Provendo uma Infraestrutura de Software Fatiada, Isolada e Segura de Funções Virtuais através da Tecnologia de Corrente de Blocos
Resumo
As tecnologias de fatiamento da rede (Network Slicing), virtualização de funções de rede (Network Function Virtualization - NFV) e redes definidas por software (Software-Defined Networking - SDN) proveem serviços fim-a-fim ágeis e sob demanda. A identificação de uma função virtual defeituosa torna-se obrigatória, pois serviços alocam recursos em um ambiente distribuído e sem confiança entre os pares composto por múltiplos inquilinos e provedores de serviço concorrentes. Este artigo propõe e desenvolve uma arquitetura baseada em correntes de blocos para prover auditabilidade às operações de orquestração de fatias de rede. Um protótipo de um caso de uso foi desenvolvido e implementado utilizando a plataforma Hyperledger Fabric na qual cada fatia de rede opera sobre um canal isolado. Os resultados mostram que é possível prover segurança à criação de fatias de rede, mas que a obtenção de consenso e o número de transações requeridas pelas fatias de rede são um grande desafio.
Referências
Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enye-art, D., Ferris, C., Laventman, G., Manevich, Y., et al. (2018). Hyperledger fabric: a distributed operating system for permissioned blockchains. In Proceedings of the Thirteenth EuroSys Conference, page 30. ACM.
Backman, J., Yrjölä, S., Valtanen, K., and Mämmelä, O. (2017). Blockchain network slice broker in 5G: Slice leasing in factory of the future use case. In Internet of Things Business Models, Users, and Networks, pages 1-8.
Bhamare, D., Jain, R., Samaka, M., and Erbad, A. (2016). A survey on service function chaining. Journal of Network and Computer Applications, 75:138-155.
Bordel, B., Orúe, A. B., Alcarria, R., and Sánchez-De-Rivera, D. (2018). An intra-slice security solution for emerging 5G networks based on pseudo-random number genera-tors. IEEE Access, 6:16149-16164.
Boudguiga, A., Bouzerna, N., Granboulan, L., Olivereau, A., Quesnel, F., Roger, A., and Sirdey, R. (2017). Towards better availability and accountability for IoT updates by means of a blockchain. In IEEE EuroS&PW, pages 50-58.
Bozic, N., Pujolle, G., and Secci, S. (2017). Securing virtual machine orchestration with blockchains. In CSNet'17.
Capossele, A., Gaglione, A., Nati, M., Conti, M., Lazzeretti, R., and Missier, P. (2018). Leveraging blockchain to enable smart-health applications. In IEEE 4th International Forum on Research and Technology for Society and Industry (RTSI), pages 1-6.
Dolev, D. and Yao, A. (1983). On the security of public key protocols. IEEE Transactions on information theory, 29(2):198-208.
Gorenflo, C., Lee, S., Golab, L., and Keshav, S. (2019). Fastfabric: Scaling hyperledger fabric to 20,000 transactions per second. https://arxiv.org/pdf/1901.00910.pdf.
Halpern, J. and Pignataro, C. (2017). Service Function Chaining (SFC) architecture. RFC7665. http://www.rfc-editor.org/rfc/rfc7665.txt. Accessed Mar. 14, 2019.
Khettab, Y., Bagaa, M., Dutra, D. L. C., Taleb, T., and Toumi, N. (2018). Virtual secu-rity as a service for 5G verticals. In IEEE Wireless Communications and Networking Conference (WCNC), pages 1-6.
Medhat, A. M., Taleb, T., Elmangoush, A., Carella, G. A., Covaci, S., and Magedanz, T. (2017). Service function chaining in next generation networks: State of the art and research challenges. IEEE Comm. Mag., 55(2):216-223.
Ortega, V., Bouchmal, F., and Monserrat, J. F. (2018). Trusted 5G vehicular networks: Blockchains and content-centric networking. IEEE Vehicular Technology Magazine, 13(2):121-127.
Paladi, N., Michalas, A., and Hai-Van, D. (2018). Towards secure cloud orchestration for multi-cloud deployments. In EuroSys-CrossCloud.
Pattaranantakul, M., He, R., Song, Q., Zhang, Z., and Meddahi, A. (2018). NFV security survey: From use case driven threat analysis to state-of-the-art countermeasures. IEEE Communications Surveys & Tutorials.
Rawat, D. B. and Alshaikhi, A. (2018). Leveraging distributed blockchain-based scheme for wireless network virtualization with security and QoS constraints. In International Conference on Computing, Networking and Communications (ICNC), pages 332-336.
Rebello, G. A. F., Alvarenga, I. D., Sanz, I. J., and Duarte, O. C. M. B. (2019). BSec-NFVO: A blockchain-based security for network function virtualization orchestration. In IEEE International Conference on Communications (ICC). To be published.
Rosa, R. and Rothenberg, C. E. (2018). Blockchain-based decentralized applications for multiple administrative domain networking. IEEE Communications Standards Maga-zine, 2(3):29-37.
Sousa, J., Bessani, A., and Vukolić, M. (2017). A byzantine fault-tolerant ordering service for the hyperledger fabric blockchain platform. arXiv preprint arXiv:1709.06921.
Thakkar, P., Nathan, S., and Viswanathan, B. (2018). Performance benchmarking and optimizing hyperledger fabric blockchain platform. In IEEE MASCOTS, pages 264-276.
Thuemmler, C., Rolffs, C., Bollmann, A., Hindricks, G., and Buchanan, W. (2018). Re-quirements for 5G based telemetric cardiac monitoring. In 14th International Confe-rence on Wireless and Mobile Computing, Networking and Communications (WiMob), pages 1-4.
Valtanen, K., Backman, J., and Yrjölä, S. (2018). Creating value through blockchain powered resource configurations: Analysis of 5G network slice brokering case. In IEEE WCNCW'18, pages 185-190.
Yahiatene, Y. and Rachedi, A. (2018). Towards a blockchain and software-defined vehi-cular networks approaches to secure vehicular social network. In IEEE Conference on Standards for Communications and Networking (CSCN), pages 1-7.
Zawoad, S. and Hasan, R. (2016). SECAP: Towards securing application provenance in the cloud. In 2016 IEEE 9th International Conference on Cloud Computing, pages 900-903.