Flowrider: Fast On-Demand Key Provisioning for Cloud Networks
Paladi, Nicolae LU
; Tiloca, Marco
; Nikbakht Bideh, Pegah
LU
and Hell, Martin
LU
(2021)
EAI SecureComm 2021 - 17th EAI International Conference on Security and Privacy in Communication Networks
- Abstract
- Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its... (More)
- Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/ea114a62-c02c-4cef-98a4-60de4e4585ea
- author
- Paladi, Nicolae
LU
; Tiloca, Marco
; Nikbakht Bideh, Pegah
LU
and Hell, Martin
LU
- organization
- publishing date
- 2021-05-24
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- keywords
- Network Security, Software Defined Networking, Secure Communication, Key Management, Cloud Security
- host publication
- SecureComm 2021 - Proceedings of the 2021 EAI International Conference on Security and Privacy in Communication Networks
- publisher
- EAI
- conference name
- EAI SecureComm 2021 - 17th EAI International Conference on Security and Privacy in Communication Networks
- conference location
- Canterbury (Virtual), United Kingdom
- conference dates
- 2021-09-06 - 2021-09-09
- external identifiers
-
- scopus:85120078340
- project
- Säkra mjukvaruuppdateringar för den smarta staden
- language
- English
- LU publication?
- yes
- id
- ea114a62-c02c-4cef-98a4-60de4e4585ea
- date added to LUP
- 2021-06-02 10:14:48
- date last changed
- 2022-05-05 01:49:41
@inproceedings{ea114a62-c02c-4cef-98a4-60de4e4585ea,
abstract = {{Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks.}},
author = {{Paladi, Nicolae and Tiloca, Marco and Nikbakht Bideh, Pegah and Hell, Martin}},
booktitle = {{SecureComm 2021 - Proceedings of the 2021 EAI International Conference on Security and Privacy in Communication Networks}},
keywords = {{Network Security; Software Defined Networking; Secure Communication; Key Management; Cloud Security}},
language = {{eng}},
month = {{05}},
publisher = {{EAI}},
title = {{Flowrider: Fast On-Demand Key Provisioning for Cloud Networks}},
url = {{https://lup.lub.lu.se/search/files/98553541/SecureComm_2021.pdf}},
year = {{2021}},
}