dc.contributor.author | Gunleifsen, Håkon | |
dc.contributor.author | Kemmerich, Thomas | |
dc.contributor.author | Gkioulos, Vasileios | |
dc.date.accessioned | 2019-12-19T13:10:18Z | |
dc.date.available | 2019-12-19T13:10:18Z | |
dc.date.created | 2019-07-21T16:59:40Z | |
dc.date.issued | 2019 | |
dc.identifier.citation | Computer Networks. 2019, 160 77-91. | nb_NO |
dc.identifier.issn | 1389-1286 | |
dc.identifier.uri | http://hdl.handle.net/11250/2634162 | |
dc.description.abstract | This article describes a novel mechanism for the automated establishment of dynamic Virtual Private Networks (VPN) in the application domain of Network Function Virtualization (NFV). Each hop in an NFV Service Function Chain (SFC) lacks the capability of per-flow encryption, that makes the traffic flow in federated NFV environments vulnerable for eavesdropping. Due to the possible lack of bidirectional data plane communication channels between VNFs in an SFC, the Internet Security Key Exchange protocol (IPsec-IKE) is not applicable inside a VNF. Hence, this article introduces an alternative to IPsec-IKE that is specifically designed for NFV environments. This component is named Software Defined Security Associations (SD-SA), which is shown through a proof of concept evaluation to perform better than IPsec-IKE with respect to bandwidth and resource consumption. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Elsevier | nb_NO |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/deed.no | * |
dc.title | Dynamic setup of IPsec VPNs in service function chaining | nb_NO |
dc.type | Journal article | nb_NO |
dc.type | Peer reviewed | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.source.pagenumber | 77-91 | nb_NO |
dc.source.volume | 160 | nb_NO |
dc.source.journal | Computer Networks | nb_NO |
dc.identifier.doi | 10.1016/j.comnet.2019.05.015 | |
dc.identifier.cristin | 1712228 | |
dc.description.localcode | © 2019. This is the authors’ accepted and refereed manuscript to the article. Locked until 25.5.2021 due to copyright restrictions. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/ | nb_NO |
cristin.unitcode | 194,63,30,0 | |
cristin.unitname | Institutt for informasjonssikkerhet og kommunikasjonsteknologi | |
cristin.ispublished | true | |
cristin.fulltext | original | |
cristin.qualitycode | 2 | |