sdn-based network obfuscation - roland meier · 2017. 3. 16. · at ingress and egress switch....
TRANSCRIPT
![Page 1: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/1.jpg)
||
SDN-basedNetwork Obfuscation
Master ThesisRoland Meier
Tutor: Dr. David GugelmannSupervisor: Prof. Dr. Laurent Vanbever
17. Juni 2016Masterfeier 1
![Page 2: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/2.jpg)
|| 17. Juni 2016Masterfeier 2
![Page 3: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/3.jpg)
||
A story about Alice and Bob…
17. Juni 2016Masterfeier 3
![Page 4: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/4.jpg)
|| 17. Juni 2016Masterfeier 4
Alice writes a letter to Bob…
Hi Bob,
![Page 5: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/5.jpg)
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 5
BobAlice
![Page 6: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/6.jpg)
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 6
BobAlice
![Page 7: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/7.jpg)
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 7
BobAlice
![Page 8: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/8.jpg)
||
Alice writes a letter to Bob… … and Eve reads it
17. Juni 2016Masterfeier 8
BobAlice
Hi Bob,
![Page 9: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/9.jpg)
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 9
BobAlice
Hi Bob,
![Page 10: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/10.jpg)
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 10
BobAlice
Hi Bob,
![Page 11: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/11.jpg)
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 11
Hi Bob,
Hi Bob,
![Page 12: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/12.jpg)
||
Alice encrypts the message…
17. Juni 2016Masterfeier 12
Hi Bob,
Hi Bob,
![Page 13: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/13.jpg)
||
Alice encrypts the message…
17. Juni 2016Masterfeier 13
Hi Bob,
![Page 14: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/14.jpg)
||
Alice encrypts the message…
17. Juni 2016Masterfeier 14
ǾǼōĦ
![Page 15: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/15.jpg)
||
Alice encrypts the message…
17. Juni 2016Masterfeier 15
ǾǼōĦ
![Page 16: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/16.jpg)
||
Alice encrypts the message…
17. Juni 2016Masterfeier 16
ǾǼōĦ
ǾǼōĦ
![Page 17: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/17.jpg)
||
Alice encrypts the message…… only Bob can decrypt
17. Juni 2016Masterfeier 17
ǾǼōĦ
Hi Bob,
![Page 18: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/18.jpg)
||
Alice encrypts the message…… but not the addresses
17. Juni 2016Masterfeier 18
ǾǼōĦ
Hi Bob,
BobAlice
![Page 19: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/19.jpg)
||
Alice encrypts the message & the addresses…
17. Juni 2016Masterfeier 19
![Page 20: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/20.jpg)
||
Alice encrypts the message & the addresses…
17. Juni 2016Masterfeier 20
ǾǼōĦ
ʡƥȵƵǝŝ
![Page 21: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/21.jpg)
||
Alice encrypts the message & the addresses…
17. Juni 2016Masterfeier 21
ǾǼōĦ
ʡƥȵƵǝŝ
![Page 22: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/22.jpg)
||
Alice encrypts the message & the addresses…… but Bob won’t receive it
17. Juni 2016Masterfeier 22
![Page 23: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/23.jpg)
||
Alice writes a letter to Bob…
17. Juni 2016Masterfeier 23
![Page 24: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/24.jpg)
||
Alice writes a letter to Bob…… in the digital age
17. Juni 2016Masterfeier 24
![Page 25: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/25.jpg)
||
Alice writes a letter to Bob…… in the digital age
17. Juni 2016Masterfeier 25
![Page 26: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/26.jpg)
||
Alice writes a electronic letter to Bob…… and Eve is still there
17. Juni 2016Masterfeier 26
![Page 27: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/27.jpg)
|| 17. Juni 2016Masterfeier 27
Packets are the letters in computer networks
packet
![Page 28: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/28.jpg)
|| 17. Juni 2016Masterfeier 28
Packets consist of headers and payloads
source addressheader
message
destination address
payload
![Page 29: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/29.jpg)
|| 17. Juni 2016Masterfeier 29
Packets consist of headers and payloads
source: Alice
Hi Bob,
BobAlice header
Hi Bob,…
destination: Bob
payload
![Page 30: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/30.jpg)
||
Payload encryptionSSL/TLS, IPsec, MACsec
Metadata obfuscationNo existing solution
17. Juni 2016Masterfeier 30
Existing solutions only protect the payload
ǾǼōĦ
ʡƥȵƵǝŝ
![Page 31: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/31.jpg)
||
Rewrite source and destination adressesMAC, IP, TCP/UDP port
At ingress and egress switchAgnostic for end-hosts
17. Juni 2016Masterfeier 31
Network obfuscationby rewriting addresses
What?
Where?
![Page 32: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/32.jpg)
||
Rewrite source and destination adressesMAC, IP, TCP/UDP port
At ingress and egress switchAgnostic for end-hosts
ScalabilityAnonymity vs. scalability
17. Juni 2016Masterfeier 32
Network obfuscationby rewriting addresses
What?
Where?
Challenge
![Page 33: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/33.jpg)
||
Communication anonymityWho is talking to whom?
Volume anonymityHow often are A and B talking to each other?
Topology anonymityHow many clients are in the network?
17. Juni 2016Masterfeier 33
Network obfuscationcan provide multiple kinds of anonymity
![Page 34: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/34.jpg)
|| 17. Juni 2016Masterfeier 34
SDN-based Network Obfuscation
![Page 35: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/35.jpg)
||
SDN-based Network Obfuscation
17. Juni 2016Masterfeier 35
![Page 36: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/36.jpg)
||
SDN-based Network ObfuscationSoftware-Defined Network
17. Juni 2016Masterfeier 36
![Page 37: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/37.jpg)
|| 17. Juni 2016Masterfeier 37
Networking infrastructurebefore SDN
closed software
closed hardware
[Cisco]
![Page 38: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/38.jpg)
|| 17. Juni 2016Masterfeier 38
Networking infrastructurebefore SDN
closed software
closed hardware
[Cisco]
standardized hardware
open software
standardized interface
[HP]
after SDN
![Page 39: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/39.jpg)
|| 17. Juni 2016Masterfeier 39
Software-Defined Networks
![Page 40: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/40.jpg)
|| 17. Juni 2016Masterfeier 40
Software-Defined Networks: Central controller
SDN Controller
![Page 41: SDN-based Network Obfuscation - Roland Meier · 2017. 3. 16. · At ingress and egress switch. Agnostic for end-hosts. Scalability. Anonymity vs. scalability. Masterfeier](https://reader034.vdocuments.net/reader034/viewer/2022051917/60092ff7f4ee114ed67945f6/html5/thumbnails/41.jpg)
||
SDN-basedNetwork Obfuscation
Master ThesisRoland Meier
Thanks for your attention
17. Juni 2016Masterfeier 41