Secure Service Function Chaining in the Context of Zero Trust Security

Service Function Chaining (SFC) enables dynamic steering of traffic through a set of service functions based on classification of packets, allowing network operators fine-grained and flexible control of packet flows. New paradigms like Zero Trust (ZT) pose additional requirements to the security of...

Full description

Saved in:
Bibliographic Details
Published in2022 IEEE 47th Conference on Local Computer Networks (LCN) pp. 123 - 131
Main Authors Bradatsch, Leonard, Haeberle, Marco, Steinert, Benjamin, Kargl, Frank, Menth, Michael
Format Conference Proceeding
LanguageEnglish
Published IEEE 26.09.2022
Subjects
Authentication
Computer architecture
Computer networks
Network architecture
Payloads
Security
Service function chaining
Online AccessGet full text

Cover

More Information
Summary:Service Function Chaining (SFC) enables dynamic steering of traffic through a set of service functions based on classification of packets, allowing network operators fine-grained and flexible control of packet flows. New paradigms like Zero Trust (ZT) pose additional requirements to the security of network architectures. This includes client authentication, confidentiality, and integrity throughout the whole network, while also being able to perform operations on the unencrypted payload of packets. However, these requirements are only partially addressed in existing SFC literature. Therefore, we first present a comprehensive analysis of the security requirements for SFC architectures. Based on this analysis, we propose a concept towards the fulfillment of the requirements while maintaining the flexibility of SFC. In addition, we provide and evaluate a proof of concept implementation, and discuss the implications of the design choices.
DOI:10.1109/LCN53696.2022.9843821