Abstract

Growing traffic demands and increasing security awareness are driving the need for secure services. Current solutions require manual configuration and deployment based on the customer’s requirements. In this work, we present an architecture for an automatic intent-based provisioning of a secure service in a multilayer—IP, Ethernet, and optical—network while choosing the appropriate encryption layer using an open-source software-defined networking (SDN) orchestrator. The approach is experimentally evaluated in a testbed with commercial equipment. Results indicate that the processing impact of secure channel creation on a controller is negligible. As the time for setting up services over WDM varies between technologies, it needs to be taken into account in the decision-making process.

© 2018 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

Full Article  |  PDF Article
OSA Recommended Articles
Inter-Domain Optimization and Orchestration for Optical Datacenter Networks

G. Landi, M. Capitani, A. Kretsis, K. Kontodimas, P. Kokkinos, D. Gallico, M. Biancani, K. Christodoulopoulos, and E. Varvarigos
J. Opt. Commun. Netw. 10(7) B140-B151 (2018)

Virtual Network Function Deployment and Service Automation to Provide End-to-End Quantum Encryption

Alejandro Aguado, Victor Lopez, Jesus Martinez-Mateo, Momtchil Peev, Diego Lopez, and Vicente Martin
J. Opt. Commun. Netw. 10(4) 421-430 (2018)

Hybrid Conventional and Quantum Security for Software Defined and Virtualized Networks

Alejandro Aguado, Victor Lopez, Jesus Martinez-Mateo, Thomas Szyrkowiec, Achim Autenrieth, Momtchil Peev, Diego Lopez, and Vicente Martin
J. Opt. Commun. Netw. 9(10) 819-825 (2017)

References

  • View by:
  • |
  • |
  • |

  1. Internet Live Stats [Online]. Available: http://www.internetlivestats.com/internet-users/ .
  2. IBM, “Cost of data breach study” [Online]. Available: http://www-03.ibm.com/security/data-breach/ .
  3. K. Seo and S. Kent, “Security architecture for the internet protocol,” , Dec.2005 [Online]. Available: https://rfc-editor.org/rfc/rfc4301.txt .
  4. “IEEE standard for local and metropolitan area networks: media access control (MAC) security,” , Aug.2006, pp. 1–150.
  5. ADVA Optical Networking, “FSP 3000 optical network encryption” [Online]. Available: https://cdn2.hubspot.net/hubfs/1865239/partner/adva/ADVA-Optical-Networking-AES-Network-Encryption-Card-EN.pdf .
  6. Http Archive [Online]. Available: http://httparchive.org .
  7. V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.
  8. V. Varadharajan and U. Tupakula, “Security as a service model for cloud environment,” IEEE Trans. Netw. Service Manag., vol.  11, no. 1, pp. 60–75, Mar.2014.
    [Crossref]
  9. S. Scott-Hayward, G. O’Callaghan, and S. Sezer, “SDN security: a survey,” in IEEE SDN for Future Networks and Services (SDN4FNS), Nov.2013, pp. 1–7.
  10. R. Durner and W. Kellerer, “The cost of security in the SDN control plane,” in ACM CoNEXT—Student Workshop, Dec.2015.
  11. S. Scott-Hayward, “Design and deployment of secure, robust, and resilient SDN controllers,” in 1st IEEE Conf. on Network Softwarization (NetSoft), Apr.2015, pp. 1–5.
  12. D. Kreutz, F. M. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking series HotSDN, New York, New York, ACM, 2013, pp. 55–60.
  13. J. Spooner and S. Y. Zhu, “A review of solutions for SDN-exclusive security issues,” Int. J. Adv. Comput. Sci. Appl., vol.  7, no. 8, pp. 113–122, 2016.
    [Crossref]
  14. M. Furdek, N. Skorin-Kapov, S. Zsigmond, and L. Wosinska, “Vulnerabilities and security issues in optical networks,” in 16th Int. Conf. on Transparent Optical Networks (ICTON), July2014, pp. 1–4.
  15. T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.
  16. M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.
  17. “IEEE standard for local and metropolitan area networks–port-based network access control,” , pp. 1–205, Feb.2010.
  18. R. Ramaswamy, N. Weng, and T. Wolf, “Characterizing network processing delay,” in Global Telecommunications Conf. GLOBECOM, IEEE, Nov.2004, vol. 3, pp. 1629–1634.
  19. P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.
  20. C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .
  21. M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.
  22. A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.
  23. A. Marsico, M. Savi, D. Siracusa, and E. Salvadori, “An automated service-downgrade negotiation scheme for application-centric networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), to be published.

