ANCHOR: logically-centralized security for Software-Defined Networks

While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference

Scaling Distributed Ledgers and Privacy-Preserving Applications

This thesis proposes techniques aiming to make blockchain technologies and smart contract platforms practical by improving their scalability, latency, and privacy. This thesis starts by presenting the design and implementation of Chainspace, a distributed ledger that supports user defined smart contracts and execute user-supplied transactions on their objects. The correct execution of smart contract transactions is publicly verifiable. Chainspace is scalable by sharding state; it is secure against subsets of nodes trying to compromise its integrity or availability properties through Byzantine Fault Tolerance (BFT). This thesis also introduces a family of replay attacks against sharded distributed ledgers targeting cross-shard consensus protocols; they allow an attacker, with network access only, to double-spend resources with minimal efforts. We then build Byzcuit, a new cross-shard consensus protocol that is immune to those attacks and that is tailored to run at the heart of Chainspace. Next, we propose FastPay, a high-integrity settlement system for pre-funded payments that can be used as a financial side-infrastructure for Chainspace to support low-latency retail payments. This settlement system is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has extremely low-latency for both confirmation and payment finality. Finally, this thesis proposes Coconut, a selective disclosure credential scheme supporting distributed threshold issuance, public and private attributes, re-randomization, and multiple unlinkable selective attribute revelations. It ensures authenticity and availability even when a subset of credential issuing authorities are malicious or offline, and natively integrates with Chainspace to enable a number of scalable privacy-preserving applications

To All Intents and Purposes:Towards Flexible Intent Expression

Intent-based networking provides an efficient mechanism to manage complexity in network management. The paradigm allows users to express their network requirements, and an autonomic framework translates them into a network configuration. Existing efforts focus primarily on modeling connectivity intents for end-users. Nonetheless, in order to deliver autonomic behavior in network management, an intent system must support a wider range of network management processes and model human-to-human interactions, essential for network operation. Furthermore, such interactions may involve nontechnical users and require the design of novel interfaces, supporting free-text and conversational intent expression. Towards this goal, we present an intent architecture that supports novel network management intents, such as network path rerouting and applying periods of ’service protection’. The paper includes details of our prototype implementation that is capable of deploying such intents in under five seconds in a large mininet topology

SatCat5: A Low-Power, Mixed-Media Ethernet Network for Smallsats

In any satellite, internal bus and payload systems must exchange a variety of command, control, telemetry, and mission-data. In too many cases, the resulting network is an ad-hoc proliferation of complex, dissimilar protocols with incomplete system-to-system connectivity. While standards like CAN, MIL-STD-1553, and SpaceWire mitigate this problem, none can simultaneously solve the need for high throughput and low power consumption. We present a new solution that uses Ethernet framing and addressing to unify a mixed-media network. Low-speed nodes (0.1-10 Mbps) use simple interfaces such as SPI and UART to communicate with extremely low power and minimal complexity. High-speed nodes use so-called “media-independent” interfaces such as RMII, RGMII, and SGMII to communicate at rates up to 1000 Mbps and enable connection to traditional COTS network equipment. All are interconnected into a single smallsat-area-network using a Layer-2 network switch, with mixed-media support for all these interfaces on a single network. The result is fast, easy, and flexible communication between any two subsystems. SatCat5 is presented as a free and open-source reference implementation of this mixed-media network switch, with power consumption of 0.2-0.7W depending on network activity. Further discussion includes example protocols that can be used on such networks, leveraging IPv4 when suitable but also enabling full-featured communication without the need for a complex protocol stack

Stream ciphers for secure display

In any situation where private, proprietary or highly confidential material is being dealt with, the need to consider aspects of data security has grown ever more important. It is usual to secure such data from its source, over networks and on to the intended recipient. However, data security considerations typically stop at the recipient's processor, leaving connections to a display transmitting raw data which is increasingly in a digital format and of value to an adversary. With a progression to wireless display technologies the prominence of this vulnerability is set to rise, making the implementation of 'secure display' increasingly desirable. Secure display takes aspects of data security right to the display panel itself, potentially minimising the cost, component count and thickness of the final product. Recent developments in display technologies should help make this integration possible. However, the processing of large quantities of time-sensitive data presents a significant challenge in such resource constrained environments. Efficient high- throughput decryption is a crucial aspect of the implementation of secure display and one for which the widely used and well understood block cipher may not be best suited. Stream ciphers present a promising alternative and a number of strong candidate algorithms potentially offer the hardware speed and efficiency required. In the past, similar stream ciphers have suffered from algorithmic vulnerabilities. Although these new-generation designs have done much to respond to this concern, the relatively short 80-bit key lengths of some proposed hardware candidates, when combined with ever-advancing computational power, leads to the thesis identifying exhaustive search of key space as a potential attack vector. To determine the value of protection afforded by such short key lengths a unique hardware key search engine for stream ciphers is developed that makes use of an appropriate data element to improve search efficiency. The simulations from this system indicate that the proposed key lengths may be insufficient for applications where data is of long-term or high value. It is suggested that for the concept of secure display to be accepted, a longer key length should be used