Håkon Gunleifsen successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Monday, the 20th of January 2020 and will be awarded the degree of Doctor of Philosophy in Information Security and Communication Technology.
The title of his thesis is “Security in Interconnected Network Function Virtualisation Environments” and the given topic for his trial lecture was “Utilizing SDN in IoT-based Systems”.
Network Functions Virtualization (NFV) aims to change how network operators
handle their network equipment. It also aims to change how end-users shop their
network service. NFV is a paradigm shift of networking which consists of moving
the physical network appliances from hardware to software. This enables providers
to run these network devices in remote data centres. One example of this concept is
that end-users do no longer need to have a stack of residential network equipment.
They can simply move their network devices to the cloud. This concept of virtualising
network equipment has the potential to significantly reduce hardware cost,
decrease the time-to-market, expand the lifetime of the network devices and save
operational expenses. However, security remains a major concern for operators
and end-users before they are willing to adopt the technology more widely. The
border security arranged by physical network devices becomes more unclear for
the end-users, and they can easily question who has access to their virtual network
devices. The concept of virtualisation also enables the virtual network devices to
be run at any service provider. Then, this also questions what provider who has
access to what data. If all network traffic from the end-users are going through
multiple services at multiple providers, then the end-user can question, who has
access to what and who can access their data traffic? In fact, the end-users have
very little control over this. However, it is obvious that the privacy of the end-users
is important. They should be able to know what provider who can access their data
traffic, who can access what and whether they share an NFV network service with
someone else. They should also be able to know if their homes are protected from
Correspondingly, the main objective of this research is to provide a mechanism
which ensures the confidentiality, integrity and availability of the end-users’ NFV
traffic. In particular, it aims to secure end-user communication when Internet Service
Providers are sharing virtual network service platforms between each other.
This includes protecting the integrity of the data traffic and achieving data traffic
confidentiality, which currently is very limited in NFV environments.
The first part of the research contains a study of the security implications of putting a virtual networking device into the cloud. This research aims to put a focus on
the aforementioned research challenge and investigate what security mechanisms
which can be used to achieve integrity and confidentiality. This research challenges
the current standards and asks whom the end-user can trust in a multi-provider
NFV environment. Further, this research results in a set of requirements which
must be fulfilled in order to achieve the security objectives.
These security concerns present a major obstacle for NFV adoption. Hence, the
second part of the research presents an architecture of how to overcome these
security challenges. The focus in these studies concerns how the access control can
be achieved by low-level packet isolation and how it can be abstracted to network
orchestration policies. The key elements in this research challenge are how to
exchange keys and how to steer encrypted data packets.
The last part of the research is related to the development of a framework which
supports the confidentiality, integrity and the availability of the data traffic in NFV.
Here, this research aimed to verify that the implementation of the architecture fulfils
the requirements which were developed in the first part of this research. The
final results show that these requirements are fulfilled. In the context of NFV adoption,
this research contribution of access control and confidentiality can affect the
perspective of security and trust in NFV networks for both end-users and operators.
Correspondingly, it can also have an impact on NFV adoption in general.
The following committee has been appointed to evaluate his thesis, trial lecture and defense:
- First external opponent: Professor Lars Dittmann, Department of Photonics Engineering, Technical University of Denmark (DTU), Lyngby, Denmark.
- Second external opponent: Associate Professor Sandra Scott-Hayward, Institute of Electronics, Communications & Information Technology, Queen’s University Belfast, Belfast, United Kingdom.
- Internal member and committee administrator: Professor Peter Herrmann, Department of Information Security and Communication Technology, NTNU, Trondheim, Norway.
Håkon Gunleifsen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.
His main supervisor was Associate Professor Thomas Kemmerich, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Slobodan Petrović, Department of Information Security and Communication Technology, NTNU.