2016 (1)

J. Spooner and S. Y. Zhu, “A review of solutions for SDN-exclusive security issues,” Int. J. Adv. Comput. Sci. Appl., vol.  7, no. 8, pp. 113–122, 2016.
[Crossref]

2014 (1)

V. Varadharajan and U. Tupakula, “Security as a service model for cloud environment,” IEEE Trans. Netw. Service Manag., vol.  11, no. 1, pp. 60–75, Mar.2014.
[Crossref]

Autenrieth, A.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

Bellotti, S.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Berde, P.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Busi, I.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Chamania, M.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.

M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.

Davis, N.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Ding, H.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Doriguzzi-Corin, R.

M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.

Durner, R.

R. Durner and W. Kellerer, “The cost of security in the SDN control plane,” in ACM CoNEXT—Student Workshop, Dec.2015.

Fernandez-Palacios, J. P.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Furdek, M.

M. Furdek, N. Skorin-Kapov, S. Zsigmond, and L. Wosinska, “Vulnerabilities and security issues in optical networks,” in 16th Int. Conf. on Transparent Optical Networks (ICTON), July2014, pp. 1–4.

Gerola, M.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Gerstel, O.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Ghafoor, A.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

Gran, J. M.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Hart, J.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

He, J.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Higuchi, Y.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Junique, S.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

Kellerer, W.

R. Durner and W. Kellerer, “The cost of security in the SDN control plane,” in ACM CoNEXT—Student Workshop, Dec.2015.

Kent, S.

K. Seo and S. Kent, “Security architecture for the internet protocol,” , Dec.2005 [Online]. Available: https://rfc-editor.org/rfc/rfc4301.txt .

Klonidis, D.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Kobayashi, M.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Koide, T.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Kreutz, D.

D. Kreutz, F. M. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking series HotSDN, New York, New York, ACM, 2013, pp. 55–60.

Lantz, B.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Lopez, V.

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.

Marsico, A.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

A. Marsico, M. Savi, D. Siracusa, and E. Salvadori, “An automated service-downgrade negotiation scheme for application-centric networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), to be published.

Mårtensson, J.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

O’Callaghan, G.

S. Scott-Hayward, G. O’Callaghan, and S. Sezer, “SDN security: a survey,” in IEEE SDN for Future Networks and Services (SDN4FNS), Nov.2013, pp. 1–7.

O’Connor, B.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Ong, L.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Parulkar, G.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Pederzolli, F.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Qiaogang, C.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Radoslavov, P.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Ramaswamy, R.

R. Ramaswamy, N. Weng, and T. Wolf, “Characterizing network processing delay,” in Global Telecommunications Conf. GLOBECOM, IEEE, Nov.2004, vol. 3, pp. 1629–1634.

Ramos, F. M.

D. Kreutz, F. M. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking series HotSDN, New York, New York, ACM, 2013, pp. 55–60.

Salvadori, E.

A. Marsico, M. Savi, D. Siracusa, and E. Salvadori, “An automated service-downgrade negotiation scheme for application-centric networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), to be published.

Santuari, M.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

Savi, M.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

A. Marsico, M. Savi, D. Siracusa, and E. Salvadori, “An automated service-downgrade negotiation scheme for application-centric networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), to be published.

Scott-Hayward, S.

S. Scott-Hayward, “Design and deployment of secure, robust, and resilient SDN controllers,” in 1st IEEE Conf. on Network Softwarization (NetSoft), Apr.2015, pp. 1–5.

S. Scott-Hayward, G. O’Callaghan, and S. Sezer, “SDN security: a survey,” in IEEE SDN for Future Networks and Services (SDN4FNS), Nov.2013, pp. 1–7.

Segev, E.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Seo, K.

K. Seo and S. Kent, “Security architecture for the internet protocol,” , Dec.2005 [Online]. Available: https://rfc-editor.org/rfc/rfc4301.txt .

Sethuraman, K.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Sezer, S.

S. Scott-Hayward, G. O’Callaghan, and S. Sezer, “SDN security: a survey,” in IEEE SDN for Future Networks and Services (SDN4FNS), Nov.2013, pp. 1–7.

