We experimentally demonstrate, for the first time, DDoS mitigation of QKD-based networks utilizing a software defined network application. Successful quantum-secured link allocation is achieved after a DDoS attack based on real-time monitoring of quantum parameters
We demonstrate, for the first time, a secure optical network architecture that combines NFV orchestration and SDN control with quantum key distribution (QKD) technology. A novel time-shared QKD network design is presented as a cost-effective solution for practical networks.
We demonstrated, for the first time, a machine-learning method to assist the coexistence between quantum and classical communication channels. Software-defined networking was used to successfully enable the key generation and transmission over a city and campus network.
Software-Defined Network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and re-programmability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we focus on identifying challenges faced in securing the data plane of SDN - one of the least explored but most critical components of this technology. We formalize this problem space, identify potential attack scenarios while highlighting possible vulnerabilities and establish a set of requirements and challenges to protect the data plane of SDNs. Moreover, we undertake a survey of existing solutions with respect to the identified threats, identifying their limitations and offer future research directions.
The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the normal operation of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.
We demonstrate for the first time a trusted-node-free fully-meshed metro network with dynamic discrete-variable quantum key distribution DV-QKD networking capabilities across four optical network nodes. A QKD-aware centralised SDN controller is utilised to provide dynamicity in switching and rerouting. The feasibility of coexisting a quantum channel with carrier-grade classical optical channels over field-deployed and laboratory-based fibres is experimentally explored in terms of achievable quantum bit error rate, secret key rate as well as classical signal bit error rate. Moreover, coexistence analysis over multi-hops configuration using different switching scenarios is also presented. The secret key rate dropped 43 % when coexisting one classical channel with 150 GHz spacing from the quantum channel for multiple links. This is due to the noise leakage from the Raman scattering into the 100 GHz bandwidth of the internal filter of the Bob DV-QKD unit. When coexisting four classical channels with 150 GHz spacing between quantum and the nearest classical channel, the quantum channel deteriorates faster due to the combination of Raman noise, other nonlinearities and high aggregated launch power causing the QBER value to exceed the threshold of 6 % leading the SKR to reach a value of zero bps at a launch power of 7 dB per channel. Furthermore, the coexistence of a quantum channel and six classical channels through a field-deployed fibre Test Network is examined.
Emilio Hugues-Salas
,Foteini Ntavou
,Yanni Ou
.
(2018)
.
"Experimental Demonstration of DDoS Mitigation over a Quantum Key Distribution (QKD) Network Using Software Defined Networking (SDN)"
.
Emilio Hugues-Salas
هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا