Introduction and analysis of SDN and NFV security architecture (SN-SECA)

© 2015 IEEE. There have been a few literature published about the security risks expected on the implementations of SDN and NFV (SN), however, no formal Security Architecture with practical attributes was proposed until recently. The first of its kind SN-Security Architecture (SN-SECA) was presented as an IETF draft. This draft presents the architecture with specific ascription to ensure effective security evaluation and integration on the SDN/NVF designs and implementations. This paper briefly introduces the proposed architecture and employs methods to analyze and verify its underlying security attributes. A unified method to review SN-SECA through symbolic analysis previews traffic process flow behavior across an infrastructure with SDN and NFV frameworks. The result of this work highlights the fundamental but important role of each attribute and its flow, and overall viability of the proposed architecture for SDN and NFV that protractedly useful to security practitioners

Formalization and information-theoretic soundness in the development of security architecture for next generation network protocol - UDT

The development and deployment of User Datagram Protocol (UDP)- based Data Transfer (UDT) is undoubtedly strongly reliant upon existing security mechanisms. However, existing mechanisms are developed for mature protocols such as TCP/UDP. We, therefore, developed proprietary mechanisms to form a security architecture for UDT. The primary objectives of the architecture include the management of messages through Authentication Option (AO) and cryptographic keys, the security of data communications, and the integration of data protection enhancing technologies across all the layers. Our approach is the result of our work which started in 2008. We verified each mechanism through formalisation to achieve information-theoretic soundness of the architecture. The results achieve the enhancement of existing schemes to introduce a novel approach to integrate mechanisms to secure UDT in its deployment. The architecture does include available and well-discussed schemes, which are used in other protocols, with proven computational intelligence which can be upgraded so as to provide improved security and primary protection in future extensive UDT deployments. In this work, we present UDT Security Architecture with suitable mechanisms to ensure preservation of data integrity in data transmission. © 2011 Springer-Verlag