Skip to main content
SpringerLink
Log in

An SDN and NFV Use Case: NDN Implementation and Security Monitoring

  • Chapter
  • First Online:
Book cover Guide to Security in SDN and NFV

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

Combining NFV fast-service deployment and SDN fine-grained control of data flows allows comprehensive network security monitoring. The DOCTOR architecture (The DOCTOR project (http://doctor-project.org) is a collaborative research project partially financed by the French National Research Agency (ANR) under grant <ANR-14-CE28-0001>) allows detecting, assessing, and remediating attacks. DOCTOR is an ANR-funded project designing an NFV platform enabling to securely deploy virtual network functions. The project relies on open-source technologies providing a platform on top of which a Named Data Networking architecture (NDN. Available: https://named-data.net/) is implemented. NDN is an example of an application made possible by SDN and NFV coexistence, since hardware implementation would be too expansive. We show how NDN routers can be implemented and managed as VNFs.

Security monitoring of the DOCTOR architecture is performed at two levels. First, host-level monitoring, provided by CyberCAPTOR, uses an attack-graph approach based on network topology knowledge. It then suggests remediations to cut attack paths. We show how our monitoring tool integrates SDN and NFV specificities and how SDN and NFV make security monitoring more efficient. Then, application-level monitoring relies on the MMT probe. It monitors NDN-specific metrics from inside the VNFs, and a central component can detect attack patterns corresponding to known flaws of the NDN protocol. These attacks are fed to the CyberCAPTOR module to integrate NDN attacks in attack graphs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 69.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Montimage website. Available: http://www.montimage.com/products.html

  2. NDN. Available: https://named-data.net

  3. CNSS, National Information Assurance Glossary. Available: http://www.ncsc.gov/nittf/docs/ CNSSI-4009_National_Information_Assurance.pdf

  4. MulVAL Project at Kansas University. Available: http://people.cs.ksu.edu/~xou/mulval/

  5. ETSI-ISG-NFV, Network Functions Virtualisation (NFV); NFV Security; Problem Statement, 2014. Available: http://www.etsi.org/deliver/etsi_gs/NFVSEC/001_099/001/01.01.01_60/ gs_NFVSEC001v010101p.pdf

  6. Wojtczuk R (2014) Poacher turned gamekeeper: lessons learned from eight years of breaking hypervisors. In: Black Hat USA, 2014

    Google Scholar 

  7. Riddle ARCASM (2015) A survey on the security of hypervisors in cloud computing. In: IEEE 35th International conference on distributed computing systems workshops, 2015

    Google Scholar 

  8. Wang G, Estrada ZJ, Pham C, Kalbarczyk Z, Iyer ARK (2015) Hypervisor introspection: a technique for evading passive virtual machine monitoring. In: WOOT, 2015

    Google Scholar 

  9. Kreutz D, Ramos FMV, Verissimo AP (2013) Towards secure and dependable software-defined networks. In: HotSDN, 2013

    Google Scholar 

  10. Floodlight OpenFlow Controller. Available: http://www.projectfloodlight.org/floodlight/

  11. The OpenDaylight Platform. Available: https://www.opendaylight.org/

  12. Shin S (2014) Rosemary: a robust, secure, and high-performance network operating system. In: CCS, 2014

    Google Scholar 

  13. National Vulnerability Database. Available: https://nvd.nist.gov/download.cfm

  14. Gasti P et al (2013) DoS and DDoS in named data networking. In: Conference on Computer Communications and Networks (ICCCN). IEEE, 2013, pp 1–7

    Google Scholar 

  15. Dai H et al (2013) Mitigate DDoD attacks in NDN by Interest traceback. In: Proceedings of IEEE INFOCOM NOMEN Workshop, 2013

    Google Scholar 

  16. Compagno A et al (2013) Poseidon: mitigating interest flooding DDoS attacks in named data networking. In: International conference on Local Computer Networks (LCN). IEEE, 2013, pp 630–638

