The main challenges are how to provide proper authentication, access control, data privacy, and data integrity among others for the API-driven orchestration of network routing. The proposed Integrated frameworks are examined through virtualized network testbeds. The testing results demonstrate that the proposed framework is malleable to both port scanning (PS) attack and Denial of Service (DoS) bandwidth attack. In addition, it clarifies some interesting potential integration points between the SDP systems and SDNs to further research in this area.