Shikhmanter, Y.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Siracusa, D.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

A. Marsico, M. Savi, D. Siracusa, and E. Salvadori, “An automated service-downgrade negotiation scheme for application-centric networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), to be published.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.

Skoldstrom, P.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

Sköldström, P.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Skorin-Kapov, N.

M. Furdek, N. Skorin-Kapov, S. Zsigmond, and L. Wosinska, “Vulnerabilities and security issues in optical networks,” in 16th Int. Conf. on Transparent Optical Networks (ICTON), July2014, pp. 1–4.

Snow, W.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

Spooner, J.

J. Spooner and S. Y. Zhu, “A review of solutions for SDN-exclusive security issues,” Int. J. Adv. Comput. Sci. Appl., vol.  7, no. 8, pp. 113–122, 2016.
[Crossref]

Szyrkowiec, T.

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.

Tomkos, I.

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Tupakula, U.

V. Varadharajan and U. Tupakula, “Security as a service model for cloud environment,” IEEE Trans. Netw. Service Manag., vol.  11, no. 1, pp. 60–75, Mar.2014.
[Crossref]

Varadharajan, V.

V. Varadharajan and U. Tupakula, “Security as a service model for cloud environment,” IEEE Trans. Netw. Service Manag., vol.  11, no. 1, pp. 60–75, Mar.2014.
[Crossref]

Varma, E.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Verissimo, P.

D. Kreutz, F. M. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking series HotSDN, New York, New York, ACM, 2013, pp. 55–60.

Vilalta, R.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Weng, N.

R. Ramaswamy, N. Weng, and T. Wolf, “Characterizing network processing delay,” in Global Telecommunications Conf. GLOBECOM, IEEE, Nov.2004, vol. 3, pp. 1629–1634.

Wolf, T.

R. Ramaswamy, N. Weng, and T. Wolf, “Characterizing network processing delay,” in Global Telecommunications Conf. GLOBECOM, IEEE, Nov.2004, vol. 3, pp. 1629–1634.

Wosinska, L.

M. Furdek, N. Skorin-Kapov, S. Zsigmond, and L. Wosinska, “Vulnerabilities and security issues in optical networks,” in 16th Int. Conf. on Transparent Optical Networks (ICTON), July2014, pp. 1–4.

Zhang, G.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

Zhu, S. Y.

J. Spooner and S. Y. Zhu, “A review of solutions for SDN-exclusive security issues,” Int. J. Adv. Comput. Sci. Appl., vol.  7, no. 8, pp. 113–122, 2016.
[Crossref]

Zsigmond, S.

M. Furdek, N. Skorin-Kapov, S. Zsigmond, and L. Wosinska, “Vulnerabilities and security issues in optical networks,” in 16th Int. Conf. on Transparent Optical Networks (ICTON), July2014, pp. 1–4.

IEEE Trans. Netw. Service Manag. (1)

V. Varadharajan and U. Tupakula, “Security as a service model for cloud environment,” IEEE Trans. Netw. Service Manag., vol.  11, no. 1, pp. 60–75, Mar.2014.
[Crossref]

Int. J. Adv. Comput. Sci. Appl. (1)

J. Spooner and S. Y. Zhu, “A review of solutions for SDN-exclusive security issues,” Int. J. Adv. Comput. Sci. Appl., vol.  7, no. 8, pp. 113–122, 2016.
[Crossref]

Other (21)

M. Furdek, N. Skorin-Kapov, S. Zsigmond, and L. Wosinska, “Vulnerabilities and security issues in optical networks,” in 16th Int. Conf. on Transparent Optical Networks (ICTON), July2014, pp. 1–4.

T. Szyrkowiec, M. Santuari, M. Chamania, D. Siracusa, A. Autenrieth, and V. Lopez, “First demonstration of an automatic multilayer intent-based secure service creation by an open source SDN orchestrator,” in 42nd European Conf. on Optical Communication (ECOC), Sept.2016, pp. 1–3.

M. Chamania, T. Szyrkowiec, M. Santuari, D. Siracusa, A. Autenrieth, V. Lopez, P. Sköldström, and S. Junique, “Intent-based in-flight service encryption in multi-layer transport networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), Mar.2017, pp. 1–2.

“IEEE standard for local and metropolitan area networks–port-based network access control,” , pp. 1–205, Feb.2010.

R. Ramaswamy, N. Weng, and T. Wolf, “Characterizing network processing delay,” in Global Telecommunications Conf. GLOBECOM, IEEE, Nov.2004, vol. 3, pp. 1629–1634.

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: towards an open, distributed SDN OS,” in 3rd Workshop on Hot Topics in Software Defined Networking, series HotSDN, New York, ACM, 2014, pp. 1–6.

C. Qiaogang, E. Segev, E. Varma, G. Zhang, H. Ding, I. Busi, J. He, K. Sethuraman, L. Ong, N. Davis, R. Vilalta, S. Bellotti, and V. Lopez, “Functional requirements for transport API,” , Open Networking Foundation, June2016, work in progress [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR-527_TAPI_Functional_Requirements.pdf .

M. Santuari, T. Szyrkowiec, M. Chamania, R. Doriguzzi-Corin, V. Lopez, and D. Siracusa, “Policy-based restoration in IP/optical transport networks,” in IEEE NetSoft Conf. and Workshops (NetSoft), June2016, pp. 357–358.

A. Marsico, M. Santuari, M. Savi, D. Siracusa, A. Ghafoor, S. Junique, and P. Skoldstrom, “An interactive intent-based negotiation scheme for application-centric networks,” in IEEE Conf. on Network Softwarization (NetSoft), July2017, pp. 1–2.

A. Marsico, M. Savi, D. Siracusa, and E. Salvadori, “An automated service-downgrade negotiation scheme for application-centric networks,” in Optical Fiber Communications Conf. and Exhibition (OFC), to be published.

S. Scott-Hayward, G. O’Callaghan, and S. Sezer, “SDN security: a survey,” in IEEE SDN for Future Networks and Services (SDN4FNS), Nov.2013, pp. 1–7.

R. Durner and W. Kellerer, “The cost of security in the SDN control plane,” in ACM CoNEXT—Student Workshop, Dec.2015.

S. Scott-Hayward, “Design and deployment of secure, robust, and resilient SDN controllers,” in 1st IEEE Conf. on Network Softwarization (NetSoft), Apr.2015, pp. 1–5.

D. Kreutz, F. M. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking series HotSDN, New York, New York, ACM, 2013, pp. 55–60.

Internet Live Stats [Online]. Available: http://www.internetlivestats.com/internet-users/ .

IBM, “Cost of data breach study” [Online]. Available: http://www-03.ibm.com/security/data-breach/ .

K. Seo and S. Kent, “Security architecture for the internet protocol,” , Dec.2005 [Online]. Available: https://rfc-editor.org/rfc/rfc4301.txt .

“IEEE standard for local and metropolitan area networks: media access control (MAC) security,” , Aug.2006, pp. 1–150.

ADVA Optical Networking, “FSP 3000 optical network encryption” [Online]. Available: https://cdn2.hubspot.net/hubfs/1865239/partner/adva/ADVA-Optical-Networking-AES-Network-Encryption-Card-EN.pdf .

Http Archive [Online]. Available: http://httparchive.org .

V. Lopez, J. M. Gran, J. P. Fernandez-Palacios, D. Siracusa, F. Pederzolli, O. Gerstel, Y. Shikhmanter, J. Mårtensson, P. Sköldström, T. Szyrkowiec, M. Chamania, A. Autenrieth, I. Tomkos, and D. Klonidis, “The role of SDN in application centric IP and optical networks,” in European Conf. on Networks and Communications (EuCNC), June2016, pp. 138–142.

Cited By

OSA participates in Crossref's Cited-By Linking service. Citing articles from OSA journals and other participating publishers are listed here.

Alert me when this article is cited.


Figures (5)

Fig. 1.
Fig. 1. Network consisting of routers and optical equipment. The red lines indicate established connections between the routers. The dashed blue line represents the resulting secure service between R1 and R3 by applications with different requirements. (a) Encryption at the IP layer reusing existing (optical) connections between the routers. (b) Encryption at the physical layer requiring the setup of a new lightpath (blue solid line).
Fig. 2.
Fig. 2. Basic system architecture of the ACINO orchestrator.
Fig. 3.
Fig. 3. Request for an encrypted service in a JavaScript object notation (JSON) representation that can be submitted through the NBI.
Fig. 4.
Fig. 4. Testbed setup in the lab based on commercial networking hardware.
Fig. 5.
Fig. 5. Measurements for the compilation, installation and deletion. (a) Time from the submission of the intent until the compilation is finished. (b) SBI installation time. (c) SBI deletion time.

Tables (1)

Tables Icon

TABLE I Overview of Encryption Layer Properties