    Google Scholar 

  17. Afanasyev A et al (2013) Interest flooding attack and countermeasures in named data networking. In: IFIP networking conference. IEEE. 2013, pp 1–9

    Google Scholar 

  18. Nguyen T, Cogranne R, Doyen G (2015) An optimal statistical test for robust detection against Interest flooding attacks in CCN. In: FIP/IEEE international symposium on Integrated Network Management (IM), I. 2015, pp 252–260

    Google Scholar 

  19. Nguyen TN et al. (2015) Detection of Interest flooding attacks in named data networking using hypothesis testing. In: IEEE international Workshop on Information Forensics and Security (WIFS), . 2015, pp 1–6

    Google Scholar 

  20. Virgilio M., Marchetto G., Sisto R (2013) PIT overload analysis in content centric networks. In: Proceedings of 3rd ACM SIGCOMM workshop on Information-centric networking. ACM. 2013, pp 67–72

    Google Scholar 

  21. Vahlenkamp M, Schneider F, Kutscher D, Seedorf J (2013) Enabling information centric networking in IP networks using SDN. In: IEEE SDN for Future Networks and Services (SDN4FNS), 2013, Trento, pp 1–6

    Google Scholar 

  22. Salsano S., Blefari-Melazzi N., Detti A., Morabito G., Veltri L. (2013) In: Information centric networking over SDN and OpenFlow: Architectural aspects and experiments on the OFELIA testbed, Computer Networks, 57(16), 13 Nov 2013, pp 3207–.3221, ISSN 1389-1286

    Google Scholar 

  23. van Adrichem NLM, Kuipers FA (2015) NDNFlow: software-defined named data networking. In: 2015 1st IEEE conference on Network Softwarization (NetSoft), London, 2015, pp 1–5

    Google Scholar 

  24. Nguyen XN, Saucez D, Turletti T (2013) Efficient caching in content-centric networks using OpenFlow. INFOCOM, Proceedings IEEE, Turin, 2013, pp 1–2

    Google Scholar 

  25. TalebiFard P, Ravindran R, Chakraborti A, Pan J, Mercian A, Wang G, Leung VCM (2015) An information centric networking approach towards contextualized edge service. In: 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), Las Vegas, 2015, pp 250–255

    Google Scholar 

  26. Mai HL , Nguyen NT, Doyen G, Ploix A, Cogranne R (2016) On the readiness of NDN for a secure deployment: the case of pending interest table. In: proceedings of the 10th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2016. pp 98–110. Lecture Notes in Computer Science 9701. Springer International Publishing, 2016

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Thales Services, La Défense, France

    Théo Combe

  2. Montimage, Paris, France

    Wissam Mallouli & Edgardo Montes de Oca

  3. INRIA, Rocquencourt, France

    Thibault Cholez

  4. UTT, Troyes, France

    Guillaume Doyen

  5. Orange, Paris, France

    Bertrand Mathieu

Authors
  1. Théo Combe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wissam Mallouli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thibault Cholez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guillaume Doyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bertrand Mathieu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Edgardo Montes de Oca
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wissam Mallouli .

Editor information

Editors and Affiliations

  1. University of Derby, Derby, United Kingdom

    Shao Ying Zhu

  2. Queen’s University Belfast, Belfast, United Kingdom

    Sandra Scott-Hayward

  3. Hewlett Packard Labs, Bristol, United Kingdom

    Ludovic Jacquin

  4. University of Huddersfield, Huddersfield, United Kingdom

    Richard Hill

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Combe, T., Mallouli, W., Cholez, T., Doyen, G., Mathieu, B., Montes de Oca, E. (2017). An SDN and NFV Use Case: NDN Implementation and Security Monitoring. In: Zhu, S., Scott-Hayward, S., Jacquin, L., Hill, R. (eds) Guide to Security in SDN and NFV. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-64653-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64653-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64652-7

  • Online ISBN: 978-3-319-64653-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation