SDN & IoT: Attributed Software Defined Networks and 50 Billion Machines
With the emergence of software-defined networks (SDNs), security must become a core component of the network. An estimated 50 billion things scheduled to be connected in a massive “Internet of Everything” means that the challenges of security can only be addressed by designing security in to the network from inception. Keyless Signature Infrastructure (KSI) does exactly that – by creating attributed networks – networks that provide attribution, auditability and accountability as a core network service.
In a recent blog post we pointed out that if all you have is a PKI hammer, then everything looks like a nail. For the last 40 years PKI has been the only tool in the cryptographic tool-shed to address security challenges of networks. For it’s original use case, sharing a secret between two parties across an insecure channel it works extremely well, but for massive scale integrity of networks PKI will be very challenging– the scalability challenges of managing keys across billions of devices, many of which may have limited computational power will make it impossible to deploy and manage effectively.
An even more pernicious challenge is the lack of instrumentation. Without a mechanism to verify whether a key has been compromised or not leads to a false sense of security – if the world’s leading security companies can’t ensure the security of it’s keys what chance does a hospital, or a utility managing the thousands of connected devices in their network?
A recent paper by Diego Kreutz, Fernando Ramoz and Paolo Verissimo of the Univeristy of Lisbon highlights the security challenges of SDN, analyzes the possible threat vectors and presents a framework for security and dependablity for SDN. Here we take just a selection of those threat vectors and show how KSI, delivered as a core network component can augment traditional security measures.
Threat vector: Attacks on vulnerabilities in switches
Attacks on vulnerabilities in switches can easily wreak havoc with the network. One single switch could be used to drop or slow down packets in the network, clone or deviate network traffic (e.g., for data theft purposes), or even inject traffic or forged requests to overload the controller or neighboring switches.
KSI Augmentation: KSI, implemented into the software attestation process ensures that the time, provenance and integrity of every software component can be monitored and verified in real-time with action taken when an alert is raised.
Threat vector: Attacks on control plane communications
These can be used to generate DoS attacks or for data theft. Various papers report the weaknesses of TLS/SSL communications and its major anchor of trust, the PKI infrastructure. The security of those communications is as strong as its weakest link, which could be a self-signed certificate, a compromised Certificate Authority, or vulnerable applications and libraries.
KSI Augmentation: KSI, by using only hash-function cryptography eliminates the need for certificates and Certificate Authorities, providing a massive-scale real-time integrity picture of the network.
Threat vector: attacks on and vulnerabilities in controllers
Probably the most severe threats to SDNs, a faulty or malicious controller could compromise an entire network. The use of a common intrusion detection system may not be enough, as it may be hard to find the exact combination of events that trigger a particular behavior and, more importantly, to label it as malicious. Similarly, a malicious application can potentially do anything it pleases in the network, since controllers only provide abstractions that translate into issuing configuration commands to the underlying infrastructure.
KSI Augmentation: Sign everything. With this real-time awareness regarding the integrity state of important digital asset components, organizations seeking to protect the integrity of their network can make real-time decisions in the event that the network and/or asset is compromised and quickly identify the cause and specific component(s) responsible for the loss of integrity.
Threat vector: Lack of trusted resources for forensics and remediation
In order to investigate and establish facts about an incident, we need reliable information from all components and domains of the network. Furthermore, this data will only be useful if its trustworthiness (integrity, authenticity, etc.) can be assured. Similarly, remediation requires safe and reliable system snapshots to guarantee a fast and correct recovery of network elements to a known working state.
KSI Augmentation: The attribution provided by KSI ensures that every event can be verified independently at the individual event level. By collecting, analyzing, correlating and reporting this evidence one can build a real-time integrity picture of the network. Continuity of operations is ensured by real-time monitoring and recovery from a known “clean state”. Read why Rainer Gerhards, the author of rsyslog, decided to integrate Guardtime’s KSI into the default Linux logging daemon.
KSI changes the game
KSI affords real-time awareness, real-time incident response, real-time data-loss prevention, investigation, and/or network resilience detecting and react to any misconfiguration, network and/or component/application failure. Moreover, KSI directly supports enhanced continuity of operations, data loss prevention (due to theft or maliciousness), and is a new form of Advanced Persistent Threat (APT) detection when malware infects a crucial network or system component. The changed state of the asset provides a real-time alert, which can then be investigated, audited, and/or behavior stopped. If an asset is affected by malware, the signature information changes, the asset can be ‘sandboxed’ or firewalled before further infection or transfer.
Conclusion: A new foundation for networked society
Approximately 95% of all enterprise networks are vulnerable to cyberattack. Close to that percentage have already been compromised by external attackers. The resulting loss of intellectual property from Fortune 500 firms alone has been described as the largest wealth transfer in history. As the world becomes more and more connected and software continues to “eat the world” the need for a massively scalable data authentication scheme has never been more urgent.
Only KSI, delivered as a core network service to governments and enterprises via their telecommunication partners can address the fundamental security problems of SDN and lay the correct foundation for a future networked society.
We’ll be at the Mobile World Conference in Barcelona next week, drop us a line and let’s meet up to discuss this and other topics around real-time information assurance to protect your networks and data.