Flowrider: Fast On-Demand Key Provisioning for Cloud Networks
2021 (English)In: International Conference on Security and Privacy in Communication SystemsSecureComm 2021: Security and Privacy in Communication Networks pp 207-228, Springer Science and Business Media Deutschland GmbH , 2021, p. 207-228Conference paper, Published paper (Refereed)
Abstract [en]
Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks.
Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2021. p. 207-228
Keywords [en]
Cloud security, Key management, Network security, Secure communication, Software defined networking, Cloud computing, Cloud data security, Virtual reality, Cloud networks, Cloud securities, Fine grained, Key-management, Low overhead, Networks security, On demands, Software execution, Software-defined networkings, Virtual execution environments
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:ri:diva-57358DOI: 10.1007/978-3-030-90022-9_11Scopus ID: 2-s2.0-85120078340ISBN: 9783030900212 (print)OAI: oai:DiVA.org:ri-57358DiVA, id: diva2:1623459
Conference
International Conference on Security and Privacy in Communication SystemsSecureComm 2021. 6 September 2021 through 9 September 2021
Note
Funding details: 952652; Funding details: Horizon 2020 Framework Programme, H2020; Funding details: Stiftelsen för Strategisk Forskning, SSF, RIT17-0035; Funding details: VINNOVA; Funding text 1: Acknowledgments. This work was financially supported in part by the Swedish Foundation for Strategic Research, with the grant RIT17-0035; by the H2020 project SIFIS-Home (Grant agreement 952652); VINNOVA and the CelticNext project CRI-TISEC and by the Wallenberg AI, Autonomous Systems and Software Program (WASP).
2021-12-292021-12-292023-05-25Bibliographically approved